Home » Viren, Trojaner & Malware Forum » rundll fehler, redirect und popups » Themenansicht

Firefox Tipp: Instantfox - Quick Search Add-On!

Seite(n): 1 2 3

Antworten

rundll fehler, redirect und popups

15.02.2009, 16:21

AndiFischer

Member

Themenstarter

Beiträge: 18

#16

Zitat

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

Wo finde ich denn das gmer log?

15.02.2009, 16:24

virenfinder

Member

Beiträge: 3716

#17 füre gmer bitte noch mal neu aus.

15.02.2009, 16:36

AndiFischer

Member

Themenstarter

Beiträge: 18

#18 Habe ich gemacht... ich bekomme aber kein gmer.log....
Unter dem Reiter LOG sind keine Einträge zu sehen...

Dieser Beitrag wurde am 15.02.2009 um 16:44 Uhr von AndiFischer editiert.

15.02.2009, 16:44

virenfinder

Member

Beiträge: 3716

#19 C:\WINDOWS\gmer.log
auch zu finden in der faq (auf englisch)
http://www.gmer.net/faq.php

15.02.2009, 16:46

AndiFischer

Member

Themenstarter

Beiträge: 18

#20

Zitat

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-15 16:22:28
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwAdjustPrivilegesToken [0xB0E83906]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwConnectPort [0xB0E82E66]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateFile [0xB0E834C2]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateKey [0xB0E840D0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreatePort [0xB0E82BC0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSection [0xB0E84DC0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateSymbolicLinkObject [0xB0E83AEC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwCreateThread [0xB0E82796]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteKey [0xB0E83D3A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDeleteValueKey [0xB0E83EEA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwDuplicateObject [0xB0E824F8]
SSDT spzj.sys ZwEnumerateKey [0xB9EC6CA2]
SSDT spzj.sys ZwEnumerateValueKey [0xB9EC7030]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwLoadDriver [0xB0E84A42]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwMakeTemporaryObject [0xB0E830AC]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenFile [0xB0E836FA]
SSDT spzj.sys ZwOpenKey [0xB9EA80C0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenProcess [0xB0E82228]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenSection [0xB0E8333C]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwOpenThread [0xB0E823A0]
SSDT spzj.sys ZwQueryKey [0xB9EC7108]
SSDT spzj.sys ZwQueryValueKey [0xB9EC6F88]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRenameKey [0xB0E84496]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwRequestWaitReplyPort [0xB0E82CDE]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSecureConnectPort [0xB0E847FA]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetSystemInformation [0xB0E84BF0]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSetValueKey [0xB0E84296]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwShutdownSystem [0xB0E83046]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwSystemDebugControl [0xB0E83230]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateProcess [0xB0E82A8A]
SSDT \SystemRoot\System32\DRIVERS\cmdguard.sys (COMODO Internet Security Sandbox Driver/COMODO) ZwTerminateThread [0xB0E82958]

INT 0x01 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B99554F6
INT 0x03 \SystemRoot\system32\DRIVERS\ati2mtag.sys (ATI Radeon WindowsNT Miniport Driver/ATI Technologies Inc.) B995559C
INT 0x06 \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) AE39616D
INT 0x0E \??\C:\WINDOWS\system32\drivers\Haspnt.sys (HASP Kernel Device Driver for Windows NT/Aladdin Knowledge Systems) AE395FC2
INT 0x62 ? 8A69EBF8
INT 0x74 ? 8A2CCBF8
INT 0x82 ? 8A69EBF8
INT 0x83 ? 8A2CCBF8
INT 0x84 ? 8A2CCBF8
INT 0x94 ? 8A2CCBF8

