Hallo nochmal.
Leider habe ich mit der svchost.exe wieder Probleme, CPU-Auslastung wieder konstant bei 50%. FRTS ist im Anhang und Combofix wollte ich ohne neue Anweisung lieber nicht machen. defogger Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 20:47 on 18/12/2013 (Admin)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- Addition Code:
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 18-12-2013 03
Ran by Admin at 2013-12-18 20:51:45
Running from C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Emsisoft Anti-Malware (Disabled - Up to date) {0F8591BB-342B-4493-91C3-4E948ED21255}
==================== Installed Programs ======================
Adobe Reader XI (11.0.05) - Deutsch (Version: 11.0.05)
ATI - Dienstprogramm zur Deinstallation der Software (Version: 6.14.10.1021)
ATI Catalyst Control Center (Version: 2.008.0407.2138)
ATI Display Driver (Version: 8.477-080407a-062896C-Toshiba)
ATI Parental Control & Encoder (Version: 3.0)
Camera Assistant Software for Toshiba (Version: 1.7.175.0123)
Catalyst Control Center - Branding (Version: 1.00.0000)
Catalyst Control Center Core Implementation (Version: 2008.0407.2139.36897)
Catalyst Control Center Graphics Full Existing (Version: 2008.0407.2139.36897)
Catalyst Control Center Graphics Full New (Version: 2008.0407.2139.36897)
Catalyst Control Center Graphics Light (Version: 2008.0407.2139.36897)
Catalyst Control Center Localization Chinese Standard (Version: 2008.0407.2139.36897)
Catalyst Control Center Localization Chinese Traditional (Version: 2008.0407.2139.36897)
Catalyst Control Center Localization Dutch (Version: 2008.0407.2139.36897)
Catalyst Control Center Localization French (Version: 2008.0407.2139.36897)
Catalyst Control Center Localization German (Version: 2008.0407.2139.36897)
Catalyst Control Center Localization Italian (Version: 2008.0407.2139.36897)
Catalyst Control Center Localization Japanese (Version: 2008.0407.2139.36897)
Catalyst Control Center Localization Korean (Version: 2008.0407.2139.36897)
Catalyst Control Center Localization Portuguese (Version: 2008.0407.2139.36897)
Catalyst Control Center Localization Spanish (Version: 2008.0407.2139.36897)
Catalyst Control Center Localization Swedish (Version: 2008.0407.2139.36897)
CCC Help Chinese Standard (Version: 2008.0407.2138.36897)
CCC Help Chinese Traditional (Version: 2008.0407.2138.36897)
CCC Help Dutch (Version: 2008.0407.2138.36897)
CCC Help English (Version: 2008.0407.2138.36897)
CCC Help French (Version: 2008.0407.2138.36897)
CCC Help German (Version: 2008.0407.2138.36897)
CCC Help Italian (Version: 2008.0407.2138.36897)
CCC Help Japanese (Version: 2008.0407.2138.36897)
CCC Help Korean (Version: 2008.0407.2138.36897)
CCC Help Portuguese (Version: 2008.0407.2138.36897)
CCC Help Spanish (Version: 2008.0407.2138.36897)
CCC Help Swedish (Version: 2008.0407.2138.36897)
ccc-core-preinstall (Version: 2008.0407.2139.36897)
ccc-core-static (Version: 2008.0407.2139.36897)
ccc-utility (Version: 2008.0407.2139.36897)
CD/DVD Drive Acoustic Silencer (Version: 1.00.008)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.04072)
Emsisoft Anti-Malware (Version: 8.1)
Google Chrome (Version: 31.0.1650.63)
Google Update Helper (Version: 1.3.22.3)
High Definition Audio Driver Package - KB888111 (Version: 20040219.000000)
Java 7 Update 45 (Version: 7.0.450)
Java Auto Updater (Version: 2.1.9.8)
Microsoft .NET Framework 2.0
Microsoft .NET Framework 2.0 (Version: 2.0.50727)
Microsoft Silverlight (Version: 5.1.20913.0)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (Version: 10.0.30319)
Mozilla Firefox 26.0 (x86 de) (Version: 26.0)
Mozilla Maintenance Service (Version: 26.0)
OANDA - MetaTrader (Version: 4.00)
REALTEK GbE & FE Ethernet PCI-E NIC Driver (Version: 1.35.0000)
Realtek High Definition Audio Driver (Version: 5.10.0.5599)
RICOH R5C83x/84x Flash Media Controller Driver Ver.3.54.02 (Version: 3.54.02)
Skins (Version: 2008.0407.2139.36897)
SpeedFan (remove only)
TOSHIBA Assist
TOSHIBA PC Diagnostic Tool (Version: 3.2.6)
TOSHIBA Power Saver (Version: 7.04.02.I)
WebFldrs XP (Version: 9.50.7523)
Windows XP Service Pack 3 (Version: 20080414.031514)
==================== Restore Points =========================
13-12-2013 19:59:48 Systemprüfpunkt
13-12-2013 20:05:53 Installiert REALTEK GbE & FE Ethernet PCI-E NIC Driver
13-12-2013 20:07:22 Installed Intel(R) PROSet/Wireless WiFi-Software.
13-12-2013 20:09:21 Installiert Realtek High Definition Audio Driver
13-12-2013 20:09:30 Installed Windows XP KB888111WXPSP2.
13-12-2013 20:17:06 Windows Installer KB893803v2 wurde installiert.
13-12-2013 20:19:22 Installiert ATI Catalyst Control Center
13-12-2013 20:20:48 ATI Parental Control & Encoder wird installiert
13-12-2013 20:38:12 Windows XP Service Pack 3 wurde installiert.
13-12-2013 21:44:55 Konfiguriert REALTEK GbE & FE Ethernet PCI-E NIC Driver
13-12-2013 21:50:55 Installiert Atheros Client Utility
13-12-2013 21:52:01 Installiert Atheros Client Utility
13-12-2013 21:55:36 Entfernt Atheros Client Utility
13-12-2013 21:57:32 Removed Intel(R) PROSet/Wireless WiFi-Software.
13-12-2013 22:17:19 Installiert REALTEK GbE & FE Ethernet PCI-E NIC Driver
13-12-2013 22:43:32 Installiert REALTEK GbE & FE Ethernet PCI-E NIC Driver
13-12-2013 22:46:27 Installiert Atheros Wireless LAN MiniPCI card Driver
13-12-2013 22:48:30 Installiert Atheros Client Utility
13-12-2013 22:54:53 Installiert Camera Assistant Software for Toshiba
13-12-2013 23:01:23 Konfiguriert REALTEK GbE & FE Ethernet PCI-E NIC Driver
13-12-2013 23:02:06 Entfernt Atheros Client Utility
13-12-2013 23:04:53 Installed TOSHIBA PC Diagnostic Tool
13-12-2013 23:07:39 Installiert CD/DVD Drive Acoustic Silencer
13-12-2013 23:13:03 Installiert RICOH R5C83x/84x Flash Media Controller Driver Ver.3
13-12-2013 23:14:36 Installiert TOSHIBA Assist
13-12-2013 23:18:17 Installiert TOSHIBA Common Module
13-12-2013 23:23:24 Installiert REALTEK GbE & FE Ethernet PCI-E NIC Driver
13-12-2013 23:48:41 Entfernt REALTEK GbE & FE Ethernet PCI-E NIC Driver
13-12-2013 23:49:33 Installiert REALTEK GbE & FE Ethernet PCI-E NIC Driver
13-12-2013 23:54:16 Entfernt Atheros Wireless LAN MiniPCI card Driver
14-12-2013 12:22:19 Ask Toolbar wird entfernt
14-12-2013 20:55:19 Java 7 Update 45 wird installiert
14-12-2013 20:57:21 Java 7 Update 45 wird entfernt
14-12-2013 20:57:52 Java 7 Update 45 wird installiert
14-12-2013 21:07:48 Installed Cisco AnyConnect Secure Mobility Client
16-12-2013 16:37:28 Systemprüfpunkt
17-12-2013 19:46:33 Systemprüfpunkt
==================== Hosts content: ==========================
2004-08-04 13:00 - 2004-08-04 13:00 - 00000820 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Scheduled Tasks (whitelisted) =============
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Programme\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Programme\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2013-10-10 22:48 - 2013-10-10 22:48 - 00063376 _____ () C:\Programme\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2013-12-14 00:18 - 2007-04-03 18:21 - 00049152 _____ () C:\Programme\Toshiba\Toshiba Applet\TouchPad_OnOff.dll
2004-08-04 13:00 - 2008-04-14 07:52 - 00014336 _____ () C:\WINDOWS\system32\msdmo.dll
2013-12-13 21:29 - 2013-12-04 03:48 - 04055504 _____ () C:\Programme\Google\Chrome\Application\31.0.1650.63\pdf.dll
2013-12-13 21:29 - 2013-12-04 03:48 - 00399312 _____ () C:\Programme\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
2013-12-13 21:29 - 2013-12-04 03:47 - 01619408 _____ () C:\Programme\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
2013-12-13 21:29 - 2013-12-04 03:48 - 13586896 _____ () C:\Programme\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== Faulty Device Manager Devices =============
Name:
Description:
Class Guid: {4D36E97E-E325-11CE-BFC1-08002BE10318}
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: ATI HDMI Audio
Description: ATI HDMI Audio
Class Guid: {4D36E96C-E325-11CE-BFC1-08002BE10318}
Manufacturer: Realtek
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Modem Device on High Definition Audio Bus
Description: Modem Device on High Definition Audio Bus
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4D36E972-E325-11CE-BFC1-08002BE10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (12/18/2013 10:27:45 AM) (Source: Application Hang) (User: )
Description: Stillstehende Anwendung terminal.exe, Version 4.0.0.509, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (12/18/2013 10:27:01 AM) (Source: Application Hang) (User: )
