GMER 1.0.15.15281 - http://www.gmer.net Rootkit scan 2010-10-07 20:27:44 Windows 5.1.2600 Dodatek Service Pack 2 Running: le10rwl0.exe; Driver: C:\DOCUME~1\ADMINI~1\USTAWI~1\Temp\pxtdypog.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwClose [0xB651F6B8] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateFile [0xB67B2552] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwCreateKey [0xB651F574] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcess [0xB67B1A1A] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateProcessEx [0xB67B1910] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwCreateThread [0xB67B1F2A] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteFile [0xB67B3034] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwDeleteKey [0xB67AED54] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDeleteValueKey [0xB651FA52] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwDuplicateObject [0xB651F14C] SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software) ZwLoadDriver [0xB65DAF64] SSDT \SystemRoot\system32\drivers\khips.sys (Sunbelt Personal Firewall Host Intrusion Prevention Driver/Sunbelt Software) ZwMapViewOfSection [0xB65DB24A] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwOpenFile [0xB67B2906] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenKey [0xB651F64E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenProcess [0xB651F08C] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwOpenThread [0xB651F0F0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwQueryValueKey [0xB651F76E] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwRestoreKey [0xB651F72E] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwResumeThread [0xB67B20DC] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwSetInformationFile [0xB67B2CE0] SSDT \SystemRoot\System32\Drivers\aswSP.SYS (avast! self protection module/ALWIL Software) ZwSetValueKey [0xB651F8AE] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ZwWriteFile [0xB67B2BB2] ---- Kernel code sections - GMER 1.0.15 ---- PAGENDSM NDIS.sys!NdisMIndicateStatus F736EA5F 6 Bytes JMP B67A6C5E \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00030004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0003011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0003057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0003034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00030464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00030608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00030720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] SHELL32.dll!CallCPLEntry16 + 10C0C 7CB35DAB 1 Byte [87] .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00030838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00030950 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] WININET.dll!InternetOpenW 771AAEED 5 Bytes JMP 00030DB0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] WININET.dll!InternetConnectA 771B308A 5 Bytes JMP 00030F54 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] WININET.dll!InternetOpenA 771B573E 5 Bytes JMP 00030D24 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] WININET.dll!InternetOpenUrlA 771B59F1 5 Bytes JMP 00030E3C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] WININET.dll!InternetConnectW 771BEDC8 5 Bytes JMP 00030FE0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe[192] WININET.dll!InternetOpenUrlW 771C5B3A 5 Bytes JMP 00030EC8 .text C:\WIN_XP\system32\svchost.exe[228] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WIN_XP\system32\svchost.exe[228] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WIN_XP\system32\svchost.exe[228] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WIN_XP\system32\svchost.exe[228] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WIN_XP\system32\svchost.exe[228] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WIN_XP\system32\svchost.exe[228] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WIN_XP\system32\svchost.exe[228] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WIN_XP\system32\svchost.exe[228] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WIN_XP\system32\svchost.exe[228] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WIN_XP\system32\svchost.exe[228] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WIN_XP\system32\svchost.exe[228] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WIN_XP\system32\svchost.exe[228] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WIN_XP\system32\svchost.exe[228] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WIN_XP\system32\svchost.exe[228] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WIN_XP\system32\svchost.exe[228] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WIN_XP\system32\svchost.exe[228] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[428] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\WIN_XP\system32\csrss.exe[504] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8 .text C:\WIN_XP\system32\csrss.exe[504] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090 .text C:\WIN_XP\system32\csrss.exe[504] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694 .text C:\WIN_XP\system32\csrss.exe[504] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0 .text