Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Trojan - PSW Win 32. Maha.

Started by daino , Jan 15 2007 02:27 PM

  • Please log in to reply

#1
daino
Posted 15 January 2007 - 02:27 PM

daino

    New Member

  • Member
  • Pip
  • 6 posts
Hello.
Kenny 94 ,can you help me please. I have the same problem as Battis.My antivirus is Nod 32.
My HJT log is



Logfile of HijackThis v1.99.1
Scan saved at 21:26:41, on 15.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
D:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\system32\run32dll.exe
C:\WINDOWS\aps\svchost.exe
C:\WINDOWS\aps\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\PROGRA~1\MOZILL~1\FIREFOX.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dreni\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: (no name) - {9D9A7350-46C9-4E3C-92EF-382B5740A1C3} - (no file)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [run32] run32dll.exe
O4 - HKLM\..\Run: [{1F5119DF-0710-1029-1122-0412102001a4}] "C:\Program Files\Common Files\{1F5119DF-0710-1029-1122-0412102001a4}\Update.exe" mc-110-12-0001299
O4 - HKLM\..\Run: [Microsoft Systems] C:\WINDOWS\aps\svchost.exe
O4 - HKLM\..\Run: [Microsoft Systems2] C:\WINDOWS\aps\spoolsv.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\update.exe
O4 - HKLM\..\RunServices: [run32] run32dll.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {389956FE-3A45-469C-B944-70308E06BAAC} (CVServerObject Object) - http://85.70.16.183/videocom.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA09F2D3-ADE4-4015-8F45-FA36C505280E}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe
  • 0

Advertisements

#2
Rawe
Posted 16 January 2007 - 08:17 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Hello and welcome to the forums :blink:

Lets get started.

Please print these instructions out, or save them to a notepad file, as you can't read them during the fix.

Please download AVG Anti-Spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded AVG Anti-Spyware, locate the icon on the desktop and double-click it to launch the setup program.
  • Once the setup is complete you will need run AVG Anti-Spyware and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
    • If you aren't able to finish the update within AVG Anti-Spyware for a reason or another, you can install the manual updates here.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-select "Only if threats were found"
Close AVG Anti-Spyware, DO NOT run a scan just yet, we will shortly.

Next, please reboot your computer in Safe Mode by doing the following:
1) Restart your computer
2) After hearing your computer beep once during startup, but before the Windows icon appears, press F8.
3) Instead of Windows loading as normal, a menu should appear
4) Select the first option, to run Windows in Safe Mode.
  • IMPORTANT: Do not open any other windows or programs while AVG Anti-Spyware is scanning, it may interfere with the scanning process:
  • Lauch AVG Anti-Spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • AVG Anti-Spyware will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top. <- Do NOT save the report before applying all actions, also make sure you have Quarantine set as the default action!
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close AVG Anti-Spyware and reboot your system back into Normal Mode and post back with the AVG Anti-Spyware results aswell as a fresh HijackThis log. :whistling:

  • 0

#3
daino
Posted 17 January 2007 - 06:24 AM

daino

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Thank you very much Rawe after scanning with Nod 32 no virus.
---------------------------------------------------------
AVG Anti-Spyware - Scan Report
---------------------------------------------------------

+ Created at: 21:37:19 16.1.2007

+ Scan result:



HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9D9A7350-46C9-4E3C-92EF-382B5740A1C3} -> Adware.ContextuAd : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{1F5119DF-0710-1029-1122-0412102001a4}\Update.exe -> Adware.Softomate : Cleaned with backup (quarantined).
C:\Program Files\Common Files\{1F5119DF-0710-1029-1122-0412102001a4}\system.dll -> Adware.Softomate : Cleaned with backup (quarantined).
C:\WINDOWS\system32\run32dll.exe -> Backdoor.Rbot.bsn : Cleaned with backup (quarantined).
C:\WINDOWS\Sys\GXHO.006 -> Not-A-Virus.Monitor.Win32.Ardamax.24 : Cleaned with backup (quarantined).
C:\WINDOWS\Sys\GXHO.007 -> Not-A-Virus.Monitor.Win32.Ardamax.24 : Cleaned with backup (quarantined).
:mozilla.572:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.247realmedia : Cleaned.
:mozilla.573:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.247realmedia : Cleaned.
:mozilla.169:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.289:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.290:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.291:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.292:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.293:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.294:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.295:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.342:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.369:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.382:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.38:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.39:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.49:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.616:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.717:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.2o7 : Cleaned.
:mozilla.90:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.91:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.92:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.93:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.94:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.95:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.2o7 : Cleaned.
:mozilla.100:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.108:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.110:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.111:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.112:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.122:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.123:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.124:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.125:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.126:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.140:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.141:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.142:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.143:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.14:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.15:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.16:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.17:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.17:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.19:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.19:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.20:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.21:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.22:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.23:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.24:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.25:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.26:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.27:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.28:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.29:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.30:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.31:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.32:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.361:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.362:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.363:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.617:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.618:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.619:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.620:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.621:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.622:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.623:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.624:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.68:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.69:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.70:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.71:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.72:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Adbrite : Cleaned.
:mozilla.97:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.98:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adbrite : Cleaned.
:mozilla.10:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Addynamix : Cleaned.
:mozilla.706:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.707:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.708:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adjuggler : Cleaned.
:mozilla.242:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.243:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Adocean : Cleaned.
:mozilla.663:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adocean : Cleaned.
:mozilla.664:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adocean : Cleaned.
:mozilla.305:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.306:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.314:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.315:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.316:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.317:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.318:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.319:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adrevolver : Cleaned.
:mozilla.117:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.118:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.158:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.159:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Adtech : Cleaned.
:mozilla.378:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adtech : Cleaned.
:mozilla.379:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Adtech : Cleaned.
:mozilla.196:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.197:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.198:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Advertising : Cleaned.
:mozilla.76:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.79:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.80:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.81:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.82:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Advertising : Cleaned.
:mozilla.18:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\9szv5t9b.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.206:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.281:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Atdmt : Cleaned.
:mozilla.46:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Atdmt : Cleaned.
:mozilla.759:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.760:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Belstat : Cleaned.
:mozilla.147:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.148:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.149:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.762:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Burstnet : Cleaned.
:mozilla.87:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.88:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.89:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.90:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.91:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Casalemedia : Cleaned.
:mozilla.101:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Clickhype : Cleaned.
:mozilla.102:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Clickhype : Cleaned.
:mozilla.26:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.31:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.443:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.632:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Clickhype : Cleaned.
:mozilla.688:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Clickzs : Cleaned.
:mozilla.172:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.235:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Com : Cleaned.
:mozilla.236:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Com : Cleaned.
:mozilla.237:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Com : Cleaned.
:mozilla.58:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Com : Cleaned.
:mozilla.123:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Cqcounter : Cleaned.
:mozilla.142:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.22:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\9szv5t9b.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.36:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.9:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.9:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Doubleclick : Cleaned.
:mozilla.384:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Etracker : Cleaned.
:mozilla.385:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Etracker : Cleaned.
:mozilla.386:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Etracker : Cleaned.
:mozilla.785:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Etracker : Cleaned.
:mozilla.364:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Euroclick : Cleaned.
:mozilla.100:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.101:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.304:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.403:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.404:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Fastclick : Cleaned.
:mozilla.99:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Fastclick : Cleaned.
:mozilla.474:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.475:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.757:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.773:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.774:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.793:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.829:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.857:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Googleadservices : Cleaned.
:mozilla.153:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.154:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.155:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.183:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.189:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.190:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.191:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.266:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.267:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Hitbox : Cleaned.
:mozilla.266:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.343:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Hotlog : Cleaned.
:mozilla.343:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Hotlog : Cleaned.
:mozilla.479:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Information : Cleaned.
:mozilla.712:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Information : Cleaned.
:mozilla.298:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Ivwbox : Cleaned.
:mozilla.305:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Komtrack : Cleaned.
:mozilla.517:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.518:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.519:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.713:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.714:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.715:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Liveperson : Cleaned.
:mozilla.929:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.930:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Liveperson : Cleaned.
:mozilla.689:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Masterstats : Cleaned.
:mozilla.135:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.238:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.288:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Mediaplex : Cleaned.
:mozilla.107:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.113:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.114:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.356:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Onestat : Cleaned.
:mozilla.357:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Onestat : Cleaned.
:mozilla.358:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Onestat : Cleaned.
:mozilla.359:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Onestat : Cleaned.
:mozilla.720:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.721:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.722:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.723:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.724:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Onestat : Cleaned.
