explorer.exe hat ein Problem festgestellt und muss beendet werden

[Ruby]

Hallo Gernot1

dein System ist fehlerhaft konfiguriert. Ich habe einen Kollegen gebeten, sich dein System mit mir gemeinsam anzuschauen, es kann also sein, dass wir dein System zusammen weiter betreuen.

Lies dir bitte diese Anleitung durch: explorer.exe - Hilfestellung, anstatt Usern zu antworten, habe ich gestern mittag diese Anleitung erstellt, da diese Windows Explorer Error Meldungen immer wieder auftauchen und User immer wieder ratlos und verzweifelt um Hilfe bitten.

Bitte unterscheide zwischen dem Internet Explorer, das ist dein Web Browser und dem Windows Explorer, mit dem du intern auf deinem Rechner arbeitest. Mit dem Windows Explorer kannst du nicht im Netz surfen und mit dem Internet Explorer kannst du deine Ordner und Dateien nicht anschauen.

Ich moechte zum einen, dass du dir das kostenlose ShelExView herunterlaedst und die angebene Anleitung abarbeitest, um herauszufinden, ob eine Shell-Erweiterung daran schuld ist, dass dein Windows Explorer abstuerzt.

Da du aber bereits *.dmp Dateien auf deinem System hast, die wir uns dann auch gleich angucken koennen, sei so nett und arbeite die Anleitung fuer Fortgeschrittene ebenfalls ab und zeige uns den C:\debuglog.txt.

Viel Erfolg

[Gernot1]

Hallo Ruby!

Ich hab jetzt alle Shellerweiterungen, die nicht zu Microsoft gehören mit Shellxview deaktiviert; mit Ausnahme des Adobe Browser Helpers; der läßt sich nicht deaktivieren. Kann ich den irgendwie abstellen?

Ich hab dir mal eine Liste mit den Shellerweiterungen kopiert. Leider ist sie sehr unübersichtlich. Die ersten 12 und die letzten 4 Einträge sind nicht von Microsoft.

Code:

Shell Extensions List

Created by using ShellExView

Extension Name 	Disabled 	Type 	Description 	Version 	Product Name 	Company 	My Computer 	Desktop 	Control Panel 	Filename 	CLSID 	File Created Time 	CLSID Modified Time 	Microsoft 	File Extensions 	File Attributes 	File Size
SimpleShlExt Class	Yes	Context Menu	ACE Context Menu	2, 0, 0, 0	ACE Context Menu	 	No	No	No	C:\Programme\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll	{5E2121EE-0300-11D4-8D3B-444553540000}	02.03.2007 10:44:34	24.06.2007 15:46:20	No	Directory\Background	A	73.728
WinRAR	Yes	Context Menu	 	 	 	 	No	No	No	C:\Programme\WinRAR\rarext.dll	{B41DB860-8EE4-11D2-9906-E49FADC173CA}	16.07.2007 19:11:39	16.07.2007 19:12:05	No	*, Directory, Folder	A	128.512
WinRAR	Yes	Drop Handler	 	 	 	 	No	No	No	C:\Programme\WinRAR\rarext.dll	{B41DB860-8EE4-11D2-9906-E49FADC173CA}	16.07.2007 19:11:39	16.07.2007 19:12:05	No	.ace, .arj, .bz, .bz2, .cab, .gz, .iso, .lha, .lzh, .r00, .r01, .r02, .r03, .r04, .r05, .r06, .r07, .r08, .r09, .r10, .r11, .r12, .r13, .r14, .r15, .r16, .r17, .r18, .r19, .r20, .r21, .r22, .r23, .r24, .r25, .r26, .r27, .r28, .r29, .RAR, .tar, .taz, .tbz, .tbz2, .tgz, .uu, .uue, .xxe, .z, WinRAR	A	128.512
WinRAR	Yes	Property Sheet	 	 	 	 	No	No	No	C:\Programme\WinRAR\rarext.dll	{B41DB860-8EE4-11D2-9906-E49FADC173CA}	16.07.2007 19:11:39	16.07.2007 19:12:05	No	.ace, .arj, .bz, .bz2, .cab, .exe, .gz, .iso, .lha, .lzh, .r00, .r01, .r02, .r03, .r04, .r05, .r06, .r07, .r08, .r09, .r10, .r11, .r12, .r13, .r14, .r15, .r16, .r17, .r18, .r19, .r20, .r21, .r22, .r23, .r24, .r25, .r26, .r27, .r28, .r29, .RAR, .tar, .taz, .tbz, .tbz2, .tgz, .uu, .uue, .xxe, .z, exefile, WinRAR	A	128.512
WinRAR	Yes	Drag & Drop Handler	 	 	 	 	No	No	No	C:\Programme\WinRAR\rarext.dll	{B41DB860-8EE4-11D2-9906-E49FADC173CA}	16.07.2007 19:11:39	16.07.2007 19:12:05	No	Directory, Drive, Folder	A	128.512
CPL-Erweiterung für Anzeigeverschiebung	Yes	System	 	 	 	 	No	No	No	C:\WINDOWS\system32\deskpan.dll	{42071714-76d4-11d1-8b24-00a0c9068ff3}	N / A	16.06.2007 21:37:43	No	 	 	0
Adobe PDF Reader Link Helper	No	Browser Helper Object	Adobe PDF Helper for Internet Explorer	8.0.0.2006102200	AcroIEHelper Library	Adobe Systems Incorporated	No	No	No	C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll	{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}	22.10.2006 22:08:42	25.06.2007 16:04:47	No	 	A	62.080
PDF Shell Extension	Yes	Column Handler	PDF Shell Extension	8.1.0.0	Adobe PDF Shell Extension	Adobe Systems, Inc.	No	No	No	C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll	{F9DB5320-233E-11D1-9F84-707F02C10627}	10.05.2007 21:54:08	25.06.2007 16:04:46	No	Folder	A	372.736
Shell Extension for Malware scanning	Yes	Context Menu	ShlExt.dll	7.00.00.10	ShlExt	Avira GmbH	No	No	No	C:\Programme\AntiVir PersonalEdition Classic\shlext.dll	{45AC2688-0253-4ED8-97DE-B5370FA7D48A}	24.06.2007 01:19:33	14.10.2007 12:19:05	No	*, Folder	A	61.480
Google Toolbar Helper	Yes	Browser Helper Object	Google Toolbar für Internet Explorer-Client	4, 0, 1601, 4978	Google Toolbar für IE	Google Germany GmbH	No	No	No	c:\programme\google\googletoolbar2.dll	{AA58ED58-01DD-4d91-8333-CF10577473F7}	31.10.2007 15:14:13	31.10.2007 15:14:23	No	 	AR	2.427.968
&Google	Yes	IE Toolbar	Google Toolbar für Internet Explorer-Client	4, 0, 1601, 4978	Google Toolbar für IE	Google Germany GmbH	No	No	No	c:\programme\google\googletoolbar2.dll	{2318C2B1-4965-11d4-9B18-009027A5CD4F}	31.10.2007 15:14:13	31.10.2007 15:14:23	No	 	AR	2.427.968
HyperTerminal Icon Ext	Yes	Icon Handler	HyperTerminal Applet Library	5.1.2600.0	Microsoft® Windows® Operating System	Hilgraeve, Inc.	No	No	No	C:\WINDOWS\System32\hticons.dll	{88895560-9AA2-1069-930E-00AA0030EBC8}	16.06.2007 20:48:17	16.06.2007 20:48:59	No	.ht, htfile	A	44.544
Microsoft New Object Service	No	Context Menu	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SHELL32.dll	{D969A300-E7FF-11d0-A93B-00A0C90F2719}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	Directory\Background	A	8.424.960
Groove GFS Context Menu Handler	No	Context Menu	GrooveShellExtensions Module	12.0.4518.1014	GrooveShellExtensions Module	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL	{6C467336-8281-4E60-8204-430CED96822D}	26.10.2006 23:48:42	16.06.2007 21:40:04	Yes	Directory\Background, *, AllFilesystemObjects, Directory, Folder	A	2.210.608
Offline Files Menu	No	Context Menu	Clientseitige Cachebenutzeroberfläche	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\cscui.dll	{750fdf0e-2a26-11d1-a3ea-080036587f03}	23.08.2001 13:00:00	16.06.2007 20:50:40	Yes	*, .lnk, .pif, Directory, Drive, lnkfile, piffile	A	334.848
Open With Context Menu Handler	No	Context Menu	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SHELL32.dll	{09799AFB-AD67-11d1-ABCD-00C04FC30936}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	*	A	8.424.960
Kontextmenü für die Verschlüsselung	No	Context Menu	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SHELL32.dll	{A470F8CF-A1E8-4f65-8335-227475AA5C46}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	*, Directory	A	8.424.960
Erweiterung der Sicherheitsshell	No	Property Sheet	Sicherheitserweiterung der Shell	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\rshx32.dll	{1F2E5C40-9550-11CE-99D2-00AA006E086C}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	*, Directory, Drive	A	40.448
OLE-Eigenschaftenseite für Dokumente	No	Property Sheet	OLE-Eigenschaftenseite für Dokumente	5.1.2600.0 (xpclient.010817-1148)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\docprop.dll	{3EA48300-8CF6-101B-84FB-666CCB9BCD32}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	*	A	47.616
Microsoft DocProp Shell Ext	No	Property Sheet	Microsoft DocProp-Shellerweiterung	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\docprop2.dll	{883373C3-BF89-11D1-BE35-080036B11A03}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	*	A	48.640
Microsoft Office Metadata Handler	No	MetaData	Microsoft Office Shell Extension Handlers	12.0.4518.1014	Microsoft Office	Microsoft Corporation	No	No	No	C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll	{993BE281-6695-4BA5-8A2A-7AACBFAAB69E}	26.10.2006 19:13:06	16.06.2007 21:40:15	Yes	.accdt, .docm, .docx, .dotm, .dotx, .potm, .potx, .ppam, .ppsm, .ppsx, .pptm, .pptx, .xlam, .xlsb, .xlsm, .xlsx, .xltm, .xltx	A	932.688
Microsoft Office Thumbnail Handler	No	Thumbnail	Microsoft Office Shell Extension Handlers	12.0.4518.1014	Microsoft Office	Microsoft Corporation	No	No	No	C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll	{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97}	26.10.2006 19:13:06	16.06.2007 21:40:15	Yes	.accdt, .docm, .docx, .dotm, .dotx, .potm, .potx, .ppam, .ppsm, .ppsx, .pptm, .pptx, .thmx, .xlam, .xlsb, .xlsm, .xlsx, .xltm, .xltx	A	932.688
WMP Add To Playlist Launcher	No	Context Menu	Windows Media Player-Launcher	9.00.00.3250	Microsoft(R) Windows Media Player	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\wmpshell.dll	{F1B9284F-E9DC-4e68-9D7E-42362A59F0FD}	23.08.2001 13:00:00	19.10.2007 18:11:31	Yes	.aif, .aifc, .aiff, .asf, .asx, .au, .avi, .dvr-ms, .m1v, .m2v, .m3u, .mid, .midi, .mod, .mp2, .mp2v, .mp3, .mpa, .mpe, .mpeg, .mpg, .mpv2, .rmi, .snd, .wav, .wax, .wm, .wma, .wmp, .wmv, .wmx, .wpl, .wvx, AIFFFile, ASFFile, ASXFile, AUFile, AVIFile, m3ufile, MIDFile, mp3file, mpegfile, SoundRec, WAXFile, wmafile, WMPFile, WMVFile, WPLFile, WVXFile, audio, video	A	102.400
WMP Burn Audio CD Launcher	No	Context Menu	Windows Media Player-Launcher	9.00.00.3250	Microsoft(R) Windows Media Player	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\wmpshell.dll	{8DD448E6-C188-4aed-AF92-44956194EB1F}	23.08.2001 13:00:00	19.10.2007 18:09:43	Yes	.aif, .aifc, .aiff, .asf, .asx, .au, .avi, .dvr-ms, .m1v, .m2v, .m3u, .mid, .midi, .mod, .mp2, .mp2v, .mp3, .mpa, .mpe, .mpeg, .mpg, .mpv2, .rmi, .snd, .wav, .wax, .wm, .wma, .wmp, .wmv, .wmx, .wpl, .wvx, AIFFFile, ASFFile, ASXFile, AUFile, AVIFile, m3ufile, MIDFile, mp3file, mpegfile, SoundRec, WAXFile, wmafile, WMPFile, WMVFile, WPLFile, WVXFile, .aif, .aifc, .aiff, .asf, .asx, .au, .avi, .dvr-ms, .m1v, .m2v, .m3u, .mid, .midi, .mod, .mp2, .mp2v, .mp3, .mpa, .mpe, .mpeg, .mpg, .mpv2, .rmi, .snd, .wav, , 	A	102.400
WMP Play As Playlist Launcher	No	Context Menu	Windows Media Player-Launcher	9.00.00.3250	Microsoft(R) Windows Media Player	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\wmpshell.dll	{CE3FB1D1-02AE-4a5f-A6E9-D9F1B4073E6C}	23.08.2001 13:00:00	19.10.2007 18:11:31	Yes	.aif, .aifc, .aiff, .asf, .asx, .au, .avi, .dvr-ms, .m1v, .m2v, .m3u, .mid, .midi, .mod, .mp2, .mp2v, .mp3, .mpa, .mpe, .mpeg, .mpg, .mpv2, .rmi, .snd, .wav, .wax, .wm, .wma, .wmp, .wmv, .wmx, .wpl, .wvx, AIFFFile, ASFFile, ASXFile, AUFile, AVIFile, m3ufile, MIDFile, mp3file, mpegfile, SoundRec, WAXFile, wmafile, WMPFile, WMVFile, WPLFile, WVXFile, audio, video	A	102.400
Shell Icon Handler for Application References	No	Icon Handler	Application Deployment Support Library	2.0.50727.42 (RTM.050727-4200)	Microsoft® .NET Framework	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\dfshim.dll	{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75}	23.09.2005 06:28:38	24.06.2007 15:30:49	Yes	.appref-ms	A	83.456
ShellLink for Application References	No	Shell Link (Unicode)	Application Deployment Support Library	2.0.50727.42 (RTM.050727-4200)	Microsoft® .NET Framework	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\dfshim.dll	{e82a2d71-5b2f-43a0-97b8-81be15854de8}	23.09.2005 06:28:38	24.06.2007 15:30:49	Yes	.appref-ms	A	83.456
Video Thumbnail Extractor	No	Thumbnail	Extrahierungsshellerweiterung der Mediendateieigenschaften	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shmedia.dll	{c5a40261-cd64-4ccf-84cb-c394da41d590}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	.asf, .asx, .avi, .mpe, .mpeg, .mpg, .wmv	A	153.600
.exe drop target	No	Drop Handler	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SHELL32.dll	{86C86720-42A0-1069-A2E8-08002B30309D}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	.bat, .cmd, .com, .exe, .pif, .scf, .scr, batfile, cmdfile, comfile, exefile, piffile, scrfile, SHCmdFile	A	8.424.960
Channelhandlerobjekt	No	Icon Handler	Viewer für Channeldefinitionsdatei	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\cdfview.dll	{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	.cdf, ChannelFile, ChannelShortcut	A	151.552
Channelhandlerobjekt	No	Shell Link (ANSI)	Viewer für Channeldefinitionsdatei	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\cdfview.dll	{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	.cdf, ChannelFile, ChannelShortcut	A	151.552
Channelhandlerobjekt	No	InfoTip Handler	Viewer für Channeldefinitionsdatei	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\cdfview.dll	{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	.cdf, ChannelFile, ChannelShortcut	A	151.552
Channelhandlerobjekt	No	Thumbnail	Viewer für Channeldefinitionsdatei	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\cdfview.dll	{f3ba0dc0-9cc8-11d0-a599-00c04fd64435}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	.cdf, ChannelFile, ChannelShortcut	A	151.552
Sendmail service	No	Drop Handler	E-Mail senden	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\sendmail.dll	{9E56BE61-C50F-11CF-9A2C-00A0C90A90CE}	23.08.2001 13:00:00	16.06.2007 20:50:28	Yes	.DeskLink	A	55.296
Groove GFS Stub Icon Handler	No	Icon Handler	GrooveShellExtensions Module	12.0.4518.1014	GrooveShellExtensions Module	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL	{A449600E-1DC6-4232-B948-9BD794D62056}	26.10.2006 23:48:42	16.06.2007 21:40:04	Yes	.gfs, GrooveStub	A	2.210.608
Groove XML Icon Handler	No	Icon Handler	GrooveShellExtensions Module	12.0.4518.1014	GrooveShellExtensions Module	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL	{387E725D-DC16-4D76-B310-2C93ED4752A0}	26.10.2006 23:48:42	16.06.2007 21:40:04	Yes	.glk, GrooveLinkFile	A	2.210.608
Microsoft Office HTML Icon Handler	No	Icon Handler	2007 Microsoft Office component	12.0.4518.1014	2007 Microsoft Office system	Microsoft Corporation	No	No	No	C:\Programme\Microsoft Office\Office12\msohevi.dll	{42042206-2D85-11D3-8CFF-005004838597}	26.10.2006 19:12:30	16.06.2007 21:40:57	Yes	.htm, .html, .mht, .mhtml, .odc, .shtml, .xht, .xhtml, FirefoxHTML, htmlfile, mhtmlfile, odcfile	A	61.240
ICC-Profil	No	Property Sheet	DLL der Benutzeroberfläche für Microsoft Color Matching	5.1.2600.0 (xpclient.010817-1148)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\icmui.dll	{DBCE2480-C732-101B-BE72-BA78E9AD5B27}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	.icc, .icm, icmfile	A	55.296
Scheduling UI icon handler	No	Icon Handler	Schnittstellen-DLL für Taskplaner	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\mstask.dll	{DD2110F0-9EEF-11cf-8D8E-00AA0060F5BF}	16.06.2007 20:49:27	16.06.2007 20:50:18	Yes	.job, JobObject	A	280.064
Scheduling UI property sheet handler	No	Property Sheet	Schnittstellen-DLL für Taskplaner	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\mstask.dll	{797F1E90-9EDD-11cf-8D8E-00AA0060F5BF}	16.06.2007 20:49:27	16.06.2007 20:50:18	Yes	.job, JobObject	A	280.064
Shell Extension For Windows Script Host	No	Drop Handler	Microsoft (r) Shell Extension for Windows Script Host	5.6.0.8820	Microsoft (r) Windows Script Host	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\wshext.dll	{60254CA5-953B-11CF-8C96-00AA00B8708C}	23.08.2001 13:00:00	16.06.2007 20:50:36	Yes	.JS, .JSE, .VBE, .vbs, .WSF, .WSH, JSEFile, JSFile, VBEFile, VBSFile, WSFFile, WSHFile	A	65.536
Verknüpfung	No	Drop Handler	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shell32.dll	{00021401-0000-0000-C000-000000000046}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	.lnk, lnkfile	A	8.424.960
Verknüpfung	No	Icon Handler	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shell32.dll	{00021401-0000-0000-C000-000000000046}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	.lnk, .pif, lnkfile, piffile	A	8.424.960
Verknüpfung	No	Shell Link (ANSI)	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shell32.dll	{00021401-0000-0000-C000-000000000046}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	.lnk	A	8.424.960
Verknüpfung	No	Shell Link (Unicode)	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shell32.dll	{00021401-0000-0000-C000-000000000046}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	.lnk	A	8.424.960
Verknüpfung	No	InfoTip Handler	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shell32.dll	{00021401-0000-0000-C000-000000000046}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	.lnk	A	8.424.960
Verknüpfung	No	Thumbnail	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shell32.dll	{00021401-0000-0000-C000-000000000046}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	.lnk	A	8.424.960
Sendmail service	No	Drop Handler	E-Mail senden	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\sendmail.dll	{9E56BE60-C50F-11CF-9A2C-00A0C90A90CE}	23.08.2001 13:00:00	16.06.2007 20:50:28	Yes	.MAPIMail	A	55.296
ExtractIcon Class	No	Icon Handler	MMC Shell Extension DLL	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Microsoft® Windows® Operating System	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\mmcshext.dll	{7A80E4A8-8005-11D2-BCF8-00C04F72C717}	23.08.2001 13:00:00	16.06.2007 20:51:06	Yes	.msc, MSCFile	A	50.688
Outlook File Icon Extension	No	Icon Handler	Outlook Shell Hook for Start/Find	12.0.4518.1014	Microsoft Office Outlook	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL	{0006F045-0000-0000-C000-000000000046}	26.10.2006 19:55:44	16.06.2007 21:40:13	Yes	.msg, .oft	A	254.776
MyDocs Drop Target	No	Drop Handler	Benutzeroberfläche des Verzeichnisses "Eigene Dateien"	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\mydocs.dll	{ECF03A32-103D-11d2-854D-006008059367}	23.08.2001 13:00:00	16.06.2007 20:50:40	Yes	.mydocs	A	91.136
Schriftarten	No	Icon Handler	Windows Schriftarten-Ordner	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\fontext.dll	{BD84B380-8CA2-1069-AB1D-08000948F534}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	.otf, .ttc, .ttf, otffile, ttcfile, ttffile	A	386.560
CryptPKO Class	No	Context Menu	Krypto-Shellerweiterungen	5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\cryptext.dll	{7444C717-39BF-11D1-8CD9-00C04FC29D45}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	.pko, PKOFile	A	54.784
 	No	Icon Handler	XML Editor	12.0.4518.1014	Microsoft Office InfoPath	Microsoft Corporation	No	No	No	C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXEV.DLL	{AB968F1E-E20B-403A-9EB8-72EB0EB6797E}	27.10.2006 14:10:08	16.06.2007 21:40:15	Yes	.rels, .xml, xmlfile	A	44.304
CmdFileIcon	No	Icon Handler	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SHELL32.dll	{57651662-CE3E-11D0-8D77-00C04FC99D61}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	.scf, SHCmdFile	A	8.424.960
Shell-Datenauszughandler	No	Data Handler	Shell-Datenauszughandler	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shscrap.dll	{56117100-C0CD-101B-81E2-00AA004AE837}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	.shb, .shs, DocShortcut, ShellScrap	A	28.160
Microsoft OLE DB Service Component Data Links	No	Property Sheet	Microsoft Data Access - OLE DB Core Services	2.81.1117.0 (xpsp_sp2_rtm.040803-2158)	Microsoft Data Access Components	Microsoft Corporation	No	No	No	C:\Programme\Gemeinsame Dateien\System\Ole DB\oledb32.dll	{2206CDB2-19C1-11D1-89E0-00C04FD7A829}	16.06.2007 20:49:24	16.06.2007 20:50:17	Yes	.UDL, MSDASC	A	487.424
Internetverknüpfung	No	Icon Handler	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shdocvw.dll	{FBF23B40-E3F0-101B-8488-00AA003E56F8}	23.08.2001 13:00:00	16.06.2007 21:16:11	Yes	.URL, InternetShortcut	A	1.483.776
Internetverknüpfung	No	MetaData	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shdocvw.dll	{FBF23B40-E3F0-101B-8488-00AA003E56F8}	23.08.2001 13:00:00	16.06.2007 21:16:11	Yes	.URL, InternetShortcut	A	1.483.776
Internetverknüpfung	No	Property Sheet	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shdocvw.dll	{FBF23B40-E3F0-101B-8488-00AA003E56F8}	23.08.2001 13:00:00	16.06.2007 21:16:11	Yes	.URL, InternetShortcut	A	1.483.776
Internetverknüpfung	No	Shell Link (ANSI)	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shdocvw.dll	{FBF23B40-E3F0-101B-8488-00AA003E56F8}	23.08.2001 13:00:00	16.06.2007 21:16:11	Yes	.URL	A	1.483.776
Internetverknüpfung	No	Shell Link (Unicode)	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shdocvw.dll	{FBF23B40-E3F0-101B-8488-00AA003E56F8}	23.08.2001 13:00:00	16.06.2007 21:16:11	Yes	.URL	A	1.483.776
Internetverknüpfung	No	InfoTip Handler	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shdocvw.dll	{FBF23B40-E3F0-101B-8488-00AA003E56F8}	23.08.2001 13:00:00	16.06.2007 21:16:11	Yes	.URL	A	1.483.776
Compressed (zipped) Folder SendTo Target	No	Drop Handler	ZIP-komprimierte Ordner	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\zipfldr.dll	{888DCA60-FC0A-11CF-8F0F-00C04FD7D062}	23.08.2001 13:00:00	16.06.2007 20:50:31	Yes	.ZFSendToTarget	A	340.992
Compressed (zipped) Folder DropHandler	No	Drop Handler	ZIP-komprimierte Ordner	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\zipfldr.dll	{ed9d80b9-d157-457b-9192-0e7280313bf0}	23.08.2001 13:00:00	16.06.2007 20:50:31	Yes	.zip, CompressedFolder	A	340.992
Microsoft SendTo Service	No	Context Menu	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SHELL32.dll	{7BA4C740-9E81-11CF-99D3-00AA004AE837}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	AllFilesystemObjects	A	8.424.960
Previous Versions Property Page	No	Property Sheet	Eigenschaftenseite für vorherige Versionen	6.00.3800.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\twext.dll	{596AB062-B4D2-4215-9F74-E9109B0A8153}	16.06.2007 21:10:06	16.06.2007 21:10:22	Yes	AllFilesystemObjects, Directory, Drive	 	44.032
Channel Shortcut Property Pages	No	Property Sheet	Viewer für Channeldefinitionsdatei	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\cdfview.dll	{f3ea0dc0-9cc8-11d0-a599-00c04fd64438}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	ChannelShortcut	A	151.552
Shellerweiterungen für Freigaben	No	Context Menu	Shellerweiterungen für Freigaben	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\ntshrui.dll	{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	Directory, Drive	A	145.920
CDF Extension Copy Hook	No	Copy Hook Handler	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{67EA19A0-CCEF-11d0-8024-00C04FD75D13}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	Directory	A	1.483.776
Shellkopieansatz	No	Copy Hook Handler	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shell32.dll	{217FC9C0-3AEA-1069-A2DB-08002B30309D}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	Directory	A	8.424.960
MyDocs Copy Hook	No	Copy Hook Handler	Benutzeroberfläche des Verzeichnisses "Eigene Dateien"	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\mydocs.dll	{ECF03A33-103D-11d2-854D-006008059367}	23.08.2001 13:00:00	16.06.2007 20:50:40	Yes	Directory	A	91.136
Shellerweiterungen für Freigaben	No	Copy Hook Handler	Shellerweiterungen für Freigaben	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\ntshrui.dll	{40dd6e20-7c17-11ce-a804-00aa003ca9f6}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	Directory	A	145.920
DfsShell Class	No	Property Sheet	DFS-Shellerweiterung	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\dfsshlex.dll	{ECCDF543-45CC-11CE-B9BF-0080C87CDBA6}	23.08.2001 13:00:00	16.06.2007 20:51:00	Yes	Directory, Drive	A	28.672
Folder Customization Tab	No	Property Sheet	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SHELL32.dll	{ef43ecfe-2ab9-4632-bf21-58909dd177f0}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	Directory	A	8.424.960
Microsoft Disk Quota UI	No	Property Sheet	Windows Shell-Datenträgerkontingent-UI-DLL	5.1.2600.0 (xpclient.010817-1148)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\dskquoui.dll	{7988B573-EC89-11cf-9C00-00AA00A14F56}	23.08.2001 13:00:00	16.06.2007 20:50:42	Yes	Drive	A	149.504
ShellFolder for CD Burning	No	Property Sheet	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SHELL32.dll	{fbeb8a05-beee-4442-804e-409d6c4515e9}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	Drive	A	8.424.960
 	No	Column Handler	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SHELL32.dll	{0D2E74C4-3C34-11d2-A27E-00C04FC30871}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	Folder	A	8.424.960
 	No	Column Handler	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SHELL32.dll	{24F14F01-7B1C-11d1-838f-0000F80461CF}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	Folder	A	8.424.960
 	No	Column Handler	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SHELL32.dll	{24F14F02-7B1C-11d1-838f-0000F80461CF}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	Folder	A	8.424.960
 	No	Column Handler	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SHELL32.dll	{66742402-F9B9-11D1-A202-0000F81FEDEE}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	Folder	A	8.424.960
Erweiterung der Sicherheitsshell	No	Property Sheet	Sicherheitserweiterung der Shell	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\rshx32.dll	{F37C5810-4D3F-11d0-B4BF-00AA00BBB723}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	Printers	A	40.448
Video Media Properties Handler	No	MetaData	Extrahierungsshellerweiterung der Mediendateieigenschaften	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shmedia.dll	{40C3D757-D6E4-4b49-BB41-0E5BBEA28817}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	.asf, .dvr-ms, .wmv	A	153.600
Avi Properties Handler	No	MetaData	Extrahierungsshellerweiterung der Mediendateieigenschaften	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shmedia.dll	{87D62D94-71B3-4b9a-9489-5FE6850DC73E}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	.avi	A	153.600
Zusammenfassungs-Miniaturansichthandler (DOCFILES)	No	Thumbnail	Windows Bild- und Faxanzeige	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shimgvw.dll	{9DBD2C50-62AD-11d0-B806-00C04FD706EC}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	.doc, .dot, .fpx, .mic, .mix, .mpp, .obd, .obt, .pot, .ppt, .xls, .xlt	A	439.808
Audio Media Properties Handler	No	MetaData	Extrahierungsshellerweiterung der Mediendateieigenschaften	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shmedia.dll	{875CB1A1-0F29-45de-A1AE-CFB4950D0B78}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	.mp3, .wma	A	153.600
Wav Properties Handler	No	MetaData	Extrahierungsshellerweiterung der Mediendateieigenschaften	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shmedia.dll	{E4B29F9D-D390-480b-92FD-7DDB47101D71}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	.wav	A	153.600
Shell Image Verbs	No	Context Menu	Windows Bild- und Faxanzeige	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shimgvw.dll	{e84fda7c-1d6a-45f6-b725-cb260c236066}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	image	A	439.808
Shell Image Property Handler	No	MetaData	Windows Bild- und Faxanzeige	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shimgvw.dll	{eb9b1153-3b57-4e68-959a-a3266bc3d7fe}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	image	A	439.808
GDI+ Dateiminiaturansicht-Extrahierungsprogramm	No	Thumbnail	Windows Bild- und Faxanzeige	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shimgvw.dll	{3F30C968-480A-4C6C-862D-EFC0897BB84B}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	image	A	439.808
Drucker und Faxgeräte	No	Shell Folder	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	Yes	C:\WINDOWS\system32\shell32.dll	{2227A280-3AEA-1069-A2DE-08002B30309D}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	8.424.960
Netzwerkverbindungen	No	Shell Folder	Shell für Netzwerkverbindungen	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	Yes	C:\WINDOWS\system32\NETSHELL.dll	{7007ACC7-3202-11D1-AAD2-00805FC1270E}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	1.726.976
Schriftarten	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	Yes	C:\WINDOWS\system32\shdocvw.dll	{D20EA4E1-3957-11d2-A40B-0C5020524152}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	1.483.776
Verwaltung	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	Yes	C:\WINDOWS\system32\shdocvw.dll	{D20EA4E1-3957-11d2-A40B-0C5020524153}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	1.483.776
Geplante Tasks	No	Shell Folder	Schnittstellen-DLL für Taskplaner	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	Yes	C:\WINDOWS\System32\mstask.dll	{D6277990-4C6A-11CF-8D87-00AA0060F5BF}	16.06.2007 20:49:27	16.06.2007 20:50:24	Yes	 	A	280.064
Scanner und Kameras	No	Shell Folder	Shellordner-Benutzeroberfläche für Imaging-Geräte	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	Yes	C:\WINDOWS\system32\wiashext.dll	{E211B736-43FD-11D1-9EFB-0000F8757FCD}	23.08.2001 13:00:00	16.06.2007 21:39:30	Yes	 	A	592.896
Computer Search Results Folder	No	Shell Folder	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	Yes	No	C:\WINDOWS\system32\SHELL32.dll	{1f4de370-d627-11d1-ba4f-00a0c91eedba}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	8.424.960
 	No	Shell Folder	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	Yes	No	C:\WINDOWS\system32\SHELL32.dll	{450D8FBA-AD25-11D0-98A8-0800361B1103}	23.08.2001 13:00:00	16.06.2007 20:50:40	Yes	 	A	8.424.960
Microsoft Office OneNote Namespace Extension for Windows Desktop Search	No	Shell Folder	Microsoft Office OneNote Filter	12.0.4518.1014	Microsoft Office OneNote	Microsoft Corporation	No	Yes	No	C:\PROGRA~1\MICROS~2\Office12\ONFILTER.DLL	{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C}	26.10.2006 19:24:50	16.06.2007 21:40:13	Yes	 	A	72.504
Papierkorb	No	Shell Folder	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	Yes	No	C:\WINDOWS\system32\shell32.dll	{645FF040-5081-101B-9F08-00AA002F954E}	23.08.2001 13:00:00	02.11.2007 12:03:31	Yes	 	A	8.424.960
Search Results Folder	No	Shell Folder	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	Yes	No	C:\WINDOWS\system32\SHELL32.dll	{e17d4fc0-5564-11d1-83f2-00a0c90dc849}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	8.424.960
 	No	Shell Folder	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	Yes	No	No	C:\WINDOWS\system32\shell32.dll	{21EC2020-3AEA-1069-A2DD-08002B30309D}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	8.424.960
Web Folders	No	Shell Folder	Windows executable	12.0.4518.1014	Web folders and Rosebud Windows Redistributable Package	Microsoft Corporation	Yes	No	No	C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL	{BDEADF00-C265-11D0-BCED-00A0C90AB50F}	26.10.2006 18:49:46	16.06.2007 21:35:51	Yes	 	A	970.528
Outlook Finder Stub	No	Search Handler	Outlook Shell Hook for Start/Find	12.0.4518.1014	Microsoft Office Outlook	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\OLKFSTUB.DLL	{0006F019-0000-0000-C000-000000000046}	26.10.2006 19:55:44	16.06.2007 21:40:13	Yes	 	A	254.776
In-pane search	No	Search Handler	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{169A0691-8DF9-11d1-A1C4-00C04FD75D13}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
&Nach Personen...	No	Search Handler	Personen suchen	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\Programme\Outlook Express\wabfind.dll	{32714800-2E5F-11d0-8B85-00AA0044F941}	16.06.2007 20:49:31	16.06.2007 20:51:18	Yes	 	A	32.768
Web Search	No	Search Handler	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{07798131-AF23-11d1-9111-00A0C98BA67D}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Groove GFS Browser Helper	No	Browser Helper Object	GrooveShellExtensions Module	12.0.4518.1014	GrooveShellExtensions Module	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL	{72853161-30C5-4D22-B7F9-0BBC1D38A37E}	26.10.2006 23:48:42	16.06.2007 21:40:04	Yes	 	A	2.210.608
&Tipps und Tricks	No	Explorer Bar	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{4D5C8C25-D075-11d0-B416-00C04FB90376}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
Explorer-Band	No	Explorer Bar	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{EFA24E64-B078-11D0-89E4-00C04FC9E26E}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
Eigenschaften für Multimediadatei	No	System	Treiber-Systemsteuerungsoption	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\mmsys.cpl	{00022613-0000-0000-C000-000000000046}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	625.152
