Internet Explorer 2 x im Taskmanager |
||
---|---|---|
#0
| ||
14.09.2009, 11:18
Member
Beiträge: 27 |
||
|
||
14.09.2009, 16:49
Member
Beiträge: 90 |
#2
Hallo,
C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe kennst Du das PRogramm? Wenn nein, dann fixen. Ansonsten ist im Hijacklog nichts verdächtiges zu finden. Arbeite doch mal hier alles ab und poste die Logs: [url]http://board.protecus.de/t23187.htm [/url] Gruß Gabi |
|
|
||
14.09.2009, 17:09
Member
Themenstarter Beiträge: 27 |
#3
Zitat C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe kennst Du das PRogramm?Ist das Hijack Programm nur umbenannt. Danke für die Antwort, ich mach mich mal ran. Hier das Gmer Protokoll: GMER 1.0.15.15086 - http://www.gmer.net Rootkit scan 2009-09-14 20:02:13 Windows 5.1.2600 Service Pack 3 Running: p0i0mhub.exe; Driver: C:\DOKUME~1\DANKEA~1\LOKALE~1\Temp\aavafxsm.sys ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwClose [0xA5E14435] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwCreateFile [0xA5E13C5C] SSDT A0B6305E ZwCreateKey SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwCreateProcess [0xA5E13031] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwCreateProcessEx [0xA5E12EAE] SSDT A0B63054 ZwCreateThread SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwDeleteFile [0xA5E144B5] SSDT A0B63063 ZwDeleteKey SSDT A0B6306D ZwDeleteValueKey SSDT \SystemRoot\system32\drivers\khips.sys ZwLoadDriver [0xA5C038B0] SSDT A0B63072 ZwLoadKey SSDT \SystemRoot\system32\drivers\khips.sys ZwMapViewOfSection [0xA5C03A20] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwOpenFile [0xA5E13F27] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwOpenKey [0xA5E10307] SSDT A0B63040 ZwOpenProcess SSDT A0B63045 ZwOpenThread SSDT A0B6307C ZwReplaceKey SSDT A0B63077 ZwRestoreKey SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwResumeThread [0xA5E1371F] SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwSetInformationFile [0xA5E14229] SSDT A0B63068 ZwSetValueKey SSDT A0B6304F ZwTerminateProcess SSDT \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ZwWriteFile [0xA5E14186] ---- Kernel code sections - GMER 1.0.15 ---- PAGENDSM NDIS.sys!NdisMIndicateStatus F785D9EF 3 Bytes [FF, 25, E8] PAGENDSM NDIS.sys!NdisMIndicateStatus + 4 F785D9F3 2 Bytes CALL E42BC283 ---- User code sections - GMER 1.0.15 ---- .text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\tcpsvcs.exe[252] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\tcpsvcs.exe[252] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\tcpsvcs.exe[252] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\tcpsvcs.exe[252] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\tcpsvcs.exe[252] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\tcpsvcs.exe[252] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\Pen_Tablet.exe[348] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\Pen_Tablet.exe[348] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\Pen_Tablet.exe[348] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[360] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\Explorer.EXE[420] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\Explorer.EXE[420] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\Explorer.EXE[420] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\Explorer.EXE[420] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00080F54 .text C:\WINDOWS\Explorer.EXE[420] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00080FE0 .text C:\WINDOWS\Explorer.EXE[420] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00080D24 .text C:\WINDOWS\Explorer.EXE[420] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00080DB0 .text C:\WINDOWS\Explorer.EXE[420] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00080E3C .text C:\WINDOWS\Explorer.EXE[420] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00080EC8 .text C:\WINDOWS\Explorer.EXE[420] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4 .text C:\WINDOWS\Explorer.EXE[420] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838 .text C:\WINDOWS\Explorer.EXE[420] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\spoolsv.exe[608] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\spoolsv.exe[608] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\spoolsv.exe[608] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\spoolsv.exe[608] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\spoolsv.exe[608] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\spoolsv.exe[608] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\wdfmgr.exe[700] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\wdfmgr.exe[700] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\wdfmgr.exe[700] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720 .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4 .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838 .text C:\Programme\Avira\AntiVir Desktop\sched.exe[704] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950 .