:mozilla.249:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.250:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.251:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.352:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Overture : Cleaned.
:mozilla.402:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.403:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.404:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Overture : Cleaned.
:mozilla.690:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Paycounter : Cleaned.
:mozilla.113:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.114:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.115:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.116:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.67:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.68:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.69:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.70:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.71:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.72:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Pointroll : Cleaned.
:mozilla.925:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.926:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.927:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.928:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Pointroll : Cleaned.
:mozilla.226:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Quarterserver : Cleaned.
:mozilla.328:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.329:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.330:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.429:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.430:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Questionmarket : Cleaned.
:mozilla.437:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Revenue : Cleaned.
:mozilla.438:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Revenue : Cleaned.
:mozilla.459:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Revenue : Cleaned.
:mozilla.236:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.237:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.238:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Ru4 : Cleaned.
:mozilla.12:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.13:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.14:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.15:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.163:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.16:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.17:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.200:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.201:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.202:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.203:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.204:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.205:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.238:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.239:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.240:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.241:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.242:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.476:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.477:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.478:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.479:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.480:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Serving-sys : Cleaned.
:mozilla.107:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.108:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.109:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.113:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.186:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.187:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.188:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.189:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.867:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.868:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.869:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.870:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.871:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.872:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.873:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.874:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.875:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.876:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.877:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.878:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.879:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.880:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.881:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.882:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.883:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.884:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.885:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.886:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.887:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.888:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.889:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.890:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.891:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.892:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.893:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.894:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.895:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.896:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sexcounter : Cleaned.
:mozilla.114:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.115:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Sextracker : Cleaned.
:mozilla.731:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sitestat : Cleaned.
:mozilla.732:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Sitestat : Cleaned.
:mozilla.712:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.713:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.714:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Smartadserver : Cleaned.
:mozilla.342:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Spylog : Cleaned.
:mozilla.345:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.500:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Spylog : Cleaned.
:mozilla.116:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.117:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.44:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.45:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.46:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.47:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.48:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.49:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.52:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.53:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.54:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.55:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.56:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.57:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.58:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.59:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.60:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.61:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.62:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.62:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Statcounter : Cleaned.
:mozilla.74:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Statcounter : Cleaned.
:mozilla.143:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.144:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.145:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.145:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.146:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.146:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.147:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Tacoda : Cleaned.
:mozilla.519:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.520:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.521:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.647:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Tacoda : Cleaned.
:mozilla.805:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Targetnet : Cleaned.
:mozilla.292:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.57:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.58:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Tradedoubler : Cleaned.
:mozilla.555:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.556:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.557:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.558:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.559:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.560:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.561:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.562:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Trafficmp : Cleaned.
:mozilla.532:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Trafic : Cleaned.
:mozilla.563:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Trafic : Cleaned.
:mozilla.398:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.564:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.66:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Tribalfusion : Cleaned.
:mozilla.19:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\9szv5t9b.default\cookies.txt -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.331:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Webtrendslive : Cleaned.
:mozilla.344:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Yadro : Cleaned.
:mozilla.442:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.606:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Yadro : Cleaned.
:mozilla.10:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.11:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.127:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.128:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.129:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.12:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.130:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.131:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.132:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\k5kof7md.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.13:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.14:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.16:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.16:C:\WINDOWS\Temp\cch~9a6af49e3.htp -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.17:C:\WINDOWS\Temp\cch~9a6af49e3.htp -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.18:C:\WINDOWS\Temp\cch~9a6af49e3.htp -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.19:C:\WINDOWS\Temp\cch~9a6af49e3.htp -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.20:C:\WINDOWS\Temp\cch~9a6af49e3.htp -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.21:C:\WINDOWS\Temp\cch~9a6af49e3.htp -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.22:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.23:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.24:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.25:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.67:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.68:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.69:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.70:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.71:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.72:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\h82t78qi.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.87:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.88:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.89:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.8:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.93:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.9:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\ogqlc6x0.default\cookies.txt -> TrackingCookie.Yieldmanager : Cleaned.
:mozilla.103:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.104:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.105:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.106:C:\FOUND.033\FILE0006.CHK -> TrackingCookie.Zedo : Cleaned.
:mozilla.27:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.28:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.32:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.33:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
:mozilla.34:C:\Documents and Settings\Dreni\Data aplikací\Mozilla\Firefox\Profiles\6ac3g9p9.default\cookies.txt -> TrackingCookie.Zedo : Cleaned.
C:\System Volume Information\_restore{4429D310-DD90-4F8F-BF3D-6047D348300D}\RP619\A0433739.dll -> Trojan.Maha.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4429D310-DD90-4F8F-BF3D-6047D348300D}\RP619\A0433750.dll -> Trojan.Maha.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4429D310-DD90-4F8F-BF3D-6047D348300D}\RP619\A0433759.dll -> Trojan.Maha.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4429D310-DD90-4F8F-BF3D-6047D348300D}\RP619\A0433770.dll -> Trojan.Maha.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4429D310-DD90-4F8F-BF3D-6047D348300D}\RP619\A0433776.dll -> Trojan.Maha.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4429D310-DD90-4F8F-BF3D-6047D348300D}\RP619\A0433801.dll -&g
  • 0