ICM-Scannerverwaltung	No	System	DLL der Benutzeroberfläche für Microsoft Color Matching	5.1.2600.0 (xpclient.010817-1148)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\icmui.dll	{176d6597-26d3-11d1-b350-080036a75b03}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	55.296
PlusPack CPL-Erweiterung	No	System	Windows-Design-API	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\themeui.dll	{41E300E0-78B6-11ce-849B-444553540000}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	389.632
CPL-Erweiterung für Grafikkarten	No	System	Erweiterte Eigenschaften der Grafikkarte	6.00.2600.0000 (xpclient.010817-1148)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\deskadp.dll	{42071712-76d4-11d1-8b24-00a0c9068ff3}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	16.896
CPL-Erweiterung für Bildschirme	No	System	Erweiterte Eigenschaften des Bildschirms	6.00.2600.0000 (xpclient.010817-1148)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\deskmon.dll	{42071713-76d4-11d1-8b24-00a0c9068ff3}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	16.896
Erweiterung der Sicherheitsshell	No	System	Sicherheitsbenutzeroberfläche des Verzeichnisdienstes	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\dssec.dll	{4E40F770-369C-11d0-8922-00A024AB2DBB}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	52.224
Kompatibilitätsseite	No	System	Shellerweiterungs-DLL für Registerkarte "Kompatibilität"	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SlayerXP.dll	{513D916F-2A8E-4F51-AEAB-0CBC76FB1AF8}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	25.600
Erweiterung für Datenträgerkopien	No	System	Windows DiskCopy	6.00.2600.0000 (xpclient.010817-1148)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\diskcopy.dll	{59099400-57FF-11CE-BD94-0020AF85B590}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	1.502.208
Shellerweiterungen für Microsoft Windows-Netzwerkobjekte	No	System	Shellbenutzeroberfläche für das Netzwerkobjekt	5.1.2600.0 (xpclient.010817-1148)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\ntlanui2.dll	{59be4990-f85c-11ce-aff7-00aa003ca9f6}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	14.848
ICM-Monitorverwaltung	No	System	DLL der Benutzeroberfläche für Microsoft Color Matching	5.1.2600.0 (xpclient.010817-1148)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\icmui.dll	{5DB2625A-54DF-11D0-B6C4-0800091AA605}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	55.296
ICM-Druckerverwaltung	No	System	DLL der Benutzeroberfläche für Microsoft Color Matching	5.1.2600.0 (xpclient.010817-1148)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\icmui.dll	{675F097E-4C4D-11D0-B6C1-0800091AA605}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	55.296
Shellerweiterung für Webdrucker	No	System	DLL für die Druckerbenutzeroberfläche	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\printui.dll	{77597368-7b15-11d0-a0c2-080036af3f03}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	577.024
Aktenkoffer	No	Shell Folder	Windows Aktenkoffer	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\syncui.dll	{85BBD920-42A0-1069-A2E4-08002B30309D}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	198.656
Display TroubleShoot CPL Extension	No	System	Erweiterte Anzeigeeigenschaften	5.1.2600.0 (xpclient.010817-1148)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\deskperf.dll	{f92e8c40-3d33-11d2-b1aa-080036a75b03}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	18.432
CryptSig Class	No	System	Krypto-Shellerweiterungen	5.131.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\cryptext.dll	{7444C719-39BF-11D1-8CD9-00C04FC29D45}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	54.784
Netzwerkverbindungen	No	Shell Folder	Shell für Netzwerkverbindungen	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\NETSHELL.dll	{992CFFA0-F557-101A-88EC-00DD010CCC48}	23.08.2001 13:00:00	16.06.2007 21:37:43	Yes	 	A	1.726.976
Scanner und Kameras	No	Shell Folder	Shellordner-Benutzeroberfläche für Imaging-Geräte	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\wiashext.dll	{FB0C9C8A-6C50-11D1-9F1D-0000F8757FCD}	23.08.2001 13:00:00	16.06.2007 21:39:30	Yes	 	A	592.896
Scanner und Kameras	No	System	Shellordner-Benutzeroberfläche für Imaging-Geräte	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\wiashext.dll	{905667aa-acd6-11d2-8080-00805f6596d2}	23.08.2001 13:00:00	16.06.2007 21:39:30	Yes	 	A	592.896
Scanner und Kameras	No	System	Shellordner-Benutzeroberfläche für Imaging-Geräte	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\wiashext.dll	{3F953603-1008-4f6e-A73A-04AAC7A992F1}	23.08.2001 13:00:00	16.06.2007 21:39:30	Yes	 	A	592.896
Scanner und Kameras	No	System	Shellordner-Benutzeroberfläche für Imaging-Geräte	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\wiashext.dll	{83bbcbf3-b28a-4919-a5aa-73027445d672}	23.08.2001 13:00:00	16.06.2007 21:39:30	Yes	 	A	592.896
Remote Sessions CPL Extension	No	System	CPL-Erweiterung für Remotesitzungen	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\remotepg.dll	{F0152790-D56E-4445-850E-4F3117DB740C}	16.06.2007 20:48:09	16.06.2007 20:48:31	Yes	 	A	61.440
Auto Update Property Sheet Extension	No	System	Automatic Updates Control Panel	7.0.6000.381 (winmain(wmbla).070730-1740)	Microsoft® Windows® Operating System	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\wuaucpl.cpl	{5F327514-6C5E-4d60-8F16-D07FA08A78ED}	16.06.2007 21:10:04	16.06.2007 21:10:23	Yes	 	A	216.408
Suchen	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shdocvw.dll	{2559a1f0-21d7-11d4-bdaf-00c04f60b9f0}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	1.483.776
Hilfe und Support	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shdocvw.dll	{2559a1f1-21d7-11d4-bdaf-00c04f60b9f0}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	1.483.776
Windows-Sicherheit	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shdocvw.dll	{2559a1f2-21d7-11d4-bdaf-00c04f60b9f0}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	1.483.776
Ausführen...	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shdocvw.dll	{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	1.483.776
Internet	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shdocvw.dll	{2559a1f4-21d7-11d4-bdaf-00c04f60b9f0}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	1.483.776
E-Mail	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shdocvw.dll	{2559a1f5-21d7-11d4-bdaf-00c04f60b9f0}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	1.483.776
Midi Properties Handler	No	System	Extrahierungsshellerweiterung der Mediendateieigenschaften	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shmedia.dll	{A6FD9E45-6E44-43f9-8644-08598F5A74D9}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	153.600
Microsoft Internet Toolbar	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{5E6AB780-7743-11CF-A12B-00AA004AE837}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Download Status	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{22BF0C20-6DA7-11D0-B373-00A0C9034938}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Augmented Shell Folder	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{91EA3F8B-C99B-11d0-9815-00C04FD91972}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Augmented Shell Folder 2	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{6413BA2C-B461-11d1-A18A-080036B11A03}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
BandProxy	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{F61FFEC1-754F-11d0-80CA-00AA005B4383}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Microsoft BrowserBand	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{7BA4C742-9E81-11CF-99D3-00AA004AE837}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Search Band	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{30D02401-6A81-11d0-8274-00C04FD5AE38}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Registry Tree Options Utility	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{AF4F6510-F982-11d0-8595-00AA004CD6D8}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
&Adresse	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{01E04581-4EEE-11d0-BFE9-00AA005B4383}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.016.832
Address EditBox	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{A08C11D2-A228-11d0-825B-00AA005B4383}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Microsoft AutoComplete	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{00BB2763-6A77-11D0-A535-00C04FD7D062}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
TridentImageExtractor	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{7376D660-C583-11d0-A3A5-00C04FD706EC}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
MRU AutoComplete List	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{6756A641-DE71-11d0-831B-00AA005B4383}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Custom MRU AutoCompleted List	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{6935DB93-21E8-4ccc-BEB9-9FE3C77A297A}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Accessible	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{7e653215-fa25-46bd-a339-34a2790f3cb7}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Track Popup Bar	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{acf35015-526e-4230-9596-becbe19f0ac9}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Syntaxanalyse der Adressleiste	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{E0E11A09-5CB8-4B6C-8332-E00720A168F2}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Microsoft History AutoComplete List	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{00BB2764-6A77-11D0-A535-00C04FD7D062}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Microsoft Shell Folder AutoComplete List	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{03C036F1-A186-11D0-824A-00AA005B4383}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Microsoft Multiple AutoComplete List Container	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{00BB2765-6A77-11D0-A535-00C04FD7D062}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Shell Band Site Menu	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{ECD4FC4E-521C-11D0-B792-00A0C90312E1}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Shell DeskBarApp	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{3CCF8A41-5C85-11d0-9796-00AA00B90ADF}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Shell DeskBar	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{ECD4FC4C-521C-11D0-B792-00A0C90312E1}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Shell Rebar BandSite	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{ECD4FC4D-521C-11D0-B792-00A0C90312E1}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
User Assist	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{DD313E04-FEFF-11d1-8ECD-0000F87A470C}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Global Folder Settings	No	System	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{EF8AD2D1-AE36-11D1-B2D2-006097DF8C11}	23.08.2001 13:00:00	16.06.2007 20:50:25	Yes	 	A	1.016.832
Favorites Band	No	System	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{EFA24E61-B078-11d0-89E4-00C04FC9E26E}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
Shell Automation Inproc Service	No	System	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{0A89A860-D7B1-11CE-8350-444553540000}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
Shell DocObject Viewer	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{E7E4BC40-E76A-11CE-A9BB-00AA004AE837}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
Microsoft Browser Architecture	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{A5E46E3A-8849-11D1-9D8C-00C04FC99D61}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
Microsoft URL-Verlauf-Dienst	No	System	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{3C374A40-BAE4-11CF-BF7D-00AA006946EE}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
Verlauf	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{FF393560-C2A7-11CF-BFF4-444553540000}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
Temporary Internet Files	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{7BD29E00-76C1-11CF-9DD0-00A0C9034933}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
Temporary Internet Files	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{7BD29E01-76C1-11CF-9DD0-00A0C9034933}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
Microsoft Url Sucheingriff	No	System	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{CFBFAE00-17A6-11D0-99CB-00C04FD64497}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
IE4 Suite-Begrüßungsbildschirm	No	System	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{A2B0DD40-CC59-11d0-A3A5-00C04FD706EC}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
ISFBand OC	No	System	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{131A6951-7F78-11D0-A979-00C04FD705A2}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
Search Assistant OC	No	System	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{9461b922-3c5a-11d2-bf8b-00c04fb93661}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
Internet	No	System	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{3DC7A020-0ACD-11CF-A9BB-00AA004AE837}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
 	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{871C5380-42A0-1069-A2EA-08002B30309D}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
ActiveX-Cacheordner	No	Shell Folder	Object Control Viewer	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\occache.dll	{88C6C381-2E85-11D0-94DE-444553540000}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	97.792
WebCheck	No	System	Websiteüberwachung	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\webcheck.dll	{E6FB5E20-DE35-11CF-9C87-00AA005127ED}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	281.088
Subscription Mgr	No	System	Websiteüberwachung	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\webcheck.dll	{ABBE31D0-6DAE-11D0-BECA-00C04FD940BE}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	281.088
Subscription Folder	No	Shell Folder	Websiteüberwachung	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\webcheck.dll	{F5175861-2688-11d0-9C5E-00AA00A45957}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	281.088
WebCheckWebCrawler	No	System	Websiteüberwachung	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\webcheck.dll	{08165EA0-E946-11CF-9C87-00AA005127ED}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	281.088
WebCheckChannelAgent	No	System	Websiteüberwachung	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\webcheck.dll	{E3A8BDE6-ABCE-11d0-BC4B-00C04FD929DB}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	281.088
TrayAgent	No	System	Websiteüberwachung	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\webcheck.dll	{E8BB6DC0-6B4E-11d0-92DB-00A0C90C2BD7}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	281.088
Code Download Agent	No	System	Websiteüberwachung	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\webcheck.dll	{7D559C10-9FE9-11d0-93F7-00AA0059CE02}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	281.088
ConnectionAgent	No	System	Websiteüberwachung	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\webcheck.dll	{E6CC6978-6B6E-11D0-BECA-00C04FD940BE}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	281.088
PostAgent	No	System	Websiteüberwachung	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\webcheck.dll	{D8BD2030-6FC9-11D0-864F-00AA006809D9}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	281.088
WebCheck SyncMgr Handler	No	System	Websiteüberwachung	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\webcheck.dll	{7FC0B86E-5FA7-11d1-BC7C-00C04FD929DB}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	281.088
Shell Application Manager	No	System	Shellanwendungs-Manager	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\appwiz.cpl	{352EC2B7-8B9A-11D1-B8AE-006008059382}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	555.008
Installed Apps Enumerator	No	System	Shellanwendungs-Manager	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\appwiz.cpl	{0B124F8F-91F0-11D1-B8B5-006008059382}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	555.008
Darwin App Publisher	No	System	Shellanwendungs-Manager	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\appwiz.cpl	{CFCCC7A0-A282-11D1-9082-006008059382}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	555.008
Shell Image Data Factory	No	System	Windows Bild- und Faxanzeige	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shimgvw.dll	{66e4e4fb-f385-4dd0-8d74-a2efd1bc6178}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	439.808
HTML-Extrahierungsprogramm	No	System	Windows Bild- und Faxanzeige	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shimgvw.dll	{EAB841A0-9550-11cf-8C16-00805F1408F3}	23.08.2001 13:00:00	16.06.2007 20:50:30	Yes	 	A	439.808
Webpublishing-Assistent	No	System	Netzlaufwerke zuordnen/Assistent für Netzwerkressourcen	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\netplwiz.dll	{CC6EEFFB-43F6-46c5-9619-51D571967F7D}	23.08.2001 13:00:00	16.06.2007 20:50:31	Yes	 	A	883.712
Bestellung von Abzügen über das Internet	No	System	Netzlaufwerke zuordnen/Assistent für Netzwerkressourcen	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\netplwiz.dll	{add36aa8-751a-4579-a266-d66f5202ccbb}	23.08.2001 13:00:00	16.06.2007 20:50:31	Yes	 	A	883.712
Shellobjekt des Webpublishing-Assistenten	No	System	Netzlaufwerke zuordnen/Assistent für Netzwerkressourcen	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\netplwiz.dll	{6b33163c-76a5-4b6c-bf21-45de9cd503a1}	23.08.2001 13:00:00	16.06.2007 20:50:31	Yes	 	A	883.712
Passport-Assistent	No	System	Netzlaufwerke zuordnen/Assistent für Netzwerkressourcen	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\netplwiz.dll	{58f1f272-9240-4f51-b6d4-fd63d1618591}	23.08.2001 13:00:00	16.06.2007 20:50:31	Yes	 	A	883.712
CompressedFolder	No	Shell Folder	ZIP-komprimierte Ordner	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\zipfldr.dll	{E88DCCE0-B7B3-11d1-A9F0-00AA0060FA31}	23.08.2001 13:00:00	16.06.2007 21:16:11	Yes	 	A	340.992
Compressed (zipped) Folder Right Drag Handler	No	System	ZIP-komprimierte Ordner	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\zipfldr.dll	{BD472F60-27FA-11cf-B8B4-444553540000}	23.08.2001 13:00:00	16.06.2007 20:50:31	Yes	 	A	340.992
Channel	No	System	Viewer für Channeldefinitionsdatei	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\cdfview.dll	{f39a0dc0-9cc8-11d0-a599-00c04fd64433}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	 	A	151.552
Channelverknüpfung	No	System	Viewer für Channeldefinitionsdatei	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\cdfview.dll	{f3aa0dc0-9cc8-11d0-a599-00c04fd64434}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	 	A	151.552
Channel Menu Handler Object	No	System	Viewer für Channeldefinitionsdatei	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\cdfview.dll	{f3da0dc0-9cc8-11d0-a599-00c04fd64437}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	 	A	151.552
Microsoft FTP Folder	No	Shell Folder	Microsoft Internet Explorer FTP-Ordnershellerweiterung	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\msieftp.dll	{63da6ec0-2e98-11cf-8d82-444553540000}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	 	A	252.928
Microsoft DocProp Inplace Edit Box Control	No	System	Microsoft DocProp-Shellerweiterung	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\docprop2.dll	{A9CF0EAE-901A-4739-A481-E35B73E47F6D}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	 	A	48.640
Microsoft DocProp Inplace ML Edit Box Control	No	System	Microsoft DocProp-Shellerweiterung	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\docprop2.dll	{8EE97210-FD1F-4B19-91DA-67914005F020}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	 	A	48.640
Microsoft DocProp Inplace Droplist Combo Control	No	System	Microsoft DocProp-Shellerweiterung	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\docprop2.dll	{0EEA25CC-4362-4A12-850B-86EE61B0D3EB}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	 	A	48.640
Microsoft DocProp Inplace Calendar Control	No	System	Microsoft DocProp-Shellerweiterung	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\docprop2.dll	{6A205B57-2567-4A2C-B881-F787FAB579A3}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	 	A	48.640
Microsoft DocProp Inplace Time Control	No	System	Microsoft DocProp-Shellerweiterung	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\docprop2.dll	{28F8A4AC-BBB3-4D9B-B177-82BFC914FA33}	23.08.2001 13:00:00	16.06.2007 20:50:32	Yes	 	A	48.640
Directory Query UI	No	System	Verzeichnisdienstsuche	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\dsquery.dll	{8A23E65E-31C2-11d0-891C-00A024AB2DBB}	23.08.2001 13:00:00	16.06.2007 20:50:35	Yes	 	A	240.128
Shell properties for a DS object	No	System	Verzeichnisdienstsuche	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\dsquery.dll	{9E51E0D0-6E0F-11d2-9601-00C04FA31A86}	23.08.2001 13:00:00	16.06.2007 20:50:35	Yes	 	A	240.128
Directory Object Find	No	System	Verzeichnisdienstsuche	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\dsquery.dll	{163FDC20-2ABC-11d0-88F0-00A024AB2DBB}	23.08.2001 13:00:00	16.06.2007 20:50:35	Yes	 	A	240.128
Directory Start/Search Find	No	System	Verzeichnisdienstsuche	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\dsquery.dll	{F020E586-5264-11d1-A532-0000F8757D7E}	23.08.2001 13:00:00	16.06.2007 20:50:35	Yes	 	A	240.128
Directory Property UI	No	System	Gemeinsame Benutzeroberfläche des Verzeichnisdienstes	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\dsuiext.dll	{0D45D530-764B-11d0-A1CA-00AA00C16E65}	23.08.2001 13:00:00	16.06.2007 20:50:35	Yes	 	A	113.664
Directory Context Menu Verbs	No	System	Gemeinsame Benutzeroberfläche des Verzeichnisdienstes	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\dsuiext.dll	{62AE1F9A-126A-11D0-A14B-0800361B1103}	23.08.2001 13:00:00	16.06.2007 20:50:35	Yes	 	A	113.664
MyDocs menu and properties	No	System	Benutzeroberfläche des Verzeichnisses "Eigene Dateien"	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\mydocs.dll	{4a7ded0a-ad25-11d0-98a8-0800361b1103}	23.08.2001 13:00:00	16.06.2007 20:50:40	Yes	 	A	91.136
Offline Files Folder Options	No	System	Clientseitige Cachebenutzeroberfläche	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\cscui.dll	{10CFC467-4392-11d2-8DB4-00C04FA31A66}	23.08.2001 13:00:00	16.06.2007 20:50:40	Yes	 	A	334.848
Ordner 'Offlinedateien'	No	Shell Folder	Clientseitige Cachebenutzeroberfläche	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\cscui.dll	{AFDB1F70-2A4C-11d2-9039-00C04F8EEB3E}	23.08.2001 13:00:00	16.06.2007 20:50:40	Yes	 	A	334.848
Microsoft Agent Character Property Sheet Handler	No	System	Microsoft Agent Property Sheet Handler	2.00.0.3422	Microsoft Agent Property Sheet Handler	Microsoft Corporation	No	No	No	C:\WINDOWS\msagent\agentpsh.dll	{143A62C8-C33B-11D1-84FE-00C04FA34A14}	23.08.2001 13:00:00	16.06.2007 20:50:42	Yes	 	A	24.064
Drop-Zielobjekt für den Fotodruck-Assistent	No	System	Fotodruck-Assistent	5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\photowiz.dll	{60fd46de-f830-4894-a628-6fa81bc0190d}	23.08.2001 13:00:00	16.06.2007 20:51:06	Yes	 	A	172.032
Kabinettdatei	No	Shell Folder	Shellerweiterung von Kabinettdatei-Viewer	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\cabview.dll	{0CD7A5C0-9F37-11CE-AE65-08002B2E1262}	23.08.2001 13:00:00	16.06.2007 21:16:11	Yes	 	A	84.992
Set Program Access and Defaults	No	Shell Folder	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shdocvw.dll	{2559a1f7-21d7-11d4-bdaf-00c04f60b9f0}	23.08.2001 13:00:00	16.06.2007 21:10:22	Yes	 	A	1.483.776
Previous Versions	No	Shell Folder	Eigenschaftenseite für vorherige Versionen	6.00.3800.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\twext.dll	{9DB7A13C-F208-4981-8353-73CC61AE2783}	16.06.2007 21:10:06	16.06.2007 21:10:22	Yes	 	 	44.032
Extensions Manager Folder	No	Shell Folder	Extensions Manager	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Microsoft® Windows® Operating System	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\extmgr.dll	{692F0339-CBAA-47e6-B5B5-3B84DB604E87}	16.06.2007 21:10:10	16.06.2007 21:10:22	Yes	 	 	55.808
Groove Folder Synchronization	No	System	GrooveShellExtensions Module	12.0.4518.1014	GrooveShellExtensions Module	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL	{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}	26.10.2006 23:48:42	16.06.2007 21:40:04	Yes	 	A	2.210.608
Groove GFS Stub Execution Hook	No	System	GrooveShellExtensions Module	12.0.4518.1014	GrooveShellExtensions Module	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL	{B5A7F190-DDA6-4420-B3BA-52453494E6CD}	26.10.2006 23:48:42	16.06.2007 21:40:04	Yes	 	A	2.210.608
Groove Explorer Icon Overlay 3 (GFS Folder)	No	System	GrooveShellExtensions Module	12.0.4518.1014	GrooveShellExtensions Module	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL	{16F3DD56-1AF5-4347-846D-7C10C4192619}	26.10.2006 23:48:42	16.06.2007 21:40:04	Yes	 	A	2.210.608
Groove Explorer Icon Overlay 2 (GFS Stub)	No	System	GrooveShellExtensions Module	12.0.4518.1014	GrooveShellExtensions Module	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL	{AB5C5600-7E6E-4B06-9197-9ECEF74D31CC}	26.10.2006 23:48:42	16.06.2007 21:40:04	Yes	 	A	2.210.608
Groove Explorer Icon Overlay 4 (GFS Unread Mark)	No	System	GrooveShellExtensions Module	12.0.4518.1014	GrooveShellExtensions Module	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL	{2916C86E-86A6-43FE-8112-43ABE6BF8DCC}	26.10.2006 23:48:42	16.06.2007 21:40:04	Yes	 	A	2.210.608
Groove Explorer Icon Overlay 1 (GFS Unread Stub)	No	System	GrooveShellExtensions Module	12.0.4518.1014	GrooveShellExtensions Module	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL	{99FD978C-D287-4F50-827F-B2C658EDA8E7}	26.10.2006 23:48:42	16.06.2007 21:40:04	Yes	 	A	2.210.608
Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)	No	System	GrooveShellExtensions Module	12.0.4518.1014	GrooveShellExtensions Module	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL	{920E6DB1-9907-4370-B3A0-BAFC03D81399}	26.10.2006 23:48:42	16.06.2007 21:40:04	Yes	 	A	2.210.608
Microsoft Office Outlook	No	Shell Folder	Microsoft Shell Extension Library	12.0.4518.1014	Microsoft Office Outlook	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\MLSHEXT.DLL	{00020D75-0000-0000-C000-000000000046}	26.10.2006 19:55:12	16.06.2007 21:40:13	Yes	 	A	21.312
Portable Media Devices	No	System	Portable Media Devices Shell Extension	5.2.5721.5145 (WMP_11.061018-2006)	Microsoft® Windows® Operating System	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\Audiodev.dll	{640167b4-59b0-47a6-b335-a6b3c0695aea}	18.10.2006 20:47:08	19.10.2007 17:15:47	Yes	 	 	276.992
Portable Devices	No	Shell Folder	Portable Devices Shell Extension	5.2.5721.5145 (WMP_11.061018-2006)	Microsoft® Windows® Operating System	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\wpdshext.dll	{35786D3C-B075-49b9-88DD-029876E11C01}	18.10.2006 20:47:22	19.10.2007 17:16:19	Yes	 	 	2.603.008
Portable Devices Menu	No	System	Portable Devices Shell Extension	5.2.5721.5145 (WMP_11.061018-2006)	Microsoft® Windows® Operating System	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\wpdshext.dll	{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8}	18.10.2006 20:47:22	19.10.2007 17:16:19	Yes	 	 	2.603.008
URL Exec Hook	No	ShellExecute Hook	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\shell32.dll	{AEB6717E-7E19-11d0-97EE-00C04FD91972}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	8.424.960
Groove GFS Stub Execution Hook	No	ShellExecute Hook	GrooveShellExtensions Module	12.0.4518.1014	GrooveShellExtensions Module	Microsoft Corporation	No	No	No	C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL	{B5A7F190-DDA6-4420-B3BA-52453494E6CD}	26.10.2006 23:48:42	16.06.2007 21:40:04	Yes	 	A	2.210.608
&Adresse	No	IE Toolbar	Shell Browser UI-Bibliothek	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\browseui.dll	{01E04581-4EEE-11D0-BFE9-00AA005B4383}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.016.832
Microsoft Url Sucheingriff	No	URL Search Hook	Bibliothek für Shell-Dokumente und -Steuerelemente	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\System32\shdocvw.dll	{CFBFAE00-17A6-11D0-99CB-00C04FD64497}	23.08.2001 13:00:00	16.06.2007 20:50:26	Yes	 	A	1.483.776
Netzwerkumgebung	No	Shell Folder	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SHELL32.dll	{208D2C60-3AEA-1069-A2D7-08002B30309D}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	8.424.960
Arbeitsplatz	No	Shell Folder	Allgemeine Windows-Shell-DLL	6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)	Betriebssystem Microsoft® Windows®	Microsoft Corporation	No	No	No	C:\WINDOWS\system32\SHELL32.dll	{20D04FE0-3AEA-1069-A2D8-08002B30309D}	23.08.2001 13:00:00	16.06.2007 20:50:24	Yes	 	A	8.424.960
CmdLineContextMenu Class	Yes	Context Menu	SecuROM Context-Menu for Explorer.	1,0,201,0	 	Sony DADC Austria AG.	No	No	No	C:\WINDOWS\system32\CmdLineExt.dll	{9869EFB4-18E9-11D3-A837-00104B9E30B5}	16.06.2007 22:05:24	03.10.2007 18:58:54	No	.exe, exefile	A	98.304
SSVHelper Class	Yes	Browser Helper Object	Java(TM) Platform SE binary	6.0.30.5	Java(TM) Platform SE 6 U3	Sun Microsystems, Inc.	No	No	No	C:\Programme\Java\jre1.6.0_03\bin\ssv.dll	{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}	04.11.2007 22:23:10	04.11.2007 22:23:42	No	 	A	501.136
SABShellExecuteHook Class	Yes	ShellExecute Hook	ShellExecuteHook	1, 0, 0, 1008	SuperAntiSpyware	SuperAdBlocker.com	No	No	No	C:\Programme\SUPERAntiSpyware\SASSEH.DLL	{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}	20.12.2006 13:55:48	07.11.2007 15:49:22	No	 	A	77.824
ZLAVShExt Class	Yes	Context Menu	zlavscan shell extension	7.0.337.000	zlavscan shell extension	Zone Labs, LLC	No	No	No	C:\Programme\Zone Labs\ZoneAlarm\zlavscan.dll	{D9872D13-7651-4471-9EEE-F0A00218BEBB}	22.06.2007 14:49:44	22.06.2007 14:49:44	No	*, Folder	A	50.928