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[812] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[812] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[812] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[812] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00080F54 .text C:\WINDOWS\System32\svchost.exe[812] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00080FE0 .text C:\WINDOWS\System32\svchost.exe[812] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00080D24 .text C:\WINDOWS\System32\svchost.exe[812] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00080DB0 .text C:\WINDOWS\System32\svchost.exe[812] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00080E3C .text C:\WINDOWS\System32\svchost.exe[812] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00080EC8 .text C:\WINDOWS\System32\svchost.exe[812] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[812] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[812] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950 .text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\WINDOWS\wanmpsvc.exe[940] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\wanmpsvc.exe[940] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\WINDOWS\wanmpsvc.exe[940] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\WINDOWS\wanmpsvc.exe[940] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4 .text C:\WINDOWS\wanmpsvc.exe[940] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838 .text C:\WINDOWS\wanmpsvc.exe[940] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001601A8 .text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00160090 .text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00160694 .text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001602C0 .text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00160234 .text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00160004 .text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0016011C .text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001604F0 .text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0016057C .text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001603D8 .text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0016034C .text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00160464 .text C:\WINDOWS\system32\csrss.exe[1048] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00160608 .text C:\WINDOWS\system32\csrss.exe[1048] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001607AC .text C:\WINDOWS\system32\csrss.exe[1048] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00160720 .text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0 .text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C .text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8 .text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C .text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464 .text C:\WINDOWS\system32\winlogon.exe[1088] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608 .text C:\WINDOWS\system32\winlogon.exe[1088] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC .text C:\WINDOWS\system32\winlogon.exe[1088] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720 .text C:\WINDOWS\system32\winlogon.exe[1088] WS2_32.dll!socket 71A14211 5 Bytes JMP 000708C4 .text C:\WINDOWS\system32\winlogon.exe[1088] WS2_32.dll!bind 71A14480 5 Bytes JMP 00070838 .text C:\WINDOWS\system32\winlogon.exe[1088] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00070950 .text C:\WINDOWS\system32\winlogon.exe[1088] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00070F54 .text C:\WINDOWS\system32\winlogon.exe[1088] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00070FE0 .text C:\WINDOWS\system32\winlogon.exe[1088] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00070D24 .text C:\WINDOWS\system32\winlogon.exe[1088] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00070DB0 .text C:\WINDOWS\system32\winlogon.exe[1088] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00070E3C .text C:\WINDOWS\system32\winlogon.exe[1088] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00070EC8 .text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\services.exe[1136] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\services.exe[1136] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\services.exe[1136] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\lsass.exe[1148] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\lsass.exe[1148] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\lsass.exe[1148] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\lsass.exe[1148] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\lsass.exe[1148] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\lsass.exe[1148] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\Ati2evxx.exe[1316] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\Ati2evxx.exe[1316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\Ati2evxx.exe[1316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1332] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1332] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1332] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\svchost.exe[1408] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\svchost.exe[1408] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\svchost.exe[1408] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4 .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838 .text C:\WINDOWS\system32\svchost.exe[1408] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\WINDOWS\System32\MsPMSPSv.exe[1476] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe[1488] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[1548] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[1548] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[1548] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[1548] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00080F54 .text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00080FE0 .text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00080D24 .text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00080DB0 .text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00080E3C .text C:\WINDOWS\System32\svchost.exe[1548] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00080EC8 .text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\Ati2evxx.exe[1632] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\Ati2evxx.exe[1632] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\Ati2evxx.exe[1632] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\Pen_Tablet.exe[1676] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[1780] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[1780] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[1780] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[1780] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[1780] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[1780] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950 .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4 .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838 .text C:\Programme\Avira\AntiVir Desktop\avguard.exe[1828] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950 .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe[1844] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\CTsvcCDA.exe[1888] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Programme\Java\jre6\bin\jqs.exe[1956] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Programme\Java\jre6\bin\jqs.exe[1956] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4 .text C:\Programme\Java\jre6\bin\jqs.exe[1956] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838 .text C:\Programme\Java\jre6\bin\jqs.exe[1956] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950 .text C:\Programme\Java\jre6\bin\jqs.exe[1956] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Programme\Java\jre6\bin\jqs.exe[1956] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000301A8 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00030090 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00030694 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000302C0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00030234 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00030004 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0003011C .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000304F0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0003057C .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000303D8 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0003034C .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00030464 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00030608 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WS2_32.dll!socket 71A14211 5 Bytes JMP 000308C4 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WS2_32.dll!bind 71A14480 5 Bytes JMP 00030838 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00030950 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000307AC .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00030720 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00030F54 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00030FE0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00030D24 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00030DB0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00030E3C .text C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe[1980] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00030EC8 .text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text D:\CDBurnerXP\NMSAccessU.exe[2024] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text D:\CDBurnerXP\NMSAccessU.exe[2024] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text D:\CDBurnerXP\NMSAccessU.exe[2024] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\svchost.exe[2028] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\svchost.exe[2028] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\svchost.exe[2028] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\svchost.exe[2028] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\svchost.exe[2028] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\svchost.exe[2028] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950 .text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\System32\alg.exe[2452] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\System32\alg.exe[2452] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\System32\alg.exe[2452] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\WINDOWS\System32\alg.exe[2452] WS2_32.dll!socket 71A14211 5 Bytes JMP 000808C4 .text C:\WINDOWS\System32\alg.exe[2452] WS2_32.dll!bind 71A14480 5 Bytes JMP 00080838 .text C:\WINDOWS\System32\alg.exe[2452] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00080950 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Programme\Mozilla Firefox\firefox.exe[2560] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00130F54 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00130FE0 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00130D24 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00130DB0 .text C:\Programme\Mozilla Firefox\firefox.exe[2560] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00130E3C .text C:\Programme\Mozilla Firefox\firefox.exe[2560] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00130EC8 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838 .text C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe[2912] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950 .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000701A8 .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00070090 .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00070694 .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000702C0 .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00070234 .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00070004 .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0007011C .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000704F0 .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0007057C .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000703D8 .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0007034C .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00070464 .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00070608 .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000707AC .text C:\Programme\Windows NT\Zubehör\wordpad.exe[3244] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00070720 .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe[3260] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00130F54 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00130FE0 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00130D24 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00130DB0 .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00130E3C .text C:\Programme\Microsoft Hardware\Keyboard\type32.exe[3272] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00130EC8 .text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\WINDOWS\system32\CTHELPER.EXE[3292] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\WINDOWS\system32\CTHELPER.EXE[3292] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\WINDOWS\system32\CTHELPER.EXE[3292] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[3316] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Programme\Avira\AntiVir Desktop\avgnt.exe[3336] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text D:\Spamihilator\spamihilator.exe[3420] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text D:\Spamihilator\spamihilator.exe[3420] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text D:\Spamihilator\spamihilator.exe[3420] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text D:\Spamihilator\spamihilator.exe[3420] WS2_32.dll!socket 71A14211 5 Bytes JMP 001308C4 .text D:\Spamihilator\spamihilator.exe[3420] WS2_32.dll!bind 71A14480 5 Bytes JMP 00130838 .text D:\Spamihilator\spamihilator.exe[3420] WS2_32.dll!connect 71A14A07 5 Bytes JMP 00130950 .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Programme\Vista Drive Icon\DrvIcon.exe[3432] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Programme\Java\jre6\bin\jusched.exe[3444] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] WININET.dll!InternetConnectA 408CDEAE 5 Bytes JMP 00130F54 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] WININET.dll!InternetConnectW 408CF862 5 Bytes JMP 00130FE0 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] WININET.dll!InternetOpenA 408DD688 5 Bytes JMP 00130D24 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] WININET.dll!InternetOpenW 408DDB01 5 Bytes JMP 00130DB0 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] WININET.dll!InternetOpenUrlA 408DF39C 5 Bytes JMP 00130E3C .text C:\Programme\Java\jre6\bin\jusched.exe[3444] WININET.dll!InternetOpenUrlW 40926F37 5 Bytes JMP 00130EC8 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] ws2_32.dll!socket 71A14211 5 Bytes JMP 001308C4 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] ws2_32.dll!bind 71A14480 5 Bytes JMP 00130838 .text C:\Programme\Java\jre6\bin\jusched.exe[3444] ws2_32.dll!connect 71A14A07 5 Bytes JMP 00130950 .text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 000801A8 .text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00080090 .text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00080694 .text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 000802C0 .text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00080234 .text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00080004 .text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0008011C .text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 000804F0 .text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0008057C .text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 000803D8 .text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0008034C .text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00080464 .text C:\WINDOWS\system32\ctfmon.exe[3572] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00080608 .text C:\WINDOWS\system32\ctfmon.exe[3572] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 000807AC .text C:\WINDOWS\system32\ctfmon.exe[3572] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00080720 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] KERNEL32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[3620] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 .text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!VirtualProtectEx 7C801A61 5 Bytes JMP 001301A8 .text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!VirtualProtect 7C801AD4 5 Bytes JMP 00130090 .text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!WriteProcessMemory 7C802213 5 Bytes JMP 00130694 .text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!CreateProcessW 7C802336 5 Bytes JMP 001302C0 .text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!CreateProcessA 7C80236B 5 Bytes JMP 00130234 .text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!VirtualAlloc 7C809AF1 5 Bytes JMP 00130004 .text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!VirtualAllocEx 7C809B12 5 Bytes JMP 0013011C .text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!CreateRemoteThread 7C8104CC 5 Bytes JMP 001304F0 .text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!CreateThread 7C8106D7 5 Bytes JMP 0013057C .text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!CreateProcessInternalW 7C8197B0 5 Bytes JMP 001303D8 .text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!CreateProcessInternalA 7C81D54E 5 Bytes JMP 0013034C .text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!WinExec 7C86250D 5 Bytes JMP 00130464 .text D:\Downloads\p0i0mhub.exe[23228] kernel32.dll!SetThreadContext 7C863C09 5 Bytes JMP 00130608 .text D:\Downloads\p0i0mhub.exe[23228] USER32.dll!SetWindowsHookExW 7E37820F 5 Bytes JMP 001307AC .text D:\Downloads\p0i0mhub.exe[23228] USER32.dll!SetWindowsHookExA 7E381211 5 Bytes JMP 00130720 ---- Kernel IAT/EAT - GMER 1.0.15 ---- IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] [A5E08040] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] [A5E0805B] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] [A5E080DF] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] [A5E08102] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] [A5E080DF] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] [A5E0805B] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] [A5E08040] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseCall] [A5E08995] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClMakeCall] [A5E08898] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoDeleteVc] [A5E087DA] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoCreateVc] [A5E08689] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCloseAdapter] [A5E08040] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisOpenAdapter] [A5E0805B] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClOpenAddressFamily] [A5E08EAD] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisClCloseAddressFamily] [A5E0916A] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisCoSendPackets] [A5E08541] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisDeregisterProtocol] [A5E08102] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\arp1394.sys[NDIS.SYS!NdisRegisterProtocol] [A5E080DF] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisDeregisterProtocol] [A5E08102] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisCloseAdapter] [A5E08040] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisOpenAdapter] [A5E0805B] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\nwlnkipx.sys[NDIS.SYS!NdisRegisterProtocol] [A5E080DF] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] [A5E080DF] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] [A5E08102] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] [A5E08040] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] [A5E0805B] \SystemRoot\system32\drivers\fwdrv.sys (Kerio Technologies) ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\Tcpip \Device\Ip fwdrv.sys (Kerio Technologies) AttachedDevice \Driver\Tcpip \Device\Ip ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Tcp fwdrv.sys (Kerio Technologies) AttachedDevice \Driver\Tcpip \Device\Tcp ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\Udp fwdrv.sys (Kerio Technologies) AttachedDevice \Driver\Tcpip \Device\Udp ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) AttachedDevice \Driver\Tcpip \Device\RawIp fwdrv.sys (Kerio Technologies) AttachedDevice \Driver\Tcpip \Device\RawIp ntoskrnl.exe (NT-Kernel und -System/Microsoft Corporation) ---- Registry - GMER 1.0.15 ---- Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG11.00.00.01WORKSTATION 313916933B89AAC738FB6BB860E0C1DA ---- EOF - GMER 1.0.15 ---- Der letzte Eintrag mit dem OODefrag oder wie das heisst, ist seltsam, ich habe so ein Programm auf dem ganzen Rechner nicht gefunden. Dieser Beitrag wurde am 14.09.2009 um 20:10 Uhr von FlatRate editiert.
|
|
|
||
14.09.2009, 18:00
Moderator
Beiträge: 5694 |
#4
Hallo FlatRate
Es ist normal, dass bei IE 8 mehrere Prozesse aktiv sind. Denn für jeden Tab startet der IE 8 einen eigenen Prozess. Wenn also eine Seite abstürzt dann ist nur dieser einer Tab betroffen und nicht der ganze IE. Aber arbeite trotzdem einmal en Link ab. Gruss Swiss |
|
|
||
14.09.2009, 20:13
Member
Themenstarter Beiträge: 27 |
#5
Hier noch das Hijack Log:
Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 20:13:12, on 14.09.2009 Platform: Windows XP SP3 (WinNT 5.01.2600) MSIE: Internet Explorer v8.00 (8.00.6001.18702) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\WINDOWS\system32\Ati2evxx.exe C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir Desktop\sched.exe C:\Programme\Avira\AntiVir Desktop\avguard.exe C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe C:\WINDOWS\system32\CTsvcCDA.exe C:\Programme\Java\jre6\bin\jqs.exe C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe D:\CDBurnerXP\NMSAccessU.exe C:\WINDOWS\System32\tcpsvcs.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe C:\WINDOWS\wanmpsvc.exe C:\WINDOWS\System32\MsPMSPSv.exe C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe C:\WINDOWS\system32\Pen_Tablet.exe C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe C:\Programme\Microsoft Hardware\Keyboard\type32.exe C:\WINDOWS\system32\CTHELPER.EXE C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE C:\Programme\Avira\AntiVir Desktop\avgnt.exe D:\Spamihilator\spamihilator.exe C:\Programme\Vista Drive Icon\DrvIcon.exe C:\Programme\Java\jre6\bin\jusched.exe C:\WINDOWS\system32\ctfmon.exe C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe C:\Programme\Windows NT\Zubehör\wordpad.exe D:\Downloads\p0i0mhub.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\DankeAnke\Desktop\HJT.exe R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/ R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.proxy.aol.com:80 O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file) O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll O3 - Toolbar: Pictures - {8E929F51-5914-11D6-971F-0050FC3F9161} - D:\Programme\Pictures.dll O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe" O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [Spamihilator] "d:\Spamihilator\spamihilator.exe" O4 - HKLM\..\Run: [DrvIcon] C:\Programme\Vista Drive Icon\DrvIcon.exe O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe" O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user') O4 - S-1-5-18 Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'SYSTEM') O4 - .DEFAULT Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'Default user') O4 - Startup: DSL-Manager.lnk = ? O4 - Global Startup: Rainmeter.lnk = D:\Rainmeter\Rainmeter.exe O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\INCRED~1\bin\resources\WebMenuImg.htm O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html O8 - Extra context menu item: Save Page As PDF ... - file://C:\Programme\Nitro PDF\PDF Download\nitroweb.htm O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe O9 - Extra button: Preispiraten 2.1.3 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - D:\Preispiraten2\preispiraten2ie.exe O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/de/win/QuickTimeInstaller.exe O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095887784043 O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gutchat.de/control/msnchat45.cab O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - E:\iPod\bin\iPodService.exe O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe O23 - Service: NMSAccessU - Unknown owner - D:\CDBurnerXP\NMSAccessU.exe O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe -- End of file - 10803 bytes |
|
|
||
14.09.2009, 20:20
Member
Themenstarter Beiträge: 27 |
#6
Hier noch die Save Uninstall Liste:
3D GIF Designer 7-Zip 4.64 Acer ADSL Surf USB Ad-Aware Ad-Aware Adobe Flash Player 10 ActiveX Adobe Flash Player 10 Plugin Adobe Photoshop Album 2.0 Starter Edition Adobe Photoshop CS2 Adobe Reader 9.1.3 - Deutsch Adobe Shockwave Player 11 Allok AVI to DVD SVCD VCD Converter 1.5.6 ANNO 1602 AOL Deutschland Apple Mobile Device Support Apple Software Update ATI - Software Uninstall Utility ATI Catalyst Control Center ATI Control Panel ATI Display Driver AudioConvert Avira AntiVir Personal - Free Antivirus Bejeweled 2 Deluxe Biet-O-Matic v2.0.18 Boulder Dash Treasure Pleasure Bubble Odyssey Butterfly Magic Calculator Powertoy for Windows XP Canon PIXMA iP8500 CCleaner (remove only) CDBurnerXP CD-DA X-Tractor v0.24 CDex extraction audio Choice Guard C-Media WDM Audio Driver CoffeeCup HTML Editor Corel Applications CorelDRAW 10 CorelDRAW 10 Creative MediaSource Crystal Button 2.4 Digitale Bibliothek 4 DivX Player DivX Pro Codec Adware DSL-Manager Dupehunter Professional - Corporate Edition 2.6.0.447 Easy-WebPrint EPSON PhotoQuicker3.2 EVEREST Home Edition v2.20 flatster Formular-Maker FreeRIP v2.60 Gehirnjogging - Special Edition GIMP 2.4.4 Gold Rush Deluxe Google Book Downloader Google Toolbar for Internet Explorer Google Toolbar for Internet Explorer Happyland Adventures - Xmas Edition v1.3 HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs HijackThis 2.0.2 Honey Switch Deluxe Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix für Windows Internet Explorer 7 (KB947864) Hotfix für Windows XP (KB952287) Hotfix für Windows XP (KB961118) Hotfix für Windows XP (KB970653-v3) HTML Studio ICQ IncrediMail Xe InterVideo DirectShow Filter 2.6 iPod for Windows 2005-10-12 iRaTe 2 IrfanView (remove only) iTunes Java 2 SDK, SE v1.4.2 Java(TM) 6 Update 16 Java(TM) 6 Update 7 Jewel Quest (remove only) Kerio Personal Firewall LernCULtur Letstrade LifeGlobe Goldfish Aquarium Luxor 4 Quest For The Afterlife 1.00 Macromedia Shockwave Player Mah Jong Quest Mah Jong Quest Deluxe Malwarebytes' Anti-Malware Mäx! Messenger Plus! Live Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 Hotfix (KB928366) Microsoft .NET Framework 2.0 Service Pack 2 Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU Microsoft .NET Framework 3.0 Service Pack 2 Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 Microsoft Age of Empires II Microsoft AntiSpyware Microsoft Data Access Components KB870669 Microsoft Excel 7.0 Microsoft GIF Animator Microsoft Internationalized Domain Names Mitigation APIs Microsoft National Language Support Downlevel APIs Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Windows-Journal-Viewer Microsoft Word 7.0 Millennium Gamepak Platinum mIRC Mozilla Firefox (3.5.3) MSVCRT MSXML 4.0 SP2 (KB927978) MSXML 4.0 SP2 (KB936181) MSXML 4.0 SP2 (KB954430) Nemo's Aquarium 3D NetBeans IDE 3.5.1 Nvu 0.8.1 O&O Defrag Professional Edition ObjectDock Office Mouse OpenOffice.org 2.3 Opera 10.00 PantsOff 2.0 PDF Download for Internet Explorer Peggle (remove only) phonostar-Player Version 1.50.7 PicGrab 2.7.9 Pictures Toolbar Pool Paradise Preispiraten 2.1.3 PTBSync (Atomuhr Synchronisation & Terminkalender) QuickTime Rainmeter (remove only) RealPlayer Rhapsody Player Engine Rosso Rabbit in Trouble DEMO SAMSUNG Mobile USB Modem 1.0 Software Samsung PC Studio 3 USB Driver Installer Samsung Samples Installer Scribus 1.3.3.12 Security Update for CAPICOM (KB931906) Security Update for CAPICOM (KB931906) Segoe UI SereneScreen Marine Aquarium 2 SereneScreen Marine Aquarium Time Shockwave Sicherheitsupdate für Windows Internet Explorer 7 (KB938127) Sicherheitsupdate für Windows Internet Explorer 7 (KB944533) Sicherheitsupdate für Windows Internet Explorer 7 (KB950759) Sicherheitsupdate für Windows Internet Explorer 7 (KB953838) Sicherheitsupdate für Windows Internet Explorer 7 (KB956390) Sicherheitsupdate für Windows Internet Explorer 7 (KB958215) Sicherheitsupdate für Windows Internet Explorer 7 (KB960714) Sicherheitsupdate für Windows Internet Explorer 7 (KB961260) Sicherheitsupdate für Windows Internet Explorer 7 (KB963027) Sicherheitsupdate für Windows Internet Explorer 7 (KB969897) Sicherheitsupdate für Windows Internet Explorer 8 (KB969897) Sicherheitsupdate für Windows Internet Explorer 8 (KB971961) Sicherheitsupdate für Windows Internet Explorer 8 (KB972260) Sicherheitsupdate für Windows Media Encoder (KB954156) Sicherheitsupdate für Windows Media Player (KB952069) Sicherheitsupdate für Windows Media Player (KB968816) Sicherheitsupdate für Windows Media Player (KB973540) Sicherheitsupdate für Windows