Seite 1 von 4 123 ... LetzteLetzte
Ergebnis 1 bis 10 von 31

Thema: Internet Verbindung steht, aber IE, Firefox usw. gehen nicht online

  1. 13.08.2010, 20:52 #1
    Holger1773
    Holger1773 ist offline
    Einsteiger
    Registriert seit
    13.08.2010
    Beiträge
    15

    Internet Verbindung steht, aber IE, Firefox usw. gehen nicht online

    Hallo,

    ich habe ein kleines Problem, seit kurzem geht bei mir IE, Firefox und auch chrome nicht mehr online. Ich habe eine Internetverbindung da andere Programme updates ziehen können und auch pingen zum Provider kein Problem ist. Wenn ich den PC starte erhalte ich die Fehlermeldung, Run.dll Fehler C:\user\....\AppData\Local\Temp\sshnas21.dll ---Eintrag GetMainWnd fehlt
    Komischerweise passiert das alles nur unter meinem Benutzerkonto, wenn ich mich mit dem Gast Konto anmelde funktioniert Internet einwandfrei.
    Was noch komisch ist, ist dass zwei Prozesse laufen Fv1.exe und Fv3.exe die auch im temp Ordner sind und die ich nicht kenne und zuordnen kann.

    Wisst Ihr einen Rat?

    Danke Holger

    Code:
    Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:14:53, on 13.08.2010
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.18943)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\HomeCinema\TV Enhance\TVEService.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\avmwlanstick\WLanGUI.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Web.de\LiveUpdate\m2LUTray.exe
C:\Program Files\Napster\napster.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Internetradio Player\ps_agent.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\System32\rundll32.exe
C:\Users\ge012796\AppData\Local\Temp\Fv1.exe
C:\Users\ge012796\AppData\Local\Temp\Fv3.exe
C:\Program Files\FRITZ!DSL\StCenter.exe
C:\Program Files\FRITZ!DSL\FwebProt.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\taskeng.exe
C:\PROGRA~1\COMMON~1\McAfee\MSC\McUICnt.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Windows\System32\mobsync.exe
I:\HiJackThis204.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/?fr=fp-yie8
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer bereitgestellt von Yahoo!
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O1 - Hosts: ::1 localhost
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\mskapbho.dll
O2 - BHO: Videoraptor_WebRipPlugin Class - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Program Files\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20100718102604.dll
O2 - BHO: Windows Live ID-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [TVEService] "C:\Program Files\HomeCinema\TV Enhance\TVEService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe GE
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Skytel] Skytel.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [AVMWlanClient] C:\Program Files\avmwlanstick\wlangui.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe -m
O4 - HKLM\..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe -m
O4 - HKLM\..\Run: [WEB.DE Update] C:\Program Files\WEB.DE\LiveUpdate\m2LUTray.exe
O4 - HKLM\..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe /systray
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
O4 - HKCU\..\Run: [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe" ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [1und1Agent] C:\Program Files\Internetradio Player\ps_agent.exe
O4 - HKCU\..\Run: [Halo2] rundll32.exe C:\Users\ge012796\AppData\Local\Temp\sshnas21.dll,GetMainWnd
O4 - HKCU\..\Run: [Metropolis] rundll32.exe C:\Users\ge012796\AppData\Local\Temp\sshnas21.dll,GetHandle
O4 - HKCU\..\Run: [ZE18MW23GY] C:\Users\ge012796\AppData\Local\Temp\Fv1.exe
O4 - HKCU\..\Run: [JRMX9X1GML] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe (User 'Default user')
O4 - Startup: FRITZ!DSL Internet.lnk = C:\Program Files\FRITZ!DSL\FritzDsl.exe
O4 - Startup: FRITZ!DSL Protect.lnk = C:\Program Files\FRITZ!DSL\FwebProt.exe
O4 - Startup: HDDlife.lnk = C:\Program Files\zoneLINK\HDDlife\HDDlifePro.exe
O4 - Startup: OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Startup: OneNote Inhaltsverzeichnis.onetoc2
O4 - Global Startup: FRITZ!DSL Startcenter.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing)
O9 - Extra button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-37276-17534-25/4 (file missing) (HKCU)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} (HidInputMonitorX Control) - file:///C:/Users/ge012796/Videos/Schottland_270708/components/hidinputmonitorx.ocx
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} (A9Helper.A9) - file:///C:/Users/ge012796/Videos/Schottland_270708/components/A9.ocx
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} (Attachment Upload Control) - https://stream.web.de/mail/activex/m...load_11213.cab
O16 - DPF: {5BF3E4A3-7E64-4D53-B512-2E242E837D24} (CMCEInputCtl Object) - https://einfach.otto.de/ottoproj/ott...CEControls.cab
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} (WMVHDRatingCtrl Class) - file:///C:/Users/ge012796/Videos/Schottland_270708/components/wmvhdrating.ocx
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{7A10DED1-B66D-4DAB-88AC-844DB80971CE}: NameServer = 192.76.144.66
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AVM WLAN Connection Service - AVM Berlin - C:\Program Files\avmwlanstick\WlanNetService.exe
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: AVM IGD CTRL Service (IGDCTRL) - AVM Berlin - C:\Program Files\FRITZ!DSL\IGDCTRL.EXE
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
O23 - Service: McAfee Personal Firewall (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\system32\IoctlSvc.exe
O23 - Service: ProtexisLicensing - Unknown owner - C:\Windows\system32\PSIService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\Cyberlink\Shared files\RichVideo.exe
O23 - Service: TVEnhance Background Capture Service (TBCS) (TVECapSvc) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe
O23 - Service: TVEnhance Task Scheduler (TTS)) (TVESched) - Unknown owner - C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe
O23 - Service: UPnPService - Magix AG - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
O23 - Service: X10 Device Network Service (x10nets) - X10 - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

--
End of file - 15405 bytes
    Geändert von Petra (22.08.2010 um 19:32 Uhr) Grund: Code-Tags korrigiert
  2. 13.08.2010, 23:19 #2
    Swisstreasure
    Swisstreasure ist offline
    Moderator Team-Mitglied Avatar von Swisstreasure
    Registriert seit
    13.08.2009
    Ort
    Schweiz
    Beiträge
    3.660
    Swisstreasure eine Nachricht über MSN schicken

    AW: Internet Verbindung steht, aber IE, Firefox usw. gehen nicht online

    Willkommen im HijackThis.de Supportforum Holger,

    ein System zu bereinigen ist unter Umständen aufwändig und mit einiger Arbeit für Dich verbunden.
    Bitte folgende Punkte beachten:
    • Respektiere unsere Forenregeln und sei nicht zu ungeduldig, wenn es mal etwas länger dauert.
    • Während der Bereinigung alle vorhandenen externen Speichermedien (USB Sticks, Festplatten) anschließen,
    • und keine Programme ohne Absprache installieren oder deinstallieren.
    • Programme ausschließlich von den in unserer Anleitung angegebenen Links herunterladen!
    • Logfiles in Code-Tags posten und ggfs. persönliche Daten anonymisieren.
    • Arbeite jeden Punkt der Reihe nach ab und berichte, dass Du ihn erledigt hast.
    • Wenn es ein Problem gibt, stoppen und es so genau wie möglich beschreiben.


    • Achtung: Das Verschwinden der Symptome bedeutet nicht das Dein Rechner schon sauber ist.
      Bitte arbeite solange mit bis wir sagen, dass der Rechner sauber ist.
    • Nur Anleitungen/Anweisungen eines hier aufgeführten Team-Mitglieds ausführen.
    • Es gibt grundsätzlich keinen Support per PN oder Mail.
    • Wir bereinigen keine Rechner, die geschäftlich genutzt werden.
    • Der Besitz legaler Software ist Vorraussetzung für die Support.
      Sollten wir illegale Software finden, wird der Support eingestellt.

    Vista und Win7 User:
    • Alle Programme und Tools, die wir anordnen, immer mit Rechtsklick und Als Administrator ausführen.


    Schritt 1

    Kannst Du auf Deinem Computer alle Dateien und Datei-Endungen sehen? Falls nein, bitte diese Einstellungen in den Ordneroptionen vornehmen.


    Schritt 2

    Systemscan mit OTL

    Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
    • Doppelklick auf die OTL.exe
    • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
    • Oben findest Du ein Kästchen mit Ausgabe.
      Wähle bitte Minimal-Ausgabe
    • Unter Extra-Registrierung wähle bitte Benutze SafeList.
    • Mache Häckchen bei LOP- und Purity-Prüfung.
    • Klicke nun auf Scan links oben.


    • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
      Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
    • Poste die Logfiles in Code-Tags hier in den Thread.


    Schritt 3

    Rootkit-Suche mit Gmer

    Was sind Rootkits?

    Wichtig: Bei jedem Rootkit-Scans soll/en:
    • Deaktiviere zunächst nach dieser Anleitung evtl. vorhandene CD-Emulatoren wie Alcohol, Daemon-Tools oder ähnliche.
    • Alle anderen Programme gegen Viren, Spyware, usw. deaktiviert sein,
    • keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
    • nichts am Rechner getan werden,
    • nach jedem Scan der Rechner neu gestartet werden.
    • Nicht vergessen, nach dem Rootkit-Scan die Security-Programme wieder einzuschalten!


    Lade Dir Gmer von dieser Seite herunter
    (auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
    • Gmer ist geeignet für => NT/W2K/XP/VISTA (nur 32Bit).
    • Alle anderen Programme sollen geschlossen sein.
    • Starte gmer.exe (hat einen willkürlichen Programm-Namen).
    • Vista-User mit Rechtsklick und als Administrator starten.
    • Gmer startet automatisch einen ersten Scan.
    • Sollte sich ein Fenster mit folgender Warnung öffnen:
      Code:
      WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system?
    • Unbedingt auf "No" klicken,
      in dem Fall über den Save-Button das bisherige Resultat auf dem Desktop als gmer_first.log speichern.