#4
Rawe
Posted 17 January 2007 - 06:49 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Please continue pasting the log until it ends :blink: Looks like it got cut off. Please don't start pasting it from the beginning again; simply from the line it ended in the last post. We've probably still got some work to do as to the malware, some prevention steps to be taken and a java update to be made. :help:

Then also do this. Make sure you get all the logs posted completely.

Download Combofix to your desktop:
  • Double-click combofix.exe & follow the prompts.
  • When finished, it shall produce a log for you. Post that log in your next reply, along with the complete AVG log aswell as a fresh HijackThis log. :whistling:
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  • 0

#5
daino
Posted 17 January 2007 - 02:00 PM

daino

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
:whistling: sorry Rawe.



C:\System Volume Information\_restore{4429D310-DD90-4F8F-BF3D-6047D348300D}\RP619\A0433801.dll -> Trojan.Maha.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4429D310-DD90-4F8F-BF3D-6047D348300D}\RP620\A0433858.dll -> Trojan.Maha.a : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4429D310-DD90-4F8F-BF3D-6047D348300D}\RP620\A0433927.dll -> Trojan.Maha.a : Cleaned with backup (quarantined).
C:\WINDOWS\sqlserver.dll -> Trojan.Maha.a : Cleaned with backup (quarantined).
C:\Documents and Settings\Dreni\Local Settings\Temporary Internet Files\Content.IE5\2JOXOJAL\update[1].exe -> Trojan.Maha.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4429D310-DD90-4F8F-BF3D-6047D348300D}\RP613\A0419786.exe -> Trojan.Maha.g : Cleaned with backup (quarantined).
C:\System Volume Information\_restore{4429D310-DD90-4F8F-BF3D-6047D348300D}\RP613\A0419787.exe -> Trojan.Maha.g : Cleaned with backup (quarantined).
C:\WINDOWS\update.exe -> Trojan.Maha.g : Cleaned with backup (quarantined).
C:\WINDOWS\update1.exe -> Trojan.Maha.g : Cleaned with backup (quarantined).


::Report end
Logfile of HijackThis v1.99.1
Scan saved at 20:56:51, on 17.1.2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
D:\Program Files\DU Meter\DUMeter.exe
C:\Program Files\Eset\nod32kui.exe
C:\WINDOWS\aps\svchost.exe
C:\WINDOWS\aps\spoolsv.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\Program Files\Eset\nod32krn.exe
C:\WINDOWS\system32\oodag.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\WgaTray.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\Program Files\Sunbelt Software\Personal Firewall\kpf4gui.exe
C:\WINDOWS\aps\spoolsv.exe
C:\WINDOWS\system32\NOTEPAD.EXE
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Dreni\Plocha\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - D:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\MSN Toolbar\01.02.5000.1021\en-us\msntb.dll
O3 - Toolbar: Megaupload Toolbar - {4E7BD74F-2B8D-469E-CCB0-B130EEDBE97C} - C:\PROGRA~1\MEGAUP~1\MEGAUP~1.DLL
O4 - HKLM\..\Run: [NvCplDaemon] "RUNDLL32.EXE" C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [run32] run32dll.exe
O4 - HKLM\..\Run: [Microsoft Systems] C:\WINDOWS\aps\svchost.exe
O4 - HKLM\..\Run: [Microsoft Systems2] C:\WINDOWS\aps\spoolsv.exe
O4 - HKLM\..\Run: [Acronis Scheduler2 Service] "C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] "C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe"
O4 - HKLM\..\Run: [msconfig] C:\WINDOWS\update.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\RunServices: [run32] run32dll.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {2917297F-F02B-4B9D-81DF-494B6333150B} (Minesweeper Flags Class) - http://messenger.zon...er.cab31267.cab
O16 - DPF: {389956FE-3A45-469C-B944-70308E06BAAC} (CVServerObject Object) - http://85.70.16.183/videocom.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://messenger.zon...ro.cab32846.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{CA09F2D3-ADE4-4015-8F45-FA36C505280E}: NameServer = 194.228.41.65 194.228.41.113
O18 - Protocol: livecall - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\MSNMES~1\MSGRAP~1.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: WRNotifier - WRLogonNTF.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Sunbelt Kerio Personal Firewall 4 (KPF4) - Sunbelt Software - C:\Program Files\Sunbelt Software\Personal Firewall\kpf4ss.exe
O23 - Service: NBService - Nero AG - D:\Program Files\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Eset - C:\Program Files\Eset\nod32krn.exe
O23 - Service: O&O Defrag - O&O Software GmbH - C:\WINDOWS\system32\oodag.exe



"Dreni" - 07-01-17 20:49:00 Service Pack 2
ComboFix 07-01-16.2 - Running from: "C:\Documents and Settings\Dreni\Plocha"

(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\WINDOWS\hosts
C:\WINDOWS\install.exe
C:\Program Files\Common Files\{3F511~1
C:\Program Files\Common Files\{1F511~1


((((((((((((((((((((((((((((((( Files Created from 2006-12-17 to 2007-01-17 ))))))))))))))))))))))))))))))))))