---- Kernel code sections - GMER 1.0.14 ----

? spzj.sys Das System kann die angegebene Datei nicht finden. !
.text USBPORT.SYS!DllUnload B95328AC 5 Bytes JMP 8A2CC1D8
.text anmyczie.SYS B9461386 35 Bytes [ 00, 00, 00, 00, 00, 00, 20, ... ]
.text anmyczie.SYS B94613AA 24 Bytes [ 00, 00, 00, 00, 00, 00, 00, ... ]
.text anmyczie.SYS B94613C4 3 Bytes [ 00, 70, 02 ]
.text anmyczie.SYS B94613C9 1 Byte [ 2E ]
.text anmyczie.SYS B94613CB 9 Bytes [ 00, 00, 5C, 02, 00, 00, 00, ... ]
.text ...
? C:\DOKUME~1\Andreas\LOKALE~1\Temp\catchme.sys Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.14 ----

.text C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe[328] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe[328] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe[328] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe[328] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe[328] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe[328] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe[328] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe[328] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe[328] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe[328] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Gemeinsame Dateien\InterVideo\SchSvr\SchSvr.exe[328] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\UdaterUI.exe[340] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\UdaterUI.exe[340] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\UdaterUI.exe[340] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\UdaterUI.exe[340] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\UdaterUI.exe[340] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\UdaterUI.exe[340] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\McAfee\Common Framework\UdaterUI.exe[340] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\UdaterUI.exe[340] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\UdaterUI.exe[340] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\UdaterUI.exe[340] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\UdaterUI.exe[340] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[368] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 00B85810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[368] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00B85740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[368] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 00B81860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[368] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00B81230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[368] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 00B813C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[368] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ C8, 88 ]
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[368] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00B853D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[368] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 00B816D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[368] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 00B81550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[368] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 00B850E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\EvtEng.exe[368] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00B85260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[432] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[432] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[432] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[432] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[432] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[432] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[432] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[432] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[432] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[632] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[632] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[632] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[632] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[632] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[632] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\Explorer.EXE[632] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[632] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[632] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[632] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\Explorer.EXE[632] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[644] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[644] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[644] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[644] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[644] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[644] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\winlogon.exe[644] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\winlogon.exe[644] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[664] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[664] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[664] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[664] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[664] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[664] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[664] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[664] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[664] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\Ati2evxx.exe[664] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[664] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Internet Explorer\iexplore.exe[720] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Internet Explorer\iexplore.exe[720] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Internet Explorer\iexplore.exe[720] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Internet Explorer\iexplore.exe[720] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Internet Explorer\iexplore.exe[720] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Internet Explorer\iexplore.exe[720] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\Internet Explorer\iexplore.exe[720] USER32.dll!DialogBoxParamW 7E3747AB 5 Bytes JMP 444DF301 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[720] USER32.dll!DialogBoxIndirectParamW 7E382072 5 Bytes JMP 4467179F C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[720] USER32.dll!MessageBoxIndirectA 7E38A082 5 Bytes JMP 44671720 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[720] USER32.dll!DialogBoxParamA 7E38B144 5 Bytes JMP 44671764 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[720] USER32.dll!MessageBoxExW 7E3A0838 5 Bytes JMP 446716AC C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[720] USER32.dll!MessageBoxExA 7E3A085C 5 Bytes JMP 446716E6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[720] USER32.dll!DialogBoxIndirectParamA 7E3A6D7D 5 Bytes JMP 446717DA C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[720] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Internet Explorer\iexplore.exe[720] USER32.dll!MessageBoxIndirectW 7E3B64D5 5 Bytes JMP 445016B6 C:\WINDOWS\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Programme\Internet Explorer\iexplore.exe[720] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Internet Explorer\iexplore.exe[720] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Internet Explorer\iexplore.exe[720] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Internet Explorer\iexplore.exe[720] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[776] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[776] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[776] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[776] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[776] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[776] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[776] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[776] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[776] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\services.exe[776] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\services.exe[776] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\lsass.exe[780] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\lsass.exe[780] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[936] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[936] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[936] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[936] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[936] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[936] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\spoolsv.exe[936] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[936] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[936] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[936] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\spoolsv.exe[936] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1036] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1036] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1036] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1036] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1036] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1036] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1036] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1036] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1036] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\ctfmon.exe[1036] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ctfmon.exe[1036] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ibmpmsvc.exe[1140] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ibmpmsvc.exe[1140] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ibmpmsvc.exe[1140] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ibmpmsvc.exe[1140] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ibmpmsvc.exe[1140] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ibmpmsvc.exe[1140] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ibmpmsvc.exe[1140] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ibmpmsvc.exe[1140] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ibmpmsvc.exe[1140] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\ibmpmsvc.exe[1140] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\ibmpmsvc.exe[1140] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1168] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1168] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1168] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1168] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1168] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1168] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1168] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1168] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1168] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\Ati2evxx.exe[1168] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\Ati2evxx.exe[1168] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1184] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1184] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1184] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1184] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1184] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1184] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1184] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1184] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\TpShocks.exe[1220] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\TpShocks.exe[1220] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\TpShocks.exe[1220] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\TpShocks.exe[1220] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\TpShocks.exe[1220] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\TpShocks.exe[1220] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\TpShocks.exe[1220] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\TpShocks.exe[1220] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\TpShocks.exe[1220] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\TpShocks.exe[1220] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\TpShocks.exe[1220] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1292] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1292] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1292] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1292] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1292] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1292] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1292] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1292] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\FrameworkService.exe[1332] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\FrameworkService.exe[1332] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\FrameworkService.exe[1332] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\FrameworkService.exe[1332] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\FrameworkService.exe[1332] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\FrameworkService.exe[1332] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\FrameworkService.exe[1332] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\FrameworkService.exe[1332] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\McAfee\Common Framework\FrameworkService.exe[1332] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\FrameworkService.exe[1332] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\FrameworkService.exe[1332] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe[1428] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe[1428] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe[1428] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe[1428] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe[1428] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe[1428] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe[1428] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe[1428] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe[1428] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe[1428] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\Mcshield.exe[1428] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[1452] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[1452] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[1452] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[1452] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[1452] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[1452] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[1452] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[1452] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[1452] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[1452] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPONSCR.exe[1452] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\bmwebcfg.exe[1496] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\bmwebcfg.exe[1496] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\bmwebcfg.exe[1496] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\bmwebcfg.exe[1496] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\bmwebcfg.exe[1496] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\bmwebcfg.exe[1496] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\bmwebcfg.exe[1496] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\bmwebcfg.exe[1496] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\bmwebcfg.exe[1496] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\bmwebcfg.exe[1496] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\bmwebcfg.exe[1496] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Bonjour\mDNSResponder.exe[1524] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Bonjour\mDNSResponder.exe[1524] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Bonjour\mDNSResponder.exe[1524] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Bonjour\mDNSResponder.exe[1524] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Bonjour\mDNSResponder.exe[1524] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Bonjour\mDNSResponder.exe[1524] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Bonjour\mDNSResponder.exe[1524] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Bonjour\mDNSResponder.exe[1524] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Bonjour\mDNSResponder.exe[1524] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\Bonjour\mDNSResponder.exe[1524] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Bonjour\mDNSResponder.exe[1524] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1540] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1540] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1540] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1540] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1540] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1540] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\System32\svchost.exe[1540] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\svchost.exe[1540] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe[1568] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe[1568] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe[1568] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe[1568] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe[1568] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe[1568] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe[1568] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe[1568] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe[1568] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe[1568] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\VsTskMgr.exe[1568] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1588] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1588] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1612] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 00C45810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1612] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00C45740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1612] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 00C41860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1612] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00C41230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1612] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 00C413C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1612] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ D4, 88 ]
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1612] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00C453D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1612] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 00C416D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1612] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 00C41550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1612] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 00C450E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\S24EvMon.exe[1612] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00C45260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe[1628] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 00385810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe[1628] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00385740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe[1628] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 003853D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe[1628] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 003816D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe[1628] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 00381550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe[1628] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 00381860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe[1628] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00381230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe[1628] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 003813C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe[1628] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 48, 88 ]
