Internet Explorer 2 x im Taskmanager

#0
14.09.2009, 11:18
Member

Beiträge: 27
#1 Hallo,

der Rechner meiner Frau wurde immer langsamer. Beim Nachschauen im Taskmanager fand ich 3 x den Internet Explorer, der nur einmal geöffnet war.

Nach einigen Durchläufen mit Antivir, Antimailware und Antispy sind noch 2 x Internet Explorer im Taskmanager. Der PC läuft ein wenig besser, aber ich glaube, es sind noch Restbestände da.

Kann mir bitte jemand helfen ?

[code]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:29, on 14.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
D:\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
D:\Spamihilator\spamihilator.exe
C:\Programme\Vista Drive Icon\DrvIcon.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.proxy.aol.com:80
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Pictures - {8E929F51-5914-11D6-971F-0050FC3F9161} - D:\Programme\Pictures.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Spamihilator] "d:\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Programme\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Startup: DSL-Manager.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &NeoTrace It! - D:\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Programme\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe
O9 - Extra button: Preispiraten 2.1.3 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - D:\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\NEOTRA~1\NTXtoolbar.htm (HKCU)
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/de/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095887784043
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gutchat.de/control/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - E:\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - D:\CDBurnerXP\NMSAccessU.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10882 bytes
Dieser Beitrag wurde am 14.09.2009 um 15:30 Uhr von FlatRate editiert.
Seitenanfang Seitenende
14.09.2009, 16:49
Member

Beiträge: 90
#2 Hallo,

C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe kennst Du das PRogramm?
Wenn nein, dann fixen.
Ansonsten ist im Hijacklog nichts verdächtiges zu finden.
Arbeite doch mal hier alles ab und poste die Logs:



[url]http://board.protecus.de/t23187.htm

[/url]

Gruß Gabi
Seitenanfang Seitenende
14.09.2009, 17:09
Member

Themenstarter

Beiträge: 27
#3

Zitat

C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe kennst Du das PRogramm?
Wenn nein, dann fixen.
Ist das Hijack Programm nur umbenannt.

Danke für die Antwort, ich mach mich mal ran.

Hier das Gmer Protokoll:

GMER 1.0.15.15086 - http://www.gmer.net
Rootkit scan 2009-09-14 20:02:13
Windows 5.1.2600 Service Pack 3
Running: p0i0mhub.exe; Driver: C:\DOKUME~1\DANKEA~1\LOKALE~1\Temp\aavafxsm.sys


---- System - GMER 1.0.15 ----

SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwClose [0xA5E14435]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwCreateFile [0xA5E13C5C]
SSDT A0B6305E ZwCreateKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwCreateProcess [0xA5E13031]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwCreateProcessEx [0xA5E12EAE]
SSDT A0B63054 ZwCreateThread
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwDeleteFile [0xA5E144B5]
SSDT A0B63063 ZwDeleteKey
SSDT A0B6306D ZwDeleteValueKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver [0xA5C038B0]
SSDT A0B63072 ZwLoadKey
SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection [0xA5C03A20]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwOpenFile [0xA5E13F27]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwOpenKey [0xA5E10307]
SSDT A0B63040 ZwOpenProcess
SSDT A0B63045 ZwOpenThread
SSDT A0B6307C ZwReplaceKey
SSDT A0B63077 ZwRestoreKey
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwResumeThread [0xA5E1371F]
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwSetInformationFile [0xA5E14229]
SSDT A0B63068 ZwSetValueKey
SSDT A0B6304F ZwTerminateProcess
SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwWriteFile [0xA5E14186]

---- Kernel code sections - GMER 1.0.15 ----

PAGENDSM NDIS.sys!NdisMIndicateStatus F785D9EF 3 Bytes [FF, 25, E8]
PAGENDSM NDIS.sys!NdisMIndicateStatus + 4 F785D9F3 2 Bytes CALL E42BC283