2007-01-17 18:47 <DIR> d-------- C:\WINDOWS\LastGood
2007-01-17 13:02 <DIR> d--hs---- C:\FOUND.036
2007-01-17 13:00 <DIR> d--hs---- C:\FOUND.035
2007-01-16 22:30 <DIR> d-------- C:\Program Files\MegauploadToolbar
2007-01-16 20:53 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2007-01-14 22:11 18,704 -ra------ C:\WINDOWS\system32\drivers\se2Bnd5.sys
2007-01-14 22:10 90,800 -ra------ C:\WINDOWS\system32\drivers\se2Bunic.sys
2007-01-14 22:10 88,688 -ra------ C:\WINDOWS\system32\drivers\SE2Bmgmt.sys
2007-01-14 22:10 86,560 -ra------ C:\WINDOWS\system32\drivers\SE2Bobex.sys
2007-01-14 22:10 4,128 -ra------ C:\WINDOWS\system32\drivers\se2Bcr.sys
2007-01-14 22:09 97,184 -ra------ C:\WINDOWS\system32\drivers\SE2Bmdm.sys
2007-01-14 22:09 9,360 -ra------ C:\WINDOWS\system32\drivers\SE2Bmdfl.sys
2007-01-14 22:09 6,240 -ra------ C:\WINDOWS\system32\drivers\SE2Bcmnt.sys
2007-01-14 22:09 6,240 -ra------ C:\WINDOWS\system32\drivers\SE2Bcm.sys
2007-01-14 22:08 61,600 -ra------ C:\WINDOWS\system32\drivers\SE2Bbus.sys
2007-01-14 22:08 5,872 -ra------ C:\WINDOWS\system32\drivers\SE2Bwhnt.sys
2007-01-14 22:08 5,872 -ra------ C:\WINDOWS\system32\drivers\se2Bwh.sys
2007-01-08 20:38 <DIR> d-------- C:\Program Files\Sunbelt Software
2007-01-06 09:50 5,411 --a------ C:\roflky.exe
2006-12-29 00:00 <DIR> d--hs---- C:\FOUND.034
2006-12-28 22:25 <DIR> d-------- C:\WINDOWS\Lhsp
2006-12-28 20:38 <DIR> d-------- C:\Program Files\LimeWire Turbo Accelerator
2006-12-28 15:33 63,488 --a------ C:\WINDOWS\system32\unam4ie.exe
2006-12-28 15:33 4,608 --a------ C:\WINDOWS\system32\w95inf32.dll
2006-12-28 15:33 38,160 --a------ C:\WINDOWS\system32\LMRTREND.dll
2006-12-28 15:33 2,272 --a------ C:\WINDOWS\system32\w95inf16.dll
2006-12-28 15:33 194,320 --a------ C:\WINDOWS\system32\qcut.dll
2006-12-28 15:33 182,032 --a------ C:\WINDOWS\system32\dxtmsft3.dll
2006-12-28 15:33 10,240 --a------ C:\WINDOWS\system32\vidx16.dll
2006-12-26 15:42 <DIR> d-------- C:\download
2006-12-26 15:12 155,648 --a------ C:\WINDOWS\system32\libssl32.dll
2006-12-22 21:00 <DIR> d-------- C:\WINDOWS\aps
2006-12-22 20:48 1,218,048 --a------ C:\WINDOWS\clockupdate.exe
2006-12-22 13:17 129,784 --------- C:\WINDOWS\system32\pxafs.dll
2006-12-20 22:50 24,072 --a------ C:\WINDOWS\system32\uxtuneup.dll
2006-12-20 22:48 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2006-12-17 16:38 2,809 --a------ C:\WINDOWS\system32\run32.dll