.text C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe[1628] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 003850E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\COMODO\COMODO Internet Security\cmdagent.exe[1628] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00385260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1876] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1876] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1876] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1876] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1876] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1876] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1876] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1876] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1876] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1876] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE[1948] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE[1948] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE[1948] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE[1948] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE[1948] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE[1948] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE[1948] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE[1948] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE[1948] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE[1948] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\VirusScan Enterprise\SHSTAT.EXE[1948] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1980] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1980] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1980] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1980] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1980] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1980] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\svchost.exe[1980] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[1980] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[2020] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 00A65810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[2020] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00A65740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[2020] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 00A653D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[2020] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 00A616D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[2020] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 00A61550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[2020] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 00A61860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[2020] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00A61230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[2020] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 00A613C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[2020] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ B6, 88 ]
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[2020] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 00A650E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Cisco Systems\VPN Client\cvpnd.exe[2020] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00A65260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[2244] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[2244] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[2244] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[2244] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[2244] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[2244] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[2244] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[2244] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[2244] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[2244] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Intel\Wireless\Bin\RegSrvc.exe[2244] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[2476] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[2476] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[2476] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[2476] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[2476] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[2476] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[2476] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[2476] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\wuauclt.exe[2476] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[2476] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wuauclt.exe[2476] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2556] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2556] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2556] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2556] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2556] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2556] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2556] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2556] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2556] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\svchost.exe[2556] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\svchost.exe[2556] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\naPrdMgr.exe[2568] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 005D5810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\naPrdMgr.exe[2568] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 005D5740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\naPrdMgr.exe[2568] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 005D53D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\naPrdMgr.exe[2568] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 005D16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\naPrdMgr.exe[2568] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 005D1550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\naPrdMgr.exe[2568] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 005D1860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\naPrdMgr.exe[2568] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 005D1230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\naPrdMgr.exe[2568] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 005D13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\naPrdMgr.exe[2568] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 6D, 88 ]
.text C:\Programme\McAfee\Common Framework\naPrdMgr.exe[2568] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 005D50E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\naPrdMgr.exe[2568] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 005D5260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\System32\alg.exe[2668] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\alg.exe[2668] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TPHDEXLG.exe[2704] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TPHDEXLG.exe[2704] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TPHDEXLG.exe[2704] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TPHDEXLG.exe[2704] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TPHDEXLG.exe[2704] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TPHDEXLG.exe[2704] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TPHDEXLG.exe[2704] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TPHDEXLG.exe[2704] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TPHDEXLG.exe[2704] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\System32\TPHDEXLG.exe[2704] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TPHDEXLG.exe[2704] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TUProgSt.exe[2880] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TUProgSt.exe[2880] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TUProgSt.exe[2880] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TUProgSt.exe[2880] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TUProgSt.exe[2880] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TUProgSt.exe[2880] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\System32\TUProgSt.exe[2880] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TUProgSt.exe[2880] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TUProgSt.exe[2880] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TUProgSt.exe[2880] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\System32\TUProgSt.exe[2880] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2924] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 00365810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2924] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 00365740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2924] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 00361860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2924] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 00361230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2924] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 003613C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2924] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 46, 88 ]
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2924] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 003653D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2924] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 003616D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2924] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 00361550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2924] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 003650E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Analog Devices\Core\smax4pnp.exe[2924] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 00365260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\McTray.exe[2940] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\McTray.exe[2940] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\McTray.exe[2940] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\McTray.exe[2940] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\McTray.exe[2940] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\McTray.exe[2940] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\McAfee\Common Framework\McTray.exe[2940] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\McTray.exe[2940] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\McTray.exe[2940] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\McTray.exe[2940] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\McAfee\Common Framework\McTray.exe[2940] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[2972] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[2972] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[2972] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[2972] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[2972] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[2972] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[2972] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[2972] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[2972] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\wdfmgr.exe[2972] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wdfmgr.exe[2972] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3164] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3164] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3164] kernel32.dll!WriteFile 7C810E17 7 Bytes JMP 00585C0C C:\WINDOWS\system32\MSSRCH.DLL (mssrch.dll/Microsoft Corporation)