Description: Stillstehende Anwendung terminal.exe, Version 4.0.0.509, Stillstandmodul hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error: (12/18/2013 09:09:30 AM) (Source: PerfNet) (User: )
Description: Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error: (12/17/2013 11:13:59 AM) (Source: PerfNet) (User: )
Description: Der Serverdienst konnte nicht geöffnet werden. Die Server-Leistungsinformationen
werden nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error: (12/14/2013 10:08:09 PM) (Source: acvpndownloader) (User: )
Description: Function: CDownloaderArgs::GetCertificateInfo
File: .\DownloaderArgs.cpp
Line: 1574
Invoked Function: CCertificateInfoTlv::Assign
Return Code: -23199733 (0xFE9E000B)
Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found
Error: (12/14/2013 10:08:09 PM) (Source: acvpndownloader) (User: )
Description: Function: CCertificateInfoTlv::Assign
File: ..\Common\TLV\CertificateInfoTlv.cpp
Line: 87
Invoked Function: CCertificateInfoTlv::Serialize
Return Code: -23199733 (0xFE9E000B)
Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found
Error: (12/14/2013 10:08:09 PM) (Source: acvpndownloader) (User: )
Description: Function: CCertificateInfoTlv::Serialize
File: ..\Common\TLV\CertificateInfoTlv.cpp
Line: 523
Data to serialize is empty
Error: (12/14/2013 10:07:54 PM) (Source: acvpninstall) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Error: (12/14/2013 10:07:54 PM) (Source: acvpninstall) (User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: Das System kann den angegebenen Pfad nicht finden.
Error: (12/14/2013 10:07:54 PM) (Source: acvpninstall) (User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
System errors:
=============
Error: (12/18/2013 03:34:23 PM) (Source: Dhcp) (User: )
Description: Die IP-Adresslease 192.168.0.101 für die Netzwerkkarte mit der Netzwerkadresse 0022FA29E734 wurde durch
den DHCP-Server 1.1.1.1 abgelehnt (der DHCP-Server hat eine DHCPNACK-Meldung gesendet).
Error: (12/15/2013 07:01:01 PM) (Source: 0) (User: )
Description:
Error: (12/13/2013 10:20:50 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Computerstandard) wird der SID (S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung (Lokal) für die COM-Serveranwendung mit CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.
Error: (12/13/2013 10:20:50 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Computerstandard) wird der SID (S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung (Lokal) für die COM-Serveranwendung mit CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.
Error: (12/13/2013 10:20:49 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Computerstandard) wird der SID (S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung (Lokal) für die COM-Serveranwendung mit CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.
Error: (12/13/2013 09:48:45 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Computerstandard) wird der SID (S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung (Lokal) für die COM-Serveranwendung mit CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.
Error: (12/13/2013 09:48:45 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Computerstandard) wird der SID (S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung (Lokal) für die COM-Serveranwendung mit CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.
Error: (12/13/2013 09:48:45 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Computerstandard) wird der SID (S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung (Lokal) für die COM-Serveranwendung mit CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.
Error: (12/13/2013 09:22:14 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Computerstandard) wird der SID (S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung (Lokal) für die COM-Serveranwendung mit CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.
Error: (12/13/2013 09:22:14 PM) (Source: DCOM) (User: NT-AUTORITÄT)
Description: Durch die Berechtigungseinstellungen (Computerstandard) wird der SID (S-1-5-20) für Benutzer NT-AUTORITÄT\NETZWERKDIENST keine Aktivierungberechtigung (Lokal) für die COM-Serveranwendung mit CLSID
{A4199E55-EBB9-49E5-AF1A-7A5408B2E206}
gewährt. Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste geändert werden.