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2007-01-01 13:42 639224 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2006-12-14 21:13 33952 --a------ C:\WINDOWS\system32\drivers\oreans32.sys
2006-12-10 22:58 10368 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2006-12-10 22:42 -------- d-------- C:\Program Files\acd systems
2006-12-10 22:42 -------- d-------- C:\Program Files\acd systems
2006-12-10 10:44 99776 --a------ C:\WINDOWS\system32\drivers\snapman.sys
2006-12-10 10:44 388000 --a------ C:\WINDOWS\system32\drivers\timntr.sys
2006-12-10 10:44 32288 --a------ C:\WINDOWS\system32\drivers\tifsfilt.sys
2006-12-07 06:29 2374472 --a------ C:\WINDOWS\system32\wmvcore.dll
2006-12-06 23:07 512096 --a------ C:\WINDOWS\system32\drivers\amon.sys
2006-12-06 23:07 299392 --a------ C:\WINDOWS\system32\imon.dll
2006-12-06 23:07 15424 --a------ C:\WINDOWS\system32\drivers\nod32drv.sys
2006-12-03 11:04 48424 --a------ C:\WINDOWS\system32\sirenacm.dll
2006-11-08 06:07 679424 --a------ C:\WINDOWS\system32\inetcomm.dll
2006-11-04 14:14 1245696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-03 17:42 51712 --a------ C:\WINDOWS\wc98pp.dll
2006-10-31 23:42 20 --a------ C:\sccfg.sys
2006-10-21 14:16 218827 --a------ C:\WINDOWS\system32\installer.exe
2006-10-20 02:39 713728 --a------ C:\WINDOWS\system32\sxs.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="\"RUNDLL32.EXE\" C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"DU Meter"="D:\\Program Files\\DU Meter\\DUMeter.exe"
"nod32kui"="\"C:\\Program Files\\Eset\\nod32kui.exe\" /WAITSERVICE"
"run32"="run32dll.exe"
"Microsoft Systems"="C:\\WINDOWS\\aps\\svchost.exe"
"Microsoft Systems2"="C:\\WINDOWS\\aps\\spoolsv.exe"
"Acronis Scheduler2 Service"="\"C:\\Program Files\\Common Files\\Acronis\\Schedule2\\schedhlp.exe\""
"NeroFilterCheck"="\"C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe\""
"msconfig"="C:\\WINDOWS\\update.exe"
"!AVG Anti-Spyware"="\"D:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices]
"run32"="run32dll.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Skype"="\"D:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AcronisTimounterMonitor"="\"D:\\Program Files\\Acronis\\TrueImageWorkstation\\TimounterMonitor.exe\""
"TrueImageMonitor.exe"="\"D:\\Program Files\\Acronis\\TrueImageWorkstation\\TrueImageMonitor.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabídka Start^Programy^Po spuštění^Adobe Reader Speed Launch.lnk]
"path"="C:\\Documents and Settings\\All Users\\Nabídka Start\\Programy\\Po spuštění\\Adobe Reader Speed Launch.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Reader Speed Launch.lnkCommon Startup"
"location"="Common Startup"
"command"="D:\\PROGRA~1\\Adobe\\ACROBA~1.0\\Reader\\READER~1.EXE "
"item"="Adobe Reader Speed Launch"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dreni^Nabídka Start^Programy^Po spuštění^Adobe Gamma.lnk]
"path"="C:\\Documents and Settings\\Dreni\\Nabídka Start\\Programy\\Po spuštění\\Adobe Gamma.lnk"
"backup"="C:\\WINDOWS\\pss\\Adobe Gamma.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\COMMON~1\\Adobe\\CALIBR~1\\ADOBEG~1.EXE "
"item"="Adobe Gamma"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dreni^Nabídka Start^Programy^Po spuštění^LimeWire Turbo Accelerator.lnk]
"path"="C:\\Documents and Settings\\Dreni\\Nabídka Start\\Programy\\Po spuštění\\LimeWire Turbo Accelerator.lnk"
"backup"="C:\\WINDOWS\\pss\\LimeWire Turbo Accelerator.lnkStartup"
"location"="Startup"
"command"="D:\\PROGRA~1\\LIMEWI~1\\LIMEWI~1.EXE "
"item"="LimeWire Turbo Accelerator"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Dreni^Nabídka Start^Programy^Po spuštění^UMAX VistaAccess.lnk]
"path"="C:\\Documents and Settings\\Dreni\\Nabídka Start\\Programy\\Po spuštění\\UMAX VistaAccess.lnk"
"backup"="C:\\WINDOWS\\pss\\UMAX VistaAccess.lnkStartup"
"location"="Startup"
"command"="C:\\VSTASCAN\\vsaccess.exe "
"item"="UMAX VistaAccess"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CnxDslTaskBar]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CnxDslTb"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Conexant\\AccessRunner ADSL\\CnxDslTb.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Creative WebCam Tray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="CAMTRAY"
"hkey"="HKLM"
"command"="C:\\Program Files\\Creative\\Shared Files\\CAMTRAY.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ctfmon"
"hkey"="HKCU"
"command"="C:\\WINDOWS\\system32\\ctfmon.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"command"="D:\\Program Files\\iTunes\\iTunesHelper.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msie]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msie"
"hkey"="HKLM"
"command"="msie.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"command"="C:\\WINDOWS\\system32\\NeroCheck.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvMcTray"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="nwiz"
"hkey"="HKLM"
"command"="nwiz.exe /install"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Skype"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Skype\\Phone\\Skype.exe\" /nosplash /minimized"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Spanish]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Study Conversation"
"hkey"="HKCU"
"command"="D:\\Program Files\\Learn To Speak Italian Demo V2.8\\Study Conversation.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpySweeper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpySweeperUI"
"hkey"="HKLM"
"command"="\"D:\\Program Files\\Webroot\\Spy Sweeper\\SpySweeperUI.exe\" /startintray"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\updateMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="AdobeUpdateManager"
"hkey"="HKCU"
"command"="\"D:\\Program Files\\Adobe\\Acrobat 7.0\\Reader\\AdobeUpdateManager.exe\" AcRdB7_0_8 -reboot 1"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="D:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"TUWinStylerThemeSvc"=dword:00000003
"NVSvc"=dword:00000002
"MDM"=dword:00000002
"Adobe LM Service"=dword:00000003

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Svchost]
LocalService REG_MULTI_SZ Alerter\0WebClient\0LmHosts\0RemoteRegistry\0upnphost\0SSDPSRV\0\0
NetworkService REG_MULTI_SZ DnsCache\0\0
rpcss REG_MULTI_SZ RpcSs\0\0
imgsvc REG_MULTI_SZ StiSvc\0\0
termsvcs REG_MULTI_SZ TermService\0\0
HTTPFilter REG_MULTI_SZ HTTPFilter\0\0
DcomLaunch REG_MULTI_SZ DcomLaunch\0TermService\0\0

HKLM\software\Microsoft\Windows NT\CurrentVersion\Svchost *netsvcs*
UxTuneUp


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\1-Click Maintenance.job

Completion time: 07-01-17 20:52:10
  • 0

#6
Rawe
Posted 18 January 2007 - 03:54 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Lets see... :whistling: Go ahead and uninstall AVG Anti-Spyware if you wish.

