Mi avevano gia deto che forse era rustock e mi avevano fatto fare la scansione con gmer ti metto il log questo è quello vecchio è solo per capire se era vero che non cera niente,al limite lo posso rifare:
R 1.0.12.12011 -
http://www.gmer.net
Rootkit scan 2007-01-12 19:06:00
Windows 5.1.2600 Service Pack 2
---- System - GMER 1.0.12 ----
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwClose
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwCreateFile
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwCreateSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwDeleteKey
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwDeleteValueKey
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT \??\C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwSetValueKey
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwTerminateProcess
SSDT \??\C:\Documents and Settings\All Users\Dati applicazioni\Spyware Terminator\sp_rsdrv2.sys ZwWriteFile
---- Kernel code sections - GMER 1.0.12 ----
PAGENDSM NDIS.sys!NdisMIndicateStatus F8415A5F 6 Bytes [ FF, 25, 88, F5, DE, EB ]
---- User code sections - GMER 1.0.12 ----
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\AntiVir PersonalEdition Classic\sched.exe[220] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] WININET.dll!InternetOpenW 7718AEFD 5 Bytes JMP 00130DB0
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] WININET.dll!InternetConnectA 771930C3 5 Bytes JMP 00130F54
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] WININET.dll!InternetOpenA 771958BA 5 Bytes JMP 00130D24
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes JMP 00130E3C
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00130FE0
.text C:\Programmi\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe[248] WININET.dll!InternetOpenUrlW 771A5B52 5 Bytes JMP 00130EC8
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[268] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[268] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[268] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[268] WININET.dll!InternetOpenW 7718AEFD 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[268] WININET.dll!InternetConnectA 771930C3 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[268] WININET.dll!InternetOpenA 771958BA 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[268] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[268] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[268] WININET.dll!InternetOpenUrlW 771A5B52 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[268] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[268] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[268] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\Programmi\Grisoft\AVG Anti-Spyware 7.5\guard.exe[468] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00030608
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000307AC
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00030720
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000308C4
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00030838
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00030950
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] WININET.dll!InternetOpenW 7718AEFD 5 Bytes JMP 00030DB0
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] WININET.dll!InternetConnectA 771930C3 5 Bytes JMP 00030F54
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] WININET.dll!InternetOpenA 771958BA 5 Bytes JMP 00030D24
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes JMP 00030E3C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00030FE0
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4ss.exe[528] WININET.dll!InternetOpenUrlW 771A5B52 5 Bytes JMP 00030EC8
.text C:\WINDOWS\system32\oodag.exe[560] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\oodag.exe[560] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\oodag.exe[560] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\oodag.exe[560] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\oodag.exe[560] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\oodag.exe[560] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\oodag.exe[560] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\oodag.exe[560] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\oodag.exe[560] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\oodag.exe[560] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\oodag.exe[560] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\oodag.exe[560] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\oodag.exe[560] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\oodag.exe[560] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\system32\oodag.exe[560] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\WINDOWS\system32\oodag.exe[560] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\oodag.exe[560] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\oodag.exe[560] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\Sunbelt Software\Personal Firewall\kpf4gui.exe[592] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] WS2_32.dll!socket 71A33B91 5 Bytes JMP 001308C4
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00130838
.text C:\Programmi\Olivetti\ANY_WAY\olMntrService.exe[628] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[764] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[764] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[764] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[792] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[792] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[792] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[792] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[792] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\winlogon.exe[792] WININET.dll!InternetOpenW 7718AEFD 5 Bytes JMP 00070DB0
.text C:\WINDOWS\system32\winlogon.exe[792] WININET.dll!InternetConnectA 771930C3 5 Bytes JMP 00070F54
.text C:\WINDOWS\system32\winlogon.exe[792] WININET.dll!InternetOpenA 771958BA 5 Bytes JMP 00070D24
.text C:\WINDOWS\system32\winlogon.exe[792] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes JMP 00070E3C
.text C:\WINDOWS\system32\winlogon.exe[792] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00070FE0
.text C:\WINDOWS\system32\winlogon.exe[792] WININET.dll!InternetOpenUrlW 771A5B52 5 Bytes JMP 00070EC8