C:\WIN_XP\system32\csrss.exe[504] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234 .text C:\WIN_XP\system32\csrss.exe[504] KERNEL32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00160004 .text C:\WIN_XP\system32\csrss.exe[504] KERNEL32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0016011C .text C:\WIN_XP\system32\csrss.exe[504] KERNEL32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001604F0 .text C:\WIN_XP\system32\csrss.exe[504] KERNEL32.dll!CreateThread 7C810647 5 Bytes JMP 0016057C .text C:\WIN_XP\system32\csrss.exe[504] KERNEL32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001603D8 .text C:\WIN_XP\system32\csrss.exe[504] KERNEL32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0016034C .text C:\WIN_XP\system32\csrss.exe[504] KERNEL32.dll!WinExec 7C86158D 5 Bytes JMP 00160464 .text C:\WIN_XP\system32\csrss.exe[504] KERNEL32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00160608 .text C:\WIN_XP\system32\csrss.exe[504] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001607AC .text C:\WIN_XP\system32\csrss.exe[504] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00160720 .text C:\WIN_XP\system32\winlogon.exe[528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WIN_XP\system32\winlogon.exe[528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WIN_XP\system32\winlogon.exe[528] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WIN_XP\system32\winlogon.exe[528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WIN_XP\system32\winlogon.exe[528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WIN_XP\system32\winlogon.exe[528] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00070004 .text C:\WIN_XP\system32\winlogon.exe[528] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0007011C .text C:\WIN_XP\system32\winlogon.exe[528] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000704F0 .text C:\WIN_XP\system32\winlogon.exe[528] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0007057C .text C:\WIN_XP\system32\winlogon.exe[528] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000703D8 .text C:\WIN_XP\system32\winlogon.exe[528] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0007034C .text C:\WIN_XP\system32\winlogon.exe[528] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00070464 .text C:\WIN_XP\system32\winlogon.exe[528] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00070608 .text C:\WIN_XP\system32\winlogon.exe[528] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC .text C:\WIN_XP\system32\winlogon.exe[528] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720 .text C:\WIN_XP\system32\winlogon.exe[528] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000708C4 .text C:\WIN_XP\system32\winlogon.exe[528] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00070838 .text C:\WIN_XP\system32\winlogon.exe[528] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00070950 .text C:\WIN_XP\system32\winlogon.exe[528] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\WIN_XP\system32\services.exe[572] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WIN_XP\system32\services.exe[572] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WIN_XP\system32\services.exe[572] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WIN_XP\system32\services.exe[572] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WIN_XP\system32\services.exe[572] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WIN_XP\system32\services.exe[572] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WIN_XP\system32\services.exe[572] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WIN_XP\system32\services.exe[572] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WIN_XP\system32\services.exe[572] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WIN_XP\system32\services.exe[572] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WIN_XP\system32\services.exe[572] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WIN_XP\system32\services.exe[572] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WIN_XP\system32\services.exe[572] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WIN_XP\system32\services.exe[572] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WIN_XP\system32\services.exe[572] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WIN_XP\system32\services.exe[572] SHELL32.dll!SHGetMalloc + 1D03 7CA2CF2B 1 Byte [8B] .text C:\WIN_XP\system32\services.exe[572] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\WIN_XP\system32\lsass.exe[584] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WIN_XP\system32\lsass.exe[584] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WIN_XP\system32\lsass.exe[584] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WIN_XP\system32\lsass.exe[584] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WIN_XP\system32\lsass.exe[584] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WIN_XP\system32\lsass.exe[584] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WIN_XP\system32\lsass.exe[584] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WIN_XP\system32\lsass.exe[584] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WIN_XP\system32\lsass.exe[584] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WIN_XP\system32\lsass.exe[584] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WIN_XP\system32