You might be having rootkits there. We definitely need to check.

Please download GMER:
  • Unzip it and double-click GMER.exe
  • Click the rootkit-tab and click scan.
  • Once done, click Copy.
  • This will copy the results to clipboard.
  • Paste the results in your next reply.
-------

Please run the F-Secure Online Scanner

Note: This scanner is for Internet Explorer only!
  • Follow the instructions here for installation.
  • Accept the License Agreement.
  • Once the ActiveX installs, click Full System Scan.
  • Once the download completes, the scan will begin automatically.
  • The scan will take some time to finish, so please be patient.
  • When the scan completes, click the Automatic cleaning (recommended) button.
  • Click the Show Report button and copy & paste the entire report in your next reply. :blink:

  • 0

#7
daino
Posted 18 January 2007 - 11:39 AM

daino

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Scanning Report
Thursday, January 18, 2007 16:34:28 - 18:12:37

Computer name: TSUNAMI-KS4CD1Y
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\ D:\
Result: 2 malware found
Tracking Cookie (spyware)

* System (Disinfected)
* System

Statistics
Scanned:

* Files: 42231
* System: 4274
* Not scanned: 8

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SOFTWAREDISTRIBUTION\EVENTCACHE\{CF880F16-7A86-44CF-8556-204345900F33}.BIN
* C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM

Options
Scanning engines:

* F-Secure Libra: 2.4.2, 2007-01-18
* F-Secure AVP: 7.0.171, 2007-01-18
* F-Secure Orion: 1.2.37, 2007-01-18
* F-Secure Blacklight: 1.0.53, 0000-00-00
* F-Secure Draco: 1.0.35, 2007-01-08
* F-Secure Pegasus: 1.19.0, 2007-00-17

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX
* Use Advanced heuristics
  • 0

#8
Rawe
Posted 18 January 2007 - 11:58 AM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
Where's the Gmer log :whistling:

I really need to see it...
  • 0

#9
daino
Posted 18 January 2007 - 12:12 PM

daino

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
GMER 1.0.12.12011 - http://www.gmer.net
Rootkit scan 2007-01-18 18:27:51
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.12 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey
SSDT sptd.sys ZwEnumerateKey
SSDT sptd.sys ZwEnumerateValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey
SSDT \??\D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess
SSDT sptd.sys ZwQueryKey
SSDT sptd.sys ZwQueryValueKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey
SSDT \??\D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile

---- Kernel code sections - GMER 1.0.12 ----

.text ntkrnlpa.exe!ZwCallbackReturn + 23E8 805010EC 8 Bytes [ 20, AF, 1D, EF, 90, AD, 1D, ... ]
.text ntkrnlpa.exe!ZwCallbackReturn + 2424 80501128 8 Bytes [ 90, C1, 1D, EF, 20, 83, 1D, ... ]
PAGENDSM NDIS.sys!NdisMIndicateStatus F71E9A5F 6 Bytes [ FF, 25, 88, D5, 24, EF ]
.text USBPORT.SYS!DllUnload F19D362C 5 Bytes JMP 86A941B8