Microsoft Office Sessions:
=========================
Error: (12/18/2013 10:27:45 AM) (Source: Application Hang)(User: )
Description: terminal.exe4.0.0.509hungapp0.0.0.000000000
Error: (12/18/2013 10:27:01 AM) (Source: Application Hang)(User: )
Description: terminal.exe4.0.0.509hungapp0.0.0.000000000
Error: (12/18/2013 09:09:30 AM) (Source: PerfNet)(User: )
Description:
Error: (12/17/2013 11:13:59 AM) (Source: PerfNet)(User: )
Description:
Error: (12/14/2013 10:08:09 PM) (Source: acvpndownloader)(User: )
Description: Function: CDownloaderArgs::GetCertificateInfo
File: .\DownloaderArgs.cpp
Line: 1574
Invoked Function: CCertificateInfoTlv::Assign
Return Code: -23199733 (0xFE9E000B)
Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found
Error: (12/14/2013 10:08:09 PM) (Source: acvpndownloader)(User: )
Description: Function: CCertificateInfoTlv::Assign
File: ..\Common\TLV\CertificateInfoTlv.cpp
Line: 87
Invoked Function: CCertificateInfoTlv::Serialize
Return Code: -23199733 (0xFE9E000B)
Description: CERTIFICATEINFO_ERROR_NO_DATA:No certificate data was found
Error: (12/14/2013 10:08:09 PM) (Source: acvpndownloader)(User: )
Description: Function: CCertificateInfoTlv::Serialize
File: ..\Common\TLV\CertificateInfoTlv.cpp
Line: 523
Data to serialize is empty
Error: (12/14/2013 10:07:54 PM) (Source: acvpninstall)(User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
Error: (12/14/2013 10:07:54 PM) (Source: acvpninstall)(User: )
Description: Function: FileMoveFiles
File: ..\Common\Utility\NativeSysFileCopy.cpp
Line: 388
Invoked Function: ::FindFirstFile
Return Code: 3 (0x00000003)
Description: Das System kann den angegebenen Pfad nicht finden.
Error: (12/14/2013 10:07:54 PM) (Source: acvpninstall)(User: )
Description: Function: wWinMain
File: .\InstallHelper.cpp
Line: 354
Invoked Function: FileMoveFiles
Return Code: -33554423 (0xFE000009)
Description: GLOBAL_ERROR_UNEXPECTED
==================== Memory info ===========================
Percentage of memory in use: 46%
Total physical RAM: 3069.92 MB
Available physical RAM: 1633.3 MB
Total Pagefile: 4955.8 MB
Available Pagefile: 3046.29 MB
Total Virtual: 2047.88 MB
Available Virtual: 1966.1 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:232.88 GB) (Free:210.61 GB) NTFS ==>[Drive with boot components (Windows XP)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 233 GB) (Disk ID: 600BADED)
Partition 1: (Active) - (Size=233 GB) - (Type=07 NTFS)
==================== End Of Log ============================ GMER Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-12-18 21:39:26
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 TOSHIBA_MK2555GSX rev.FG001M 232,89GB
Running: gmer_2.1.19163.exe; Driver: C:\DOKUME~1\Admin\LOKALE~1\Temp\uwldrpob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\WINDOWS\system32\DRIVERS\ati2mtag.sys section is writeable [0xB9885000, 0x189C82, 0xE8000020]
---- User code sections - GMER 2.1 ----
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ntdll.dll!NtCreateFile 7C91D090 1 Byte [FF]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ntdll.dll!NtCreateFile 7C91D090 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [86, 71]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [8C, 71]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ntdll.dll!NtOpenFile 7C91D580 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ntdll.dll!NtOpenFile + 4 7C91D584 2 Bytes [83, 71]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ntdll.dll!NtOpenProcess 7C91D5E0 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ntdll.dll!NtOpenProcess + 4 7C91D5E4 2 Bytes [89, 71]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ntdll.dll!NtSetContextThread 7C91DB90 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ntdll.dll!NtSetContextThread + 4 7C91DB94 2 Bytes [80, 71]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [8F, 71]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 7199000A
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 719F000A
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719C000A
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A4, 71]
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A2000A
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AB000A
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A8000A
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ADVAPI32.dll!CreateServiceA 77E071E9 6 Bytes JMP 7196000A
.text C:\Dokumente und Einstellungen\Admin\Eigene Dateien\Downloads\gmer_2.1.19163.exe[576] ADVAPI32.dll!CreateServiceW 77E07381 6 Bytes JMP 7193000A
.text C:\WINDOWS\system32\TPSMain.exe[632] ntdll.dll!NtCreateFile 7C91D090 1 Byte [FF]
.text C:\WINDOWS\system32\TPSMain.exe[632] ntdll.dll!NtCreateFile 7C91D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSMain.exe[632] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [80, 71]
.text C:\WINDOWS\system32\TPSMain.exe[632] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSMain.exe[632] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [86, 71]