\lsass.exe[584] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WIN_XP\system32\lsass.exe[584] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WIN_XP\system32\lsass.exe[584] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WIN_XP\system32\lsass.exe[584] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WIN_XP\system32\lsass.exe[584] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WIN_XP\system32\lsass.exe[584] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WIN_XP\system32\lsass.exe[584] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WIN_XP\system32\lsass.exe[584] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\WIN_XP\system32\lsass.exe[584] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\WIN_XP\system32\svchost.exe[748] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WIN_XP\system32\svchost.exe[748] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WIN_XP\system32\svchost.exe[748] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WIN_XP\system32\svchost.exe[748] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WIN_XP\system32\svchost.exe[748] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WIN_XP\system32\svchost.exe[748] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WIN_XP\system32\svchost.exe[748] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WIN_XP\system32\svchost.exe[748] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WIN_XP\system32\svchost.exe[748] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WIN_XP\system32\svchost.exe[748] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WIN_XP\system32\svchost.exe[748] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WIN_XP\system32\svchost.exe[748] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WIN_XP\system32\svchost.exe[748] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WIN_XP\system32\svchost.exe[748] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WIN_XP\system32\svchost.exe[748] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WIN_XP\system32\svchost.exe[748] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\WIN_XP\system32\svchost.exe[748] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WIN_XP\system32\svchost.exe[748] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WIN_XP\system32\svchost.exe[748] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\WIN_XP\system32\svchost.exe[836] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WIN_XP\system32\svchost.exe[836] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WIN_XP\system32\svchost.exe[836] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WIN_XP\system32\svchost.exe[836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WIN_XP\system32\svchost.exe[836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WIN_XP\system32\svchost.exe[836] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WIN_XP\system32\svchost.exe[836] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WIN_XP\system32\svchost.exe[836] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WIN_XP\system32\svchost.exe[836] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WIN_XP\system32\svchost.exe[836] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WIN_XP\system32\svchost.exe[836] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WIN_XP\system32\svchost.exe[836] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WIN_XP\system32\svchost.exe[836] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WIN_XP\system32\svchost.exe[836] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WIN_XP\system32\svchost.exe[836] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WIN_XP\system32\svchost.exe[836] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\WIN_XP\system32\svchost.exe[836] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WIN_XP\system32\svchost.exe[836] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WIN_XP\system32\svchost.exe[836] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\WIN_XP\system32\svchost.exe[888] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WIN_XP\system32\svchost.exe[888] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WIN_XP\system32\svchost.exe[888] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WIN_XP\system32\svchost.exe[888] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WIN_XP\system32\svchost.exe[888] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WIN_XP\system32\svchost.exe[888] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WIN_XP\system32\svchost.exe[888] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WIN_XP\system32\svchost.exe[888] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WIN_XP\system32\svchost.exe[888] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WIN_XP\system32\svchost.exe[888] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WIN_XP\system32\svchost.exe[888] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WIN_XP\system32\svchost.exe[888] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WIN_XP\system32\svchost.exe[888] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WIN_XP\system32\svchost.exe[888] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WIN_XP\system32\svchost.exe[888] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WIN_XP\system32\svchost.exe[888] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\WIN_XP\system32\svchost.exe[888] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WIN_XP\system32\svchost.exe[888] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WIN_XP\system32\svchost.exe[888] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\WIN_XP\system32\svchost.exe[888] WININET.dll!InternetOpenW 