---- User code sections - GMER 1.0.12 ----

.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe[264] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00030608
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000307AC
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00030720
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000308C4
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00030838
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00030950
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00030DB0
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00030F54
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00030D24
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00030E3C
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00030FE0
.text C:\PROGRAM FILES\SUNBELT SOFTWARE\PERSONAL FIREWALL\KPF4SS.EXE[320] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00030EC8
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\PROGRAM FILES\ESET\NOD32KRN.EXE[532] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001308C4
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00130838
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00130950
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001307AC
.text C:\WINDOWS\SYSTEM32\OODAG.EXE[564] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00130720
.text C:\WINDOWS\EXPLORER.EXE[808] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\EXPLORER.EXE[808] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\EXPLORER.EXE[808] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\EXPLORER.EXE[808] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\EXPLORER.EXE[808] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\EXPLORER.EXE[808] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\EXPLORER.EXE[808] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\EXPLORER.EXE[808] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\EXPLORER.EXE[808] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\EXPLORER.EXE[808] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\EXPLORER.EXE[808] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\EXPLORER.EXE[808] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\EXPLORER.EXE[808] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\EXPLORER.EXE[808] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\EXPLORER.EXE[808] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text C:\WINDOWS\EXPLORER.EXE[808] WININET.dll!InternetOpenW 771AAEFD 5 Bytes JMP 00080DB0
.text C:\WINDOWS\EXPLORER.EXE[808] WININET.dll!InternetConnectA 771B30C3 5 Bytes JMP 00080F54
.text C:\WINDOWS\EXPLORER.EXE[808] WININET.dll!InternetOpenA 771B58BA 5 Bytes JMP 00080D24
.text C:\WINDOWS\EXPLORER.EXE[808] WININET.dll!InternetOpenUrlA 771B5B6D 5 Bytes JMP 00080E3C
.text C:\WINDOWS\EXPLORER.EXE[808] WININET.dll!InternetConnectW 771BEE00 5 Bytes JMP 00080FE0
.text C:\WINDOWS\EXPLORER.EXE[808] WININET.dll!InternetOpenUrlW 771C5B52 5 Bytes JMP 00080EC8
.text C:\WINDOWS\EXPLORER.EXE[808] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\EXPLORER.EXE[808] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\EXPLORER.EXE[808] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000808C4
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00080838
.text C:\WINDOWS\SYSTEM32\SPOOLSV.EXE[852] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00080950
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\SYSTEM32\CTFMON.EXE[896] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000807AC
.text C:\WINDOWS\SYSTEM32\SVCHOST.EXE[1012] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00080720
.text D:\Program Files\DU Meter\DUMeter.exe[1164] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text D:\Program Files\DU Meter\DUMeter.exe[1164] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text D:\Program Files\DU Meter\DUMeter.exe[1164] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text D:\Program Files\DU Meter\DUMeter.exe[1164] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text D:\Program Files\DU Meter\DUMeter.exe[1164] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text D:\Program Files\DU Meter\DUMeter.exe[1164] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00140004
.text D:\Program Files\DU Meter\DUMeter.exe[1164] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0014011C
.text D:\Program Files\DU Meter\DUMeter.exe[1164] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001404F0
.text D:\Program Files\DU Meter\DUMeter.exe[1164] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0014057C
.text D:\Program Files\DU Meter\DUMeter.exe[1164] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001403D8
.text D:\Program Files\DU Meter\DUMeter.exe[1164] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0014034C
.text D:\Program Files\DU Meter\DUMeter.exe[1164] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00140464
.text D:\Program Files\DU Meter\DUMeter.exe[1164] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00140608
.text D:\Program Files\DU Meter\DUMeter.exe[1164] user32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001407AC
.text D:\Program Files\DU Meter\DUMeter.exe[1164] user32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00140720
.text D:\Program Files\DU Meter\DUMeter.exe[1164] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text D:\Program Files\DU Meter\DUMeter.exe[1164] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text D:\Program Files\DU Meter\DUMeter.exe[1164] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00140004
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0014011C
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001404F0
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0014057C
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001403D8
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0014034C
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00140464
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00140608
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001407AC
.text C:\PROGRAM FILES\ESET\NOD32KUI.EXE[1172] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00140720
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC
.text C:\WINDOWS\SYSTEM32\WDFMGR.EXE[1196] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00140004
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0014011C
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001404F0
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0014057C
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001403D8
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0014034C
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00140464
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00140608
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001407AC
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00140720
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\WINDOWS\APS\SVCHOST.EXE[1212] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00140004
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0014011C
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001404F0
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0014057C
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001403D8
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0014034C
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00140464
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00140608
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001407AC
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00140720
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text C:\WINDOWS\APS\SPOOLSV.EXE[1228] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00140004
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0014011C
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001404F0
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0014057C
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001403D8
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0014034C
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00140464
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00140608
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001407AC
.text C:\PROGRAM FILES\COMMON FILES\ACRONIS\SCHEDULE2\SCHEDHLP.EXE[1240] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00140720
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00140004
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0014011C
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001404F0
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0014057C
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001403D8
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0014034C
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00140464
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00140608
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001407AC
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00140720
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] WS2_32.dll!socket 71A93B91 5 Bytes JMP 001408C4
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00140838
.text D:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[1272] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00140950
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 001607AC
.text C:\WINDOWS\SYSTEM32\CSRSS.EXE[1284] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00160720
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] USER32.dll!SetWindowsHookExW 77D4E4AF 5 Bytes JMP 000707AC
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] USER32.dll!SetWindowsHookExA 77D511E9 5 Bytes JMP 00070720
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] WS2_32.dll!socket 71A93B91 5 Bytes JMP 000708C4
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] WS2_32.dll!bind 71A93E00 5 Bytes JMP 00070838
.text C:\WINDOWS\SYSTEM32\WINLOGON.EXE[1324] WS2_32.dll!connect 71A9406A 5 Bytes JMP 00070950
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[1384] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[1384] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[1384] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[1384] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[1384] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[1384] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[1384] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[1384] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[1384] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[1384] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8
.text C:\WINDOWS\SYSTEM32\SERVICES.EXE[1384] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 By
  • 0

#10
Rawe
Posted 18 January 2007 - 12:17 PM

Rawe

    Visiting Staff

  • Member
  • PipPipPipPipPipPipPip
  • 4,746 posts
And again, it got cut off, can you please keep pasting until you get it completely finished :whistling:

Starting from the line it ended in your last post...
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP