Report aus GMER: GMER 1.0.12.12086 - http://www.gmer.net Rootkit scan 2007-04-04 20:35:24 Windows 5.1.2600 Service Pack 2 ---- System - GMER 1.0.12 ---- SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwClose SSDT E1985CA8 ZwConnectPort SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateProcessEx SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwCreateThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteKey SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwDeleteValueKey SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwOpenKey SSDT \??\C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwOpenProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwResumeThread SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetInformationFile SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwSetValueKey SSDT \??\C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.sys ZwTerminateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys ZwWriteFile ---- Kernel code sections - GMER 1.0.12 ---- PAGENDSM NDIS.sys!NdisMIndicateStatus F8706A5F 6 Bytes JMP F3B761EC \SystemRoot\system32\drivers\fwdrv.sys ---- User code sections - GMER 1.0.12 ---- .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\guard.exe[560] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe[592] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000301A8 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00030090 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00030694 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000302C0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00030234 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00030004 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0003011C .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000304F0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0003057C .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000303D8 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0003034C .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00030464 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00030608 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000308C4 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00030838 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00030950 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000307AC .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00030720 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00030F54 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00030FE0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00030D24 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00030DB0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00030E3C .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[648] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00030EC8 .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] WS2_32.dll!socket 71A13B91 5 Bytes JMP 001308C4 .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00130838 .text C:\Programme\DT\DT 11Mbps Wireless Cardbus Card\Installer\WINXP\DTCARDMonitor.exe[712] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00130950 .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[796] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe[832] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[876] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[876] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Dokumente und Einstellungen\Rolf Holstein\Lokale Einstellungen\Temp\gmer.exe[892] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe[940] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[980] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\WINDOWS\explorer.exe[1036] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\explorer.exe[1036] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\explorer.exe[1036] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\explorer.exe[1036] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\explorer.exe[1036] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\explorer.exe[1036] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\explorer.exe[1036] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\explorer.exe[1036] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\explorer.exe[1036] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\explorer.exe[1036] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\explorer.exe[1036] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\explorer.exe[1036] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\explorer.exe[1036] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\explorer.exe[1036] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\explorer.exe[1036] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\explorer.exe[1036] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54 .text C:\WINDOWS\explorer.exe[1036] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0 .text C:\WINDOWS\explorer.exe[1036] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24 .text C:\WINDOWS\explorer.exe[1036] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0 .text C:\WINDOWS\explorer.exe[1036] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C .text C:\WINDOWS\explorer.exe[1036] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8 .text C:\WINDOWS\explorer.exe[1036] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\explorer.exe[1036] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text C:\WINDOWS\explorer.exe[1036] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\csrss.exe[1052] KERNEL32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001601A8 .text C:\WINDOWS\system32\csrss.exe[1052] KERNEL32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00160090 .text C:\WINDOWS\system32\csrss.exe[1052] KERNEL32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00160694 .text C:\WINDOWS\system32\csrss.exe[1052] KERNEL32.dll!CreateProcessW 7C802332 5 Bytes JMP 001602C0 .text C:\WINDOWS\system32\csrss.exe[1052] KERNEL32.dll!CreateProcessA 7C802367 5 Bytes JMP 00160234 .text C:\WINDOWS\system32\csrss.exe[1052] KERNEL32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00160004 .text C:\WINDOWS\system32\csrss.exe[1052] KERNEL32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0016011C .text C:\WINDOWS\system32\csrss.exe[1052] KERNEL32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001604F0 .text C:\WINDOWS\system32\csrss.exe[1052] KERNEL32.dll!CreateThread 7C810637 5 Bytes JMP 0016057C .text C:\WINDOWS\system32\csrss.exe[1052] KERNEL32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001603D8 .text C:\WINDOWS\system32\csrss.exe[1052] KERNEL32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0016034C .text C:\WINDOWS\system32\csrss.exe[1052] KERNEL32.dll!WinExec 7C86136D 5 Bytes JMP 00160464 .text C:\WINDOWS\system32\csrss.exe[1052] KERNEL32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00160608 .text C:\WINDOWS\system32\csrss.exe[1052] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001607AC .text C:\WINDOWS\system32\csrss.exe[1052] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00160720 .text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\winlogon.exe[1076] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\winlogon.exe[1076] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\winlogon.exe[1076] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\winlogon.exe[1076] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000708C4 .text C:\WINDOWS\system32\winlogon.exe[1076] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00070838 .text C:\WINDOWS\system32\winlogon.exe[1076] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\services.exe[1124] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\services.exe[1124] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\services.exe[1124] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\services.exe[1124] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\services.exe[1124] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\services.exe[1124] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1320] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1320] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1320] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1372] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1372] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1372] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\PROGRA~1\WinZip\WINZIP32.EXE[1432] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] WS2_32.dll!socket 71A13B91 5 Bytes JMP 001308C4 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00130838 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1440] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1464] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1464] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1464] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54 .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0 .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24 .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0 .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C .text C:\WINDOWS\system32\svchost.exe[1464] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8 .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1560] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1560] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1560] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1560] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1560] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] WS2_32.dll!socket 71A13B91 5 Bytes JMP 001308C4 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00130838 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[1748] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1764] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1764] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1764] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1764] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1764] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1764] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1764] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00080F54 .text C:\WINDOWS\system32\svchost.exe[1764] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00080FE0 .text C:\WINDOWS\system32\svchost.exe[1764] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00080D24 .text C:\WINDOWS\system32\svchost.exe[1764] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00080DB0 .text C:\WINDOWS\system32\svchost.exe[1764] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00080E3C .text C:\WINDOWS\system32\svchost.exe[1764] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00080EC8 .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\spoolsv.exe[2028] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\spoolsv.exe[2028] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\spoolsv.exe[2028] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\spoolsv.exe[2028] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\spoolsv.exe[2028] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Programme\Utimaco\SafeGuard Easy\ecview.exe[2204] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\wscntfy.exe[2240] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\wscntfy.exe[2240] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\wscntfy.exe[2240] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\wscntfy.exe[2240] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\wscntfy.exe[2240] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\wscntfy.exe[2240] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\wscntfy.exe[2240] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\wscntfy.exe[2240] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\wscntfy.exe[2240] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\wscntfy.exe[2240] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\wscntfy.exe[2240] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\wscntfy.exe[2240] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\wscntfy.exe[2240] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\wscntfy.exe[2240] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\wscntfy.exe[2240] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\alg.exe[2544] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\alg.exe[2544] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\alg.exe[2544] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\alg.exe[2544] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\alg.exe[2544] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\alg.exe[2544] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\alg.exe[2544] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\alg.exe[2544] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\alg.exe[2544] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\alg.exe[2544] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\alg.exe[2544] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\alg.exe[2544] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\alg.exe[2544] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\alg.exe[2544] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\alg.exe[2544] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\alg.exe[2544] WS2_32.dll!socket 71A13B91 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\alg.exe[2544] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\alg.exe[2544] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00080950 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] WS2_32.dll!socket 71A13B91 5 Bytes JMP 001308C4 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00130838 .text C:\Programme\Grisoft\AVG Anti-Spyware 7.5\avgas.exe[2844] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00130950 .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001401A8 .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00140090 .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00140694 .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001402C0 .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00140234 .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00140004 .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0014011C .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001404F0 .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0014057C .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001403D8 .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0014034C .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00140464 .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00140608 .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001407AC .