771AAEED 5 Bytes JMP 00080DB0 .text C:\WIN_XP\system32\svchost.exe[888] WININET.dll!InternetConnectA 771B308A 5 Bytes JMP 00080F54 .text C:\WIN_XP\system32\svchost.exe[888] WININET.dll!InternetOpenA 771B573E 5 Bytes JMP 00080D24 .text C:\WIN_XP\system32\svchost.exe[888] WININET.dll!InternetOpenUrlA 771B59F1 5 Bytes JMP 00080E3C .text C:\WIN_XP\system32\svchost.exe[888] WININET.dll!InternetConnectW 771BEDC8 5 Bytes JMP 00080FE0 .text C:\WIN_XP\system32\svchost.exe[888] WININET.dll!InternetOpenUrlW 771C5B3A 5 Bytes JMP 00080EC8 .text C:\WIN_XP\system32\svchost.exe[976] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WIN_XP\system32\svchost.exe[976] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WIN_XP\system32\svchost.exe[976] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WIN_XP\system32\svchost.exe[976] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WIN_XP\system32\svchost.exe[976] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WIN_XP\system32\svchost.exe[976] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WIN_XP\system32\svchost.exe[976] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WIN_XP\system32\svchost.exe[976] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WIN_XP\system32\svchost.exe[976] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WIN_XP\system32\svchost.exe[976] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WIN_XP\system32\svchost.exe[976] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WIN_XP\system32\svchost.exe[976] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WIN_XP\system32\svchost.exe[976] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WIN_XP\system32\svchost.exe[976] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WIN_XP\system32\svchost.exe[976] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WIN_XP\system32\svchost.exe[976] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\WIN_XP\system32\svchost.exe[976] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WIN_XP\system32\svchost.exe[976] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WIN_XP\system32\svchost.exe[976] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\WIN_XP\system32\svchost.exe[1052] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WIN_XP\system32\svchost.exe[1052] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WIN_XP\system32\svchost.exe[1052] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WIN_XP\system32\svchost.exe[1052] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WIN_XP\system32\svchost.exe[1052] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WIN_XP\system32\svchost.exe[1052] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WIN_XP\system32\svchost.exe[1052] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WIN_XP\system32\svchost.exe[1052] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WIN_XP\system32\svchost.exe[1052] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WIN_XP\system32\svchost.exe[1052] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WIN_XP\system32\svchost.exe[1052] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WIN_XP\system32\svchost.exe[1052] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WIN_XP\system32\svchost.exe[1052] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WIN_XP\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WIN_XP\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WIN_XP\system32\svchost.exe[1052] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\WIN_XP\system32\svchost.exe[1052] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WIN_XP\system32\svchost.exe[1052] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WIN_XP\system32\svchost.exe[1052] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe[1132] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\WIN_XP\Explorer.EXE[1144] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WIN_XP\Explorer.EXE[1144] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WIN_XP\Explorer.EXE[1144] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WIN_XP\Explorer.EXE[1144] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WIN_XP\Explorer.EXE[1144] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WIN_XP\Explorer.EXE[1144] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WIN_XP\Explorer.EXE[1144] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WIN_XP\Explorer.EXE[1144] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WIN_XP\Explorer.EXE[1144] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WIN_XP\Explorer.EXE[1144] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WIN_XP\Explorer.EXE[1144] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WIN_XP\Explorer.EXE[1144] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WIN_XP\Explorer.EXE[1144] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WIN_XP\Explorer.EXE[1144] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WIN_XP\Explorer.EXE[1144] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WIN_XP\Explorer.EXE[1144] WININET.dll!InternetOpenW 