      .
    • Falls das nicht der Fall war, wähle nun den Reiter "Rootkit/Malware",
    • Hake an: System, Sections, Devices, Modules, Processes, Threads, Libraries, Services, Registry und Files.
    • Wichtig: "Show all" darf nicht angehakt sein!
    • Starte den Scan durch Drücken des Buttons "Scan".
      Mache nichts am Computer während der Scan läuft (unten links wird angezeigt, was gerade gescannt wird).
    • Wenn der Scan fertig ist, bleibt die Zeile leer.
      Kllicke auf "Save" und speichere das Logfile als gmer.log auf dem Desktop.
      Mit "Ok" wird Gmer beendet.

    Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

    Nun das Logfile in Code-Tags posten.
    Gruss Swiss

    freiwillige Spende
  3. 14.08.2010, 13:02 #3
    Holger1773
    Holger1773 ist offline
    Einsteiger
    Registriert seit
    13.08.2010
    Beiträge
    15

    AW: Internet Verbindung steht, aber IE, Firefox usw. gehen nicht online

    Hallo,

    anbei die noch fehlenden Logfiles. Ich hoffe Ihr könnt daraus was ersehen und finden. Danke allen die helfen.

    Code:
    OTL logfile created on: 14.08.2010 10:19:16 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\ge012796\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 620,18 Gb Free Space | 68,04% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 1,16 Gb Free Space | 5,80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3,78 Gb Total Space | 3,62 Gb Free Space | 95,81% Space Free | Partition Type: FAT32
 
Computer Name: GE012796-PC
Current User Name: ge012796
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ge012796\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (ApexDC++ Development Team)
PRC - C:\Users\ge012796\AppData\Local\Temp\Fv1.exe (ApexDC++ Development Team)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
PRC - C:\Programme\McAfee\MSM\McSmtFwk.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\MSC\McUICnt.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\Core\mchost.exe (McAfee, Inc.)
PRC - C:\Programme\Web.de\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Internetradio Player\ps_agent.exe (phonostar)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE ()
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Napster\napster.exe (Napster)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\ge012796\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 40 8E 31 3D 86 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "1und1 Suche"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://web.de"
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:1.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..keyword.URL: "http://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=http://suche.web.de/search/web/?origin=searchplugin&su="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\videoraptor-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Videoraptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\ [2009.07.05 09:53:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.10 19:11:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.10 19:11:15 | 000,000,000 | ---D | M]
 
[2010.02.19 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\mozilla\Extensions
[2010.08.13 17:27:42 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\mozilla\Firefox\Profiles\reo7tjns.default\extensions
[2010.05.01 09:03:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ge012796\AppData\Roaming\mozilla\Firefox\Profiles\reo7tjns.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.19 18:28:53 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\ge012796\AppData\Roaming\mozilla\Firefox\Profiles\reo7tjns.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.04.10 15:47:09 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Users\ge012796\AppData\Roaming\mozilla\Firefox\Profiles\reo7tjns.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2010.06.19 17:56:35 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\mozilla\Firefox\Profiles\reo7tjns.default\extensions\piclens@cooliris.com
[2010.02.19 18:29:52 | 000,005,591 | ---- | M] () -- C:\Users\ge012796\AppData\Roaming\Mozilla\FireFox\Profiles\reo7tjns.default\searchplugins\1und1-suche.xml
[2010.02.19 18:29:52 | 000,001,371 | ---- | M] () -- C:\Users\ge012796\AppData\Roaming\Mozilla\FireFox\Profiles\reo7tjns.default\searchplugins\amazonde.xml
[2010.02.19 18:29:52 | 000,010,605 | ---- | M] () -- C:\Users\ge012796\AppData\Roaming\Mozilla\FireFox\Profiles\reo7tjns.default\searchplugins\gmx-suche.xml
[2010.04.21 09:18:33 | 000,001,420 | ---- | M] () -- C:\Users\ge012796\AppData\Roaming\Mozilla\FireFox\Profiles\reo7tjns.default\searchplugins\preisvergleich.xml
[2010.02.19 18:29:52 | 000,005,588 | ---- | M] () -- C:\Users\ge012796\AppData\Roaming\Mozilla\FireFox\Profiles\reo7tjns.default\searchplugins\webde-suche.xml
[2010.06.06 10:43:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.02.19 18:28:40 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.02.19 18:28:40 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2010.06.06 10:43:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.12.19 01:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll
[2010.08.10 19:10:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.10 19:10:57 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.10 19:10:57 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.10 19:10:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.10 19:10:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Videoraptor_WebRipPlugin Class) - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Programme\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20100718102604.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe (Ascentive LLC)
O4 - HKLM..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe (Ascentive)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WEB.DE Update] C:\Programme\Web.de\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [1und1Agent] C:\Programme\Internetradio Player\ps_agent.exe (phonostar)
O4 - HKCU..\Run: [Halo2] C:\Users\ge012796\AppData\Local\Temp\sshnas21.DLL (ApexDC++ Development Team)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [JRMX9X1GML] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (ApexDC++ Development Team)
O4 - HKCU..\Run: [Metropolis] C:\Users\ge012796\AppData\Local\Temp\sshnas21.DLL (ApexDC++ Development Team)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKCU..\Run: [ZE18MW23GY] C:\Users\ge012796\AppData\Local\Temp\Fv1.exe (ApexDC++ Development Team)
O4 - Startup: C:\Users\ge012796\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
O4 - Startup: C:\Users\ge012796\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Users\ge012796\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk = C:\Programme\zoneLINK\HDDlife\HDDlifePro.exe (BinarySense, Ltd.)
O4 - Startup: C:\Users\ge012796\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\ge012796\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Domains: web.de ([freemailng6104] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Users/ge012796/Videos/Schottland_270708/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Users/ge012796/Videos/Schottland_270708/components/A9.ocx (A9Helper.A9)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {5BF3E4A3-7E64-4D53-B512-2E242E837D24} https://einfach.otto.de/ottoproj/ottomce//bin/activex/MCEControls.cab (CMCEInputCtl Object)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/ge012796/Videos/Schottland_270708/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.10
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Toco Toucan.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Toco Toucan.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3a98a223-5481-11df-8169-00040ec7b443}\Shell\AutoRun\command - "" = I:\Menu.exe -- File not found
O33 - MountPoints2\{a9be3f84-bef7-11dd-a658-00224311af7c}\Shell - "" = AutoRun
O33 - MountPoints2\{a9be3f84-bef7-11dd-a658-00224311af7c}\Shell\AutoRun\command - "" = I:\pushinst.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.14 10:18:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\ge012796\Desktop\OTL.exe
[2010.08.12 20:03:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.08.12 19:20:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.12 19:20:18 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.12 19:20:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.12 19:20:17 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.12 19:20:17 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.12 19:20:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.12 19:20:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.12 19:20:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.12 19:20:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.12 19:20:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.12 19:20:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.12 19:20:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.12 19:20:14 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.12 19:20:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.12 19:20:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.12 19:20:13 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.12 19:20:07 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.12 19:20:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.12 19:19:55 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.12 19:19:55 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2010.07.18 10:26:04 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeclnk.sys
[2010.07.18 10:25:58 | 000,385,880 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfehidk.sys
[2010.07.18 10:25:58 | 000,312,616 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfefirek.sys
[2010.07.18 10:25:58 | 000,160,720 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfewfpk.sys
[2010.07.18 10:25:58 | 000,152,320 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeavfk.sys
[2010.07.18 10:25:58 | 000,095,568 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfeapfk.sys
[2010.07.18 10:25:58 | 000,083,496 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mferkdet.sys
[2010.07.18 10:25:58 | 000,064,304 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfenlfk.sys
[2010.07.18 10:25:58 | 000,055,456 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\cfwids.sys
[2010.07.18 10:25:58 | 000,051,688 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\mfebopk.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.14 10:23:20 | 003,145,728 | -HS- | M] () -- C:\Users\ge012796\NTUSER.DAT
[2010.08.14 10:23:01 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.08.14 10:21:09 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.14 10:21:09 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.14 10:21:09 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.14 10:21:09 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.14 10:21:09 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.14 10:20:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010.08.14 10:15:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\ge012796\Desktop\OTL.exe
[2010.08.14 09:37:01 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.14 09:26:06 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.14 08:51:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.14 08:51:58 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.13 20:59:16 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.13 20:59:08 | 000,007,916 | ---- | M] () -- C:\Users\ge012796\AppData\Local\d3d9caps.dat
[2010.08.13 20:58:58 | 000,061,721 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.13 20:54:47 | 000,061,717 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.13 20:54:16 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2010.08.13 20:52:01 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.13 20:51:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.13 20:51:30 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.13 19:20:12 | 000,524,288 | -HS- | M] () -- C:\Users\ge012796\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.13 19:20:12 | 000,065,536 | -HS- | M] () -- C:\Users\ge012796\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.13 19:19:54 | 005,831,052 | -H-- | M] () -- C:\Users\ge012796\AppData\Local\IconCache.db
[2010.08.13 17:38:36 | 000,416,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.13 17:26:07 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010.08.12 19:26:30 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.08.07 17:29:47 | 000,000,853 | ---- | M] () -- C:\Users\ge012796\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
[2010.08.07 17:02:46 | 000,000,718 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
[2010.08.07 15:19:54 | 000,097,792 | ---- | M] () -- C:\Users\ge012796\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.08.13 18:48:26 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.08.13 17:26:07 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.08.07 17:29:47 | 000,000,853 | ---- | C] () -- C:\Users\ge012796\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
[2010.08.07 15:54:06 | 000,000,298 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.07.20 18:59:23 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2009.11.25 14:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.22 11:47:54 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2009.09.24 19:32:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.03.27 18:02:24 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.12.14 12:09:59 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cdTextCtl.dll
[2008.12.14 12:06:23 | 000,000,000 | ---- | C] () -- C:\Windows\homeDVD-Fotos5.INI
[2008.12.14 11:25:06 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008.12.14 11:24:37 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2008.12.14 11:19:14 | 000,007,256 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.12.14 11:08:53 | 000,150,240 | ---- | C] () -- C:\Windows\System32\drivers\MLTCAP.sys
[2008.12.07 17:51:49 | 000,000,025 | ---- | C] () -- C:\Windows\CDEC66SeriesEuro.ini
[2008.10.20 10:35:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.10.17 17:15:05 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini
[2008.10.17 16:56:47 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2009.07.05 12:05:38 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\BinarySense
[2010.04.25 11:05:06 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\CoSoSys
[2010.08.02 20:24:08 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\FRITZ!
[2009.06.23 19:55:31 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\Imaxel
[2010.08.13 18:43:14 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\Internet-Radio Player
[2009.12.24 19:22:10 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\MAGIX
[2009.06.28 16:15:07 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\MyPublisher
[2010.05.01 08:58:16 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\Opera
[2009.07.05 10:20:29 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\RapidSolution
[2009.04.17 17:20:41 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\Template
[2010.04.21 20:45:18 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\Thinstall
[2008.12.11 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\WEBDE
[2010.08.13 19:20:05 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.14 10:20:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010.08.14 09:37:01 | 000,000,298 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2010.08.14 10:23:01 | 000,000,298 | -H-- | M] () -- C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
 