Media Player 10 (KB911565) Sicherheitsupdate für Windows Media Player 10 (KB917734) Sicherheitsupdate für Windows Media Player 10 (KB936782) Sicherheitsupdate für Windows XP (KB923561) Sicherheitsupdate für Windows XP (KB938464) Sicherheitsupdate für Windows XP (KB938464-v2) Sicherheitsupdate für Windows XP (KB941569) Sicherheitsupdate für Windows XP (KB946648) Sicherheitsupdate für Windows XP (KB950760) Sicherheitsupdate für Windows XP (KB950762) Sicherheitsupdate für Windows XP (KB950974) Sicherheitsupdate für Windows XP (KB951066) Sicherheitsupdate für Windows XP (KB951376) Sicherheitsupdate für Windows XP (KB951376-v2) Sicherheitsupdate für Windows XP (KB951698) Sicherheitsupdate für Windows XP (KB951748) Sicherheitsupdate für Windows XP (KB952004) Sicherheitsupdate für Windows XP (KB952954) Sicherheitsupdate für Windows XP (KB953155) Sicherheitsupdate für Windows XP (KB953839) Sicherheitsupdate für Windows XP (KB954211) Sicherheitsupdate für Windows XP (KB954459) Sicherheitsupdate für Windows XP (KB954600) Sicherheitsupdate für Windows XP (KB955069) Sicherheitsupdate für Windows XP (KB956391) Sicherheitsupdate für Windows XP (KB956572) Sicherheitsupdate für Windows XP (KB956744) Sicherheitsupdate für Windows XP (KB956802) Sicherheitsupdate für Windows XP (KB956803) Sicherheitsupdate für Windows XP (KB956841) Sicherheitsupdate für Windows XP (KB956844) Sicherheitsupdate für Windows XP (KB957095) Sicherheitsupdate für Windows XP (KB957097) Sicherheitsupdate für Windows XP (KB958644) Sicherheitsupdate für Windows XP (KB958687) Sicherheitsupdate für Windows XP (KB958690) Sicherheitsupdate für Windows XP (KB959426) Sicherheitsupdate für Windows XP (KB960225) Sicherheitsupdate für Windows XP (KB960715) Sicherheitsupdate für Windows XP (KB960803) Sicherheitsupdate für Windows XP (KB960859) Sicherheitsupdate für Windows XP (KB961371) Sicherheitsupdate für Windows XP (KB961373) Sicherheitsupdate für Windows XP (KB961501) Sicherheitsupdate für Windows XP (KB968537) Sicherheitsupdate für Windows XP (KB969898) Sicherheitsupdate für Windows XP (KB970238) Sicherheitsupdate für Windows XP (KB971557) Sicherheitsupdate für Windows XP (KB971633) Sicherheitsupdate für Windows XP (KB971657) Sicherheitsupdate für Windows XP (KB973346) Sicherheitsupdate für Windows XP (KB973354) Sicherheitsupdate für Windows XP (KB973507) Sicherheitsupdate für Windows XP (KB973869) Skype 2.5 Sony Sound Forge 8.0b Sound Blaster Audigy 2 ZS Spamihilator StationRipper 2.25 Stifttablett StyloCam SUPERAntiSpyware Free Edition TeamSpeak 2 RC2 TGeb V5.4 The Rise of Atlantis (remove only) Tidy Start Menu T-Online 6.0 Trillian Trillian 0.74 F TuneUp Utilities 2006 TVgenial Tweak UI Ulead COOL 360 1.0 Ulead Photo Explorer 8.6 Ulead PhotoImpact 12 Ulead PhotoImpact 8 Unlocker 1.8.7 Update für Windows Internet Explorer 8 (KB971930) Update für Windows XP (KB951072-v2) Update für Windows XP (KB951978) Update für Windows XP (KB955839) Update für Windows XP (KB961503) Update für Windows XP (KB967715) Update für Windows XP (KB973815) VIA Audio Driver Setup Program VIA Bus Master Ultra ATA Driver (Remove) Videora iPod Converter 0.91 Viewpoint Media Player Vista Drive Icon 1.4 Visual C++ CRT 9.0 SP1 Visual card designer 1.0 VLC media player 1.0.1 Wacom JustWrite Office Winamp WinAVIVideoConverter Windows Internet Explorer 8 Windows Live Anmelde-Assistent Windows Live Call Windows Live Communications Platform Windows Live Essentials Windows Live Essentials Windows Live Messenger Windows Live-Uploadtool Windows Media Encoder 9-Reihe Windows Media Encoder 9-Reihe Windows Media Format Runtime Windows Media Player 10 Windows XP Service Pack 3 WinRAR Archivierer WISO Haushaltsbuch 2008 Wisterer HX 4.2.20 XML Paper Specification Shared Components Language Pack 1.0 xp-AntiSpy 3.92 XviD MPEG-4 Codec Yahoo! Messenger Zuma Deluxe RA Zylom Games Player Plugin |
|
|
||
14.09.2009, 20:56
Moderator
Beiträge: 5694 |
#7
Das Log von Malwarebytes fehlt noch. Falls das Programm schon länger auf dem System hast, dann update es und mach einen Fullscan. Poste danach das Log.
Wurde damit auch gescannt und was gefunden`: SUPERAntiSpyware Free Edition Gruss Swiss |
|
|
||
14.09.2009, 22:40
Member
Themenstarter Beiträge: 27 |
#8
Sorry, hatte das ausgelassen, weil Malwarebytes nichts meldete.
Hier noch das Log von Malwarebytes: Malwarebytes' Anti-Malware 1.41 Datenbank Version: 2797 Windows 5.1.2600 Service Pack 3 14.09.2009 22:39:49 mbam-log-2009-09-14 (22-39-49).txt Scan-Methode: Quick-Scan Durchsuchte Objekte: 103524 Laufzeit: 7 minute(s), 55 second(s) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
|
||
14.09.2009, 22:55
Moderator
Beiträge: 5694 |
||
|
||
15.09.2009, 07:51
Member
Themenstarter Beiträge: 27 |
#10
Klar die Tasks sind normal, ist mir auch bekannt.
Aber ist der IE geöffnet, habe ich nur einen Tab offen und 3 x IE im Taskmanager. Schliesse ich den IE z.B. über den Taskmanager, oder normal, kann es sein (nicht immer) das ich noch mindestens einen iexplore.exe Prozess im Taskmanager finde, der sich nicht durch Prozess beenden schliessen lässt. Ausserdem verbraucht der eine einzige verbleibende Prozess des IE dann oft 80 - 100 Prozent CPU Auslastung.... Dieser Beitrag wurde am 15.09.2009 um 07:55 Uhr von FlatRate editiert.
|
|
|
||
15.09.2009, 18:11
Moderator
Beiträge: 5694 |
#11
Wende Combofix an und poste das Log:
http://www.virus-protect.org/artikel/tools/combofix.html Gruss Swiss |
|
|
||
der Rechner meiner Frau wurde immer langsamer. Beim Nachschauen im Taskmanager fand ich 3 x den Internet Explorer, der nur einmal geöffnet war.
Nach einigen Durchläufen mit Antivir, Antimailware und Antispy sind noch 2 x Internet Explorer im Taskmanager. Der PC läuft ein wenig besser, aber ich glaube, es sind noch Restbestände da.
Kann mir bitte jemand helfen ?