.text C:\WINDOWS\system32\TPSMain.exe[632] ntdll.dll!NtOpenFile 7C91D580 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSMain.exe[632] ntdll.dll!NtOpenFile + 4 7C91D584 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\system32\TPSMain.exe[632] ntdll.dll!NtOpenProcess 7C91D5E0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSMain.exe[632] ntdll.dll!NtOpenProcess + 4 7C91D5E4 2 Bytes [83, 71]
.text C:\WINDOWS\system32\TPSMain.exe[632] ntdll.dll!NtSetContextThread 7C91DB90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSMain.exe[632] ntdll.dll!NtSetContextThread + 4 7C91DB94 2 Bytes [7A, 71] {JP 0x73}
.text C:\WINDOWS\system32\TPSMain.exe[632] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSMain.exe[632] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [89, 71]
.text C:\WINDOWS\system32\TPSMain.exe[632] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001
.text C:\WINDOWS\system32\TPSMain.exe[632] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSMain.exe[632] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [77, 71] {JA 0x73}
.text C:\WINDOWS\system32\TPSMain.exe[632] ADVAPI32.dll!CreateServiceA 77E071E9 6 Bytes JMP 7190000A
.text C:\WINDOWS\system32\TPSMain.exe[632] ADVAPI32.dll!CreateServiceW 77E07381 6 Bytes JMP 718D000A
.text C:\WINDOWS\system32\TPSMain.exe[632] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 7193000A
.text C:\WINDOWS\system32\TPSMain.exe[632] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 7199000A
.text C:\WINDOWS\system32\TPSMain.exe[632] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 7196000A
.text C:\WINDOWS\system32\TPSMain.exe[632] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSMain.exe[632] USER32.dll!SendInput + 4 7E37F144 2 Bytes [9E, 71]
.text C:\WINDOWS\system32\TPSMain.exe[632] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 719C000A
.text C:\WINDOWS\system32\TPSMain.exe[632] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71A5000A
.text C:\WINDOWS\system32\TPSMain.exe[632] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A2000A
.text C:\WINDOWS\RTHDCPL.EXE[644] ntdll.dll!NtCreateFile 7C91D090 1 Byte [FF]
.text C:\WINDOWS\RTHDCPL.EXE[644] ntdll.dll!NtCreateFile 7C91D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[644] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [7E, 71] {JLE 0x73}
.text C:\WINDOWS\RTHDCPL.EXE[644] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[644] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [84, 71]
.text C:\WINDOWS\RTHDCPL.EXE[644] ntdll.dll!NtOpenFile 7C91D580 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[644] ntdll.dll!NtOpenFile + 4 7C91D584 2 Bytes [7B, 71] {JNP 0x73}
.text C:\WINDOWS\RTHDCPL.EXE[644] ntdll.dll!NtOpenProcess 7C91D5E0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[644] ntdll.dll!NtOpenProcess + 4 7C91D5E4 2 Bytes [81, 71]
.text C:\WINDOWS\RTHDCPL.EXE[644] ntdll.dll!NtSetContextThread 7C91DB90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[644] ntdll.dll!NtSetContextThread + 4 7C91DB94 2 Bytes [78, 71] {JS 0x73}
.text C:\WINDOWS\RTHDCPL.EXE[644] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[644] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [87, 71]
.text C:\WINDOWS\RTHDCPL.EXE[644] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001
.text C:\WINDOWS\RTHDCPL.EXE[644] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[644] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [75, 71] {JNZ 0x73}
.text C:\WINDOWS\RTHDCPL.EXE[644] ADVAPI32.dll!CreateServiceA 77E071E9 6 Bytes JMP 718E000A
.text C:\WINDOWS\RTHDCPL.EXE[644] ADVAPI32.dll!CreateServiceW 77E07381 6 Bytes JMP 718B000A
.text C:\WINDOWS\RTHDCPL.EXE[644] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 7191000A
.text C:\WINDOWS\RTHDCPL.EXE[644] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 7197000A
.text C:\WINDOWS\RTHDCPL.EXE[644] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 7194000A
.text C:\WINDOWS\RTHDCPL.EXE[644] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\RTHDCPL.EXE[644] USER32.dll!SendInput + 4 7E37F144 2 Bytes [9C, 71]
.text C:\WINDOWS\RTHDCPL.EXE[644] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 719A000A
.text C:\WINDOWS\RTHDCPL.EXE[644] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71A3000A
.text C:\WINDOWS\RTHDCPL.EXE[644] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A0000A
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ntdll.dll!NtCreateFile 7C91D090 1 Byte [FF]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ntdll.dll!NtCreateFile 7C91D090 3 Bytes [FF, 25, 1E]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [86, 71]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [FF, 25, 1E]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [8C, 71]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ntdll.dll!NtOpenFile 7C91D580 3 Bytes [FF, 25, 1E]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ntdll.dll!NtOpenFile + 4 7C91D584 2 Bytes [83, 71]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ntdll.dll!NtOpenProcess 7C91D5E0 3 Bytes [FF, 25, 1E]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ntdll.dll!NtOpenProcess + 4 7C91D5E4 2 Bytes [89, 71]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ntdll.dll!NtSetContextThread 7C91DB90 3 Bytes [FF, 25, 1E]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ntdll.dll!NtSetContextThread + 4 7C91DB94 2 Bytes [80, 71]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [FF, 25, 1E]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [8F, 71]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 7199000A