========== Purity Check ==========
 
 
< End of report >
    Code:
    OTL Extras logfile created on: 14.08.2010 10:19:16 - Run 1
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\ge012796\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 51,00% Memory free
7,00 Gb Paging File | 5,00 Gb Available in Paging File | 76,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 620,18 Gb Free Space | 68,04% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 1,16 Gb Free Space | 5,80% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 3,78 Gb Total Space | 3,62 Gb Free Space | 95,81% Space Free | Partition Type: FAT32
 
Computer Name: GE012796-PC
Current User Name: ge012796
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [dm Fotowelt] -- "C:\Program Files\dm\dm Fotowelt\dm Fotowelt.exe" "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A119A79-9AAD-4386-9E0A-535A236E484E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{318DE762-BB9C-42A7-9934-2E6B72E6F5AA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{4809BF7A-75D3-45D5-82BD-0105DA65E055}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{48E076EE-D09A-483F-8347-DE32854CF51F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{57B6A6CE-42F8-4FF6-8AA9-C1CB1B5EC790}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5F937CE4-8B69-4E0A-AB6C-7E3FC27AB6A6}" = lport=445 | protocol=6 | dir=in | app=system | 
"{642E31B7-6F9D-4D8B-B9D6-288C431BA238}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{68606877-3C69-4A09-A0D4-8F09DB716D47}" = rport=137 | protocol=17 | dir=out | app=system | 
"{749CE3F9-6343-4338-8973-AED330CC597D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{88E895E6-0CDE-40D1-A0F3-F23B3C69400C}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{9C160891-C541-4B38-8924-7462096DD3FC}" = rport=139 | protocol=6 | dir=out | app=system | 
"{A68C6554-6E0D-4D73-B1CF-12DCDFF9398E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ACD50B7A-F921-48BA-B36E-7BBF462A7A68}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BF2D0C0A-D18C-40D5-8D8A-EBC15011582D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C6494885-BCBC-4814-BD31-AB171B3D676E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D1B41D24-5A08-47C1-804F-313A3DCBBC47}" = rport=445 | protocol=6 | dir=out | app=system | 
"{EEF77778-C7A7-494C-88FF-EA6B53784EC1}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F5774457-8354-482A-B116-DE53D077C7D7}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{F87028E1-9DA7-4EEA-BEDA-AC2E623F384C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{FA6E43A7-81EB-46BD-A247-F11A8AA9186C}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{048083E2-3281-4FFF-9FBA-6F3CB87D83F2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{05725E5C-72C6-4430-986D-6470C6BE454F}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{0EFF7527-4F0F-45D1-A5C0-2B0E4065E938}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 
"{1ED4495B-3DA8-4072-B435-DB18FB8E74F6}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{280BF099-E9D3-4AFF-A05B-FC12833C4EF0}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{2B553392-F9A7-4ED6-A1BA-924E93F330FD}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{2BC8FB88-0687-40C3-A27F-49EE217CA7E7}" = dir=in | app=c:\program files\homecinema\powerdirector\pdr.exe | 
"{2C2E74A2-D96F-48DA-8108-4873693CCE58}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 
"{310ECEC3-7B74-4397-9743-F16D50E33FBC}" = dir=in | app=c:\program files\homecinema\powerdvd\powerdvd.exe | 
"{36D4E48C-7434-48D2-84FE-13BC528512ED}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{45309D49-E570-4F8B-8509-F5EBC2F6295C}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 
"{59B45C55-8915-429C-A77E-29337770160B}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{6EAAD1A2-2F01-424F-9DBF-6EAAA8FC445F}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\igdctrl.exe | 
"{73D57666-C11E-4234-801C-61D748EFEEB8}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\webwaigd.exe | 
"{7A7A31C2-FAB0-4FA1-B39A-56C3BC9C9A34}" = dir=in | app=c:\program files\common files\mcafee\mna\mcnasvc.exe | 
"{86D163A6-DF5D-4587-B47E-A24F199CB735}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 
"{88177BC7-E64E-44DB-867A-2BD5467AD713}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{971F723D-E217-476B-92EC-F53560FEEC1D}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 
"{9AFF1547-9A23-40BC-A72F-FBA916729DEA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{B0037E02-82CF-42D8-BBC2-78CFBBA1175E}" = protocol=6 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{B2210A6C-951A-44CC-974C-534A00BFE828}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B8BB21BB-DD5B-49BD-8AF7-10509C2A29FB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C26D8B14-A27E-4318-ADBD-8D9F44435B78}" = protocol=6 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 
"{C6D9EC1C-D455-4DED-9E24-80212D69BB56}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{D04947BF-1CF5-4282-A497-E56034DA2614}" = protocol=17 | dir=in | app=c:\program files\fritz!dsl\fboxupd.exe | 
"{EA561401-BF6A-4197-A382-4B9B84ADADED}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tveservice.exe | 
"{F2A0387B-1478-4D18-ACCF-DB3C1EBA99BF}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{F316645F-8E51-45CF-B1F9-6EA1320D77C0}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe | 
"{F7A5FA64-266F-400A-A06B-18C64A3E74C7}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{F8FB2EF4-15A9-4C7A-A817-D4ACCEBB7F85}" = protocol=17 | dir=in | app=c:\program files\homecinema\tv enhance\tvenhance.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{0A7124DF-F8A4-405B-904F-CFD3D3DFB5AE}" = PIF DESIGNER2.1
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23B59ED4-C360-11D7-875B-0090CC005647}" = EPSON PRINT Image Framer Tool2.1
"{2457326B-C110-40C3-89B0-889CC913871A}" = AVM FRITZ!DSL
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 20
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{44E43205-57B5-4AD8-8BB9-A6A28B7663DB}" = Application Suite
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5079F5CA-210A-4C0C-9FBF-02CF77FB0EAC}" = NVIDIA PhysX v8.09.19
"{52D3199D-2858-4216-AA1D-B2A9BB9FA31B}" = Sprite Backup HTC
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{61AE1441-BBAC-403B-B27F-118CDECC165C}" = CITYGUIDE
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{65F5B7AF-3363-11D7-BB6B-00018021113F}" = EPSON PhotoQuicker3.5
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = CyberLink PowerDVD
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D25670-523F-43D0-A1CB-BC239F15245F}" = PC SpeedScan Pro
"{7655E113-C306-11D9-A373-0050BAE317E1}" = MCE Software Encoder 1.1
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{80F24F31-F641-4349-83F3-59E335976D16}" = PC SpeedScan Pro
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A4F043F-0671-4675-9D8D-3D580F9F9038}" = Application Suite
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{972C76B9-67F9-4995-AF58-FE9A214C43C2}_is1" = MusicMonster
"{976EA7B1-7562-483D-88DA-4323D263B7CD}" = DiMAGE Viewer
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{99E67091-D392-4031-AD2A-E9547F3615F8}" = KONICA_MINOLTA DiMAGE Webcam Treiber
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A5B876D-A900-4AAB-B557-DE827BE46E6C}" = Nero 8 Essentials
"{9B8E1C10-3952-48D3-BC66-F223DDC3A556}" = Firefox 3.6 WEB.DE Edition
"{A062A15F-9CAC-4B88-98DF-87628A0BD721}" = Corel MediaOne
"{A334F1BA-0A1D-4ED6-B4F9-4066157CA15D}" = DE
"{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}" = PixiePack Codec Pack
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAA4850F-7E20-40D7-A4C3-3697E7FA4A54}" = Intel(R) Network Connections 13.2.8.0
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ADDBE07D-95B8-4789-9C76-187FFF9624B4}" = CorelDRAW Essential Edition 3
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF37F9DE-0726-439E-BC10-43D9195394D0}" = Firebird SQL Server - MAGIX Edition
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B5084FA6-1FAD-453A-93C6-EAB739A510EF}" = Minolta Dimage Scan Dual2 ver 1.0
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BB05BD70-4605-4829-93FC-AD80D8CC5B66}" = Performance Center
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0A5F1FA-C541-486A-A965-6C033F9AAD82}" = Videoraptor
"{C441297F-C9F2-4177-9D5F-1B10F0358E32}" = Opera 10.54
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{DA93333C-0262-48C8-8921-5384AE563F99}" = Tunebite
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E4C891D6-6844-41B8-86E8-633CACCC644F}" = CyberLink TV Enhance
"{E7044E25-3038-4A76-9064-344AC038043E}" = Windows Mobile Device Center Driver Update
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1FCC8AD-0F88-4D77-8530-0FBB088485F1}" = WEB.DE Update
"{F35D6F4D-B54F-4734-AC13-04910B5A8369}" = HDDlife
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Alphaload Software 4.1.8" = Alphaload Software 4.1.8
"AVMWLANCLI" = AVM FRITZ!WLAN
"Click'N Design 3D for AfterBurner(tm) (V5)" = Click'N Design 3D for AfterBurner(tm) (V5)
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"dm Digi Foto" = dm Digi Foto
"dm Fotowelt" = dm Fotowelt
"EPSON Printer and Utilities" = EPSON-Drucker-Software
"ESC66 Referenzhandbuch" = ESC66 Referenzhandbuch
"ESC66 Softwarehandbuch" = ESC66 Softwarehandbuch
"Firefox 3.6 WEB.DE Edition" = Firefox 3.6 WEB.DE Edition
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"Google Updater" = Google Updater
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"Internet-Radio Player_is1" = Internet-Radio Player Version 2.01.5
"MAGIX 3D Maker D" = MAGIX 3D Maker (embeded)
"MAGIX Foto Manager 2006 D" = MAGIX Foto Manager 2006 (D)
"MAGIX Foto Manager 9 D" = MAGIX Foto Manager 9
"MAGIX Fotobuch" = MAGIX Fotobuch 3.6
"MAGIX Fotos auf CD & DVD 5.0 D" = MAGIX Fotos auf CD & DVD 5.0 (D)
"MAGIX Fotos auf CD & DVD 8 deluxe D" = MAGIX Fotos auf CD & DVD 8 deluxe 8.0.0.14 (D)
"MAGIX Fotos auf CD & DVD 9 deluxe D" = MAGIX Fotos auf CD & DVD 9 deluxe 9.0.0.18 (D)
"MAGIX Music Manager D" = MAGIX Music Manager (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"MAGIX Speed burnR D" = MAGIX Speed burnR
"MAGIX Xtreme Foto Designer 6 D" = MAGIX Xtreme Foto Designer 6
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"MSC" = McAfee Internet Security Suite
"Mufin MusicFinder Base D" = Mufin MusicFinder Base 1.5.3.255 (D)
"MyPublisher" = MyPublisher
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PROSetDX" = Intel(R) Network Connections 13.2.8.0
"QuickTime" = QuickTime
"WAV to MP3" = WAV to MP3
"WEB.DE Update" = WEB.DE Update
"Windows Mobile Device Handbook" = Windows Mobile-Ressourcen
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"X10Hardware" = X10 Hardware(TM)
"Yahoo! Companion" = Yahoo! Toolbar
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 13.08.2010 15:22:45 | Computer Name = ge012796-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18943, Zeitstempel
 0x4c25813d, fehlerhaftes Modul WINHTTP.dll, Version 6.0.6002.18096, Zeitstempel
 0x4a927b67, Ausnahmecode 0xc0000005, Fehleroffset 0x000144c6,  Prozess-ID 0x12f8,
 Anwendungsstartzeit 01cb3b1cd8ddaed7.
 