.text C:\WINDOWS\system32\SearchIndexer.exe[3164] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3164] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3164] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3164] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3164] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3164] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3164] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\SearchIndexer.exe[3164] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\SearchIndexer.exe[3164] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3356] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3356] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3356] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3356] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3356] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3356] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3356] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3356] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3356] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3356] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3356] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3368] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3368] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3368] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3368] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3368] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3368] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3368] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3368] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3368] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3368] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\WINDOWS\system32\wbem\wmiprvse.exe[3368] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3416] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3416] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3416] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3416] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3416] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3416] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3416] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3416] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3416] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3416] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPLpr.exe[3416] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[3444] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[3444] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[3444] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[3444] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[3444] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[3444] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[3444] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[3444] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[3444] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[3444] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ThinkPad\Utilities\PWMDBSVC.exe[3444] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\TortoiseSVN\bin\TSVNCache.exe[3524] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 009C5810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\TortoiseSVN\bin\TSVNCache.exe[3524] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 009C5740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\TortoiseSVN\bin\TSVNCache.exe[3524] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 009C53D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\TortoiseSVN\bin\TSVNCache.exe[3524] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 009C16D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\TortoiseSVN\bin\TSVNCache.exe[3524] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 009C1550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\TortoiseSVN\bin\TSVNCache.exe[3524] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 009C1860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\TortoiseSVN\bin\TSVNCache.exe[3524] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 009C1230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\TortoiseSVN\bin\TSVNCache.exe[3524] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 009C13C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\TortoiseSVN\bin\TSVNCache.exe[3524] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ AC, 88 ]
.text C:\Programme\TortoiseSVN\bin\TSVNCache.exe[3524] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 009C50E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\TortoiseSVN\bin\TSVNCache.exe[3524] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 009C5260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe[3912] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe[3912] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe[3912] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe[3912] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe[3912] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe[3912] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe[3912] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe[3912] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe[3912] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe[3912] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Lenovo\HOTKEY\TPOSDSVC.exe[3912] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Dokumente und Einstellungen\Andreas\Desktop\gmer.exe[3936] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Dokumente und Einstellungen\Andreas\Desktop\gmer.exe[3936] USER32.DLL!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Dokumente und Einstellungen\Andreas\Desktop\gmer.exe[3936] USER32.DLL!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Dokumente und Einstellungen\Andreas\Desktop\gmer.exe[3936] USER32.DLL!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Dokumente und Einstellungen\Andreas\Desktop\gmer.exe[3936] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Dokumente und Einstellungen\Andreas\Desktop\gmer.exe[3936] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Dokumente und Einstellungen\Andreas\Desktop\gmer.exe[3936] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Dokumente und Einstellungen\Andreas\Desktop\gmer.exe[3936] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Dokumente und Einstellungen\Andreas\Desktop\gmer.exe[3936] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Dokumente und Einstellungen\Andreas\Desktop\gmer.exe[3936] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4000] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4000] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4000] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4000] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4000] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4000] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4000] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4000] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4000] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4000] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Synaptics\SynTP\SynTPEnh.exe[4000] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[4016] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[4016] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[4016] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[4016] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[4016] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[4016] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[4016] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[4016] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[4016] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[4016] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[4016] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[4080] ntdll.dll!NtClose 7C91CFD0 5 Bytes JMP 10005810 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[4080] ntdll.dll!LdrUnloadDll 7C92736B 5 Bytes JMP 10005740 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[4080] GDI32.dll!BitBlt 77EF6F79 5 Bytes JMP 10001860 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[4080] GDI32.dll!CreateDCA 77EFB7D2 5 Bytes JMP 10001230 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[4080] GDI32.dll!CreateDCW 77EFBE38 2 Bytes JMP 100013C0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[4080] GDI32.dll!CreateDCW + 3 77EFBE3B 2 Bytes [ 10, 98 ]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[4080] USER32.dll!EndTask 7E3AA0A5 5 Bytes JMP 100053D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[4080] USER32.dll!mouse_event 7E3B673F 5 Bytes JMP 100016D0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[4080] USER32.dll!keybd_event 7E3B6783 5 Bytes JMP 10001550 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[4080] ole32.dll!CoCreateInstanceEx 774D0526 5 Bytes JMP 100050E0 C:\WINDOWS\system32\guard32.dll
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[4080] ole32.dll!CoGetClassObject 774E56C5 5 Bytes JMP 10005260 C:\WINDOWS\system32\guard32.dll