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\tcpsvcs.exe[252] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\tcpsvcs.exe[252] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\tcpsvcs.exe[252] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\tcpsvcs.exe[252] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\tcpsvcs.exe[252] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Pen_Tablet.exe[348] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\Explorer.EXE[420] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\Explorer.EXE[420] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\Explorer.EXE[420] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\Explorer.EXE[420] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\Explorer.EXE[420] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00080D24
.text C:\WINDOWS\Explorer.EXE[420] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00080DB0
.text C:\WINDOWS\Explorer.EXE[420] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00080E3C
.text C:\WINDOWS\Explorer.EXE[420] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00080EC8
.text C:\WINDOWS\Explorer.EXE[420] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4
.text C:\WINDOWS\Explorer.EXE[420] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838
.text C:\WINDOWS\Explorer.EXE[420] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\spoolsv.exe[608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\spoolsv.exe[608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\spoolsv.exe[608] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\spoolsv.exe[608] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\spoolsv.exe[608] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\wdfmgr.exe[700] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\wdfmgr.exe[700] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838
.text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950
.text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[812] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[812] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[812] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[812] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[812] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[812] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[812] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[812] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00080EC8
.text C:\WINDOWS\System32\svchost.exe[812] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[812] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[812] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950
.text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\wanmpsvc.exe[940] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\wanmpsvc.exe[940] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\wanmpsvc.exe[940] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4
.text C:\WINDOWS\wanmpsvc.exe[940] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838
.text C:\WINDOWS\wanmpsvc.exe[940] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8
.text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090
.text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694
.text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0
.text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234
.text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004
.text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C
.text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0
.text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C
.text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8
.text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C
.text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464
.text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608
.text C:\WINDOWS\system32\csrss.exe[1048] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC
.text C:\WINDOWS\system32\csrss.exe[1048] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720
.text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\WINDOWS\system32\winlogon.exe[1088] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\WINDOWS\system32\winlogon.exe[1088] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\WINDOWS\system32\winlogon.exe[1088] WS2_32.dll!socket 71A14211 5 Bytes JMP 000708C4
.text C:\WINDOWS\system32\winlogon.exe[1088] WS2_32.dll!bind 71A14480 5 Bytes JMP 00070838
.text C:\WINDOWS\system32\winlogon.exe[1088] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00070950
.text C:\WINDOWS\system32\winlogon.exe[1088] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00070F54
.text C:\WINDOWS\system32\winlogon.exe[1088] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00070FE0
.text C:\WINDOWS\system32\winlogon.exe[1088] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00070D24
.text C:\WINDOWS\system32\winlogon.exe[1088] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00070DB0
.text C:\WINDOWS\system32\winlogon.exe[1088] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00070E3C
.text C:\WINDOWS\system32\winlogon.exe[1088] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00070EC8
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\services.exe[1136] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\services.exe[1136] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\lsass.exe[1148] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\lsass.exe[1148] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\lsass.exe[1148] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\lsass.exe[1148] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\lsass.exe[1148] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\svchost.exe[1408] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\svchost.exe[1408] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838
.text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\System32\MsPMSPSv.exe[1476] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1548] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1548] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00080F54
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00080FE0
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00080D24
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00080DB0
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00080E3C
.text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00080EC8
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Ati2evxx.exe[1632] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\Pen_Tablet.exe[1676] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[1780] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[1780] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[1780] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[1780] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[1780] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838
.text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\CTsvcCDA.exe[1888] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Programme\Java\jre6\bin\jqs.exe[1956] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WS2_32.dll!socket 71A14211 5 Bytes JMP 000308C4
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WS2_32.dll!bind 71A14480 5 Bytes JMP 00030838
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00030950
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000307AC
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00030720
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00030F54
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00030FE0
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00030D24
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00030DB0
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00030E3C
.text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00030EC8
.text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text D:\CDBurnerXP\NMSAccessU.exe[2024] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text D:\CDBurnerXP\NMSAccessU.exe[2024] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\svchost.exe[2028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\svchost.exe[2028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\svchost.exe[2028] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\svchost.exe[2028] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\svchost.exe[2028] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950
.text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\System32\alg.exe[2452] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\System32\alg.exe[2452] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\WINDOWS\System32\alg.exe[2452] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4
.text C:\WINDOWS\System32\alg.exe[2452] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838
.text C:\WINDOWS\System32\alg.exe[2452] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00130F54
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00130FE0
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00130D24
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00130DB0
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00130E3C
.text C:\Programme\Mozilla Firefox\firefox.exe[2560] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00130EC8
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838
.text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC
.text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00130F54
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00130FE0
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00130D24
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00130DB0
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00130E3C
.text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00130EC8
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\WINDOWS\system32\CTHELPER.EXE[3292] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text D:\Spamihilator\spamihilator.exe[3420] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text D:\Spamihilator\spamihilator.exe[3420] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text D:\Spamihilator\spamihilator.exe[3420] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4
.text D:\Spamihilator\spamihilator.exe[3420] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838
.text D:\Spamihilator\spamihilator.exe[3420] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00130F54
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00130FE0
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00130D24
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00130DB0
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00130E3C
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00130EC8
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] ws2_32.dll!socket 71A14211 5 Bytes JMP 001308C4
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] ws2_32.dll!bind 71A14480 5 Bytes JMP 00130838
.text C:\Programme\Java\jre6\bin\jusched.exe[3444] ws2_32.dll!connect 71A14A07 5 Bytes JMP 00130950
.text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8
.text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090
.text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694
.text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0
.text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234
.text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004
.text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C
.text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0
.text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C
.text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8
.text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C
.text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464
.text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608
.text C:\WINDOWS\system32\ctfmon.exe[3572] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC
.text C:\WINDOWS\system32\ctfmon.exe[3572] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720
.text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8
.text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090
.text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694
.text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0
.text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234
.text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004
.text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C
.text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0
.text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C
.text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8
.text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C
.text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464
.text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608
.text D:\Downloads\p0i0mhub.exe[23228] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC
.text D:\Downloads\p0i0mhub.exe[23228] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A5E08040] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A5E0805B] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A5E080DF] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A5E08102] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A5E080DF] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A5E0805B] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A5E08040] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseCall] [A5E08995] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClMakeCall] [A5E08898] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoDeleteVc] [A5E087DA] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoCreateVc] [A5E08689] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [A5E08040] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [A5E0805B] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClOpenAddressFamily] [A5E08EAD] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseAddressFamily] [A5E0916A] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoSendPackets] [A5E08541] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [A5E08102] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [A5E080DF] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [A5E08102] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [A5E08040] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [A5E0805B] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [A5E080DF] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A5E080DF] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A5E08102] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A5E08040] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A5E0805B] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Kerio Technologies)
AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Kerio Technologies)
AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Kerio Technologies)
AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Kerio Technologies)
AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 313916933B89AAC738FB6BB860E0C1DA

---- EOF - GMER 1.0.15 ----

Der letzte Eintrag mit dem OODefrag oder wie das heisst, ist seltsam, ich habe so ein Programm auf dem ganzen Rechner nicht gefunden.
Dieser Beitrag wurde am 14.09.2009 um 20:10 Uhr von FlatRate editiert.
Seitenanfang Seitenende
14.09.2009, 18:00
Moderator

Beiträge: 5694
#4 Hallo FlatRate

Es ist normal, dass bei IE 8 mehrere Prozesse aktiv sind. Denn für jeden Tab startet der IE 8 einen eigenen Prozess. Wenn also eine Seite abstürzt dann ist nur dieser einer Tab betroffen und nicht der ganze IE.

Aber arbeite trotzdem einmal en Link ab.

Gruss Swiss
Seitenanfang Seitenende
14.09.2009, 20:13
Member

Themenstarter

Beiträge: 27
#5 Hier noch das Hijack Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 20:13:12, on 14.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
D:\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
D:\Spamihilator\spamihilator.exe
C:\Programme\Vista Drive Icon\DrvIcon.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe
C:\Programme\Windows NT\Zubehör\wordpad.exe
D:\Downloads\p0i0mhub.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Dokumente und Einstellungen\DankeAnke\Desktop\HJT.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.proxy.aol.com:80
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Pictures - {8E929F51-5914-11D6-971F-0050FC3F9161} - D:\Programme\Pictures.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Spamihilator] "d:\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Programme\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Startup: DSL-Manager.lnk = ?
O4 - Global Startup: Rainmeter.lnk = D:\Rainmeter\Rainmeter.exe
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Programme\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe
O9 - Extra button: Preispiraten 2.1.3 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - D:\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/de/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095887784043
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gutchat.de/control/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - E:\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - D:\CDBurnerXP\NMSAccessU.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 10803 bytes
Seitenanfang Seitenende
14.09.2009, 20:20
Member

Themenstarter

Beiträge: 27
#6 Hier noch die Save Uninstall Liste:

3D GIF Designer
7-Zip 4.64
Acer ADSL Surf USB
Ad-Aware
Ad-Aware
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop Album 2.0 Starter Edition
Adobe Photoshop CS2
Adobe Reader 9.1.3 - Deutsch
Adobe Shockwave Player 11
Allok AVI to DVD SVCD VCD Converter 1.5.6
ANNO 1602
AOL Deutschland
Apple Mobile Device Support
Apple Software Update
ATI - Software Uninstall Utility
ATI Catalyst Control Center
ATI Control Panel
ATI Display Driver
AudioConvert
Avira AntiVir Personal - Free Antivirus
Bejeweled 2 Deluxe
Biet-O-Matic v2.0.18
Boulder Dash Treasure Pleasure
Bubble Odyssey
Butterfly Magic
Calculator Powertoy for Windows XP
Canon PIXMA iP8500
CCleaner (remove only)
CDBurnerXP
CD-DA X-Tractor v0.24
CDex extraction audio
Choice Guard
C-Media WDM Audio Driver
CoffeeCup HTML Editor
Corel Applications
CorelDRAW 10
CorelDRAW 10
Creative MediaSource
Crystal Button 2.4
Digitale Bibliothek 4
DivX Player
DivX Pro Codec Adware
DSL-Manager
Dupehunter Professional - Corporate Edition 2.6.0.447
Easy-WebPrint
EPSON PhotoQuicker3.2
EVEREST Home Edition v2.20
flatster
Formular-Maker
FreeRIP v2.60
Gehirnjogging - Special Edition
GIMP 2.4.4
Gold Rush Deluxe
Google Book Downloader
Google Toolbar for Internet Explorer
Google Toolbar for Internet Explorer
Happyland Adventures - Xmas Edition v1.3
HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
HijackThis 2.0.2
Honey Switch Deluxe
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix für Windows Internet Explorer 7 (KB947864)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
HTML Studio
ICQ
IncrediMail Xe
InterVideo DirectShow Filter 2.6
iPod for Windows 2005-10-12
iRaTe 2
IrfanView (remove only)
iTunes
Java 2 SDK, SE v1.4.2
Java(TM) 6 Update 16
Java(TM) 6 Update 7
Jewel Quest (remove only)
Kerio Personal Firewall
LernCULtur
Letstrade
LifeGlobe Goldfish Aquarium
Luxor 4 Quest For The Afterlife 1.00
Macromedia Shockwave Player
Mah Jong Quest
Mah Jong Quest Deluxe
Malwarebytes' Anti-Malware
Mäx!
Messenger Plus! Live
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
Microsoft .NET Framework 3.5 Language Pack SP1 - deu
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 3.5 SP1
Microsoft Age of Empires II
Microsoft AntiSpyware
Microsoft Data Access Components KB870669
Microsoft Excel 7.0
Microsoft GIF Animator
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Windows-Journal-Viewer
Microsoft Word 7.0
Millennium Gamepak Platinum
mIRC
Mozilla Firefox (3.5.3)
MSVCRT
MSXML 4.0 SP2 (KB927978)
MSXML 4.0 SP2 (KB936181)
MSXML 4.0 SP2 (KB954430)
Nemo's Aquarium 3D
NetBeans IDE 3.5.1
Nvu 0.8.1
O&O Defrag Professional Edition
ObjectDock
Office Mouse
OpenOffice.org 2.3
Opera 10.00
PantsOff 2.0
PDF Download for Internet Explorer
Peggle (remove only)
phonostar-Player Version 1.50.7
PicGrab 2.7.9
Pictures Toolbar
Pool Paradise
Preispiraten 2.1.3
PTBSync (Atomuhr Synchronisation & Terminkalender)
QuickTime
Rainmeter (remove only)
RealPlayer
Rhapsody Player Engine
Rosso Rabbit in Trouble DEMO
SAMSUNG Mobile USB Modem 1.0 Software
Samsung PC Studio 3 USB Driver Installer
Samsung Samples Installer
Scribus 1.3.3.12
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Segoe UI
SereneScreen Marine Aquarium 2
SereneScreen Marine Aquarium Time
Shockwave
Sicherheitsupdate für Windows Internet Explorer 7 (KB938127)
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)
Sicherheitsupdate für Windows Internet Explorer 7 (KB950759)
Sicherheitsupdate für Windows Internet Explorer 7 (KB953838)
Sicherheitsupdate für Windows Internet Explorer 7 (KB956390)
Sicherheitsupdate für Windows Internet Explorer 7 (KB958215)
Sicherheitsupdate für Windows Internet Explorer 7 (KB960714)
Sicherheitsupdate für Windows Internet Explorer 7 (KB961260)
Sicherheitsupdate für Windows Internet Explorer 7 (KB963027)
Sicherheitsupdate für Windows Internet Explorer 7 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB969897)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Media Encoder (KB954156)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player 10 (KB911565)
Sicherheitsupdate für Windows Media Player 10 (KB917734)
Sicherheitsupdate für Windows Media Player 10 (KB936782)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB938464)
Sicherheitsupdate für Windows XP (KB938464-v2)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950760)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951698)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB953155)
Sicherheitsupdate für Windows XP (KB953839)
Sicherheitsupdate für Windows XP (KB954211)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956391)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956841)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957095)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958690)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960715)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371)
Sicherheitsupdate für Windows XP (KB961373)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969898)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973869)
Skype 2.5
Sony Sound Forge 8.0b
Sound Blaster Audigy 2 ZS
Spamihilator
StationRipper 2.25
Stifttablett
StyloCam
SUPERAntiSpyware Free Edition
TeamSpeak 2 RC2
TGeb V5.4
The Rise of Atlantis (remove only)
Tidy Start Menu
T-Online 6.0
Trillian
Trillian 0.74 F
TuneUp Utilities 2006
TVgenial
Tweak UI
Ulead COOL 360 1.0
Ulead Photo Explorer 8.6
Ulead PhotoImpact 12
Ulead PhotoImpact 8
Unlocker 1.8.7
Update für Windows Internet Explorer 8 (KB971930)
Update für Windows XP (KB951072-v2)
Update für Windows XP (KB951978)
Update für Windows XP (KB955839)
Update für Windows XP (KB961503)
Update für Windows XP (KB967715)
Update für Windows XP (KB973815)
VIA Audio Driver Setup Program
VIA Bus Master Ultra ATA Driver (Remove)
Videora iPod Converter 0.91
Viewpoint Media Player
Vista Drive Icon 1.4
Visual C++ CRT 9.0 SP1
Visual card designer 1.0
VLC media player 1.0.1
Wacom JustWrite Office
Winamp
WinAVIVideoConverter
Windows Internet Explorer 8
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Essentials
Windows Live Messenger
Windows Live-Uploadtool
Windows Media Encoder 9-Reihe
Windows Media Encoder 9-Reihe
Windows Media Format Runtime
Windows Media Player 10
Windows XP Service Pack 3
WinRAR Archivierer
WISO Haushaltsbuch 2008
Wisterer HX 4.2.20
XML Paper Specification Shared Components Language Pack 1.0
xp-AntiSpy 3.92
XviD MPEG-4 Codec
Yahoo! Messenger
Zuma Deluxe RA
Zylom Games Player Plugin
Seitenanfang Seitenende
14.09.2009, 20:56
Moderator