Error - 13.08.2010 17:57:07 | Computer Name = ge012796-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18943, Zeitstempel
 0x4c25813d, fehlerhaftes Modul sshnas21.dll, Version 0.1.2.0, Zeitstempel 0x4c5c1d5a,
 Ausnahmecode 0x80000003, Fehleroffset 0x00010c90,  Prozess-ID 0x1c14, Anwendungsstartzeit
 01cb3b32777e75a7.
 
Error - 13.08.2010 17:57:50 | Computer Name = ge012796-PC | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung iexplore.exe, Version 8.0.6001.18943, Zeitstempel
 0x4c25813d, fehlerhaftes Modul WINHTTP.dll, Version 6.0.6002.18096, Zeitstempel
 0x4a927b67, Ausnahmecode 0xc0000005, Fehleroffset 0x000144c6,  Prozess-ID 0x1e94,
 Anwendungsstartzeit 01cb3b327ba11d47.
 
Error - 13.08.2010 21:26:06 | Computer Name = ge012796-PC | Source = Google Update | ID = 20
Description = 
 
Error - 13.08.2010 22:26:06 | Computer Name = ge012796-PC | Source = Google Update | ID = 20
Description = 
 
Error - 13.08.2010 23:26:06 | Computer Name = ge012796-PC | Source = Google Update | ID = 20
Description = 
 
Error - 14.08.2010 00:26:06 | Computer Name = ge012796-PC | Source = Google Update | ID = 20
Description = 
 
Error - 14.08.2010 01:26:06 | Computer Name = ge012796-PC | Source = Google Update | ID = 20
Description = 
 
Error - 14.08.2010 02:26:06 | Computer Name = ge012796-PC | Source = Google Update | ID = 20
Description = 
 
Error - 14.08.2010 03:26:06 | Computer Name = ge012796-PC | Source = Google Update | ID = 20
Description = 
 
[ System Events ]
Error - 07.07.2010 13:00:38 | Computer Name = ge012796-PC | Source = FWLANUSB | ID = 5002
Description = AVM FRITZ!WLAN USB Stick v1.1 : Fehlfunktion des Netzwerkadapters 
wurde ermittelt.
 
Error - 11.07.2010 13:14:10 | Computer Name = ge012796-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 11.07.2010 13:14:10 | Computer Name = ge012796-PC | Source = DCOM | ID = 10016
Description = 
 