Später mehr...


Ich hab eine dmp-datei für den 31.10. gefunden:

Code:

Opened log file 'c:\debuglog.txt'

Microsoft (R) Windows Debugger Version 6.8.0004.0 X86
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Dr Watson\user.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Comment: 'Dr. Watson generated MiniDump'
Symbol search path is: SRV*c:\symbols*http://msdl.microsoft.com/download/symbols
Executable search path is: C:\WINDOWS;C:\WINDOWS\system32;C:\WINDOWS\system32\drivers
Windows XP Version 2600 (Service Pack 2) UP Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Wed Oct 31 13:14:18.000 2007 (GMT+1)
System Uptime: not available
Process Uptime: 0 days 0:00:27.000
.......................................................................................
This dump file has an exception of interest stored in it.
The stored exception information can be accessed via .ecxr.
(868.180): Access violation - code c0000005 (first/second chance not available)
eax=00000000 ebx=00000000 ecx=0268daf0 edx=00000000 esi=10009b88 edi=001476c8
eip=00000000 esp=0268dadc ebp=0268dc18 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
00000000 ??              ???
0:019> !analyze -v;r;kv;lmtn;.logclose;q
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ntdll.dll - 
Unable to load image C:\WINDOWS\system32\kb1ss1p.dll, Win32 error 0n2
*** WARNING: Unable to verify timestamp for kb1ss1p.dll
*** ERROR: Module load completed but symbols could not be loaded for kb1ss1p.dll
*******************************************************************************
*                                                                             *
*                        Exception Analysis                                   *
*                                                                             *
*******************************************************************************

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ole32.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for shlwapi.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for shell32.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for kernel32.dll - 
***** OS symbols are WRONG. Please fix symbols to do analysis.

*** ERROR: Module load completed but symbols could not be loaded for explorer.exe
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for oleaut32.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for msctf.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for ws2_32.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for rpcrt4.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for msutb.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for user32.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for netshell.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for stobject.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for advapi32.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for WPDShServiceObj.dll - 
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for wdmaud.drv - 
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************
*************************************************************************
***                                                                   ***
***                                                                   ***
***    Your debugger is not using the correct symbols                 ***
***                                                                   ***
***    In order for this command to work properly, your symbol path   ***
***    must point to .pdb files that have full type information.      ***
***                                                                   ***
***    Certain .pdb files (such as the public OS symbols) do not      ***
***    contain the required information.  Contact the group that      ***
***    provided you with these symbols if you need this command to    ***
***    work.                                                          ***
***                                                                   ***
***    Type referenced: kernel32!pNlsUserInfo                         ***
***                                                                   ***
*************************************************************************

FAULTING_IP: 
+0
00000000 ??              ???

EXCEPTION_RECORD:  ffffffff -- (.exr 0xffffffffffffffff)
.exr 0xffffffffffffffff
ExceptionAddress: 00000000
   ExceptionCode: c0000005 (Access violation)
  ExceptionFlags: 00000000
NumberParameters: 2
   Parameter[0]: 00000000
   Parameter[1]: 00000000
Attempt to read from address 00000000

PROCESS_NAME:  explorer.exe

MODULE_NAME: kb1ss1p

FAULTING_MODULE: 7c910000 ntdll

DEBUG_FLR_IMAGE_TIMESTAMP:  4907025d

ERROR_CODE: (NTSTATUS) 0xc0000005 - Die Anweisung in "0x%08lx" verweist auf Speicher in "0x%08lx". Der Vorgang  "%s" konnte nicht auf dem Speicher durchgef hrt werden.

READ_ADDRESS:  00000000 

FAILED_INSTRUCTION_ADDRESS: 
+0
00000000 ??              ???

LAST_CONTROL_TRANSFER:  from 10002783 to 00000000

STACK_TEXT:  
WARNING: Frame IP not in any known module. Following frames may be wrong.
0268dad8 10002783 0268daf0 1000275e 0268daf0 0x0
0268dc18 774ffdb4 01f45c90 774b1a60 0268dc98 kb1ss1p+0x2783
0268dc30 774fface 0268dc44 774b1a60 0268dc98 ole32!CoGetTreatAsClass+0x4be
0268dc5c 774ff651 0268dca0 00000000 0268e294 ole32!CoGetTreatAsClass+0x1d8
0268dcd8 774ff4f5 775d63d8 00000000 0268e294 ole32!CoFreeUnusedLibrariesEx+0x22c1
0268dd18 774ff7a4 0268e294 00000000 0268e7e0 ole32!CoFreeUnusedLibrariesEx+0x2165
0268dd6c 774ff71b 775d63dc 00000000 0268e294 ole32!CoFreeUnusedLibrariesEx+0x2414
0268dd8c 7750052b 775d63dc 00000001 00000000 ole32!CoFreeUnusedLibrariesEx+0x238b
0268ddac 775004e2 775d63d4 0268e0f0 00000000 ole32!CoGetTreatAsClass+0xc35
0268dde4 774ff805 775d63d4 0268e0f0 00000000 ole32!CoGetTreatAsClass+0xbec
0268de0c 774ff4f5 775d63d4 00000000 0268e294 ole32!CoFreeUnusedLibrariesEx+0x2475
0268de4c 774ff490 0268e294 00000000 0268e7e0 ole32!CoFreeUnusedLibrariesEx+0x2165
0268e09c 774ff4f5 775d639c 00000000 0268e294 ole32!CoFreeUnusedLibrariesEx+0x2100
0268e0dc 774ff33a 0268e294 00000000 0268e7e0 ole32!CoFreeUnusedLibrariesEx+0x2165
0268e88c 774f6000 0268ed60 00000000 00000401 ole32!CoFreeUnusedLibrariesEx+0x1faa
0268e8b4 774f5fcf 0268ed60 00000000 00000401 ole32!CoCreateInstanceEx+0x4f
0268e8d8 774f603d 0268ed60 00000000 00000401 ole32!CoCreateInstanceEx+0x1e
0268e908 77f475c4 0268ed60 00000000 00000401 ole32!CoCreateInstance+0x34
0268e930 7ca49d19 0268ed60 00000000 00000401 shlwapi!Ordinal549+0x37
0268ec44 7c9faef7 0268ed60 00000000 00000401 shell32!ExtractIconExW+0x2c2
0268ec84 7c9faeb6 00000000 0268ed60 00000000 shell32!Ordinal128+0x18f
0268eca4 7ca1eb00 00000000 0268ed60 00000000 shell32!Ordinal128+0x14e
0268ed28 7ca1eab3 0268ed60 0268ee30 0268ed48 shell32!Ordinal159+0x10e9
0268edc4 7ca1e96a 0268ee30 0268ee30 01f69628 shell32!Ordinal159+0x109c
0268eddc 7ca1d751 0268ee30 001798a8 01f69628 shell32!Ordinal159+0xf53
0268edf0 7ca1d6c9 001798a8 001798a8 0268ee30 shell32!ShellExecuteExW+0x153
0268ee04 7ca1d665 0268ee30 01f4ca28 001798a8 shell32!ShellExecuteExW+0xcb
0268ee20 7ca2db3f 0268ee30 00000000 0000003c shell32!ShellExecuteExW+0x67
0268ee6c 7ca2da94 0268f0c8 40000000 0268ee9c shell32!PathProcessCommand+0x12c8
0268f0a8 7ca2d9cb 0268f0c8 00000000 001798a8 shell32!PathProcessCommand+0x121d
0268f134 7ca2d917 01f4ca2c 0268f150 01f67958 shell32!PathProcessCommand+0x1154
0268f194 7ca2d869 01f5ec90 0268f1b4 00000000 shell32!PathProcessCommand+0x10a0
0268f424 7ca448b2 01f67958 0268f45c 00000001 shell32!PathProcessCommand+0xff2
0268f440 7ca4486a 00136e6c 0268f45c 00136e68 shell32!Ordinal258+0xfea
0268ff38 7cb16283 01f44c34 00000020 00000000 shell32!Ordinal258+0xfa2
0268ff50 77f5f5de 01f4ea40 00470045 00530049 shell32!FindExeDlgProc+0x8467
0268ffb4 7c80b50b 00000000 00470045 00530049 shlwapi!Ordinal505+0x369
0268ffec 00000000 77f5f56f 00ffef44 00000000 kernel32!GetModuleFileNameA+0x1b4


FAULTING_THREAD:  00000180

DEFAULT_BUCKET_ID:  WRONG_SYMBOLS

PRIMARY_PROBLEM_CLASS:  NULL_INSTRUCTION_PTR

BUGCHECK_STR:  APPLICATION_FAULT_NULL_INSTRUCTION_PTR

FOLLOWUP_IP: 
kb1ss1p+2783
10002783 ??              ???

SYMBOL_STACK_INDEX:  1

SYMBOL_NAME:  kb1ss1p+2783

FOLLOWUP_NAME:  MachineOwner

IMAGE_NAME:  kb1ss1p.dll

STACK_COMMAND:  ~19s; .ecxr ; kb

BUCKET_ID:  WRONG_SYMBOLS

FAILURE_BUCKET_ID:  kb1ss1p.dll!base_address_c0000005_NULL_INSTRUCTION_PTR

Followup: MachineOwner
---------

eax=00000000 ebx=00000000 ecx=0268daf0 edx=00000000 esi=10009b88 edi=001476c8
eip=00000000 esp=0268dadc ebp=0268dc18 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00000202
00000000 ??              ???
ChildEBP RetAddr  Args to Child              
WARNING: Frame IP not in any known module. Following frames may be wrong.
0268dad8 10002783 0268daf0 1000275e 0268daf0 0x0
0268dc18 774ffdb4 01f45c90 774b1a60 0268dc98 kb1ss1p+0x2783
0268dc30 774fface 0268dc44 774b1a60 0268dc98 ole32!CoGetTreatAsClass+0x4be
0268dc5c 774ff651 0268dca0 00000000 0268e294 ole32!CoGetTreatAsClass+0x1d8
0268dcd8 774ff4f5 775d63d8 00000000 0268e294 ole32!CoFreeUnusedLibrariesEx+0x22c1
0268dd18 774ff7a4 0268e294 00000000 0268e7e0 ole32!CoFreeUnusedLibrariesEx+0x2165
0268dd6c 774ff71b 775d63dc 00000000 0268e294 ole32!CoFreeUnusedLibrariesEx+0x2414
0268dd8c 7750052b 775d63dc 00000001 00000000 ole32!CoFreeUnusedLibrariesEx+0x238b
0268ddac 775004e2 775d63d4 0268e0f0 00000000 ole32!CoGetTreatAsClass+0xc35
0268dde4 774ff805 775d63d4 0268e0f0 00000000 ole32!CoGetTreatAsClass+0xbec
0268de0c 774ff4f5 775d63d4 00000000 0268e294 ole32!CoFreeUnusedLibrariesEx+0x2475
0268de4c 774ff490 0268e294 00000000 0268e7e0 ole32!CoFreeUnusedLibrariesEx+0x2165
0268e09c 774ff4f5 775d639c 00000000 0268e294 ole32!CoFreeUnusedLibrariesEx+0x2100
0268e0dc 774ff33a 0268e294 00000000 0268e7e0 ole32!CoFreeUnusedLibrariesEx+0x2165
0268e88c 774f6000 0268ed60 00000000 00000401 ole32!CoFreeUnusedLibrariesEx+0x1faa
0268e8b4 774f5fcf 0268ed60 00000000 00000401 ole32!CoCreateInstanceEx+0x4f
0268e8d8 774f603d 0268ed60 00000000 00000401 ole32!CoCreateInstanceEx+0x1e
0268e908 77f475c4 0268ed60 00000000 00000401 ole32!CoCreateInstance+0x34
0268e930 7ca49d19 0268ed60 00000000 00000401 shlwapi!Ordinal549+0x37
0268ec44 7c9faef7 0268ed60 00000000 00000401 shell32!ExtractIconExW+0x2c2
start    end        module name
01000000 010ff000   explorer explorer.exe Wed Aug 04 08:14:38 2004 (41107ECE)
013d0000 01696000   msi      msi.dll      Mon May 02 17:51:33 2005 (42764C85)
02040000 0209b000   pdfshell pdfshell.dll Fri May 11 08:54:07 2007 (4644130F)
0ffd0000 0fff8000   rsaenh   rsaenh.dll   Wed Jul 07 04:17:12 2004 (40EB5D28)
10000000 1001c000   kb1ss1p  kb1ss1p.dll  Tue Oct 28 13:15:25 2008 (4907025D)
10930000 10979000   PortableDeviceApi PortableDeviceApi.dll Thu Oct 19 07:47:31 2006 (45371173)
109c0000 109ec000   PortableDeviceTypes PortableDeviceTypes.dll Thu Oct 19 07:47:33 2006 (45371175)
164a0000 164c3000   WPDShServiceObj WPDShServiceObj.dll Thu Oct 19 07:48:37 2006 (453711B5)
20000000 202d9000   xpsp2res xpsp2res.dll Wed Aug 04 09:58:21 2004 (4110971D)
4d5c0000 4d618000   winhttp  winhttp.dll  Wed Aug 04 09:57:16 2004 (411096DC)
597d0000 59824000   netapi32 netapi32.dll Wed Aug 04 09:55:55 2004 (4110968B)
5b0f0000 5b128000   uxtheme  uxtheme.dll  Wed Aug 04 09:56:49 2004 (411096C1)
5b9b0000 5ba22000   themeui  themeui.dll  Wed Aug 04 09:56:46 2004 (411096BE)
5cf00000 5cf26000   shimeng  shimeng.dll  Wed Aug 04 09:56:21 2004 (411096A5)
5d450000 5d4e7000   comctl32_5d450000 comctl32.dll Wed Aug 04 09:55:07 2004 (4110965B)
60010000 60043000   msutb    msutb.dll    Wed Aug 04 09:58:18 2004 (4110971A)
65e30000 65e67000   GrooveSystemServices GrooveSystemServices.dll Fri Oct 27 09:20:09 2006 (4541B329)
661c0000 663dd000   GrooveShellExtensions GrooveShellExtensions.dll Fri Oct 27 09:20:03 2006 (4541B323)
66b40000 66cbd000   GrooveMisc GrooveMisc.dll Fri Oct 27 09:19:57 2006 (4541B31D)
68ef0000 68fe1000   GrooveUtil GrooveUtil.DLL Fri Oct 27 09:19:44 2006 (4541B310)
68ff0000 68ff7000   GrooveNew GrooveNew.DLL Fri Oct 27 09:19:44 2006 (4541B310)
6fd90000 6ff5a000   acgenral acgenral.dll Wed Aug 04 09:54:29 2004 (41109635)
71a00000 71a08000   ws2help  ws2help.dll  Wed Aug 04 09:57:58 2004 (41109706)
71a10000 71a27000   ws2_32   ws2_32.dll   Wed Aug 04 09:57:57 2004 (41109705)
71a30000 71a3a000   wsock32  wsock32.dll  Wed Aug 04 09:58:10 2004 (41109712)
71b70000 71b83000   samlib   samlib.dll   Wed Aug 04 09:56:05 2004 (41109695)
71cc0000 71cdc000   actxprxy actxprxy.dll Wed Aug 04 09:54:35 2004 (4110963B)
723a0000 723ba000   mydocs   mydocs.dll   Wed Aug 04 09:58:37 2004 (4110972D)
72c80000 72c88000   msacm32_72c80000 msacm32.drv  Sat Aug 18 13:50:14 2001 (3B7E5676)
72c90000 72c99000   wdmaud   wdmaud.drv   Wed Aug 04 09:57:03 2004 (411096CF)
746a0000 746eb000   msctf    msctf.dll    Wed Aug 04 09:56:38 2004 (411096B6)
74900000 74a30000   msxml3   msxml3.dll   Wed Aug 04 09:58:32 2004 (41109728)
74a50000 74a58000   powrprof powrprof.dll Wed Aug 04 09:56:21 2004 (411096A5)
74a70000 74a7a000   batmeter batmeter.dll Wed Aug 04 09:54:34 2004 (4110963A)
74ab0000 74af8000   webcheck webcheck.dll Wed Aug 04 09:57:04 2004 (411096D0)
75f20000 7601c000   browseui browseui.dll Wed Aug 04 09:54:44 2004 (41109644)
76300000 76310000   winsta   winsta.dll   Wed Aug 04 09:56:59 2004 (411096CB)
76320000 76325000   msimg32  msimg32.dll  Wed Aug 04 09:57:39 2004 (411096F3)
763a0000 7654b000   netshell netshell.dll Wed Aug 04 09:56:04 2004 (41109694)
765a0000 765bd000   cscdll   cscdll.dll   Wed Aug 04 09:54:49 2004 (41109649)
765c0000 765e1000   stobject stobject.dll Wed Aug 04 09:59:05 2004 (41109749)
76620000 766d5000   userenv  userenv.dll  Wed Aug 04 09:56:47 2004 (411096BF)
76880000 76905000   cryptui  cryptui.dll  Wed Aug 04 09:54:48 2004 (41109648)
76930000 76938000   linkinfo linkinfo.dll Wed Aug 04 09:55:22 2004 (4110966A)
76940000 76966000   ntshrui  ntshrui.dll  Wed Aug 04 09:56:36 2004 (411096B4)
76970000 76a21000   sxs      sxs.dll      Wed Aug 04 09:59:11 2004 (4110974F)
76ad0000 76ae1000   atl      atl.dll      Wed Aug 04 09:55:26 2004 (4110966E)
76af0000 76b1e000   winmm    winmm.dll    Wed Aug 04 09:57:19 2004 (411096DF)
76bc0000 76bef000   credui   credui.dll   Wed Aug 04 09:55:18 2004 (41109666)
76bf0000 76c1e000   wintrust wintrust.dll Wed Aug 04 09:57:00 2004 (411096CC)
76c50000 76c78000   imagehlp imagehlp.dll Wed Aug 04 09:55:24 2004 (4110966C)
76d20000 76d39000   iphlpapi iphlpapi.dll Wed Aug 04 09:55:13 2004 (41109661)
76e40000 76e4e000   rtutils  rtutils.dll  Wed Aug 04 09:56:12 2004 (4110969C)
76e50000 76e62000   rasman   rasman.dll   Wed Aug 04 09:56:04 2004 (41109694)
76e70000 76e9f000   tapi32   tapi32.dll   Wed Aug 04 09:56:38 2004 (411096B6)
76ea0000 76edc000   rasapi32 rasapi32.dll Wed Aug 04 09:56:00 2004 (41109690)
76f10000 76f18000   wtsapi32 wtsapi32.dll Wed Aug 04 09:58:14 2004 (41109716)
76f20000 76f4d000   wldap32  wldap32.dll  Wed Aug 04 09:57:02 2004 (411096CE)
76f90000 7700f000   clbcatq  clbcatq.dll  Wed Aug 04 09:54:54 2004 (4110964E)
77010000 770e3000   comres   comres.dll   Wed Aug 04 09:55:12 2004 (41109660)
770f0000 7717c000   oleaut32 oleaut32.dll Wed Aug 04 09:57:08 2004 (411096D4)
77180000 77227000   wininet  wininet.dll  Wed Aug 04 09:57:17 2004 (411096DD)
77230000 772cd000   urlmon   urlmon.dll   Wed Aug 04 09:56:43 2004 (411096BB)
773a0000 774a2000   comctl32 comctl32.dll Wed Aug 04 09:54:27 2004 (41109633)
774b0000 775ec000   ole32    ole32.dll    Wed Aug 04 09:57:07 2004 (411096D3)
77730000 7789c000   shdocvw  shdocvw.dll  Wed Aug 04 09:56:17 2004 (411096A1)
778f0000 779e4000   setupapi setupapi.dll Wed Aug 04 09:56:11 2004 (4110969B)
779f0000 77a46000   cscui    cscui.dll    Wed Aug 04 09:54:50 2004 (4110964A)
77a50000 77ae5000   crypt32  crypt32.dll  Wed Aug 04 09:54:43 2004 (41109643)
77af0000 77b02000   msasn1   msasn1.dll   Wed Aug 04 09:56:31 2004 (411096AF)
77b10000 77b32000   apphelp  apphelp.dll  Wed Aug 04 09:55:07 2004 (4110965B)
77ba0000 77ba7000   midimap  midimap.dll  Wed Aug 04 09:55:33 2004 (41109675)
77bb0000 77bc5000   msacm32  msacm32.dll  Wed Aug 04 09:56:11 2004 (4110969B)
77bd0000 77bd8000   version  version.dll  Wed Aug 04 09:56:47 2004 (411096BF)
77be0000 77c38000   msvcrt   msvcrt.dll   Wed Aug 04 09:58:22 2004 (4110971E)
77c40000 77c63000   msv1_0   msv1_0.dll   Wed Aug 04 09:58:19 2004 (4110971B)
77d10000 77da0000   user32   user32.dll   Wed Aug 04 09:56:46 2004 (411096BE)
77da0000 77e4a000   advapi32 advapi32.dll Wed Aug 04 09:54:54 2004 (4110964E)
77e50000 77ee1000   rpcrt4   rpcrt4.dll   Wed Aug 04 09:56:06 2004 (41109696)
77ef0000 77f36000   gdi32    gdi32.dll    Wed Aug 04 09:55:00 2004 (41109654)
77f40000 77fb6000   shlwapi  shlwapi.dll  Wed Aug 04 09:56:23 2004 (411096A7)
77fc0000 77fd1000   secur32  secur32.dll  Wed Aug 04 09:56:25 2004 (411096A9)
78130000 781cb000   msvcr80  msvcr80.dll  Mon Jun 05 23:10:49 2006 (44849DD9)
7c630000 7c64b000   ATL80    ATL80.dll    Fri Sep 23 08:48:41 2005 (4333A549)
7c800000 7c906000   kernel32 kernel32.dll Wed Aug 04 09:57:08 2004 (411096D4)
7c910000 7c9c7000   ntdll    ntdll.dll    Wed Aug 04 09:57:08 2004 (411096D4)
7c9d0000 7d1ee000   shell32  shell32.dll  Wed Aug 04 09:56:18 2004 (411096A2)
Closing open log file c:\debuglog.txt

[Gernot1]

Ich hab den obligatorischen reboot von 2.30 heute zur Abwechslung mal selbst durchgeführt. Eigentlich wollte ich online bleiben, damit jeder mitverfolgen kann, wann ich online bin und wann nicht. Dass ich heute nicht online sein konnte, liegt daran, dass ich sabotiert worden bin. Ich hätte wahrscheinlich einen reboot geberaucht, um wieder online zu kommen. Dann hab ich mir gedacht: Mach ich ihn doch um 2.30....

[Gernot1]

Hallo Ruby!

Ich hab mal nach der kb1ss1p.dll gegoogelt, die anscheinend für meine Explorerabstürze verantwortlich war, falls ich den debugtext richtig verstanden hab. Was ich da teilweise gelesen hab, klingt für mich nicht gerade gut. Ich hab mich mit Neuaufsetzten eigenlich schon abgefunden, aber erstens befürchte ich dann, das das Teil morgen wieder auf meinem Rechner ist und zweitens würd ich es vorher gerne noch eigenhändig erwürgen.

Ich hab auch die Anleitung gesehen, die du für ThreatFire geschrieben hast und das ausprobiert. Mit den Standardeinstellungen findet es nix. Davor die Scanregelen zu ändern, hast du gewarnt. Gibt´s da ein paare Änderungen, die ich ohne allzu großes Risiko einmal versuchen könnte?

Heute hatte ich keine Abstürze, als ich mich mit Administratorrechten angemeldet hab, gestern aber schon wieder:

Code:

"Das System wird nach einem schwerwiegenden Fehler wieder ausgeführt"



BCCode : 77     BCP1 : C000000E     BCP2 : C000000E     BCP3 : 00000000     
BCP4 : 05954000     OSVer : 5_1_2600     SP : 2_0     Product : 256_1     


C:\DOKUME~1\Mynioka\LOKALE~1\Temp\WER0b0d.dir00\Mini111007-01.dmp
C:\DOKUME~1\Mynioka\LOKALE~1\Temp\WER0b0d.dir00\sysdata.xml

Gibt´s noch was, was ich versuchen kann?

[Ruby]

Hallo Gernot1

nun habe ich mir deinen gesamten Thread nochmal durchgelesen,
auf der Suche nach der 'C:\WINDOWS\system32\kb1ss1p.dll'.
Vielleicht bin ich blind , aber meiner Ansicht ist sie in keinem deiner Logfiles zu finden, ausser im debuglog.txt.

Wir werden diesen Trojaner von deinem System entfernen.
Zunächst möchte ich gerne ein paar Rootkit Tests laufen lassen.

Einige Scans auf Dateien, Prozesse und Registryeinträge, die vor den meisten anderen Scannern versteckt werden (durch ein sogenanntes Rootkit). Während dieser Scans soll(en):

• alle anderen Scanner gegen Viren, Spyware, usw deaktiviert sein
• keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen)
• nichts am Rechner getan werden

RootkitRevealer scannen lassen

• Lade RootkitRevealer runter und entpacke das Archiv in einen eigenen Ordner, z.B. C:\programme\rootkitrevealer.
• Starte in diesem Ordner RootkitReavealer.exe. Alle anderen Programme schließen.
• Starte durch Klick auf "Scan".
• Wenn der Scan fertig ist das Logfile mit File -> Save abspeichern.

Blacklight scannen lassen

• Lade F-Secure Blacklight runter in einen eigenen Ordner, z.B. C:\programme\blacklight. Sollte der Download nicht klappen, dann probiere es mit diesem Link.
• Starte in diesem Ordner blbeta.exe. Alle anderen Programme schließen.
• Klick "I accept the agreement", "next", "Scan".
• Wenn der Scan fertig ist beende Blacklight mit "Close".
• Im Verzeichnis von Blacklight findest Du das erstellte Log fsbl-XXX.log, anstelle der XXX steht eine längere Folge von Ziffern.

Sophos scannen lassen

• Gehe zu Sophos und lade dir ihren Rootkitescanner herunter. Du bekommst eine Installationsdatei sarsfx.exe.
• Starte diese, akzeptiere die Lizenz und lass das Programm installieren, ändere den Pfad C:\SOPHTEMP nicht.
• Gehe mit dem Explorer in diesen Ordner und starte sargui.exe, schließe danach alle anderen Programme.
• Lass unter Area alles angehalt und starte den Scan mit "Start scan". Der Scan dauert einige Zeit, wenn er fertig ist poppt ein Fenster auf mit einer Zusammenfassung, klicke dort "Ok". Beende den Sophos Rootkitscanner, dieser Scan dient nur der Analyse.
• Starte den Explorer und gib in der Adresszeile "%temp%" ein (ohne Anführungsstriche), dort gibt es eine Datei sarscan.log, deren Inhalt bitte posten.

Gmer scannen lassen

• Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop.
• Starte gmer.exe und gehe zum Tab Rootkit. Alle anderen Programme sollen geschlossen sein.
• Stelle sicher, daß in der Leiste rechts alles von "System" bis "ADS" angehakt ist ([B]Wichtig[B]: "Show all" darf nicht angehakt sein) und starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
• Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet.
• Füge das Log aus der Zwischenablage in deine Antwort hier ein.

Scanner wieder einschalten, bevor Du ins Netz gehst!

Nun alle Logs posten.

Bitte den Rechner vom Netz trennen, wenn er unbeaufsichtigt ist.
Kein Online Banking, messaging, mailing, FileSharing betreiben.

[Gernot1]

Blacklight:

Code:

11/12/07 14:44:20 [Info]: BlackLight Engine 1.0.67 initialized
11/12/07 14:44:20 [Info]: OS: 5.1 build 2600 (Service Pack 2)
11/12/07 14:44:20 [Note]: 7019 4
11/12/07 14:44:20 [Note]: 7005 0
11/12/07 14:45:32 [Note]: 7006 0
11/12/07 14:45:32 [Note]: 7011 1724
11/12/07 14:45:32 [Note]: 7026 0
11/12/07 14:45:32 [Note]: 7026 0
11/12/07 14:45:34 [Note]: FSRAW library version 1.7.1024
11/12/07 14:49:01 [Note]: 2000 1012
11/12/07 14:49:01 [Note]: 2000 1012
11/12/07 14:51:46 [Note]: 7007 0

[Gernot1]

Sophos

Code:

Sophos Anti-Rootkit Version 1.3.1 (data 1.07)  (c) 2006 Sophos Plc
Started logging on 12.11.2007 at 15:09:48
Hidden:	registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\MediaPlayer\Preferences\LastPlaylist
Hidden:	registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Hidden:	registry item \HKEY_USERS\S-1-5-18\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
Stopped logging on 12.11.2007 at 15:12:57

[Gernot1]

Tut mir leid, aber ich bekomm immer:

Code:

Fatal error: Maximum execution time of 30 seconds exceeded in /var/www/vhosts/hijackthis-forum.de/httpdocs/includes/functions.php on line 1612

, deswegen versuch ich jetzt einzeln zu posten

[Gernot1]

GMER TEil1:

Code:

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-12 15:55:02
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwConnectPort
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwCreateFile
SSDT            TfSysMon.sys                                                                                         ZwCreateKey
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwCreatePort
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwCreateProcess
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwCreateProcessEx
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwCreateSection
SSDT            F8BFDD94                                                                                             ZwCreateThread
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwCreateWaitablePort
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwDeleteFile
SSDT            TfSysMon.sys                                                                                         ZwDeleteKey
SSDT            TfSysMon.sys                                                                                         ZwDeleteValueKey
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwDuplicateObject
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwLoadKey
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwOpenFile
SSDT            TfSysMon.sys                                                                                         ZwOpenKey
SSDT            F8BFDD80                                                                                             ZwOpenProcess
SSDT            F8BFDD85                                                                                             ZwOpenThread
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwReplaceKey
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwRequestWaitReplyPort
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwRestoreKey
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwSecureConnectPort
SSDT            \SystemRoot\System32\vsdatant.sys                                                                    ZwSetInformationFile
SSDT            TfSysMon.sys                                                                                         ZwSetValueKey
SSDT            TfSysMon.sys                                                                                         ZwTerminateProcess
SSDT            F8BFDD8A                                                                                             ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.13 ----

.text           ntoskrnl.exe!_abnormal_termination + 107                                                             804E2DD8 12 Bytes  [ F0, 41, D2, EF, 80, A4, D2, ... ]
.text           ntoskrnl.exe!_abnormal_termination + 453                                                             804E3124 2 Bytes  [ FE, B7 ]
.text           ntoskrnl.exe!_abnormal_termination + 456                                                             804E3127 1 Byte  [ F8 ]
?               srescan.sys                                                                                          Das System kann die angegebene Datei nicht finden.
?               C:\WINDOWS\system32\Drivers\mchInjDrv.sys                                                            Das System kann die angegebene Datei nicht finden.
?               C:\WINDOWS\system32\7.tmp                                                                            Das System kann die angegebene Datei nicht finden.
.text           ntoskrnl.exe!_abnormal_termination + 107                                                             804E2DD8 12 Bytes  [ F0, 41, D2, EF, 80, A4, D2, ... ]
.text           ntoskrnl.exe!_abnormal_termination + 453                                                             804E3124 2 Bytes  [ FE, B7 ]
.text           ntoskrnl.exe!_abnormal_termination + 456                                                             804E3127 1 Byte  [ F8 ]