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[836] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[836] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\services.exe[836] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\services.exe[836] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\services.exe[836] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\Programmi\LClock\LClock.exe[912] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\LClock\LClock.exe[912] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\LClock\LClock.exe[912] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\LClock\LClock.exe[912] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\LClock\LClock.exe[912] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\LClock\LClock.exe[912] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\LClock\LClock.exe[912] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\LClock\LClock.exe[912] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\LClock\LClock.exe[912] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\LClock\LClock.exe[912] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\LClock\LClock.exe[912] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\LClock\LClock.exe[912] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\LClock\LClock.exe[912] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\Programmi\LClock\LClock.exe[912] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\Programmi\LClock\LClock.exe[912] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\Ati2evxx.exe[996] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\System32\Ati2evxx.exe[996] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\System32\Ati2evxx.exe[996] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\System32\Ati2evxx.exe[996] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\System32\Ati2evxx.exe[996] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\System32\Ati2evxx.exe[996] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\System32\Ati2evxx.exe[996] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\System32\Ati2evxx.exe[996] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\System32\Ati2evxx.exe[996] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\System32\Ati2evxx.exe[996] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\System32\Ati2evxx.exe[996] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\System32\Ati2evxx.exe[996] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\System32\Ati2evxx.exe[996] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\System32\Ati2evxx.exe[996] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 001307AC
.text C:\WINDOWS\System32\Ati2evxx.exe[996] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1008] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1008] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1008] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1040] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1040] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1108] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1108] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1108] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1108] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1108] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1192] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1192] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1192] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1192] WININET.dll!InternetOpenW 7718AEFD 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1192] WININET.dll!InternetConnectA 771930C3 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1192] WININET.dll!InternetOpenA 771958BA 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1192] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1192] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1192] WININET.dll!InternetOpenUrlW 771A5B52 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1348] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1348] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1348] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[1360] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[1360] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[1360] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[1360] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[1360] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[1360] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[1360] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[1360] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[1360] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[1360] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[1360] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[1360] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\Programmi\Softwin\BitDefender8\bdnagent.exe[1360] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1428] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1428] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!socket 71A33B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!bind 71A33E00 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1428] WS2_32.dll!connect 71A3406A 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1428] WININET.dll!InternetOpenW 7718AEFD 5 Bytes JMP 00080DB0
.text C:\WINDOWS\system32\svchost.exe[1428] WININET.dll!InternetConnectA 771930C3 5 Bytes JMP 00080F54
.text C:\WINDOWS\system32\svchost.exe[1428] WININET.dll!InternetOpenA 771958BA 5 Bytes JMP 00080D24
.text C:\WINDOWS\system32\svchost.exe[1428] WININET.dll!InternetOpenUrlA 77195B6D 5 Bytes JMP 00080E3C
.text C:\WINDOWS\system32\svchost.exe[1428] WININET.dll!InternetConnectW 7719EE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\system32\svchost.exe[1428] WININET.dll!InternetOpenUrlW 771A5B52 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\wdfmgr.exe[1488] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wdfmgr.exe[1488] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wdfmgr.exe[1488] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wdfmgr.exe[1488] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wdfmgr.exe[1488] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wdfmgr.exe[1488] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wdfmgr.exe[1488] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wdfmgr.exe[1488] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wdfmgr.exe[1488] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wdfmgr.exe[1488] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wdfmgr.exe[1488] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wdfmgr.exe[1488] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wdfmgr.exe[1488] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wdfmgr.exe[1488] USER32.dll!SetWindowsHookExW 77D2E4AF 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wdfmgr.exe[1488] USER32.dll!SetWindowsHookExA 77D311E9 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\spoolsv.exe[1704] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[1704] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[1704] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[1704] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[1704] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[1704] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[1704] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[1704] kernel32.dll!CreateRemoteThread