Error - 22.07.2010 11:58:37 | Computer Name = ge012796-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 07.08.2010 10:59:41 | Computer Name = ge012796-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 13.08.2010 11:22:21 | Computer Name = ge012796-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 13.08.2010 11:22:21 | Computer Name = ge012796-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.08.2010 11:22:21 | Computer Name = ge012796-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.08.2010 11:22:21 | Computer Name = ge012796-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 13.08.2010 11:22:21 | Computer Name = ge012796-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
    Code:
    GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-14 13:45:55
Windows 6.0.6002 Service Pack 2
Running: frv9h7qf.exe; Driver: C:\Users\ge012796\AppData\Local\Temp\kgrdrkog.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                                                                                                                                       ZwMapViewOfSection [0x82F43D88]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                                                                                                                                       ZwTerminateProcess [0x82F43DB2]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                                                                                                                                       ZwUnmapViewOfSection [0x82F43D9E]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                                                                                                                                       ZwYieldExecution [0x82F43D74]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                                                                                                                                       NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwYieldExecution                                                                                                                                                                                                                                                    828789D2 5 Bytes  JMP 82F43D78 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwTerminateProcess                                                                                                                                                                                                                                                  82A3DDA3 5 Bytes  JMP 82F43DB6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtMapViewOfSection                                                                                                                                                                                                                                                  82A5D4FA 2 Bytes  JMP 82F43D8C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtMapViewOfSection + 3                                                                                                                                                                                                                                              82A5D4FD 4 Bytes  [4E, 00, 90, 90]
PAGE            ntkrnlpa.exe!ZwUnmapViewOfSection                                                                                                                                                                                                                                                82A5D7BD 5 Bytes  JMP 82F43DA2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\system32\services.exe[800] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779443D4 5 Bytes  JMP 002E000A 
.text           C:\Windows\system32\services.exe[800] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77944494 5 Bytes  JMP 002E0FD4 
.text           C:\Windows\system32\services.exe[800] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77944D34 5 Bytes  JMP 002E0FEF 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               77A61929 5 Bytes  JMP 00400F41 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               77A619C9 5 Bytes  JMP 00400087 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!CreateProcessW                                                                                                                                                                                                                77A61BF3 5 Bytes  JMP 00400F26 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!CreateProcessA                                                                                                                                                                                                                77A61C28 5 Bytes  JMP 004000BD 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!VirtualProtect                                                                                                                                                                                                                77A61DC3 5 Bytes  JMP 00400058 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              77A62EF5 5 Bytes  JMP 00400014 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              77A65C0C 5 Bytes  JMP 00400025 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!CreatePipe                                                                                                                                                                                                                    77A88E6E 5 Bytes  JMP 00400F52 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                77A89109 5 Bytes  JMP 00400047 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  77A89362 5 Bytes  JMP 00400F94 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                77A894B4 5 Bytes  JMP 00400036 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  77A894DC 5 Bytes  JMP 00400FAF 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              77A8DBDA 5 Bytes  JMP 00400F63 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!GetProcAddress                                                                                                                                                                                                                77AA903B 5 Bytes  JMP 00400F15 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!CreateFileW                                                                                                                                                                                                                   77AAAECB 5 Bytes  JMP 00400FDE 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!CreateFileA                                                                                                                                                                                                                   77AACE5F 5 Bytes  JMP 00400FEF 
.text           C:\Windows\system32\services.exe[800] kernel32.dll!WinExec                                                                                                                                                                                                                       77AF5CF7 5 Bytes  JMP 004000A2 
.text           C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               760839AB 5 Bytes  JMP 00410025 
.text           C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76083BA9 5 Bytes  JMP 00410F94 
.text           C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   760889C7 5 Bytes  JMP 00410FEF 
.text           C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7609391E 5 Bytes  JMP 00410F83 
.text           C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               760941F1 5 Bytes  JMP 00410040 
.text           C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76097C42 5 Bytes  JMP 00410FC0 
.text           C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7609E2B5 5 Bytes  JMP 00410000 
.text           C:\Windows\system32\services.exe[800] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 760A7BA1 5 Bytes  JMP 00410FAF 
.text           C:\Windows\system32\services.exe[800] msvcrt.dll!_wsystem                                                                                                                                                                                                                        774D7F2F 5 Bytes  JMP 00430FA3 
.text           C:\Windows\system32\services.exe[800] msvcrt.dll!system                                                                                                                                                                                                                          774D804B 5 Bytes  JMP 0043002E 
.text           C:\Windows\system32\services.exe[800] msvcrt.dll!_creat                                                                                                                                                                                                                          774DBBE1 5 Bytes  JMP 00430FC8 
.text           C:\Windows\system32\services.exe[800] msvcrt.dll!_open                                                                                                                                                                                                                           774DD106 5 Bytes  JMP 00430000 
.text           C:\Windows\system32\services.exe[800] msvcrt.dll!_wcreat                                                                                                                                                                                                                         774DD326 5 Bytes  JMP 0043001D 
.text           C:\Windows\system32\services.exe[800] msvcrt.dll!_wopen                                                                                                                                                                                                                          774DD501 5 Bytes  JMP 00430FE3 
.text           C:\Windows\system32\services.exe[800] WS2_32.dll!socket                                                                                                                                                                                                                          76D136D1 5 Bytes  JMP 00420000 
.text           C:\Windows\system32\lsass.exe[812] ntdll.dll!NtCreateFile                                                                                                                                                                                                                        779443D4 5 Bytes  JMP 000B0FEF 
.text           C:\Windows\system32\lsass.exe[812] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                     77944494 5 Bytes  JMP 000B0011 
.text           C:\Windows\system32\lsass.exe[812] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                              77944D34 5 Bytes  JMP 000B0000 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                                  77A61929 5 Bytes  JMP 000D0087 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                                  77A619C9 5 Bytes  JMP 000D0F4B 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!CreateProcessW                                                                                                                                                                                                                   77A61BF3 5 Bytes  JMP 000D00AC 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!CreateProcessA                                                                                                                                                                                                                   77A61C28 5 Bytes  JMP 000D0F15 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!VirtualProtect                                                                                                                                                                                                                   77A61DC3 5 Bytes  JMP 000D0F77 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                                 77A62EF5 5 Bytes  JMP 000D0FC0 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                                 77A65C0C 5 Bytes  JMP 000D0FAF 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!CreatePipe                                                                                                                                                                                                                       77A88E6E 5 Bytes  JMP 000D0F66 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                   77A89109 5 Bytes  JMP 000D0051 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                     77A89362 5 Bytes  JMP 000D0025 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                   77A894B4 5 Bytes  JMP 000D0040 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                     77A894DC 5 Bytes  JMP 000D0F9E 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                                 77A8DBDA 5 Bytes  JMP 000D0076 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!GetProcAddress                                                                                                                                                                                                                   77AA903B 5 Bytes  JMP 000D0EF0 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!CreateFileW                                                                                                                                                                                                                      77AAAECB 5 Bytes  JMP 000D0000 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!CreateFileA                                                                                                                                                                                                                      77AACE5F 5 Bytes  JMP 000D0FEF 
.text           C:\Windows\system32\lsass.exe[812] kernel32.dll!WinExec                                                                                                                                                                                                                          77AF5CF7 5 Bytes  JMP 000D0F30 
.text           C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                                  760839AB 5 Bytes  JMP 000E006C 
.text           C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                    76083BA9 5 Bytes  JMP 000E004A 
.text           C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                      760889C7 5 Bytes  JMP 000E0FEF 
.text           C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                    7609391E 5 Bytes  JMP 000E005B 
.text           C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                                  760941F1 5 Bytes  JMP 000E0FAF 
.text           C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                    76097C42 5 Bytes  JMP 000E0FDE 
.text           C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                      7609E2B5 5 Bytes  JMP 000E0014 
.text           C:\Windows\system32\lsass.exe[812] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                    760A7BA1 5 Bytes  JMP 000E0039 
.text           C:\Windows\system32\lsass.exe[812] msvcrt.dll!_wsystem                                                                                                                                                                                                                           774D7F2F 5 Bytes  JMP 00DA0064 
.text           C:\Windows\system32\lsass.exe[812] msvcrt.dll!system                                                                                                                                                                                                                             774D804B 5 Bytes  JMP 00DA0053 
.text           C:\Windows\system32\lsass.exe[812] msvcrt.dll!_creat                                                                                                                                                                                                                             774DBBE1 5 Bytes  JMP 00DA0FD9 
.text           C:\Windows\system32\lsass.exe[812] msvcrt.dll!_open                                                                                                                                                                                                                              774DD106 5 Bytes  JMP 00DA0000 
.text           C:\Windows\system32\lsass.exe[812] msvcrt.dll!_wcreat                                                                                                                                                                                                                            774DD326 5 Bytes  JMP 00DA002E 
.text           C:\Windows\system32\lsass.exe[812] msvcrt.dll!_wopen                                                                                                                                                                                                                             774DD501 5 Bytes  JMP 00DA0011 
.text           C:\Windows\system32\lsass.exe[812] WS2_32.dll!socket                                                                                                                                                                                                                             76D136D1 5 Bytes  JMP 00C40FE5 
.text           C:\Windows\system32\svchost.exe[1028] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779443D4 5 Bytes  JMP 000A0000 
.text           C:\Windows\system32\svchost.exe[1028] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77944494 5 Bytes  JMP 000A001B 
.text           C:\Windows\system32\svchost.exe[1028] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77944D34 5 Bytes  JMP 000A0FE5 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               77A61929 5 Bytes  JMP 001100B8 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               77A619C9 5 Bytes  JMP 00110F72 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!CreateProcessW                                                                                                                                                                                                                77A61BF3 5 Bytes  JMP 001100FF 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!CreateProcessA                                                                                                                                                                                                                77A61C28 5 Bytes  JMP 001100E4 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!VirtualProtect                                                                                                                                                                                                                77A61DC3 5 Bytes  JMP 00110FA8 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              77A62EF5 5 Bytes  JMP 00110025 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              77A65C0C 5 Bytes  JMP 00110FD4 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!CreatePipe                                                                                                                                                                                                                    77A88E6E 5 Bytes  JMP 001100A7 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                77A89109 5 Bytes  JMP 00110082 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  77A89362 5 Bytes  JMP 00110FC3 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                77A894B4 5 Bytes  JMP 0011005B 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  77A894DC 5 Bytes  JMP 0011004A 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              77A8DBDA 5 Bytes  JMP 00110F97 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!GetProcAddress                                                                                                                                                                                                                77AA903B 5 Bytes  JMP 00110110 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!CreateFileW                                                                                                                                                                                                                   77AAAECB 5 Bytes  JMP 00110FE5 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!CreateFileA                                                                                                                                                                                                                   77AACE5F 5 Bytes  JMP 00110000 
.text           C:\Windows\system32\svchost.exe[1028] kernel32.dll!WinExec                                                                                                                                                                                                                       77AF5CF7 5 Bytes  JMP 001100C9 