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 719F000A
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719C000A
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A4, 71]
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A2000A
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AB000A
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A8000A
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ADVAPI32.dll!CreateServiceA 77E071E9 6 Bytes JMP 7196000A
.text C:\Programme\Toshiba\Toshiba Applet\thotkey.exe[688] ADVAPI32.dll!CreateServiceW 77E07381 6 Bytes JMP 7193000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ntdll.dll!NtCreateFile 7C91D090 1 Byte [FF]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ntdll.dll!NtCreateFile 7C91D090 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [86, 71]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [8C, 71]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ntdll.dll!NtOpenFile 7C91D580 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ntdll.dll!NtOpenFile + 4 7C91D584 2 Bytes [83, 71]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ntdll.dll!NtOpenProcess 7C91D5E0 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ntdll.dll!NtOpenProcess + 4 7C91D5E4 2 Bytes [89, 71]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ntdll.dll!NtSetContextThread 7C91DB90 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ntdll.dll!NtSetContextThread + 4 7C91DB94 2 Bytes [80, 71]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [8F, 71]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] KERNEL32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] KERNEL32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 7199000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 719F000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719C000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A4, 71]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A2000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AB000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A8000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ADVAPI32.dll!CreateServiceA 77E071E9 6 Bytes JMP 7196000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.exe[716] ADVAPI32.dll!CreateServiceW 77E07381 6 Bytes JMP 7193000A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ntdll.dll!NtCreateFile 7C91D090 1 Byte [FF]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ntdll.dll!NtCreateFile 7C91D090 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [86, 71]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [8C, 71]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ntdll.dll!NtOpenFile 7C91D580 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ntdll.dll!NtOpenFile + 4 7C91D584 2 Bytes [83, 71]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ntdll.dll!NtOpenProcess 7C91D5E0 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ntdll.dll!NtOpenProcess + 4 7C91D5E4 2 Bytes [89, 71]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ntdll.dll!NtSetContextThread 7C91DB90 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ntdll.dll!NtSetContextThread + 4 7C91DB94 2 Bytes [80, 71]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [8F, 71]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ADVAPI32.dll!CreateServiceA 77E071E9 6 Bytes JMP 7196000A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] ADVAPI32.dll!CreateServiceW 77E07381 6 Bytes JMP 7193000A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 7199000A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 719F000A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719C000A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A4, 71]
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A2000A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AB000A
.text C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe[728] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A8000A
.text C:\WINDOWS\system32\ctfmon.exe[740] ntdll.dll!NtCreateFile 7C91D090 1 Byte [FF]
.text C:\WINDOWS\system32\ctfmon.exe[740] ntdll.dll!NtCreateFile 7C91D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[740] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [86, 71]
.text C:\WINDOWS\system32\ctfmon.exe[740] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[740] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\ctfmon.exe[740] ntdll.dll!NtOpenFile 7C91D580 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[740] ntdll.dll!NtOpenFile + 4 7C91D584 2 Bytes [83, 71]
.text C:\WINDOWS\system32\ctfmon.exe[740] ntdll.dll!NtOpenProcess 7C91D5E0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[740] ntdll.dll!NtOpenProcess + 4 7C91D5E4 2 Bytes [89, 71]
.text C:\WINDOWS\system32\ctfmon.exe[740] ntdll.dll!NtSetContextThread 7C91DB90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[740] ntdll.dll!NtSetContextThread + 4 7C91DB94 2 Bytes [80, 71]