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT atapi.sys[HAL.dll!READ_PORT_UCHAR] [B9EA9040] spzj.sys
IAT atapi.sys[HAL.dll!READ_PORT_BUFFER_USHORT] [B9EA913C] spzj.sys
IAT atapi.sys[HAL.dll!READ_PORT_USHORT] [B9EA90BE] spzj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_BUFFER_USHORT] [B9EA97FC] spzj.sys
IAT atapi.sys[HAL.dll!WRITE_PORT_UCHAR] [B9EA96D2] spzj.sys
IAT \SystemRoot\system32\DRIVERS\i8042prt.sys[HAL.dll!READ_PORT_UCHAR] [B9EB9048] spzj.sys
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[HAL.dll!KfAcquireSpinLock] 4B8BDF8B
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[HAL.dll!READ_PORT_UCHAR] 8D3F0304
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[HAL.dll!KeGetCurrentIrql] CB033043
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[HAL.dll!KfRaiseIrql] 0673C13B
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[HAL.dll!KfLowerIrql] C13B0003
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[HAL.dll!HalGetInterruptVector] 8366FA72
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[HAL.dll!HalTranslateBusAddress] 75000E7B
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[HAL.dll!KeStallExecutionProcessor] 0B7D80E3
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[HAL.dll!KfReleaseSpinLock] 307B8D00
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[HAL.dll!READ_PORT_BUFFER_USHORT] 00AA840F
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[HAL.dll!READ_PORT_USHORT] 83660000
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[HAL.dll!WRITE_PORT_BUFFER_USHORT] 6A000E7A
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[HAL.dll!WRITE_PORT_UCHAR] C6647400
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[WMILIB.SYS!WmiSystemControl] 4F8B0200
IAT \SystemRoot\System32\Drivers\anmyczie.SYS[WMILIB.SYS!WmiCompleteRequest] 968D5140
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] [B9C43710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] [B9C43770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] [B9C43990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] [B9C43950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] [B9C43950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] [B9C43770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] [B9C43710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] [B9C43990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] [B9C43990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] [B9C43950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] [B9C43770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] [B9C43710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] [B9C43950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] [B9C43990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] [B9C43710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] [B9C43770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [B9C43710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [B9C43770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [B9C43950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [B9C43990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [B9C43950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [B9C43770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [B9C43710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] [B9C43770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] [B9C43950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] [B9C43710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] [B9C43990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [B9C43950] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [B9C43990] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [B9C43710] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [B9C43770] inspect.sys (COMODO Internet Security Firewall Driver/COMODO)