.text           C:\Windows\system32\svchost.exe[1028] msvcrt.dll!_wsystem                                                                                                                                                                                                                        774D7F2F 5 Bytes  JMP 00710F86 
.text           C:\Windows\system32\svchost.exe[1028] msvcrt.dll!system                                                                                                                                                                                                                          774D804B 5 Bytes  JMP 00710FA1 
.text           C:\Windows\system32\svchost.exe[1028] msvcrt.dll!_creat                                                                                                                                                                                                                          774DBBE1 5 Bytes  JMP 00710011 
.text           C:\Windows\system32\svchost.exe[1028] msvcrt.dll!_open                                                                                                                                                                                                                           774DD106 5 Bytes  JMP 00710FE3 
.text           C:\Windows\system32\svchost.exe[1028] msvcrt.dll!_wcreat                                                                                                                                                                                                                         774DD326 5 Bytes  JMP 00710FBC 
.text           C:\Windows\system32\svchost.exe[1028] msvcrt.dll!_wopen                                                                                                                                                                                                                          774DD501 5 Bytes  JMP 00710000 
.text           C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               760839AB 1 Byte  [E9]
.text           C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               760839AB 5 Bytes  JMP 00120FAF 
.text           C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76083BA9 5 Bytes  JMP 00120FC0 
.text           C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   760889C7 5 Bytes  JMP 00120FEF 
.text           C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7609391E 5 Bytes  JMP 00120047 
.text           C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               760941F1 5 Bytes  JMP 00120062 
.text           C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76097C42 5 Bytes  JMP 00120011 
.text           C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7609E2B5 5 Bytes  JMP 00120000 
.text           C:\Windows\system32\svchost.exe[1028] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 760A7BA1 5 Bytes  JMP 0012002C 
.text           C:\Windows\system32\svchost.exe[1028] WS2_32.dll!socket                                                                                                                                                                                                                          76D136D1 5 Bytes  JMP 00240000 
.text           C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779443D4 5 Bytes  JMP 001E0FEF 
.text           C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77944494 5 Bytes  JMP 001E0014 
.text           C:\Windows\system32\svchost.exe[1108] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77944D34 5 Bytes  JMP 001E0FDE 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               77A61929 5 Bytes  JMP 00300090 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               77A619C9 5 Bytes  JMP 00300F4A 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateProcessW                                                                                                                                                                                                                77A61BF3 5 Bytes  JMP 00300F1E 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateProcessA                                                                                                                                                                                                                77A61C28 5 Bytes  JMP 00300F2F 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!VirtualProtect                                                                                                                                                                                                                77A61DC3 5 Bytes  JMP 00300053 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              77A62EF5 5 Bytes  JMP 0030000A 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              77A65C0C 5 Bytes  JMP 0030001B 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreatePipe                                                                                                                                                                                                                    77A88E6E 5 Bytes  JMP 0030007F 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                77A89109 5 Bytes  JMP 00300036 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  77A89362 5 Bytes  JMP 00300F94 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                77A894B4 5 Bytes  JMP 00300F83 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  77A894DC 5 Bytes  JMP 00300FAF 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              77A8DBDA 5 Bytes  JMP 0030006E 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!GetProcAddress                                                                                                                                                                                                                77AA903B 5 Bytes  JMP 003000C6 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateFileW                                                                                                                                                                                                                   77AAAECB 5 Bytes  JMP 00300FD4 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!CreateFileA                                                                                                                                                                                                                   77AACE5F 5 Bytes  JMP 00300FE5 
.text           C:\Windows\system32\svchost.exe[1108] kernel32.dll!WinExec                                                                                                                                                                                                                       77AF5CF7 5 Bytes  JMP 003000AB 
.text           C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_wsystem                                                                                                                                                                                                                        774D7F2F 5 Bytes  JMP 00330049 
.text           C:\Windows\system32\svchost.exe[1108] msvcrt.dll!system                                                                                                                                                                                                                          774D804B 5 Bytes  JMP 00330038 
.text           C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_creat                                                                                                                                                                                                                          774DBBE1 5 Bytes  JMP 00330FD2 
.text           C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_open                                                                                                                                                                                                                           774DD106 5 Bytes  JMP 00330000 
.text           C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_wcreat                                                                                                                                                                                                                         774DD326 5 Bytes  JMP 00330027 
.text           C:\Windows\system32\svchost.exe[1108] msvcrt.dll!_wopen                                                                                                                                                                                                                          774DD501 5 Bytes  JMP 00330FE3 
.text           C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               760839AB 5 Bytes  JMP 00310039 
.text           C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76083BA9 5 Bytes  JMP 00310FA8 
.text           C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   760889C7 5 Bytes  JMP 00310FEF 
.text           C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7609391E 5 Bytes  JMP 00310F97 
.text           C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               760941F1 5 Bytes  JMP 00310054 
.text           C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76097C42 5 Bytes  JMP 00310FC3 
.text           C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7609E2B5 5 Bytes  JMP 00310FD4 
.text           C:\Windows\system32\svchost.exe[1108] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 760A7BA1 5 Bytes  JMP 0031001E 
.text           C:\Windows\system32\svchost.exe[1108] WS2_32.dll!socket                                                                                                                                                                                                                          76D136D1 5 Bytes  JMP 0032000A 
.text           C:\Windows\System32\svchost.exe[1252] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779443D4 5 Bytes  JMP 00730FE5 
.text           C:\Windows\System32\svchost.exe[1252] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77944494 5 Bytes  JMP 00730FD4 
.text           C:\Windows\System32\svchost.exe[1252] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77944D34 5 Bytes  JMP 0073000A 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               77A61929 5 Bytes  JMP 00EC0F3A 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               77A619C9 5 Bytes  JMP 00EC0076 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!CreateProcessW                                                                                                                                                                                                                77A61BF3 5 Bytes  JMP 00EC00BD 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!CreateProcessA                                                                                                                                                                                                                77A61C28 5 Bytes  JMP 00EC00AC 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!VirtualProtect                                                                                                                                                                                                                77A61DC3 5 Bytes  JMP 00EC0040 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              77A62EF5 5 Bytes  JMP 00EC0FC0 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              77A65C0C 5 Bytes  JMP 00EC0011 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!CreatePipe                                                                                                                                                                                                                    77A88E6E 5 Bytes  JMP 00EC005B 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                77A89109 5 Bytes  JMP 00EC0F66 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  77A89362 5 Bytes  JMP 00EC0F9E 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                77A894B4 5 Bytes  JMP 00EC0F8D 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  77A894DC 5 Bytes  JMP 00EC0FAF 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              77A8DBDA 5 Bytes  JMP 00EC0F55 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!GetProcAddress                                                                                                                                                                                                                77AA903B 5 Bytes  JMP 00EC0F01 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!CreateFileW                                                                                                                                                                                                                   77AAAECB 5 Bytes  JMP 00EC0FE5 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!CreateFileA                                                                                                                                                                                                                   77AACE5F 5 Bytes  JMP 00EC0000 
.text           C:\Windows\System32\svchost.exe[1252] kernel32.dll!WinExec                                                                                                                                                                                                                       77AF5CF7 5 Bytes  JMP 00EC0091 
.text           C:\Windows\System32\svchost.exe[1252] msvcrt.dll!_wsystem                                                                                                                                                                                                                        774D7F2F 5 Bytes  JMP 00720FA8 
.text           C:\Windows\System32\svchost.exe[1252] msvcrt.dll!system                                                                                                                                                                                                                          774D804B 5 Bytes  JMP 00720FC3 
.text           C:\Windows\System32\svchost.exe[1252] msvcrt.dll!_creat                                                                                                                                                                                                                          774DBBE1 5 Bytes  JMP 00720029 
.text           C:\Windows\System32\svchost.exe[1252] msvcrt.dll!_open                                                                                                                                                                                                                           774DD106 5 Bytes  JMP 00720000 
.text           C:\Windows\System32\svchost.exe[1252] msvcrt.dll!_wcreat                                                                                                                                                                                                                         774DD326 5 Bytes  JMP 00720FD4 
.text           C:\Windows\System32\svchost.exe[1252] msvcrt.dll!_wopen                                                                                                                                                                                                                          774DD501 5 Bytes  JMP 00720FEF 
.text           C:\Windows\System32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               760839AB 5 Bytes  JMP 000C006C 
.text           C:\Windows\System32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76083BA9 5 Bytes  JMP 000C0040 
.text           C:\Windows\System32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   760889C7 5 Bytes  JMP 000C0FEF 
.text           C:\Windows\System32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7609391E 5 Bytes  JMP 000C005B 
.text           C:\Windows\System32\svchost.exe[1252] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               760941F1 5 Bytes  JMP 000C0FAF 
.text           C:\Windows\System32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76097C42 5 Bytes  JMP 000C0FD4 
.text           C:\Windows\System32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7609E2B5 5 Bytes  JMP 000C000A 
.text           C:\Windows\System32\svchost.exe[1252] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 760A7BA1 5 Bytes  JMP 000C0025 
.text           C:\Windows\System32\svchost.exe[1252] WS2_32.dll!socket                                                                                                                                                                                                                          76D136D1 5 Bytes  JMP 002A0FEF 
.text           C:\Windows\System32\svchost.exe[1300] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779443D4 5 Bytes  JMP 011A0FE5 
.text           C:\Windows\System32\svchost.exe[1300] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77944494 5 Bytes  JMP 011A0011 
.text           C:\Windows\System32\svchost.exe[1300] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77944D34 5 Bytes  JMP 011A0000 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               77A61929 5 Bytes  JMP 01730080 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               77A619C9 5 Bytes  JMP 01730F3A 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!CreateProcessW                                                                                                                                                                                                                77A61BF3 5 Bytes  JMP 017300D1 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!CreateProcessA                                                                                                                                                                                                                77A61C28 5 Bytes  JMP 017300B6 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!VirtualProtect                                                                                                                                                                                                                77A61DC3 5 Bytes  JMP 01730F81 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              77A62EF5 5 Bytes  JMP 01730FD4 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              77A65C0C 5 Bytes  JMP 01730FB9 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!CreatePipe                                                                                                                                                                                                                    77A88E6E 5 Bytes  JMP 01730F55 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                77A89109 5 Bytes  JMP 0173005B 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  77A89362 5 Bytes  JMP 0173002F 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                77A894B4 5 Bytes  JMP 01730040 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  77A894DC 5 Bytes  JMP 01730F9E 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              77A8DBDA 5 Bytes  JMP 01730F70 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!GetProcAddress                                                                                                                                                                                                                77AA903B 5 Bytes  JMP 017300F6 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!CreateFileW                                                                                                                                                                                                                   77AAAECB 5 Bytes  JMP 01730FEF 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!CreateFileA                                                                                                                                                                                                                   77AACE5F 5 Bytes  JMP 0173000A 
.text           C:\Windows\System32\svchost.exe[1300] kernel32.dll!WinExec                                                                                                                                                                                                                       77AF5CF7 5 Bytes  JMP 0173009B 
.text           C:\Windows\System32\svchost.exe[1300] msvcrt.dll!_wsystem                                                                                                                                                                                                                        774D7F2F 5 Bytes  JMP 017A0FAB 
.text           C:\Windows\System32\svchost.exe[1300] msvcrt.dll!system                                                                                                                                                                                                                          774D804B 5 Bytes  JMP 017A0036 
.text           C:\Windows\System32\svchost.exe[1300] msvcrt.dll!_creat                                                                                                                                                                                                                          774DBBE1 5 Bytes  JMP 017A001B 