.text C:\WINDOWS\system32\ctfmon.exe[740] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[740] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\ctfmon.exe[740] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001
.text C:\WINDOWS\system32\ctfmon.exe[740] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[740] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\system32\ctfmon.exe[740] ADVAPI32.dll!CreateServiceA 77E071E9 6 Bytes JMP 7196000A
.text C:\WINDOWS\system32\ctfmon.exe[740] ADVAPI32.dll!CreateServiceW 77E07381 6 Bytes JMP 7193000A
.text C:\WINDOWS\system32\ctfmon.exe[740] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 7199000A
.text C:\WINDOWS\system32\ctfmon.exe[740] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 719F000A
.text C:\WINDOWS\system32\ctfmon.exe[740] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719C000A
.text C:\WINDOWS\system32\ctfmon.exe[740] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\ctfmon.exe[740] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\ctfmon.exe[740] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A2000A
.text C:\WINDOWS\system32\ctfmon.exe[740] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AB000A
.text C:\WINDOWS\system32\ctfmon.exe[740] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A8000A
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ntdll.dll!NtCreateFile 7C91D090 1 Byte [FF]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ntdll.dll!NtCreateFile 7C91D090 3 Bytes [FF, 25, 1E]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [86, 71]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [FF, 25, 1E]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [8C, 71]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ntdll.dll!NtOpenFile 7C91D580 3 Bytes [FF, 25, 1E]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ntdll.dll!NtOpenFile + 4 7C91D584 2 Bytes [83, 71]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ntdll.dll!NtOpenProcess 7C91D5E0 3 Bytes [FF, 25, 1E]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ntdll.dll!NtOpenProcess + 4 7C91D5E4 2 Bytes [89, 71]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ntdll.dll!NtSetContextThread 7C91DB90 3 Bytes [FF, 25, 1E]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ntdll.dll!NtSetContextThread + 4 7C91DB94 2 Bytes [80, 71]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [FF, 25, 1E]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [8F, 71]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 7199000A
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 719F000A
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719C000A
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A4, 71]
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A2000A
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AB000A
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A8000A
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ADVAPI32.dll!CreateServiceA 77E071E9 6 Bytes JMP 7196000A
.text C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[756] ADVAPI32.dll!CreateServiceW 77E07381 6 Bytes JMP 7193000A
.text C:\WINDOWS\system32\TPSBattM.exe[784] ntdll.dll!NtCreateFile 7C91D090 1 Byte [FF]
.text C:\WINDOWS\system32\TPSBattM.exe[784] ntdll.dll!NtCreateFile 7C91D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSBattM.exe[784] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [86, 71]
.text C:\WINDOWS\system32\TPSBattM.exe[784] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSBattM.exe[784] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [8C, 71]
.text C:\WINDOWS\system32\TPSBattM.exe[784] ntdll.dll!NtOpenFile 7C91D580 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSBattM.exe[784] ntdll.dll!NtOpenFile + 4 7C91D584 2 Bytes [83, 71]
.text C:\WINDOWS\system32\TPSBattM.exe[784] ntdll.dll!NtOpenProcess 7C91D5E0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSBattM.exe[784] ntdll.dll!NtOpenProcess + 4 7C91D5E4 2 Bytes [89, 71]
.text C:\WINDOWS\system32\TPSBattM.exe[784] ntdll.dll!NtSetContextThread 7C91DB90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSBattM.exe[784] ntdll.dll!NtSetContextThread + 4 7C91DB94 2 Bytes [80, 71]
.text C:\WINDOWS\system32\TPSBattM.exe[784] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSBattM.exe[784] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [8F, 71]
.text C:\WINDOWS\system32\TPSBattM.exe[784] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001
.text C:\WINDOWS\system32\TPSBattM.exe[784] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSBattM.exe[784] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\system32\TPSBattM.exe[784] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 7199000A
.text C:\WINDOWS\system32\TPSBattM.exe[784] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 719F000A
.text C:\WINDOWS\system32\TPSBattM.exe[784] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719C000A
.text C:\WINDOWS\system32\TPSBattM.exe[784] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\system32\TPSBattM.exe[784] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A4, 71]