---- User code sections - GMER 1.0.13 ----

.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] ntdll.dll!NtLoadDriver                            7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] ntdll.dll!NtLoadDriver + 4                        7C91DB72 2 Bytes  [ 44, 5F ]
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] ntdll.dll!NtSuspendProcess                        7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] ntdll.dll!NtSuspendProcess + 4                    7C91E83E 2 Bytes  [ 2F, 5F ]
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] kernel32.dll!LoadLibraryExW                       7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] kernel32.dll!LoadLibraryA                         7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] kernel32.dll!TerminateProcess                     7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] kernel32.dll!WriteProcessMemory                   7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] kernel32.dll!CreateProcessW                       7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] kernel32.dll!CreateProcessA                       7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] kernel32.dll!GetProcAddress                       7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] kernel32.dll!LoadLibraryW                         7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] kernel32.dll!CreateRemoteThread                   7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] kernel32.dll!CreateRemoteThread + 4               7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] kernel32.dll!ExitProcess                          7C81CAA2 6 Bytes  JMP 5F370F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] kernel32.dll!TerminateThread                      7C81CACB 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] kernel32.dll!DebugActiveProcess                   7C859F0B 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] kernel32.dll!WinExec                              7C86114D 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] USER32.dll!GetKeyState                            77D1C379 6 Bytes  JMP 5F3A0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] USER32.dll!GetAsyncKeyState                       77D1D051 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] USER32.dll!SetWindowsHookExW                      77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] USER32.dll!SetWindowsHookExA                      77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] USER32.dll!DdeConnect                             77D57DBC 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] USER32.dll!EndTask                                77D59C9D 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] ADVAPI32.dll!LsaRemoveAccountRights               77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmon.exe[212] ADVAPI32.dll!CreateServiceA                       77E07071 6 Bytes  JMP 5F460F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] ntdll.dll!NtLoadDriver                            7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] ntdll.dll!NtLoadDriver + 4                        7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] ntdll.dll!NtSuspendProcess                        7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] ntdll.dll!NtSuspendProcess + 4                    7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] kernel32.dll!LoadLibraryExW                       7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] kernel32.dll!LoadLibraryA                         7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] kernel32.dll!TerminateProcess                     7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] kernel32.dll!WriteProcessMemory                   7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] kernel32.dll!CreateProcessW                       7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] kernel32.dll!CreateProcessA                       7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] kernel32.dll!GetProcAddress                       7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] kernel32.dll!LoadLibraryW                         7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] kernel32.dll!CreateRemoteThread                   7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] kernel32.dll!CreateRemoteThread + 4               7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] kernel32.dll!ExitProcess                          7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] kernel32.dll!TerminateThread                      7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] kernel32.dll!DebugActiveProcess                   7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] kernel32.dll!WinExec                              7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] ADVAPI32.dll!LsaRemoveAccountRights               77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] ADVAPI32.dll!CreateServiceA                       77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] USER32.dll!GetKeyState                            77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] USER32.dll!GetAsyncKeyState                       77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] USER32.dll!SetWindowsHookExW                      77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] USER32.dll!SetWindowsHookExA                      77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] USER32.dll!DdeConnect                             77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] USER32.dll!EndTask                                77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] SHELL32.dll!ShellExecuteExW                       7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] SHELL32.dll!ShellExecuteEx                        7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] SHELL32.dll!ShellExecuteA                         7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\Java\jre1.6.0_03\bin\jusched.exe[244] SHELL32.dll!ShellExecuteW                         7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] ntdll.dll!NtLoadDriver                7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] ntdll.dll!NtLoadDriver + 4            7C91DB72 2 Bytes  [ 53, 5F ]
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] ntdll.dll!NtSuspendProcess            7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] ntdll.dll!NtSuspendProcess + 4        7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] KERNEL32.dll!LoadLibraryExW           7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] KERNEL32.dll!LoadLibraryA             7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] KERNEL32.dll!TerminateProcess         7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] KERNEL32.dll!WriteProcessMemory       7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] KERNEL32.dll!CreateProcessW           7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] KERNEL32.dll!CreateProcessA           7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] KERNEL32.dll!GetProcAddress           7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] KERNEL32.dll!LoadLibraryW             7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] KERNEL32.dll!CreateRemoteThread       7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] KERNEL32.dll!CreateRemoteThread + 4   7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] KERNEL32.dll!ExitProcess              7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] KERNEL32.dll!TerminateThread          7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] KERNEL32.dll!DebugActiveProcess       7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] KERNEL32.dll!WinExec                  7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] ADVAPI32.dll!LsaRemoveAccountRights   77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] ADVAPI32.dll!CreateServiceA           77E07071 6 Bytes  JMP 5F550F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] USER32.dll!GetKeyState                77D1C379 6 Bytes  JMP 5F490F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] USER32.dll!GetAsyncKeyState           77D1D051 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] USER32.dll!SetWindowsHookExW          77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] USER32.dll!SetWindowsHookExA          77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] USER32.dll!DdeConnect                 77D57DBC 6 Bytes  JMP 5F4F0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] USER32.dll!EndTask                    77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] shell32.dll!ShellExecuteExW           7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] shell32.dll!ShellExecuteEx            7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] shell32.dll!ShellExecuteA             7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\MOM.EXE[260] shell32.dll!ShellExecuteW             7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] ntdll.dll!NtLoadDriver                                           7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\ctfmon.exe[272] ntdll.dll!NtLoadDriver + 4                                       7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\WINDOWS\system32\ctfmon.exe[272] ntdll.dll!NtSuspendProcess                                       7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\ctfmon.exe[272] ntdll.dll!NtSuspendProcess + 4                                   7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!LoadLibraryExW                                      7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!LoadLibraryA                                        7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!TerminateProcess                                    7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!WriteProcessMemory                                  7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!CreateProcessW                                      7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!CreateProcessA                                      7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!GetProcAddress                                      7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!LoadLibraryW                                        7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!CreateRemoteThread                                  7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!CreateRemoteThread + 4                              7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!ExitProcess                                         7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!TerminateThread                                     7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!DebugActiveProcess                                  7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] kernel32.dll!WinExec                                             7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] ADVAPI32.dll!LsaRemoveAccountRights                              77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] ADVAPI32.dll!CreateServiceA                                      77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] USER32.dll!GetKeyState                                           77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] USER32.dll!GetAsyncKeyState                                      77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] USER32.dll!SetWindowsHookExW                                     77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] USER32.dll!SetWindowsHookExA                                     77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] USER32.dll!DdeConnect                                            77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] USER32.dll!EndTask                                               77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] SHELL32.dll!ShellExecuteExW                                      7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] SHELL32.dll!ShellExecuteEx                                       7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] SHELL32.dll!ShellExecuteA                                        7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\ctfmon.exe[272] SHELL32.dll!ShellExecuteW                                        7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] ntdll.dll!NtLoadDriver                                        7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Messenger\msmsgs.exe[308] ntdll.dll!NtLoadDriver + 4                                    7C91DB72 2 Bytes  [ 53, 5F ]
.text           C:\Programme\Messenger\msmsgs.exe[308] ntdll.dll!NtSuspendProcess                                    7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Messenger\msmsgs.exe[308] ntdll.dll!NtSuspendProcess + 4                                7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\Programme\Messenger\msmsgs.exe[308] kernel32.dll!LoadLibraryExW                                   7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] kernel32.dll!LoadLibraryA                                     7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] kernel32.dll!TerminateProcess                                 7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] kernel32.dll!WriteProcessMemory                               7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] kernel32.dll!CreateProcessW                                   7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] kernel32.dll!CreateProcessA                                   7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] kernel32.dll!GetProcAddress                                   7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] kernel32.dll!LoadLibraryW                                     7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] kernel32.dll!CreateRemoteThread                               7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Messenger\msmsgs.exe[308] kernel32.dll!CreateRemoteThread + 4                           7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\Programme\Messenger\msmsgs.exe[308] kernel32.dll!ExitProcess                                      7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] kernel32.dll!TerminateThread                                  7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] kernel32.dll!DebugActiveProcess                               7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] kernel32.dll!WinExec                                          7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] ADVAPI32.dll!LsaRemoveAccountRights                           77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] ADVAPI32.dll!CreateServiceA                                   77E07071 6 Bytes  JMP 5F550F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] USER32.dll!GetKeyState                                        77D1C379 6 Bytes  JMP 5F490F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] USER32.dll!GetAsyncKeyState                                   77D1D051 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] USER32.dll!SetWindowsHookExW                                  77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] USER32.dll!SetWindowsHookExA                                  77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] USER32.dll!DdeConnect                                         77D57DBC 6 Bytes  JMP 5F4F0F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] USER32.dll!EndTask                                            77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] SHELL32.dll!ShellExecuteExW                                   7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] SHELL32.dll!ShellExecuteEx                                    7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] SHELL32.dll!ShellExecuteA                                     7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\Messenger\msmsgs.exe[308] SHELL32.dll!ShellExecuteW                                     7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\services.exe[804] ntdll.dll!NtLoadDriver                                         7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\services.exe[804] ntdll.dll!NtLoadDriver + 4                                     7C91DB72 2 Bytes  [ 47, 5F ]
.text           C:\WINDOWS\system32\services.exe[804] ntdll.dll!NtSuspendProcess                                     7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\services.exe[804] ntdll.dll!NtSuspendProcess + 4                                 7C91E83E 2 Bytes  [ 2F, 5F ]
.text           C:\WINDOWS\system32\services.exe[804] kernel32.dll!LoadLibraryExW                                    7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\services.exe[804] kernel32.dll!LoadLibraryA                                      7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\services.exe[804] kernel32.dll!TerminateProcess                                  7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\services.exe[804] kernel32.dll!WriteProcessMemory                                7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateProcessW                                    7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateProcessA                                    7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\services.exe[804] kernel32.dll!GetProcAddress                                    7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\services.exe[804] kernel32.dll!LoadLibraryW                                      7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateRemoteThread                                7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\services.exe[804] kernel32.dll!CreateRemoteThread + 4                            7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\system32\services.exe[804] kernel32.dll!ExitProcess                                       7C81CAA2 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\services.exe[804] kernel32.dll!TerminateThread                                   7C81CACB 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\services.exe[804] kernel32.dll!DebugActiveProcess                                7C859F0B 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\services.exe[804] kernel32.dll!WinExec                                           7C86114D 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!LsaRemoveAccountRights                            77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\services.exe[804] ADVAPI32.dll!CreateServiceA                                    77E07071 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\services.exe[804] USER32.dll!GetKeyState                                         77D1C379 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\services.exe[804] USER32.dll!GetAsyncKeyState                                    77D1D051 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\services.exe[804] USER32.dll!SetWindowsHookExW                                   77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\services.exe[804] USER32.dll!SetWindowsHookExA                                   77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\services.exe[804] USER32.dll!DdeConnect                                          77D57DBC 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\system32\services.exe[804] USER32.dll!EndTask                                             77D59C9D 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] ntdll.dll!NtLoadDriver                                         7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] ntdll.dll!NtLoadDriver + 4                                     7C91DB72 2 Bytes  [ 47, 5F ]
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] ntdll.dll!NtSuspendProcess                                     7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] ntdll.dll!NtSuspendProcess + 4                                 7C91E83E 2 Bytes  [ 2F, 5F ]
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!LoadLibraryExW                                    7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!LoadLibraryA                                      7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!TerminateProcess                                  7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!WriteProcessMemory                                7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CreateProcessW                                    7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CreateProcessA                                    7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!GetProcAddress                                    7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!LoadLibraryW                                      7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CreateRemoteThread                                7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!CreateRemoteThread + 4                            7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!ExitProcess                                       7C81CAA2 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!TerminateThread                                   7C81CACB 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!DebugActiveProcess                                7C859F0B 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] kernel32.dll!WinExec                                           7C86114D 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] USER32.dll!GetKeyState                                         77D1C379 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] USER32.dll!GetAsyncKeyState                                    77D1D051 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] USER32.dll!SetWindowsHookExW                                   77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] USER32.dll!SetWindowsHookExA                                   77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] USER32.dll!DdeConnect                                          77D57DBC 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] USER32.dll!EndTask                                             77D59C9D 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] ADVAPI32.dll!LsaRemoveAccountRights                            77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[976] ADVAPI32.dll!CreateServiceA                                    77E07071 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtLoadDriver                                          7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtLoadDriver + 4                                      7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtSuspendProcess                                      7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\svchost.exe[988] ntdll.dll!NtSuspendProcess + 4                                  7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryExW                                     7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryA                                       7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!TerminateProcess                                   7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WriteProcessMemory                                 7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessW                                     7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateProcessA                                     7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!GetProcAddress                                     7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!LoadLibraryW                                       7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateRemoteThread                                 7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!CreateRemoteThread + 4                             7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!ExitProcess                                        7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!TerminateThread                                    7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!DebugActiveProcess                                 7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] kernel32.dll!WinExec                                            7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!LsaRemoveAccountRights                             77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] ADVAPI32.dll!CreateServiceA                                     77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] USER32.dll!GetKeyState                                          77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] USER32.dll!GetAsyncKeyState                                     77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExW                                    77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] USER32.dll!SetWindowsHookExA                                    77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] USER32.dll!DdeConnect                                           77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] USER32.dll!EndTask                                              77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] SHELL32.dll!ShellExecuteExW                                     7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] SHELL32.dll!ShellExecuteEx                                      7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] SHELL32.dll!ShellExecuteA                                       7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\svchost.exe[988] SHELL32.dll!ShellExecuteW                                       7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtLoadDriver                                         7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtLoadDriver + 4                                     7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtSuspendProcess                                     7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\svchost.exe[1052] ntdll.dll!NtSuspendProcess + 4                                 7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryExW                                    7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryA                                      7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!TerminateProcess                                  7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!WriteProcessMemory                                7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessW                                    7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateProcessA                                    7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!GetProcAddress                                    7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!LoadLibraryW                                      7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateRemoteThread                                7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!CreateRemoteThread + 4                            7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!ExitProcess                                       7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!TerminateThread                                   7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!DebugActiveProcess                                7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] kernel32.dll!WinExec                                           7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!LsaRemoveAccountRights                            77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] ADVAPI32.dll!CreateServiceA                                    77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!GetKeyState                                         77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!GetAsyncKeyState                                    77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExW                                   77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!SetWindowsHookExA                                   77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!DdeConnect                                          77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] USER32.dll!EndTask                                             77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] SHELL32.dll!ShellExecuteExW                                    7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] SHELL32.dll!ShellExecuteEx                                     7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] SHELL32.dll!ShellExecuteA                                      7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\svchost.exe[1052] SHELL32.dll!ShellExecuteW                                      7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtLoadDriver                                         7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtLoadDriver + 4                                     7C91DB72 2 Bytes  [ 53, 5F ]
.text           C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtSuspendProcess                                     7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\svchost.exe[1092] ntdll.dll!NtSuspendProcess + 4                                 7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!LoadLibraryExW                                    7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!LoadLibraryA                                      7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!TerminateProcess                                  7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!WriteProcessMemory                                7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateProcessW                                    7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateProcessA                                    7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!GetProcAddress                                    7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!LoadLibraryW                                      7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateRemoteThread                                7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!CreateRemoteThread + 4                            7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!ExitProcess                                       7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!TerminateThread                                   7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!DebugActiveProcess                                7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] kernel32.dll!WinExec                                           7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!LsaRemoveAccountRights                            77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] ADVAPI32.dll!CreateServiceA                                    77E07071 6 Bytes  JMP 5F550F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] USER32.dll!GetKeyState                                         77D1C379 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] USER32.dll!GetAsyncKeyState                                    77D1D051 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] USER32.dll!SetWindowsHookExW                                   77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] USER32.dll!SetWindowsHookExA                                   77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] USER32.dll!DdeConnect                                          77D57DBC 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] USER32.dll!EndTask                                             77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] SHELL32.dll!ShellExecuteExW                                    7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] SHELL32.dll!ShellExecuteEx                                     7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] SHELL32.dll!ShellExecuteA                                      7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\System32\svchost.exe[1092] SHELL32.dll!ShellExecuteW                                      7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] ntdll.dll!NtLoadDriver               7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] ntdll.dll!NtLoadDriver + 4           7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] ntdll.dll!NtSuspendProcess           7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] ntdll.dll!NtSuspendProcess + 4       7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] KERNEL32.dll!LoadLibraryExW          7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] KERNEL32.dll!LoadLibraryA            7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] KERNEL32.dll!TerminateProcess        7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] KERNEL32.dll!WriteProcessMemory      7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] KERNEL32.dll!CreateProcessW          7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] KERNEL32.dll!CreateProcessA          7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] KERNEL32.dll!GetProcAddress          7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] KERNEL32.dll!LoadLibraryW            7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] KERNEL32.dll!CreateRemoteThread      7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] KERNEL32.dll!CreateRemoteThread + 4  7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] KERNEL32.dll!ExitProcess             7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] KERNEL32.dll!TerminateThread         7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] KERNEL32.dll!DebugActiveProcess      7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] KERNEL32.dll!WinExec                 7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] ADVAPI32.dll!LsaRemoveAccountRights  77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] ADVAPI32.dll!CreateServiceA          77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] USER32.dll!GetKeyState               77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] USER32.dll!GetAsyncKeyState          77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] USER32.dll!SetWindowsHookExW         77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] USER32.dll!SetWindowsHookExA         77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] USER32.dll!DdeConnect                77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] USER32.dll!EndTask                   77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] shell32.dll!ShellExecuteExW          7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] shell32.dll!ShellExecuteEx           7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] shell32.dll!ShellExecuteA            7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\ATI Technologies\ATI.ACE\Core-Static\ccc.exe[1128] shell32.dll!ShellExecuteW            7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!NtLoadDriver                                         7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!NtLoadDriver + 4                                     7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!NtSuspendProcess                                     7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\svchost.exe[1136] ntdll.dll!NtSuspendProcess + 4                                 7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryExW                                    7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryA                                      7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!TerminateProcess                                  7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!WriteProcessMemory                                7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateProcessW                                    7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateProcessA                                    7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!GetProcAddress                                    7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!LoadLibraryW                                      7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateRemoteThread                                7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!CreateRemoteThread + 4                            7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!ExitProcess                                       7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!TerminateThread                                   7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!DebugActiveProcess                                7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] kernel32.dll!WinExec                                           7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!LsaRemoveAccountRights                            77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] ADVAPI32.dll!CreateServiceA                                    77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!GetKeyState                                         77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!GetAsyncKeyState                                    77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!SetWindowsHookExW                                   77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!SetWindowsHookExA                                   77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!DdeConnect                                          77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] USER32.dll!EndTask                                             77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] SHELL32.dll!ShellExecuteExW                                    7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] SHELL32.dll!ShellExecuteEx                                     7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] SHELL32.dll!ShellExecuteA                                      7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\System32\svchost.exe[1136] SHELL32.dll!ShellExecuteW                                      7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] ntdll.dll!NtLoadDriver                                7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] ntdll.dll!NtLoadDriver + 4                            7C91DB72 2 Bytes  [ 44, 5F ]
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] ntdll.dll!NtSuspendProcess                            7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] ntdll.dll!NtSuspendProcess + 4                        7C91E83E 2 Bytes  [ 2F, 5F ]
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] kernel32.dll!LoadLibraryExW                           7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] kernel32.dll!LoadLibraryA                             7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] kernel32.dll!TerminateProcess                         7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] kernel32.dll!WriteProcessMemory                       7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] kernel32.dll!CreateProcessW                           7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] kernel32.dll!CreateProcessA                           7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] kernel32.dll!GetProcAddress                           7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] kernel32.dll!LoadLibraryW                             7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] kernel32.dll!CreateRemoteThread                       7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] kernel32.dll!CreateRemoteThread + 4                   7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] kernel32.dll!ExitProcess                              7C81CAA2 6 Bytes  JMP 5F370F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] kernel32.dll!TerminateThread                          7C81CACB 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] kernel32.dll!DebugActiveProcess                       7C859F0B 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] kernel32.dll!WinExec                                  7C86114D 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] user32.dll!GetKeyState                                77D1C379 6 Bytes  JMP 5F3A0F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] user32.dll!GetAsyncKeyState                           77D1D051 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] user32.dll!SetWindowsHookExW                          77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] user32.dll!SetWindowsHookExA                          77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] user32.dll!DdeConnect                                 77D57DBC 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] user32.dll!EndTask                                    77D59C9D 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] advapi32.dll!LsaRemoveAccountRights                   77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\PurgeIE\PurgeIE_Service.exe[1212] advapi32.dll!CreateServiceA                           77E07071 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] ntdll.dll!NtLoadDriver                                        7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] ntdll.dll!NtLoadDriver + 4                                    7C91DB72 2 Bytes  [ 47, 5F ]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] ntdll.dll!NtSuspendProcess                                    7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] ntdll.dll!NtSuspendProcess + 4                                7C91E83E 2 Bytes  [ 2F, 5F ]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!LoadLibraryExW                                   7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!LoadLibraryA                                     7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!TerminateProcess                                 7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!WriteProcessMemory                               7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!CreateProcessW                                   7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!CreateProcessA                                   7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!GetProcAddress                                   7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!LoadLibraryW                                     7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!CreateRemoteThread                               7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!CreateRemoteThread + 4                           7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!ExitProcess                                      7C81CAA2 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!TerminateThread                                  7C81CACB 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!DebugActiveProcess                               7C859F0B 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] kernel32.dll!WinExec                                          7C86114D 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] USER32.dll!GetKeyState                                        77D1C379 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] USER32.dll!GetAsyncKeyState                                   77D1D051 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] USER32.dll!SetWindowsHookExW                                  77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] USER32.dll!SetWindowsHookExA                                  77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] USER32.dll!DdeConnect                                         77D57DBC 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] USER32.dll!EndTask                                            77D59C9D 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] ADVAPI32.dll!LsaRemoveAccountRights                           77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\Ati2evxx.exe[1240] ADVAPI32.dll!CreateServiceA                                   77E07071 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtLoadDriver                                         7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtLoadDriver + 4                                     7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtSuspendProcess                                     7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\svchost.exe[1268] ntdll.dll!NtSuspendProcess + 4                                 7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadLibraryExW                                    7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadLibraryA                                      7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!TerminateProcess                                  7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!WriteProcessMemory                                7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateProcessW                                    7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateProcessA                                    7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!GetProcAddress                                    7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!LoadLibraryW                                      7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateRemoteThread                                7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!CreateRemoteThread + 4                            7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!ExitProcess                                       7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!TerminateThread                                   7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!DebugActiveProcess                                7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] kernel32.dll!WinExec                                           7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!LsaRemoveAccountRights                            77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] ADVAPI32.dll!CreateServiceA                                    77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetKeyState                                         77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!GetAsyncKeyState                                    77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!SetWindowsHookExW                                   77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!SetWindowsHookExA                                   77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!DdeConnect                                          77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] USER32.dll!EndTask                                             77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!ShellExecuteExW                                    7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!ShellExecuteEx                                     7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!ShellExecuteA                                      7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\System32\svchost.exe[1268] SHELL32.dll!ShellExecuteW                                      7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] ntdll.dll!NtLoadDriver                                         7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\svchost.exe[1288] ntdll.dll!NtLoadDriver + 4                                     7C91DB72 2 Bytes  [ 53, 5F ]
.text           C:\WINDOWS\System32\svchost.exe[1288] ntdll.dll!NtSuspendProcess                                     7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\svchost.exe[1288] ntdll.dll!NtSuspendProcess + 4                                 7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryExW                                    7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryA                                      7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!TerminateProcess                                  7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!WriteProcessMemory                                7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateProcessW                                    7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateProcessA                                    7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!GetProcAddress                                    7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!LoadLibraryW                                      7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateRemoteThread                                7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!CreateRemoteThread + 4                            7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!ExitProcess                                       7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!TerminateThread                                   7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!DebugActiveProcess                                7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] kernel32.dll!WinExec                                           7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!LsaRemoveAccountRights                            77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] ADVAPI32.dll!CreateServiceA                                    77E07071 6 Bytes  JMP 5F550F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] USER32.dll!GetKeyState                                         77D1C379 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] USER32.dll!GetAsyncKeyState                                    77D1D051 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] USER32.dll!SetWindowsHookExW                                   77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] USER32.dll!SetWindowsHookExA                                   77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] USER32.dll!DdeConnect                                          77D57DBC 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] USER32.dll!EndTask                                             77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] SHELL32.dll!ShellExecuteExW                                    7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] SHELL32.dll!ShellExecuteEx                                     7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] SHELL32.dll!ShellExecuteA                                      7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\System32\svchost.exe[1288] SHELL32.dll!ShellExecuteW                                      7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] ntdll.dll!NtLoadDriver                      7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] ntdll.dll!NtLoadDriver + 4                  7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] ntdll.dll!NtSuspendProcess                  7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] ntdll.dll!NtSuspendProcess + 4              7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] kernel32.dll!LoadLibraryExW                 7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] kernel32.dll!LoadLibraryA                   7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] kernel32.dll!TerminateProcess               7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] kernel32.dll!WriteProcessMemory             7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] kernel32.dll!CreateProcessW                 7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] kernel32.dll!CreateProcessA                 7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] kernel32.dll!GetProcAddress                 7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] kernel32.dll!LoadLibraryW                   7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] kernel32.dll!CreateRemoteThread             7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] kernel32.dll!CreateRemoteThread + 4         7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] kernel32.dll!ExitProcess                    7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] kernel32.dll!TerminateThread                7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] kernel32.dll!DebugActiveProcess             7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] kernel32.dll!WinExec                        7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] ADVAPI32.dll!LsaRemoveAccountRights         77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] ADVAPI32.dll!CreateServiceA                 77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] SHELL32.dll!ShellExecuteExW                 7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] SHELL32.dll!ShellExecuteEx                  7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] SHELL32.dll!ShellExecuteA                   7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] SHELL32.dll!ShellExecuteW                   7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] USER32.dll!GetKeyState                      77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] USER32.dll!GetAsyncKeyState                 77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] USER32.dll!SetWindowsHookExW                77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] USER32.dll!SetWindowsHookExA                77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] USER32.dll!DdeConnect                       77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe[1540] USER32.dll!EndTask                          77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] ntdll.dll!NtLoadDriver                                                 7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\Explorer.EXE[1724] ntdll.dll!NtLoadDriver + 4                                             7C91DB72 2 Bytes  [ 53, 5F ]
.text           C:\WINDOWS\Explorer.EXE[1724] ntdll.dll!NtSuspendProcess                                             7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\Explorer.EXE[1724] ntdll.dll!NtSuspendProcess + 4                                         7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!LoadLibraryExW                                            7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!LoadLibraryA                                              7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!TerminateProcess                                          7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!WriteProcessMemory                                        7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!CreateProcessW                                            7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!CreateProcessA                                            7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!GetProcAddress                                            7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!LoadLibraryW                                              7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!CreateRemoteThread                                        7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!CreateRemoteThread + 4                                    7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!ExitProcess                                               7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!TerminateThread                                           7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!DebugActiveProcess                                        7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] kernel32.dll!WinExec                                                   7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] ADVAPI32.dll!LsaRemoveAccountRights                                    77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] ADVAPI32.dll!CreateServiceA                                            77E07071 6 Bytes  JMP 5F550F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] USER32.dll!GetKeyState                                                 77D1C379 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] USER32.dll!GetAsyncKeyState                                            77D1D051 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] USER32.dll!SetWindowsHookExW                                           77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] USER32.dll!SetWindowsHookExA                                           77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] USER32.dll!DdeConnect                                                  77D57DBC 6 Bytes  JMP 5F4F0F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] USER32.dll!EndTask                                                     77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] SHELL32.dll!ShellExecuteExW                                            7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] SHELL32.dll!ShellExecuteEx                                             7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] SHELL32.dll!ShellExecuteA                                              7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\Explorer.EXE[1724] SHELL32.dll!ShellExecuteW                                              7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] ntdll.dll!NtLoadDriver                                         7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] ntdll.dll!NtLoadDriver + 4                                     7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] ntdll.dll!NtSuspendProcess                                     7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] ntdll.dll!NtSuspendProcess + 4                                 7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!LoadLibraryExW                                    7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!LoadLibraryA                                      7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!TerminateProcess                                  7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!WriteProcessMemory                                7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!CreateProcessW                                    7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!CreateProcessA                                    7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!GetProcAddress                                    7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!LoadLibraryW                                      7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!CreateRemoteThread                                7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!CreateRemoteThread + 4                            7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!ExitProcess                                       7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!TerminateThread                                   7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!DebugActiveProcess                                7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] kernel32.dll!WinExec                                           7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] USER32.dll!GetKeyState                                         77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] USER32.dll!GetAsyncKeyState                                    77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] USER32.dll!SetWindowsHookExW                                   77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] USER32.dll!SetWindowsHookExA                                   77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] USER32.dll!DdeConnect                                          77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] USER32.dll!EndTask                                             77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] ADVAPI32.dll!LsaRemoveAccountRights                            77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] ADVAPI32.dll!CreateServiceA                                    77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] SHELL32.dll!ShellExecuteExW                                    7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] SHELL32.dll!ShellExecuteEx                                     7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] SHELL32.dll!ShellExecuteA                                      7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\LEXBCES.EXE[1816] SHELL32.dll!ShellExecuteW                                      7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] ntdll.dll!NtLoadDriver                                         7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\spoolsv.exe[1848] ntdll.dll!NtLoadDriver + 4                                     7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\WINDOWS\system32\spoolsv.exe[1848] ntdll.dll!NtSuspendProcess                                     7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\spoolsv.exe[1848] ntdll.dll!NtSuspendProcess + 4                                 7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!LoadLibraryExW                                    7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!LoadLibraryA                                      7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!TerminateProcess                                  7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!WriteProcessMemory                                7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!CreateProcessW                                    7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!CreateProcessA                                    7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!GetProcAddress                                    7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!LoadLibraryW                                      7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!CreateRemoteThread                                7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!CreateRemoteThread + 4                            7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!ExitProcess                                       7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!TerminateThread                                   7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!DebugActiveProcess                                7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] kernel32.dll!WinExec                                           7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] ADVAPI32.dll!LsaRemoveAccountRights                            77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] ADVAPI32.dll!CreateServiceA                                    77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] USER32.dll!GetKeyState                                         77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] USER32.dll!GetAsyncKeyState                                    77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] USER32.dll!SetWindowsHookExW                                   77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] USER32.dll!SetWindowsHookExA                                   77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] USER32.dll!DdeConnect                                          77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] USER32.dll!EndTask                                             77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] SHELL32.dll!ShellExecuteExW                                    7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] SHELL32.dll!ShellExecuteEx                                     7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] SHELL32.dll!ShellExecuteA                                      7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\spoolsv.exe[1848] SHELL32.dll!ShellExecuteW                                      7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] ntdll.dll!NtLoadDriver                                          7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] ntdll.dll!NtLoadDriver + 4                                      7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] ntdll.dll!NtSuspendProcess                                      7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] ntdll.dll!NtSuspendProcess + 4                                  7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] kernel32.dll!LoadLibraryExW                                     7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] kernel32.dll!LoadLibraryA                                       7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] kernel32.dll!TerminateProcess                                   7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] kernel32.dll!WriteProcessMemory                                 7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] kernel32.dll!CreateProcessW                                     7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] kernel32.dll!CreateProcessA                                     7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] kernel32.dll!GetProcAddress                                     7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] kernel32.dll!LoadLibraryW                                       7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] kernel32.dll!CreateRemoteThread                                 7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] kernel32.dll!CreateRemoteThread + 4                             7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] kernel32.dll!ExitProcess                                        7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] kernel32.dll!TerminateThread                                    7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] kernel32.dll!DebugActiveProcess                                 7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] kernel32.dll!WinExec                                            7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] ADVAPI32.dll!LsaRemoveAccountRights                             77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] ADVAPI32.dll!CreateServiceA                                     77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] USER32.dll!GetKeyState                                          77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] USER32.dll!GetAsyncKeyState                                     77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] USER32.dll!SetWindowsHookExW                                    77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] USER32.dll!SetWindowsHookExA                                    77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] USER32.dll!DdeConnect                                           77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] USER32.dll!EndTask                                              77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] SHELL32.dll!ShellExecuteExW                                     7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] SHELL32.dll!ShellExecuteEx                                      7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] SHELL32.dll!ShellExecuteA                                       7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\LEXPPS.EXE[1856] SHELL32.dll!ShellExecuteW                                       7CAC2988 6 Bytes  JMP 5F2B0F5A

[Gernot1]

GMER TEil2:

Code:

Monitor.exe[1992] ntdll.dll!NtLoadDriver                7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] ntdll.dll!NtLoadDriver + 4            7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] ntdll.dll!NtSuspendProcess            7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] ntdll.dll!NtSuspendProcess + 4        7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] kernel32.dll!LoadLibraryExW           7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] kernel32.dll!LoadLibraryA             7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] kernel32.dll!TerminateProcess         7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] kernel32.dll!WriteProcessMemory       7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] kernel32.dll!CreateProcessW           7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] kernel32.dll!CreateProcessA           7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] kernel32.dll!GetProcAddress           7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] kernel32.dll!LoadLibraryW             7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] kernel32.dll!CreateRemoteThread       7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] kernel32.dll!CreateRemoteThread + 4   7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] kernel32.dll!ExitProcess              7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] kernel32.dll!TerminateThread          7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] kernel32.dll!DebugActiveProcess       7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] kernel32.dll!WinExec                  7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] USER32.dll!GetKeyState                77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] USER32.dll!GetAsyncKeyState           77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] USER32.dll!SetWindowsHookExW          77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] USER32.dll!SetWindowsHookExA          77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] USER32.dll!DdeConnect                 77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] USER32.dll!EndTask                    77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] SHELL32.dll!ShellExecuteExW           7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] SHELL32.dll!ShellExecuteEx            7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] SHELL32.dll!ShellExecuteA             7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] SHELL32.dll!ShellExecuteW             7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] ADVAPI32.dll!LsaRemoveAccountRights   77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe[1992] ADVAPI32.dll!CreateServiceA           77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] ntdll.dll!NtLoadDriver                                     7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] ntdll.dll!NtLoadDriver + 4                                 7C91DB72 2 Bytes  [ 52, 5F ]
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] ntdll.dll!NtSuspendProcess                                 7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] ntdll.dll!NtSuspendProcess + 4                             7C91E83E 2 Bytes  [ 3D, 5F ]
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] kernel32.dll!LoadLibraryExW                                7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] kernel32.dll!LoadLibraryA                                  7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] kernel32.dll!TerminateProcess                              7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] kernel32.dll!WriteProcessMemory                            7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] kernel32.dll!CreateProcessW                                7C802332 6 Bytes  JMP 5F270F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] kernel32.dll!CreateProcessA                                7C802367 6 Bytes  JMP 5F240F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] kernel32.dll!GetProcAddress                                7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] kernel32.dll!LoadLibraryW                                  7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] kernel32.dll!CreateRemoteThread                            7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] kernel32.dll!CreateRemoteThread + 4                        7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] kernel32.dll!ExitProcess                                   7C81CAA2 6 Bytes  JMP 5F450F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] kernel32.dll!TerminateThread                               7C81CACB 6 Bytes  JMP 5F3F0F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] kernel32.dll!DebugActiveProcess                            7C859F0B 6 Bytes  JMP 5F420F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] kernel32.dll!WinExec                                       7C86114D 6 Bytes  JMP 5F360F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] ADVAPI32.dll!LsaRemoveAccountRights                        77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] ADVAPI32.dll!CreateServiceA                                77E07071 6 Bytes  JMP 5F540F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] USER32.dll!GetKeyState                                     77D1C379 6 Bytes  JMP 5F480F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] USER32.dll!GetAsyncKeyState                                77D1D051 6 Bytes  JMP 5F4B0F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] USER32.dll!SetWindowsHookExW                               77D3E621 6 Bytes  JMP 5F210F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] USER32.dll!SetWindowsHookExA                               77D402B2 6 Bytes  JMP 5F1E0F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] USER32.dll!DdeConnect                                      77D57DBC 6 Bytes  JMP 5F4E0F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] USER32.dll!EndTask                                         77D59C9D 6 Bytes  JMP 5F390F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] SHELL32.dll!ShellExecuteExW                                7CA1D5FE 6 Bytes  JMP 5F330F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] SHELL32.dll!ShellExecuteEx                                 7CA1FB1C 6 Bytes  JMP 5F300F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] SHELL32.dll!ShellExecuteA                                  7CA1FE44 6 Bytes  JMP 5F2A0F5A 
.text           C:\Programme\VIA\RAID\raid_tool.exe[2004] SHELL32.dll!ShellExecuteW                                  7CAC2988 6 Bytes  JMP 5F2D0F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] ntdll.dll!NtLoadDriver                                 7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] ntdll.dll!NtLoadDriver + 4                             7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] ntdll.dll!NtSuspendProcess                             7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] ntdll.dll!NtSuspendProcess + 4                         7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] kernel32.dll!LoadLibraryExW                            7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] kernel32.dll!LoadLibraryA                              7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] kernel32.dll!TerminateProcess                          7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] kernel32.dll!WriteProcessMemory                        7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] kernel32.dll!CreateProcessW                            7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] kernel32.dll!CreateProcessA                            7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] kernel32.dll!GetProcAddress                            7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] kernel32.dll!LoadLibraryW                              7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] kernel32.dll!CreateRemoteThread                        7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] kernel32.dll!CreateRemoteThread + 4                    7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] kernel32.dll!ExitProcess                               7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] kernel32.dll!TerminateThread                           7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] kernel32.dll!DebugActiveProcess                        7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] kernel32.dll!WinExec                                   7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] ADVAPI32.dll!LsaRemoveAccountRights                    77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] ADVAPI32.dll!CreateServiceA                            77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] USER32.dll!GetKeyState                                 77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] USER32.dll!GetAsyncKeyState                            77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] USER32.dll!SetWindowsHookExW                           77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] USER32.dll!SetWindowsHookExA                           77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] USER32.dll!DdeConnect                                  77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] USER32.dll!EndTask                                     77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] SHELL32.DLL!ShellExecuteExW                            7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] SHELL32.DLL!ShellExecuteEx                             7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] SHELL32.DLL!ShellExecuteA                              7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\VIAudioi\SBADeck\ADeck.exe[2012] SHELL32.DLL!ShellExecuteW                              7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] ntdll.dll!NtLoadDriver                           7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] ntdll.dll!NtLoadDriver + 4                       7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] ntdll.dll!NtSuspendProcess                       7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] ntdll.dll!NtSuspendProcess + 4                   7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] kernel32.dll!LoadLibraryExW                      7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] kernel32.dll!LoadLibraryA                        7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] kernel32.dll!TerminateProcess                    7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] kernel32.dll!WriteProcessMemory                  7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] kernel32.dll!CreateProcessW                      7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] kernel32.dll!CreateProcessA                      7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] kernel32.dll!GetProcAddress                      7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] kernel32.dll!LoadLibraryW                        7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] kernel32.dll!CreateRemoteThread                  7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] kernel32.dll!CreateRemoteThread + 4              7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] kernel32.dll!ExitProcess                         7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] kernel32.dll!TerminateThread                     7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] kernel32.dll!DebugActiveProcess                  7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] kernel32.dll!WinExec                             7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] USER32.dll!GetKeyState                           77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] USER32.dll!GetAsyncKeyState                      77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] USER32.dll!SetWindowsHookExW                     77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] USER32.dll!SetWindowsHookExA                     77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] USER32.dll!DdeConnect                            77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] USER32.dll!EndTask                               77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] ADVAPI32.dll!LsaRemoveAccountRights              77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] ADVAPI32.dll!CreateServiceA                      77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] SHELL32.dll!ShellExecuteExW                      7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] SHELL32.dll!ShellExecuteEx                       7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] SHELL32.dll!ShellExecuteA                        7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\Lexmark 1200 Series\lxczbmgr.exe[2020] SHELL32.dll!ShellExecuteW                        7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] ntdll.dll!NtLoadDriver                  7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] ntdll.dll!NtLoadDriver + 4              7C91DB72 2 Bytes  [ 53, 5F ]
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] ntdll.dll!NtSuspendProcess              7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] ntdll.dll!NtSuspendProcess + 4          7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] kernel32.dll!LoadLibraryExW             7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] kernel32.dll!LoadLibraryA               7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] kernel32.dll!TerminateProcess           7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] kernel32.dll!WriteProcessMemory         7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] kernel32.dll!CreateProcessW             7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] kernel32.dll!CreateProcessA             7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] kernel32.dll!GetProcAddress             7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] kernel32.dll!LoadLibraryW               7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] kernel32.dll!CreateRemoteThread         7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] kernel32.dll!CreateRemoteThread + 4     7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] kernel32.dll!ExitProcess                7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] kernel32.dll!TerminateThread            7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] kernel32.dll!DebugActiveProcess         7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] kernel32.dll!WinExec                    7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] USER32.dll!GetKeyState                  77D1C379 6 Bytes  JMP 5F490F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] USER32.dll!GetAsyncKeyState             77D1D051 6 Bytes  JMP 5F4C0F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] USER32.dll!SetWindowsHookExW            77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] USER32.dll!SetWindowsHookExA            77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] USER32.dll!DdeConnect                   77D57DBC 6 Bytes  JMP 5F4F0F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] USER32.dll!EndTask                      77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] ADVAPI32.dll!LsaRemoveAccountRights     77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] ADVAPI32.dll!CreateServiceA             77E07071 6 Bytes  JMP 5F550F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] SHELL32.dll!ShellExecuteExW             7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] SHELL32.dll!ShellExecuteEx              7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] SHELL32.dll!ShellExecuteA               7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2036] SHELL32.dll!ShellExecuteW               7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] ntdll.dll!NtLoadDriver                                             7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\alg.exe[2532] ntdll.dll!NtLoadDriver + 4                                         7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\WINDOWS\System32\alg.exe[2532] ntdll.dll!NtSuspendProcess                                         7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\alg.exe[2532] ntdll.dll!NtSuspendProcess + 4                                     7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\WINDOWS\System32\alg.exe[2532] kernel32.dll!LoadLibraryExW                                        7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] kernel32.dll!LoadLibraryA                                          7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] kernel32.dll!TerminateProcess                                      7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] kernel32.dll!WriteProcessMemory                                    7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] kernel32.dll!CreateProcessW                                        7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] kernel32.dll!CreateProcessA                                        7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] kernel32.dll!GetProcAddress                                        7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] kernel32.dll!LoadLibraryW                                          7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] kernel32.dll!CreateRemoteThread                                    7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\System32\alg.exe[2532] kernel32.dll!CreateRemoteThread + 4                                7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\System32\alg.exe[2532] kernel32.dll!ExitProcess                                           7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] kernel32.dll!TerminateThread                                       7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] kernel32.dll!DebugActiveProcess                                    7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] kernel32.dll!WinExec                                               7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] USER32.dll!GetKeyState                                             77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] USER32.dll!GetAsyncKeyState                                        77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] USER32.dll!SetWindowsHookExW                                       77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] USER32.dll!SetWindowsHookExA                                       77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] USER32.dll!DdeConnect                                              77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] USER32.dll!EndTask                                                 77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] ADVAPI32.dll!LsaRemoveAccountRights                                77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] ADVAPI32.dll!CreateServiceA                                        77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] SHELL32.dll!ShellExecuteExW                                        7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] SHELL32.dll!ShellExecuteEx                                         7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] SHELL32.dll!ShellExecuteA                                          7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\System32\alg.exe[2532] SHELL32.dll!ShellExecuteW                                          7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] ntdll.dll!NtLoadDriver                 7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] ntdll.dll!NtLoadDriver + 4             7C91DB72 2 Bytes  [ 46, 5F ]
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] ntdll.dll!NtSuspendProcess             7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] ntdll.dll!NtSuspendProcess + 4         7C91E83E 2 Bytes  [ 31, 5F ]
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!LoadLibraryExW            7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!LoadLibraryA              7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!TerminateProcess          7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!WriteProcessMemory        7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!CreateProcessW            7C802332 6 Bytes  JMP 5F270F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!CreateProcessA            7C802367 6 Bytes  JMP 5F240F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!FreeLibrary + 15          7C80AA7B 4 Bytes  [ BD, 55, EF, F4 ]
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!GetProcAddress            7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!LoadLibraryW              7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!CreateRemoteThread        7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!CreateRemoteThread + 4    7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!ExitProcess               7C81CAA2 6 Bytes  JMP 5F390F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!TerminateThread           7C81CACB 6 Bytes  JMP 5F330F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!DebugActiveProcess        7C859F0B 6 Bytes  JMP 5F360F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] kernel32.dll!WinExec                   7C86114D 6 Bytes  JMP 5F2A0F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] USER32.dll!GetKeyState                 77D1C379 6 Bytes  JMP 5F3C0F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] USER32.dll!GetAsyncKeyState            77D1D051 6 Bytes  JMP 5F3F0F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] USER32.dll!SetWindowsHookExW           77D3E621 6 Bytes  JMP 5F210F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] USER32.dll!SetWindowsHookExA           77D402B2 6 Bytes  JMP 5F1E0F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] USER32.dll!DdeConnect                  77D57DBC 6 Bytes  JMP 5F420F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] USER32.dll!EndTask                     77D59C9D 6 Bytes  JMP 5F2D0F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] ADVAPI32.dll!LsaRemoveAccountRights    77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\Dokumente und Einstellungen\Mynioka\Desktop\gmer.exe[2760] ADVAPI32.dll!CreateServiceA            77E07071 6 Bytes  JMP 5F480F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] ntdll.dll!NtLoadDriver                                        7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] ntdll.dll!NtLoadDriver + 4                                    7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] ntdll.dll!NtSuspendProcess                                    7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] ntdll.dll!NtSuspendProcess + 4                                7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!LoadLibraryExW                                   7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!LoadLibraryA                                     7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!TerminateProcess                                 7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!WriteProcessMemory                               7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!CreateProcessW                                   7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!CreateProcessA                                   7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!FreeLibrary + 15                                 7C80AA7B 4 Bytes  [ BD, 55, EF, F4 ]
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!GetProcAddress                                   7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!LoadLibraryW                                     7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!CreateRemoteThread                               7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!CreateRemoteThread + 4                           7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!ExitProcess                                      7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!TerminateThread                                  7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!DebugActiveProcess                               7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] kernel32.dll!WinExec                                          7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] ADVAPI32.dll!LsaRemoveAccountRights                           77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] ADVAPI32.dll!CreateServiceA                                   77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] USER32.dll!GetKeyState                                        77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] USER32.dll!GetAsyncKeyState                                   77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] USER32.dll!SetWindowsHookExW                                  77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] USER32.dll!SetWindowsHookExA                                  77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] USER32.dll!DdeConnect                                         77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] USER32.dll!EndTask                                            77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] SHELL32.dll!ShellExecuteExW                                   7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] SHELL32.dll!ShellExecuteEx                                    7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] SHELL32.dll!ShellExecuteA                                     7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\PROGRA~1\MOZILL~1\FIREFOX.EXE[3220] SHELL32.dll!ShellExecuteW                                     7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] ntdll.dll!NtLoadDriver                                         7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\wuauclt.exe[3488] ntdll.dll!NtLoadDriver + 4                                     7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\WINDOWS\system32\wuauclt.exe[3488] ntdll.dll!NtSuspendProcess                                     7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\wuauclt.exe[3488] ntdll.dll!NtSuspendProcess + 4                                 7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!LoadLibraryExW                                    7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!LoadLibraryA                                      7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!TerminateProcess                                  7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!WriteProcessMemory                                7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!CreateProcessW                                    7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!CreateProcessA                                    7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!FreeLibrary + 15                                  7C80AA7B 4 Bytes  [ BD, 55, EF, F4 ]
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!GetProcAddress                                    7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!LoadLibraryW                                      7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!CreateRemoteThread                                7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!CreateRemoteThread + 4                            7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!ExitProcess                                       7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!TerminateThread                                   7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!DebugActiveProcess                                7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] kernel32.dll!WinExec                                           7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] USER32.dll!GetKeyState                                         77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] USER32.dll!GetAsyncKeyState                                    77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] USER32.dll!SetWindowsHookExW                                   77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] USER32.dll!SetWindowsHookExA                                   77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] USER32.dll!DdeConnect                                          77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] USER32.dll!EndTask                                             77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] ADVAPI32.dll!LsaRemoveAccountRights                            77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] ADVAPI32.dll!CreateServiceA                                    77E07071 6 Bytes  JMP 5F520F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] SHELL32.dll!ShellExecuteExW                                    7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] SHELL32.dll!ShellExecuteEx                                     7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] SHELL32.dll!ShellExecuteA                                      7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\wuauclt.exe[3488] SHELL32.dll!ShellExecuteW                                      7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] ntdll.dll!NtLoadDriver                                         7C91DB6E 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\wscntfy.exe[3836] ntdll.dll!NtLoadDriver + 4                                     7C91DB72 2 Bytes  [ 50, 5F ]
.text           C:\WINDOWS\system32\wscntfy.exe[3836] ntdll.dll!NtSuspendProcess                                     7C91E83A 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\wscntfy.exe[3836] ntdll.dll!NtSuspendProcess + 4                                 7C91E83E 2 Bytes  [ 3B, 5F ]
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!LoadLibraryExW                                    7C801AF1 6 Bytes  JMP 5F070F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!LoadLibraryA                                      7C801D77 6 Bytes  JMP 5F160F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!TerminateProcess                                  7C801E16 6 Bytes  JMP 5F0D0F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!WriteProcessMemory                                7C80220F 6 Bytes  JMP 5F100F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!CreateProcessW                                    7C802332 6 Bytes  JMP 5F250F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!CreateProcessA                                    7C802367 6 Bytes  JMP 5F220F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!FreeLibrary + 15                                  7C80AA7B 4 Bytes  [ BD, 55, EF, F4 ]
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!GetProcAddress                                    7C80AC28 6 Bytes  JMP 5F130F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!LoadLibraryW                                      7C80ACD3 6 Bytes  JMP 5F190F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!CreateRemoteThread                                7C810626 3 Bytes  [ FF, 25, 1E ]
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!CreateRemoteThread + 4                            7C81062A 2 Bytes  [ 05, 5F ]
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!ExitProcess                                       7C81CAA2 6 Bytes  JMP 5F430F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!TerminateThread                                   7C81CACB 6 Bytes  JMP 5F3D0F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!DebugActiveProcess                                7C859F0B 6 Bytes  JMP 5F400F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] kernel32.dll!WinExec                                           7C86114D 6 Bytes  JMP 5F340F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] USER32.dll!GetKeyState                                         77D1C379 6 Bytes  JMP 5F460F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] USER32.dll!GetAsyncKeyState                                    77D1D051 6 Bytes  JMP 5F490F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] USER32.dll!SetWindowsHookExW                                   77D3E621 6 Bytes  JMP 5F1F0F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] USER32.dll!SetWindowsHookExA                                   77D402B2 6 Bytes  JMP 5F1C0F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] USER32.dll!DdeConnect                                          77D57DBC 6 Bytes  JMP 5F4C0F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] USER32.dll!EndTask                                             77D59C9D 6 Bytes  JMP 5F370F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] SHELL32.dll!ShellExecuteExW                                    7CA1D5FE 6 Bytes  JMP 5F310F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] SHELL32.dll!ShellExecuteEx                                     7CA1FB1C 6 Bytes  JMP 5F2E0F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] SHELL32.dll!ShellExecuteA                                      7CA1FE44 6 Bytes  JMP 5F280F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] SHELL32.dll!ShellExecuteW                                      7CAC2988 6 Bytes  JMP 5F2B0F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] ADVAPI32.dll!LsaRemoveAccountRights                            77DEAA41 6 Bytes  JMP 5F0A0F5A 
.text           C:\WINDOWS\system32\wscntfy.exe[3836] ADVAPI32.dll!CreateServiceA                                    77E07071 6 Bytes  JMP 5F520F5A 

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol]                             [EFD28950] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter]                                  [EFD28E70] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter]                                 [EFD28FD0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol]                           [EFD28AC0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol]                             [EFD28AC0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol]                               [EFD28950] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter]                                    [EFD28E70] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter]                                   [EFD28FD0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol]                              [EFD28950] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter]                                  [EFD28FD0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter]                                   [EFD28E70] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol]                            [EFD28AC0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter]                                    [EFD28FD0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol]                                [EFD28950] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter]                                     [EFD28E70] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateFile]                                      [EFD35FB0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol]                             [EFD28AC0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol]                               [EFD28950] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter]                                    [EFD28E70] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter]                                   [EFD28FD0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol]                              [EFD28950] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol]                            [EFD28AC0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter]                                  [EFD28FD0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter]                                   [EFD28E70] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtOpenFile]                                        [EFD21570] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtSetInformationFile]                              [EFD214C0] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateFile]                                      [EFD21670] \SystemRoot\System32\vsdatant.sys
IAT             \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!NtCreateFile]