.text           C:\Windows\System32\svchost.exe[1300] msvcrt.dll!_open                                                                                                                                                                                                                           774DD106 5 Bytes  JMP 017A0FE3 
.text           C:\Windows\System32\svchost.exe[1300] msvcrt.dll!_wcreat                                                                                                                                                                                                                         774DD326 5 Bytes  JMP 017A0FBC 
.text           C:\Windows\System32\svchost.exe[1300] msvcrt.dll!_wopen                                                                                                                                                                                                                          774DD501 5 Bytes  JMP 017A0000 
.text           C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               760839AB 5 Bytes  JMP 0174005B 
.text           C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76083BA9 5 Bytes  JMP 01740FB9 
.text           C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   760889C7 5 Bytes  JMP 01740FEF 
.text           C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7609391E 5 Bytes  JMP 01740036 
.text           C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               760941F1 5 Bytes  JMP 01740F9E 
.text           C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76097C42 5 Bytes  JMP 01740025 
.text           C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7609E2B5 5 Bytes  JMP 0174000A 
.text           C:\Windows\System32\svchost.exe[1300] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 760A7BA1 5 Bytes  JMP 01740FCA 
.text           C:\Windows\System32\svchost.exe[1300] WS2_32.dll!socket                                                                                                                                                                                                                          76D136D1 5 Bytes  JMP 0179000A 
.text           C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779443D4 5 Bytes  JMP 00710FEF 
.text           C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77944494 5 Bytes  JMP 00710025 
.text           C:\Windows\system32\svchost.exe[1320] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77944D34 5 Bytes  JMP 0071000A 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               77A61929 5 Bytes  JMP 00FD0F4B 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               77A619C9 5 Bytes  JMP 00FD0F5C 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateProcessW                                                                                                                                                                                                                77A61BF3 5 Bytes  JMP 00FD00C7 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateProcessA                                                                                                                                                                                                                77A61C28 5 Bytes  JMP 00FD0F30 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!VirtualProtect                                                                                                                                                                                                                77A61DC3 5 Bytes  JMP 00FD0FA3 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              77A62EF5 5 Bytes  JMP 00FD0025 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              77A65C0C 5 Bytes  JMP 00FD0040 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreatePipe                                                                                                                                                                                                                    77A88E6E 5 Bytes  JMP 00FD0F77 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                77A89109 5 Bytes  JMP 00FD007D 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  77A89362 5 Bytes  JMP 00FD005B 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                77A894B4 5 Bytes  JMP 00FD006C 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  77A894DC 5 Bytes  JMP 00FD0FD4 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              77A8DBDA 5 Bytes  JMP 00FD0F88 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!GetProcAddress                                                                                                                                                                                                                77AA903B 5 Bytes  JMP 00FD00E2 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateFileW                                                                                                                                                                                                                   77AAAECB 5 Bytes  JMP 00FD0FEF 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!CreateFileA                                                                                                                                                                                                                   77AACE5F 5 Bytes  JMP 00FD0000 
.text           C:\Windows\system32\svchost.exe[1320] kernel32.dll!WinExec                                                                                                                                                                                                                       77AF5CF7 5 Bytes  JMP 00FD00B6 
.text           C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wsystem                                                                                                                                                                                                                        774D7F2F 5 Bytes  JMP 01250F70 
.text           C:\Windows\system32\svchost.exe[1320] msvcrt.dll!system                                                                                                                                                                                                                          774D804B 5 Bytes  JMP 01250F95 
.text           C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_creat                                                                                                                                                                                                                          774DBBE1 5 Bytes  JMP 01250FC1 
.text           C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_open                                                                                                                                                                                                                           774DD106 5 Bytes  JMP 01250FEF 
.text           C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wcreat                                                                                                                                                                                                                         774DD326 5 Bytes  JMP 01250FA6 
.text           C:\Windows\system32\svchost.exe[1320] msvcrt.dll!_wopen                                                                                                                                                                                                                          774DD501 5 Bytes  JMP 01250FDE 
.text           C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               760839AB 5 Bytes  JMP 00FE0055 
.text           C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76083BA9 5 Bytes  JMP 00FE0044 
.text           C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   760889C7 5 Bytes  JMP 00FE0000 
.text           C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7609391E 5 Bytes  JMP 00FE0FBD 
.text           C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               760941F1 5 Bytes  JMP 00FE007A 
.text           C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76097C42 5 Bytes  JMP 00FE0022 
.text           C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7609E2B5 5 Bytes  JMP 00FE0011 
.text           C:\Windows\system32\svchost.exe[1320] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 760A7BA1 5 Bytes  JMP 00FE0033 
.text           C:\Windows\system32\svchost.exe[1320] WS2_32.dll!socket                                                                                                                                                                                                                          76D136D1 5 Bytes  JMP 00FF0FEF 
.text           C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779443D4 5 Bytes  JMP 00210FEF 
.text           C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77944494 5 Bytes  JMP 00210FC3 
.text           C:\Windows\system32\svchost.exe[1456] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77944D34 5 Bytes  JMP 00210FD4 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               77A61929 5 Bytes  JMP 00220F1F 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               77A619C9 5 Bytes  JMP 00220F44 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateProcessW                                                                                                                                                                                                                77A61BF3 5 Bytes  JMP 0022009B 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateProcessA                                                                                                                                                                                                                77A61C28 5 Bytes  JMP 00220F04 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!VirtualProtect                                                                                                                                                                                                                77A61DC3 5 Bytes  JMP 00220054 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              77A62EF5 5 Bytes  JMP 00220FB9 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              77A65C0C 5 Bytes  JMP 0022000A 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreatePipe                                                                                                                                                                                                                    77A88E6E 5 Bytes  JMP 0022006F 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                77A89109 5 Bytes  JMP 00220F7A 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  77A89362 5 Bytes  JMP 00220F97 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                77A894B4 5 Bytes  JMP 00220039 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  77A894DC 5 Bytes  JMP 00220FA8 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              77A8DBDA 5 Bytes  JMP 00220F5F 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!GetProcAddress                                                                                                                                                                                                                77AA903B 5 Bytes  JMP 00220EF3 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateFileW                                                                                                                                                                                                                   77AAAECB 5 Bytes  JMP 00220FD4 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!CreateFileA                                                                                                                                                                                                                   77AACE5F 5 Bytes  JMP 00220FEF 
.text           C:\Windows\system32\svchost.exe[1456] kernel32.dll!WinExec                                                                                                                                                                                                                       77AF5CF7 5 Bytes  JMP 00220080 
.text           C:\Windows\system32\svchost.exe[1456] msvcrt.dll!_wsystem                                                                                                                                                                                                                        774D7F2F 5 Bytes  JMP 00740073 
.text           C:\Windows\system32\svchost.exe[1456] msvcrt.dll!system                                                                                                                                                                                                                          774D804B 5 Bytes  JMP 00740FDE 
.text           C:\Windows\system32\svchost.exe[1456] msvcrt.dll!_creat                                                                                                                                                                                                                          774DBBE1 5 Bytes  JMP 00740033 
.text           C:\Windows\system32\svchost.exe[1456] msvcrt.dll!_open                                                                                                                                                                                                                           774DD106 5 Bytes  JMP 0074000C 
.text           C:\Windows\system32\svchost.exe[1456] msvcrt.dll!_wcreat                                                                                                                                                                                                                         774DD326 5 Bytes  JMP 00740044 
.text           C:\Windows\system32\svchost.exe[1456] msvcrt.dll!_wopen                                                                                                                                                                                                                          774DD501 5 Bytes  JMP 00740FEF 
.text           C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               760839AB 5 Bytes  JMP 00200040 
.text           C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76083BA9 5 Bytes  JMP 00200FAF 
.text           C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   760889C7 5 Bytes  JMP 00200000 
.text           C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7609391E 5 Bytes  JMP 00200F9E 
.text           C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               760941F1 5 Bytes  JMP 0020005B 
.text           C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76097C42 5 Bytes  JMP 00200011 
.text           C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7609E2B5 5 Bytes  JMP 00200FE5 
.text           C:\Windows\system32\svchost.exe[1456] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 760A7BA1 5 Bytes  JMP 00200FCA 
.text           C:\Windows\system32\svchost.exe[1456] WS2_32.dll!socket                                                                                                                                                                                                                          76D136D1 5 Bytes  JMP 006F0000 
.text           C:\Windows\system32\svchost.exe[1536] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779443D4 5 Bytes  JMP 01510FE5 
.text           C:\Windows\system32\svchost.exe[1536] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77944494 5 Bytes  JMP 01510011 
.text           C:\Windows\system32\svchost.exe[1536] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77944D34 5 Bytes  JMP 01510000 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               77A61929 5 Bytes  JMP 016000AE 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               77A619C9 5 Bytes  JMP 01600F68 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!CreateProcessW                                                                                                                                                                                                                77A61BF3 5 Bytes  JMP 016000DA 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!CreateProcessA                                                                                                                                                                                                                77A61C28 5 Bytes  JMP 01600F43 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!VirtualProtect                                                                                                                                                                                                                77A61DC3 5 Bytes  JMP 01600089 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              77A62EF5 5 Bytes  JMP 01600025 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              77A65C0C 5 Bytes  JMP 01600FCA 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!CreatePipe                                                                                                                                                                                                                    77A88E6E 5 Bytes  JMP 01600F79 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                77A89109 5 Bytes  JMP 01600FAF 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  77A89362 5 Bytes  JMP 01600051 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                77A894B4 5 Bytes  JMP 0160006C 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  77A894DC 5 Bytes  JMP 01600040 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              77A8DBDA 5 Bytes  JMP 01600F94 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!GetProcAddress                                                                                                                                                                                                                77AA903B 5 Bytes  JMP 016000F5 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!CreateFileW                                                                                                                                                                                                                   77AAAECB 5 Bytes  JMP 0160000A 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!CreateFileA                                                                                                                                                                                                                   77AACE5F 5 Bytes  JMP 01600FEF 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!WinExec                                                                                                                                                                                                                       77AF5CF7 5 Bytes  JMP 016000BF 
.text           C:\Windows\system32\svchost.exe[1536] msvcrt.dll!_wsystem                                                                                                                                                                                                                        774D7F2F 5 Bytes  JMP 016A0FA1 
.text           C:\Windows\system32\svchost.exe[1536] msvcrt.dll!system                                                                                                                                                                                                                          774D804B 5 Bytes  JMP 016A0036 
.text           C:\Windows\system32\svchost.exe[1536] msvcrt.dll!_creat                                                                                                                                                                                                                          774DBBE1 5 Bytes  JMP 016A001B 
.text           C:\Windows\system32\svchost.exe[1536] msvcrt.dll!_open                                                                                                                                                                                                                           774DD106 5 Bytes  JMP 016A0FEF 
.text           C:\Windows\system32\svchost.exe[1536] msvcrt.dll!_wcreat                                                                                                                                                                                                                         774DD326 5 Bytes  JMP 016A0FC6 
.text           C:\Windows\system32\svchost.exe[1536] msvcrt.dll!_wopen                                                                                                                                                                                                                          774DD501 5 Bytes  JMP 016A0000 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               760839AB 5 Bytes  JMP 01020058 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76083BA9 5 Bytes  JMP 01020FCA 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   760889C7 5 Bytes  JMP 01020000 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7609391E 5 Bytes  JMP 01020047 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               760941F1 5 Bytes  JMP 01020F9B 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76097C42 5 Bytes  JMP 01020025 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7609E2B5 5 Bytes  JMP 01020FE5 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 760A7BA1 5 Bytes  JMP 01020036 