.text C:\WINDOWS\system32\TPSBattM.exe[784] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A2000A
.text C:\WINDOWS\system32\TPSBattM.exe[784] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AB000A
.text C:\WINDOWS\system32\TPSBattM.exe[784] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A8000A
.text C:\WINDOWS\system32\TPSBattM.exe[784] ADVAPI32.dll!CreateServiceA 77E071E9 6 Bytes JMP 7196000A
.text C:\WINDOWS\system32\TPSBattM.exe[784] ADVAPI32.dll!CreateServiceW 77E07381 6 Bytes JMP 7193000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ntdll.dll!NtCreateFile 7C91D090 1 Byte [FF]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ntdll.dll!NtCreateFile 7C91D090 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [86, 71]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [8C, 71]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ntdll.dll!NtOpenFile 7C91D580 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ntdll.dll!NtOpenFile + 4 7C91D584 2 Bytes [83, 71]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ntdll.dll!NtOpenProcess 7C91D5E0 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ntdll.dll!NtOpenProcess + 4 7C91D5E4 2 Bytes [89, 71]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ntdll.dll!NtSetContextThread 7C91DB90 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ntdll.dll!NtSetContextThread + 4 7C91DB94 2 Bytes [80, 71]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [8F, 71]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] KERNEL32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] KERNEL32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] KERNEL32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [7D, 71] {JGE 0x73}
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 7199000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 719F000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719C000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A4, 71]
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A2000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AB000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A8000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ADVAPI32.dll!CreateServiceA 77E071E9 6 Bytes JMP 7196000A
.text C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1144] ADVAPI32.dll!CreateServiceW 77E07381 6 Bytes JMP 7193000A
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtCreateFile 7C91D090 1 Byte [FF]
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtCreateFile 7C91D090 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtCreateFile + 4 7C91D094 2 Bytes [86, 71]
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtDeleteValueKey 7C91D250 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtDeleteValueKey + 4 7C91D254 2 Bytes [8C, 71]
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtOpenFile 7C91D580 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtOpenFile + 4 7C91D584 2 Bytes [83, 71]
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtOpenProcess 7C91D5E0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtOpenProcess + 4 7C91D5E4 2 Bytes [89, 71]
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtSetContextThread 7C91DB90 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtSetContextThread + 4 7C91DB94 2 Bytes [80, 71]
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtSetValueKey 7C91DDB0 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1952] ntdll.dll!NtSetValueKey + 4 7C91DDB4 2 Bytes [8F, 71]
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!LoadLibraryExW + C4 7C801BB9 4 Bytes CALL 71AF0001
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!CreateProcessInternalW 7C81979C 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1952] kernel32.dll!CreateProcessInternalW + 4 7C8197A0 2 Bytes [7D, 71] {JGE 0x73}
.text C:\WINDOWS\Explorer.EXE[1952] ADVAPI32.dll!CreateServiceA 77E071E9 6 Bytes JMP 7196000A
.text C:\WINDOWS\Explorer.EXE[1952] ADVAPI32.dll!CreateServiceW 77E07381 6 Bytes JMP 7193000A
.text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!PostMessageW 7E368CCB 6 Bytes JMP 7199000A
.text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!SendMessageW 7E37929A 6 Bytes JMP 719F000A
.text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!PostMessageA 7E37AAFD 6 Bytes JMP 719C000A
.text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!SendInput 7E37F140 3 Bytes [FF, 25, 1E]
.text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!SendInput + 4 7E37F144 2 Bytes [A4, 71]
.text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!SendMessageA 7E37F3C2 6 Bytes JMP 71A2000A
.text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!mouse_event 7E3B673F 6 Bytes JMP 71AB000A
.text C:\WINDOWS\Explorer.EXE[1952] USER32.dll!keybd_event 7E3B6783 6 Bytes JMP 71A8000A
.text C:\WINDOWS\Explorer.EXE[1952] WS2_32.dll!WSALookupServiceBeginW 01AA35EF 6 Bytes JMP 7175000A
.text C:\WINDOWS\Explorer.EXE[1952] WS2_32.dll!connect 01AA4A07 6 Bytes JMP 717B000A
.text C:\WINDOWS\Explorer.EXE[1952] WS2_32.dll!listen 01AA8CD3 6 Bytes JMP 7178000A
---- EOF - GMER 2.1 ---- |