[code]Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09:29, on 14.09.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Programme\Avira\AntiVir Desktop\sched.exe
C:\Programme\Avira\AntiVir Desktop\avguard.exe
C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
D:\CDBurnerXP\NMSAccessU.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\WTablet\Pen_TabletUser.exe
C:\WINDOWS\system32\Pen_Tablet.exe
C:\Programme\Kerio\Personal Firewall 4\kpf4gui.exe
C:\Programme\Microsoft Hardware\Keyboard\type32.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE
C:\Programme\Avira\AntiVir Desktop\avgnt.exe
D:\Spamihilator\spamihilator.exe
C:\Programme\Vista Drive Icon\DrvIcon.exe
C:\Programme\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
C:\Programme\Mozilla Firefox\firefox.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Dokumente und Einstellungen\DankeAnke\Desktop\This.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = www.proxy.aol.com:80
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Windows Live Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\programme\google\googletoolbar1.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O2 - BHO: NitroPDFBHO Class - {CF070CB8-F02F-4af4-A7B7-8D45CAD4BB54} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programme\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Pictures - {8E929F51-5914-11D6-971F-0050FC3F9161} - D:\Programme\Pictures.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Programme\Canon\Easy-WebPrint\Toolband.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\programme\google\googletoolbar1.dll
O4 - HKLM\..\Run: [IntelliType] "C:\Programme\Microsoft Hardware\Keyboard\type32.exe"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [StartCCC] "C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [JWOSetup] JWOSetup.exe -en
O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [Spamihilator] "d:\Spamihilator\spamihilator.exe"
O4 - HKLM\..\Run: [DrvIcon] C:\Programme\Vista Drive Icon\DrvIcon.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Programme\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Malwarebytes Anti-Malware (reboot)] "C:\Programme\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-18 Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: DSL-Manager.lnk = C:\Programme\T-Online\DSL-Manager\DslMgr.exe (User 'Default user')
O4 - Startup: DSL-Manager.lnk = ?
O8 - Extra context menu item: &Add animation to IncrediMail Style Box - D:\INCRED~1\bin\resources\WebMenuImg.htm
O8 - Extra context menu item: &NeoTrace It! - D:\NEOTRA~1\NTXcontext.htm
O8 - Extra context menu item: Easy-WebPrint - Drucken - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: Easy-WebPrint - Schnelldruck - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint - Vorschau - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint - Zu Druckliste hinzufügen - res://C:\Programme\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Save Page As PDF ... - file://C:\Programme\Nitro PDF\PDF Download\nitroweb.htm
O9 - Extra button: ICQ Pro - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ - {6224f700-cba3-4071-b251-47cb894244cd} - D:\ICQ\ICQ.exe
O9 - Extra button: Preispiraten 2.1.3 - {86DE8B3B-1EB7-4386-84BD-EBE94348A913} - D:\Preispiraten2\preispiraten2ie.exe
O9 - Extra button: (no name) - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra 'Tools' menuitem: PDF Download - Options - {AD9E6088-E00B-42f9-9F0C-8480525D234E} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: NeoTrace It! - {9885224C-1217-4c5f-83C2-00002E6CEF2B} - D:\NEOTRA~1\NTXtoolbar.htm (HKCU)
O9 - Extra button: PDF Download - {F1C0FD6C-A6A0-49a7-A932-71A56461867F} - C:\Programme\Nitro PDF\PDF Download\NitroPDF.dll (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: ppctlcab - http://www.pestscan.com/scanner/ppctlcab.cab
O16 - DPF: {2FC9A21E-2069-4E47-8235-36318989DB13} (PPSDKActiveXScanner.MainScreen) - http://www.pestscan.com/scanner/axscanner.cab
O16 - DPF: {62475759-9E84-458E-A1AB-5D2C442ADFDE} - http://a1540.g.akamai.net/7/1540/52/20040105/qtinstall.info.apple.com/mickey/de/win/QuickTimeInstaller.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://v5.windowsupdate.microsoft.com/v5consumer/V5Controls/en/x86/client/wuweb_site.cab?1095887784043
O16 - DPF: {74D05D43-3236-11D4-BDCD-00C04F9A3B61} (HouseCall-Kontrolle) - http://a840.g.akamai.net/7/840/537/2005111401/housecall.trendmicro.com/housecall/xscan53.cab
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsClient.cab31267.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab
O16 - DPF: {F58E1CEF-A068-4C15-BA5E-587CAF3EE8C6} (MSN Chat Control 4.5) - http://www.gutchat.de/control/msnchat45.cab
O20 - Winlogon Notify: !SASWinLogon - C:\Programme\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - E:\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programme\Java\jre6\bin\jqs.exe
O23 - Service: Kerio Personal Firewall 4 (KPF4) - Kerio Technologies - C:\Programme\Kerio\Personal Firewall 4\kpf4ss.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: NMSAccessU - Unknown owner - D:\CDBurnerXP\NMSAccessU.exe
O23 - Service: TabletServicePen - Wacom Technology, Corp. - C:\WINDOWS\system32\Pen_Tablet.exe
O23 - Service: DSL-Manager (TDslMgrService) - T-Systems Enterprise Services GmbH - C:\Programme\T-Online\DSL-Manager\DslMgrSvc.exe
O23 - Service: TuneUp WinStyler Theme Service (TUWinStylerThemeSvc) - TuneUp Software GmbH - D:\Programme\TuneUp Utilities 2006\WinStylerThemeSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe
--
End of file - 10882 bytes