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00140720 .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] WS2_32.dll!socket 71A13B91 5 Bytes JMP 001408C4 .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] WS2_32.dll!bind 71A13E00 5 Bytes JMP 00140838 .text C:\Programme\Microsoft ActiveSync\wcescomm.exe[3108] WS2_32.dll!connect 71A1406A 5 Bytes JMP 00140950 .text C:\Programme\Internet Explorer\iexplore.exe[3268] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programme\Internet Explorer\iexplore.exe[3268] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programme\Internet Explorer\iexplore.exe[3268] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programme\Internet Explorer\iexplore.exe[3268] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programme\Internet Explorer\iexplore.exe[3268] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programme\Internet Explorer\iexplore.exe[3268] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programme\Internet Explorer\iexplore.exe[3268] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programme\Internet Explorer\iexplore.exe[3268] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programme\Internet Explorer\iexplore.exe[3268] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programme\Internet Explorer\iexplore.exe[3268] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programme\Internet Explorer\iexplore.exe[3268] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programme\Internet Explorer\iexplore.exe[3268] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programme\Internet Explorer\iexplore.exe[3268] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programme\Internet Explorer\iexplore.exe[3268] USER32.dll!SetWindowLongA 7E36D60D 5 Bytes JMP 00B6FFBA C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[3268] USER32.dll!SetWindowLongW 7E36D62B 5 Bytes JMP 00B6FFEB C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[3268] USER32.dll!DialogBoxParamW 7E37555F 5 Bytes JMP 009DF205 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[3268] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Programme\Internet Explorer\iexplore.exe[3268] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\Programme\Internet Explorer\iexplore.exe[3268] USER32.dll!DialogBoxIndirectParamW 7E382032 5 Bytes JMP 00B6FEBF C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[3268] USER32.dll!MessageBoxIndirectA 7E38A04A 5 Bytes JMP 00B6FE40 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[3268] USER32.dll!DialogBoxParamA 7E38B10C 5 Bytes JMP 00B6FE84 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[3268] USER32.dll!MessageBoxExW 7E3A05D8 5 Bytes JMP 00B6FDCC C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[3268] USER32.dll!MessageBoxExA 7E3A05FC 5 Bytes JMP 00B6FE06 C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[3268] USER32.dll!DialogBoxIndirectParamA 7E3A6B50 5 Bytes JMP 00B6FEFA C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[3268] USER32.dll!MessageBoxIndirectW 7E3B62AB 5 Bytes JMP 00A015DA C:\WINDOWS\system32\IEFRAME.dll .text C:\Programme\Internet Explorer\iexplore.exe[3268] WININET.dll!InternetConnectA 771C49A2 5 Bytes JMP 00130F54 .text C:\Programme\Internet Explorer\iexplore.exe[3268] WININET.dll!InternetConnectW 771C5B98 5 Bytes JMP 00130FE0 .text C:\Programme\Internet Explorer\iexplore.exe[3268] WININET.dll!InternetOpenA 771CC859 5 Bytes JMP 00130D24 .text C:\Programme\Internet Explorer\iexplore.exe[3268] WININET.dll!InternetOpenW 771CCE91 5 Bytes JMP 00130DB0 .text C:\Programme\Internet Explorer\iexplore.exe[3268] WININET.dll!InternetOpenUrlA 771D06CD 5 Bytes JMP 00130E3C .text C:\Programme\Internet Explorer\iexplore.exe[3268] WININET.dll!InternetOpenUrlW 7721A881 5 Bytes JMP 00130EC8 .text C:\Programme\Internet Explorer\iexplore.exe[3268] ws2_32.dll!socket 71A13B91 5 Bytes JMP 001308C4 .text C:\Programme\Internet Explorer\iexplore.exe[3268] ws2_32.dll!bind 71A13E00 5 Bytes JMP 00130838 .text C:\Programme\Internet Explorer\iexplore.exe[3268] ws2_32.dll!connect 71A1406A 5 Bytes JMP 00130950 .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 001301A8 .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00130090 .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00130694 .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 001302C0 .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00130234 .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00130004 .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0013011C .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 001304F0 .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0013057C .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 001303D8 .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0013034C .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00130464 .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00130608 .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 001307AC .text C:\Programme\Tracker Software\PDF-XChange 3\pdfSaver\pdfSaver3.exe[3544] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\ctfmon.exe[3868] kernel32.dll!VirtualProtectEx 7C801A5D 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\ctfmon.exe[3868] kernel32.dll!VirtualProtect 7C801AD0 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\ctfmon.exe[3868] kernel32.dll!WriteProcessMemory 7C80220F 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\ctfmon.exe[3868] kernel32.dll!CreateProcessW 7C802332 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\ctfmon.exe[3868] kernel32.dll!CreateProcessA 7C802367 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\ctfmon.exe[3868] kernel32.dll!VirtualAlloc 7C809A51 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\ctfmon.exe[3868] kernel32.dll!VirtualAllocEx 7C809A72 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\ctfmon.exe[3868] kernel32.dll!CreateRemoteThread 7C81042C 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\ctfmon.exe[3868] kernel32.dll!CreateThread 7C810637 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\ctfmon.exe[3868] kernel32.dll!CreateProcessInternalW 7C819513 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\ctfmon.exe[3868] kernel32.dll!CreateProcessInternalA 7C81DDD6 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\ctfmon.exe[3868] kernel32.dll!WinExec 7C86136D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\ctfmon.exe[3868] kernel32.dll!SetThreadContext 7C862AA5 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\ctfmon.exe[3868] USER32.dll!SetWindowsHookExW 7E37DDB5 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\ctfmon.exe[3868] USER32.dll!SetWindowsHookExA 7E3811D1 5 Bytes JMP 00080720 ---- Registry - GMER 1.0.12 ---- Reg \Registry\MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version@Version 0x7A 0x6E 0x1C 0x8F ... Reg \Registry\MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version@Version 0x7A 0x6E 0x1C 0x8F ... ---- EOF - GMER 1.0.12 ---- Report aus RootKitBuster: +---------------------------------------------------- | Trend Micro RootkitBuster 1.6 Beta. | Module version: 1.6.0.1052 +---------------------------------------------------- --== Dump Hidden File on C:\ ==-- No hidden files found. --== Dump Hidden Registry Value on HKLM ==-- No hidden registry entries found. --== Dump Hidden Process ==-- No hidden processes found. --== Dump Hidden Driver ==-- No hidden drivers found.