771AAEED 5 Bytes JMP 00080DB0 .text C:\WIN_XP\Explorer.EXE[1144] WININET.dll!InternetConnectA 771B308A 5 Bytes JMP 00080F54 .text C:\WIN_XP\Explorer.EXE[1144] WININET.dll!InternetOpenA 771B573E 5 Bytes JMP 00080D24 .text C:\WIN_XP\Explorer.EXE[1144] WININET.dll!InternetOpenUrlA 771B59F1 5 Bytes JMP 00080E3C .text C:\WIN_XP\Explorer.EXE[1144] WININET.dll!InternetConnectW 771BEDC8 5 Bytes JMP 00080FE0 .text C:\WIN_XP\Explorer.EXE[1144] WININET.dll!InternetOpenUrlW 771C5B3A 5 Bytes JMP 00080EC8 .text C:\WIN_XP\Explorer.EXE[1144] SHELL32.dll!CDefFolderMenu_Create2 + 253A 7CA9BBAB 1 Byte [C2] .text C:\WIN_XP\Explorer.EXE[1144] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\WIN_XP\Explorer.EXE[1144] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WIN_XP\Explorer.EXE[1144] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WIN_XP\Explorer.EXE[1144] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\Alwil Software\Avast4\ashServ.exe[1200] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe[1292] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] SHELL32.dll!ILCreateFromPathA + 12A7 7CAB7EEB 1 Byte [8B] .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] SHELL32.dll!SHUpdateImageA + 5993 7CAC022B 1 Byte [85] .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 14F1C 7CAEACAB 1 Byte [8B] .text C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe[1300] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\A4Tech\Mouse\Amoumain.exe[1316] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] shell32.dll!SHLoadNonloadedIconOverlayIdentifiers + 25D5C 7CAFBAEB 1 Byte [0F] .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] shell32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] wininet.dll!InternetOpenW 771AAEED 5 Bytes JMP 00130DB0 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] wininet.dll!InternetConnectA 771B308A 5 Bytes JMP 00130F54 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] wininet.dll!InternetOpenA 771B573E 5 Bytes JMP 00130D24 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] wininet.dll!InternetOpenUrlA 771B59F1 5 Bytes JMP 00130E3C .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] wininet.dll!InternetConnectW 771BEDC8 5 Bytes JMP 00130FE0 .text C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe[1340] wininet.dll!InternetOpenUrlW 771C5B3A 5 Bytes JMP 00130EC8 .text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Skype\Phone\Skype.exe[1348] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Skype\Phone\Skype.exe[1348] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Skype\Phone\Skype.exe[1348] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Skype\Phone\Skype.exe[1348] wininet.dll!InternetOpenW 771AAEED 5 Bytes JMP 00130DB0 .text C:\Program Files\Skype\Phone\Skype.exe[1348] wininet.dll!InternetConnectA 771B308A 5 Bytes JMP 00130F54 .text C:\Program Files\Skype\Phone\Skype.exe[1348] wininet.dll!InternetOpenA 771B573E 5 Bytes JMP 00130D24 .text C:\Program Files\Skype\Phone\Skype.exe[1348] wininet.dll!InternetOpenUrlA 771B59F1 5 Bytes JMP 00130E3C .text C:\Program Files\Skype\Phone\Skype.exe[1348] wininet.dll!InternetConnectW 771BEDC8 5 Bytes JMP 00130FE0 .text C:\Program Files\Skype\Phone\Skype.exe[1348] wininet.dll!InternetOpenUrlW 771C5B3A 5 Bytes JMP 00130EC8 .text C:\Program Files\Skype\Phone\Skype.exe[1348] shell32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\Program Files\Skype\Phone\Skype.exe[1348] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\Skype\Phone\Skype.exe[1348] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\Skype\Phone\Skype.exe[1348] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\WIN_XP\system32\spoolsv.exe[1776] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WIN_XP\system32\spoolsv.exe[1776] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WIN_XP\system32\spoolsv.exe[1776] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WIN_XP\system32\spoolsv.exe[1776] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WIN_XP\system32\spoolsv.exe[1776] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WIN_XP\system32\spoolsv.exe[1776] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WIN_XP\system32\spoolsv.exe[1776] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WIN_XP\system32\spoolsv.exe[1776] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WIN_XP\system32\spoolsv.exe[1776] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WIN_XP\system32\spoolsv.exe[1776] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WIN_XP\system32\spoolsv.exe[1776] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WIN_XP\system32\spoolsv.exe[1776] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WIN_XP\system32\spoolsv.exe[1776] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WIN_XP\system32\spoolsv.exe[1776] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WIN_XP\system32\spoolsv.exe[1776] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WIN_XP\system32\spoolsv.exe[1776] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\WIN_XP\system32\spoolsv.exe[1776] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WIN_XP\system32\spoolsv.exe[1776] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