Beiträge: 5694
#7 Das Log von Malwarebytes fehlt noch. Falls das Programm schon länger auf dem System hast, dann update es und mach einen Fullscan. Poste danach das Log.

Wurde damit auch gescannt und was gefunden`:
SUPERAntiSpyware Free Edition

Gruss Swiss
Seitenanfang Seitenende
14.09.2009, 22:40
Member

Themenstarter

Beiträge: 27
#8 Sorry, hatte das ausgelassen, weil Malwarebytes nichts meldete.

Hier noch das Log von Malwarebytes:

Malwarebytes' Anti-Malware 1.41
Datenbank Version: 2797
Windows 5.1.2600 Service Pack 3

14.09.2009 22:39:49
mbam-log-2009-09-14 (22-39-49).txt

Scan-Methode: Quick-Scan
Durchsuchte Objekte: 103524
Laufzeit: 7 minute(s), 55 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Seitenanfang Seitenende
14.09.2009, 22:55
Moderator

Beiträge: 5694
#9 Wie erwähnt, die Tasks sind normal. Läuft das System immernoch langsam?

Du könntest einmal unter Start --> Systemsteuerung --> Software schauen was du nicht mehr brauchst und diese deinstallieren.

Danach CCleaner anwenden.

Gruss Swiss
Seitenanfang Seitenende
15.09.2009, 07:51
Member

Themenstarter

Beiträge: 27
#10 Klar die Tasks sind normal, ist mir auch bekannt.
Aber ist der IE geöffnet, habe ich nur einen Tab offen und 3 x IE im Taskmanager.
Schliesse ich den IE z.B. über den Taskmanager, oder normal, kann es sein (nicht immer) das ich noch mindestens einen iexplore.exe Prozess im Taskmanager finde, der sich nicht durch Prozess beenden schliessen lässt.
Ausserdem verbraucht der eine einzige verbleibende Prozess des IE dann oft 80 - 100 Prozent CPU Auslastung....
Dieser Beitrag wurde am 15.09.2009 um 07:55 Uhr von FlatRate editiert.
Seitenanfang Seitenende
15.09.2009, 18:11
Moderator

Beiträge: 5694
#11 Wende Combofix an und poste das Log:
http://www.virus-protect.org/artikel/tools/combofix.html

Gruss Swiss
Seitenanfang Seitenende