15.02.2009, 17:02

virenfinder

Member

Beiträge: 3716

#21 Schau ob du mit der Windows-Suche diese Dateie findest:
anmyczie.SYS
Bei optionen einstellen das auch versteckte und geschützte dateien gesucht werden einstellen. wenn du die gefunden hast, teile mir mit wo sie ist und überprüfe sie hier:
http://www.virustotal.com/en/indexf.html

15.02.2009, 17:08

AndiFischer

Member

Themenstarter

Beiträge: 18

#22 Nein, ist nicht zu finden....

15.02.2009, 17:12

virenfinder

Member

Beiträge: 3716

#23 ok füre folgende 2 online scans aus:
http://support.f-secure.com/ger/home/ols.shtml
funde löschen, log posten.
kaspersky wähle untersuchungsobjekt arbeitsplatz alle optionen anhaken (auch bei f-secure)
www.kaspersky.com/de/virusscanner - 22k -

15.02.2009, 18:04

AndiFischer

Member

Themenstarter

Beiträge: 18

#24 Scanning Report
Sunday, February 15, 2009 17:21:40 - 18:03:45
Computer name: IFS10
Scanning type: Scan system for malware, rootkits
Target: C:\ D:\

--------------------------------------------------------------------------------

Result: 2 malware found
TrackingCookie.2o7 (spyware)
System
W32/Zlob.gen123 (virus)
C:\DOKUMENTE UND EINSTELLUNGEN\ANDREAS\DESKTOP\SMITFRAUDFIX\AGENT.OMZ.FIX.EXE (Submitted)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 39418
System: 3709
Not scanned: 8
Actions:
Disinfected: 0
Renamed: 0
Deleted: 0
None: 2
Submitted: 1
Files not scanned:
C:\PAGEFILE.SYS
C:\WINDOWS\TEMP\HLKTMP
C:\WINDOWS\SYSTEM32\DRIVERS\SPTD.SYS
C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
C:\WINDOWS\SYSTEM32\CONFIG\SAM
C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM

--------------------------------------------------------------------------------

Options
Scanning engines:
F-Secure USS: 3.0.0
F-Secure Blacklight: 0.0.0
F-Secure Hydra: 3.6.8511, 2009-02-13
F-Secure Pegasus: 1.20.0, 1970-00-01
F-Secure AVP: 7.0.171, 2009-02-13
Scanning options:
Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML ZIP XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
Use Advanced heuristics

--------------------------------------------------------------------------------

Copyright © 1998-2007 Product support |Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name.This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

15.02.2009, 18:07

virenfinder

Member

Beiträge: 3716

#25 sieht gut aus, nun noch kaspersky

15.02.2009, 18:20

AndiFischer

Member

Themenstarter

Beiträge: 18

#26 Kaspersky scheint nicht zu gehen... bleibt bei 36% hängen.. master.xml und bricht dann ab....

15.02.2009, 18:33

virenfinder

Member

Beiträge: 3716

#27 ok hast du den teatimer von spybot abgeschalten? wenn nein tu das. update malware-bytes und lass es noch mal laufen, dann kümmern wir uns um deine fehlermeldung

15.02.2009, 18:39

AndiFischer

Member

Themenstarter

Beiträge: 18

#28 Update geht nicht... kann keine Verbindung zum Server aufbauen!
Ich kann auch in der Systemsteuerung nicht auf das Sicherheitscenter zugreifen... shell32.dll kann nicht zugegriffen werden.

15.02.2009, 18:41

virenfinder

Member

Beiträge: 3716

#29 kannst du mir mal ne liste aller fehler erstellen und wann und evtl. warum sie aufgetreten sind?

15.02.2009, 18:41

AndiFischer

Member

Themenstarter

Beiträge: 18

#30

Zitat

Malwarebytes' Anti-Malware 1.34
Datenbank Version: 1749
Windows 5.1.2600 Service Pack 3

15.02.2009 18:41:10
mbam-log-2009-02-15 (18-41-10).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 67769
Laufzeit: 3 minute(s), 29 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

shell32.dll bei Kontextmenü der Netzwerkumgebung (öffnet nicht) und Start des Sicherheitscenter (startet nicht);
GrooveUtil.dll beim Start vom IE

Beim Start von Windows kommen auch drei Meldungen -
iernonce.dll
blogex.dll
pwrmgrtr.dll

Die unteren zwei sind utilities vom Thinkpad

Dieser Beitrag wurde am 15.02.2009 um 18:58 Uhr von AndiFischer editiert.

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

Seite(n): 1 2 3