WIN_XP\system32\spoolsv.exe[1776] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\WIN_XP\system32\svchost.exe[1856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WIN_XP\system32\svchost.exe[1856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WIN_XP\system32\svchost.exe[1856] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WIN_XP\system32\svchost.exe[1856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WIN_XP\system32\svchost.exe[1856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WIN_XP\system32\svchost.exe[1856] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WIN_XP\system32\svchost.exe[1856] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WIN_XP\system32\svchost.exe[1856] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WIN_XP\system32\svchost.exe[1856] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WIN_XP\system32\svchost.exe[1856] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WIN_XP\system32\svchost.exe[1856] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WIN_XP\system32\svchost.exe[1856] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WIN_XP\system32\svchost.exe[1856] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WIN_XP\system32\svchost.exe[1856] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WIN_XP\system32\svchost.exe[1856] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WIN_XP\system32\svchost.exe[1856] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\WIN_XP\system32\svchost.exe[1856] WININET.dll!InternetOpenW 771AAEED 5 Bytes JMP 00080DB0 .text C:\WIN_XP\system32\svchost.exe[1856] WININET.dll!InternetConnectA 771B308A 5 Bytes JMP 00080F54 .text C:\WIN_XP\system32\svchost.exe[1856] WININET.dll!InternetOpenA 771B573E 5 Bytes JMP 00080D24 .text C:\WIN_XP\system32\svchost.exe[1856] WININET.dll!InternetOpenUrlA 771B59F1 5 Bytes JMP 00080E3C .text C:\WIN_XP\system32\svchost.exe[1856] WININET.dll!InternetConnectW 771BEDC8 5 Bytes JMP 00080FE0 .text C:\WIN_XP\system32\svchost.exe[1856] WININET.dll!InternetOpenUrlW 771C5B3A 5 Bytes JMP 00080EC8 .text C:\WIN_XP\system32\svchost.exe[1856] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WIN_XP\system32\svchost.exe[1856] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WIN_XP\system32\svchost.exe[1856] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Java\jre6\bin\jqs.exe[1944] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 2B71C 7CB014AB 1 Byte [8B] .text C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE[1980] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\WIN_XP\System32\alg.exe[1988] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WIN_XP\System32\alg.exe[1988] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WIN_XP\System32\alg.exe[1988] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WIN_XP\System32\alg.exe[1988] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WIN_XP\System32\alg.exe[1988] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WIN_XP\System32\alg.exe[1988] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WIN_XP\System32\alg.exe[1988] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WIN_XP\System32\alg.exe[1988] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WIN_XP\System32\alg.exe[1988] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WIN_XP\System32\alg.exe[1988] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WIN_XP\System32\alg.exe[1988] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WIN_XP\System32\alg.exe[1988] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WIN_XP\System32\alg.exe[1988] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WIN_XP\System32\alg.exe[1988] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WIN_XP\System32\alg.exe[1988] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WIN_XP\System32\alg.exe[1988] WS2_32.dll!socket 71A53B91 5 Bytes JMP 000808C4 .text C:\WIN_XP\System32\alg.exe[1988] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00080838 .text C:\WIN_XP\System32\alg.exe[1988] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00080950 .text C:\WIN_XP\System32\alg.exe[1988] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\WIN_XP\System32\alg.exe[1988] SHELL32.dll!StrStrW + 17569 7CBB292B 1 Byte [8B] .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] WS2_32.dll!socket 71A53B91 5 Bytes JMP 001308C4 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] WS2_32.dll!bind 71A53E00 5 Bytes JMP 00130838 .text C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe[2276] WS2_32.dll!connect 71A5406A 5 Bytes JMP 00130950 .text C:\WIN_XP\system32\wuauclt.exe[2348] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WIN_XP\system32\wuauclt.exe[2348] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WIN_XP\system32\wuauclt.exe[2348] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WIN_XP\system32\wuauclt.exe[2348] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WIN_XP\system32\wuauclt.exe[2348] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WIN_XP\system32\wuauclt.exe[2348] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00080004 .text C:\WIN_XP\system32\wuauclt.exe[2348] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0008011C .text C:\WIN_XP\system32\wuauclt.exe[2348] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 000804F0 .text C:\WIN_XP\system32\wuauclt.exe[2348] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0008057C .text C:\WIN_XP\system32\wuauclt.exe[2348] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 000803D8 .text C:\WIN_XP\system32\wuauclt.exe[2348] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0008034C .text C:\WIN_XP\system32\wuauclt.exe[2348] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00080464 .text C:\WIN_XP\system32\wuauclt.exe[2348] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00080608 .text C:\WIN_XP\system32\wuauclt.exe[2348] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WIN_XP\system32\wuauclt.exe[2348] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WIN_XP\system32\wuauclt.exe[2348] SHELL32.dll!StrStrW + 128C9 7CBADC8B 1 Byte [8B] .text H:\Nntywirusy\le10rwl0.exe[2856] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text H:\Nntywirusy\le10rwl0.exe[2856] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text H:\Nntywirusy\le10rwl0.exe[2856] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text H:\Nntywirusy\le10rwl0.exe[2856] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text H:\Nntywirusy\le10rwl0.exe[2856] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text H:\Nntywirusy\le10rwl0.exe[2856] kernel32.dll!VirtualAlloc 7C809A61 5 Bytes JMP 00130004 .text H:\Nntywirusy\le10rwl0.exe[2856] kernel32.dll!VirtualAllocEx 7C809A82 5 Bytes JMP 0013011C .text H:\Nntywirusy\le10rwl0.exe[2856] kernel32.dll!CreateRemoteThread 7C81043C 5 Bytes JMP 001304F0 .text H:\Nntywirusy\le10rwl0.exe[2856] kernel32.dll!CreateThread 7C810647 5 Bytes JMP 0013057C .text H:\Nntywirusy\le10rwl0.exe[2856] kernel32.dll!CreateProcessInternalW 7C819527 5 Bytes JMP 001303D8 .text H:\Nntywirusy\le10rwl0.exe[2856] kernel32.dll!CreateProcessInternalA 7C81DDE6 5 Bytes JMP 0013034C .text H:\Nntywirusy\le10rwl0.exe[2856] kernel32.dll!WinExec 7C86158D 5 Bytes JMP 00130464 .text H:\Nntywirusy\le10rwl0.exe[2856] kernel32.dll!SetThreadContext 7C862C89 5 Bytes JMP 00130608 .text H:\Nntywirusy\le10rwl0.exe[2856] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text H:\Nntywirusy\le10rwl0.exe[2856] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B67A6B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B67A6B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B67A6B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B67A6B86] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B67A6B60] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B67A6B26] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B67A6B06] \SystemRoot\system32\drivers\fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) ---- User IAT/EAT - GMER 1.0.15 ---- IAT C:\WIN_XP\system32\services.exe[572] @ C:\WIN_XP\system32\services.exe [ADVAPI32.dll!CreateProcessAsUserW] 003E0002 IAT C:\WIN_XP\system32\services.exe[572] @ C:\WIN_XP\system32\services.exe [KERNEL32.dll!CreateProcessW] 003E0000 ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\Ip aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\Tcp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Cdrom \Device\CdRom0 82EFDFD1 Device \Driver\Cdrom \Device\CdRom1 82EFDFD1 Device \Driver\atapi \Device\Ide\IdeDeviceP1T1L0-17 82EFF01C Device \Driver\atapi \Device\Ide\IdeDeviceP0T0L0-3 82EFF01C Device \Driver\atapi \Device\Ide\IdePort0 82EFF01C Device \Driver\atapi \Device\Ide\IdePort1 82EFF01C Device \Driver\atapi \Device\Ide\IdeDeviceP1T0L0-f 82EFF01C Device \Driver\Cdrom \Device\CdRom2 82EFDFD1 Device \Driver\Cdrom \Device\CdRom3 82EFDFD1 AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\Udp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Sunbelt Personal Firewall FWDRV/Sunbelt Software) AttachedDevice \Driver\Tcpip \Device\RawIp aswTdi.SYS (avast! TDI Filter Driver/ALWIL Software) Device \Driver\Stealth \Device\Scsi\Stealth1Port0Path0Target1Lun0 82EFF00C Device \Driver\Stealth \Device\Scsi\Stealth1Port0Path0Target0Lun0 82EFF00C Device \Driver\Stealth \Device\Scsi\Stealth1 82EFF00C AttachedDevice \FileSystem\Fastfat \Fat fltMgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat aswMon2.SYS (avast! File System Filter Driver for Windows XP/ALWIL Software) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG08.00.00.01WORKSTATION 971C483C41E3238AE6D403C441D82E5EF551C558094EF745AC3BCF63474EB3B9615145F9D3ACBB11659E67A1AF1B72D774539D444F3AF2445CA3CB1C39C70FB30CBF0141EFDA233664CEFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C8EDD5E5BE2F6E6679DB7CE019D40AA5C8EDD5E5BE2F6E6679DB7CE019D40AA5CC8E967BB4786E3742332B2DA196B0A7D2C51280198859170AB8BA78DA83BB8B3705FEA25E702A6CF7612EEEB86E83971634237D0E83EAEF64D8C4FE71338169A50C8B4D26BB3179EF8C7763D4E0705138031BAE8E75C42264F6788426BA2778A57FBE0138F0A1564BF3931355F122ACFDAB70B64DCAD86746C0434926E693322475500D3A3B13209B0D37C5C4099167A9DF27287A14166BAB7CFAB736B3FD1E3B5B1162A8C9E35590706AA5F0A726E474902ACB7A36E83B8943D3824459891398BF31ACCC1099806D0C4FE8EE9340A50320AEDFCE74C3011BBC29A8773B1E26C8805F99950EA0A23F007B25FA03A73917FB45B0802B977C93AD784240186EC2EBC4D130F59836E299EC773EA04A6EB6EAC2E0F291D56944C717C1DA58CDA088F0F3B3C518ED55974640762ED7E5C66AA89A61756F78879689531FE5A4B33C2893843BBA8BAAA9745A14994C80B8309F03A53752A64F9C85030F9BA3503DBDDF647DA4E00398 ---- EOF - GMER 1.0.15 ----