.text           C:\Windows\system32\svchost.exe[1536] WS2_32.dll!socket                                                                                                                                                                                                                          76D136D1 5 Bytes  JMP 01650FEF 
.text           C:\Windows\system32\svchost.exe[1536] WinInet.dll!InternetOpenA                                                                                                                                                                                                                  7766D690 5 Bytes  JMP 01730000 
.text           C:\Windows\system32\svchost.exe[1536] WinInet.dll!InternetOpenW                                                                                                                                                                                                                  7766DB09 5 Bytes  JMP 01730FE5 
.text           C:\Windows\system32\svchost.exe[1536] WinInet.dll!InternetOpenUrlA                                                                                                                                                                                                               7766F3A4 5 Bytes  JMP 01730025 
.text           C:\Windows\system32\svchost.exe[1536] WinInet.dll!InternetOpenUrlW                                                                                                                                                                                                               776B6DDF 5 Bytes  JMP 01730036 
.text           C:\Windows\system32\svchost.exe[1648] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779443D4 5 Bytes  JMP 01760FEF 
.text           C:\Windows\system32\svchost.exe[1648] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77944494 5 Bytes  JMP 0176002F 
.text           C:\Windows\system32\svchost.exe[1648] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77944D34 5 Bytes  JMP 01760014 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               77A61929 5 Bytes  JMP 01780F6D 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               77A619C9 5 Bytes  JMP 017800B3 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateProcessW                                                                                                                                                                                                                77A61BF3 5 Bytes  JMP 017800FA 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateProcessA                                                                                                                                                                                                                77A61C28 5 Bytes  JMP 017800E9 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!VirtualProtect                                                                                                                                                                                                                77A61DC3 5 Bytes  JMP 01780FAD 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              77A62EF5 5 Bytes  JMP 0178000A 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              77A65C0C 5 Bytes  JMP 01780025 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreatePipe                                                                                                                                                                                                                    77A88E6E 5 Bytes  JMP 01780F88 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                77A89109 5 Bytes  JMP 01780087 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  77A89362 5 Bytes  JMP 01780051 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                77A894B4 5 Bytes  JMP 0178006C 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  77A894DC 5 Bytes  JMP 01780040 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              77A8DBDA 5 Bytes  JMP 017800A2 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!GetProcAddress                                                                                                                                                                                                                77AA903B 5 Bytes  JMP 01780F52 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateFileW                                                                                                                                                                                                                   77AAAECB 5 Bytes  JMP 01780FDE 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!CreateFileA                                                                                                                                                                                                                   77AACE5F 5 Bytes  JMP 01780FEF 
.text           C:\Windows\system32\svchost.exe[1648] kernel32.dll!WinExec                                                                                                                                                                                                                       77AF5CF7 5 Bytes  JMP 017800D8 
.text           C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_wsystem                                                                                                                                                                                                                        774D7F2F 5 Bytes  JMP 017A0FD4 
.text           C:\Windows\system32\svchost.exe[1648] msvcrt.dll!system                                                                                                                                                                                                                          774D804B 5 Bytes  JMP 017A005F 
.text           C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_creat                                                                                                                                                                                                                          774DBBE1 5 Bytes  JMP 017A0033 
.text           C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_open                                                                                                                                                                                                                           774DD106 5 Bytes  JMP 017A0FEF 
.text           C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_wcreat                                                                                                                                                                                                                         774DD326 5 Bytes  JMP 017A004E 
.text           C:\Windows\system32\svchost.exe[1648] msvcrt.dll!_wopen                                                                                                                                                                                                                          774DD501 5 Bytes  JMP 017A0018 
.text           C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               760839AB 5 Bytes  JMP 01610062 
.text           C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76083BA9 5 Bytes  JMP 01610FCA 
.text           C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   760889C7 5 Bytes  JMP 01610000 
.text           C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7609391E 5 Bytes  JMP 01610051 
.text           C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               760941F1 5 Bytes  JMP 01610F9B 
.text           C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76097C42 5 Bytes  JMP 0161002C 
.text           C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7609E2B5 5 Bytes  JMP 0161001B 
.text           C:\Windows\system32\svchost.exe[1648] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 760A7BA1 5 Bytes  JMP 01610FDB 
.text           C:\Windows\system32\svchost.exe[1648] WS2_32.dll!socket                                                                                                                                                                                                                          76D136D1 5 Bytes  JMP 01790FEF 
.text           C:\Windows\system32\svchost.exe[2032] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779443D4 5 Bytes  JMP 00A40000 
.text           C:\Windows\system32\svchost.exe[2032] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77944494 5 Bytes  JMP 00A40022 
.text           C:\Windows\system32\svchost.exe[2032] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77944D34 5 Bytes  JMP 00A40011 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               77A61929 5 Bytes  JMP 00E40071 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               77A619C9 5 Bytes  JMP 00E40F35 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!CreateProcessW                                                                                                                                                                                                                77A61BF3 5 Bytes  JMP 00E40EFF 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!CreateProcessA                                                                                                                                                                                                                77A61C28 5 Bytes  JMP 00E40096 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!VirtualProtect                                                                                                                                                                                                                77A61DC3 5 Bytes  JMP 00E40F61 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              77A62EF5 5 Bytes  JMP 00E40FC0 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              77A65C0C 5 Bytes  JMP 00E4001B 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!CreatePipe                                                                                                                                                                                                                    77A88E6E 5 Bytes  JMP 00E40060 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                77A89109 5 Bytes  JMP 00E40F72 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  77A89362 5 Bytes  JMP 00E40F9E 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                77A894B4 5 Bytes  JMP 00E40F8D 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  77A894DC 5 Bytes  JMP 00E40FAF 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              77A8DBDA 5 Bytes  JMP 00E40F50 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!GetProcAddress                                                                                                                                                                                                                77AA903B 5 Bytes  JMP 00E40EE4 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!CreateFileW                                                                                                                                                                                                                   77AAAECB 5 Bytes  JMP 00E40FDB 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!CreateFileA                                                                                                                                                                                                                   77AACE5F 5 Bytes  JMP 00E40000 
.text           C:\Windows\system32\svchost.exe[2032] kernel32.dll!WinExec                                                                                                                                                                                                                       77AF5CF7 5 Bytes  JMP 00E40F10 
.text           C:\Windows\system32\svchost.exe[2032] msvcrt.dll!_wsystem                                                                                                                                                                                                                        774D7F2F 5 Bytes  JMP 00E30FA6 
.text           C:\Windows\system32\svchost.exe[2032] msvcrt.dll!system                                                                                                                                                                                                                          774D804B 5 Bytes  JMP 00E30031 
.text           C:\Windows\system32\svchost.exe[2032] msvcrt.dll!_creat                                                                                                                                                                                                                          774DBBE1 5 Bytes  JMP 00E30FD2 
.text           C:\Windows\system32\svchost.exe[2032] msvcrt.dll!_open                                                                                                                                                                                                                           774DD106 5 Bytes  JMP 00E30FEF 
.text           C:\Windows\system32\svchost.exe[2032] msvcrt.dll!_wcreat                                                                                                                                                                                                                         774DD326 5 Bytes  JMP 00E30FB7 
.text           C:\Windows\system32\svchost.exe[2032] msvcrt.dll!_wopen                                                                                                                                                                                                                          774DD501 5 Bytes  JMP 00E30000 
.text           C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               760839AB 5 Bytes  JMP 007B0062 
.text           C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76083BA9 5 Bytes  JMP 007B0047 
.text           C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   760889C7 5 Bytes  JMP 007B0000 
.text           C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7609391E 5 Bytes  JMP 007B0FC0 
.text           C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               760941F1 5 Bytes  JMP 007B007D 
.text           C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76097C42 5 Bytes  JMP 007B002C 
.text           C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7609E2B5 5 Bytes  JMP 007B0011 
.text           C:\Windows\system32\svchost.exe[2032] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 760A7BA1 5 Bytes  JMP 007B0FDB 
.text           C:\Windows\system32\svchost.exe[2032] WS2_32.dll!socket                                                                                                                                                                                                                          76D136D1 5 Bytes  JMP 00A90000 
.text           C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779443D4 5 Bytes  JMP 00D9000A 
.text           C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77944494 5 Bytes  JMP 00D90FE5 
.text           C:\Windows\system32\svchost.exe[2356] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77944D34 5 Bytes  JMP 00D9001B 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               77A61929 5 Bytes  JMP 00DE006C 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               77A619C9 5 Bytes  JMP 00DE005B 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!CreateProcessW                                                                                                                                                                                                                77A61BF3 5 Bytes  JMP 00DE00A9 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!CreateProcessA                                                                                                                                                                                                                77A61C28 5 Bytes  JMP 00DE008E 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!VirtualProtect                                                                                                                                                                                                                77A61DC3 5 Bytes  JMP 00DE0F4B 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              77A62EF5 5 Bytes  JMP 00DE0000 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              77A65C0C 5 Bytes  JMP 00DE0FA5 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!CreatePipe                                                                                                                                                                                                                    77A88E6E 5 Bytes  JMP 00DE0040 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                77A89109 5 Bytes  JMP 00DE0025 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  77A89362 5 Bytes  JMP 00DE0F79 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                77A894B4 5 Bytes  JMP 00DE0F68 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  77A894DC 5 Bytes  JMP 00DE0F94 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              77A8DBDA 5 Bytes  JMP 00DE0F3A 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!GetProcAddress                                                                                                                                                                                                                77AA903B 5 Bytes  JMP 00DE00BA 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!CreateFileW                                                                                                                                                                                                                   77AAAECB 5 Bytes  JMP 00DE0FCA 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!CreateFileA                                                                                                                                                                                                                   77AACE5F 5 Bytes  JMP 00DE0FE5 
.text           C:\Windows\system32\svchost.exe[2356] kernel32.dll!WinExec                                                                                                                                                                                                                       77AF5CF7 5 Bytes  JMP 00DE007D 
.text           C:\Windows\system32\svchost.exe[2356] msvcrt.dll!_wsystem                                                                                                                                                                                                                        774D7F2F 5 Bytes  JMP 00D8005D 
.text           C:\Windows\system32\svchost.exe[2356] msvcrt.dll!system                                                                                                                                                                                                                          774D804B 5 Bytes  JMP 00D80FD2 
.text           C:\Windows\system32\svchost.exe[2356] msvcrt.dll!_creat                                                                                                                                                                                                                          774DBBE1 5 Bytes  JMP 00D80027 
.text           C:\Windows\system32\svchost.exe[2356] msvcrt.dll!_open                                                                                                                                                                                                                           774DD106 5 Bytes  JMP 00D80FE3 
.text           C:\Windows\system32\svchost.exe[2356] msvcrt.dll!_wcreat                                                                                                                                                                                                                         774DD326 5 Bytes  JMP 00D80038 
.text           C:\Windows\system32\svchost.exe[2356] msvcrt.dll!_wopen                                                                                                                                                                                                                          774DD501 5 Bytes  JMP 00D8000C 
.text           C:\Windows\system32\svchost.exe[2356] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               760839AB 5 Bytes  JMP 000B0032 
.text           C:\Windows\system32\svchost.exe[2356] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76083BA9 5 Bytes  JMP 000B0FA1 
.text           C:\Windows\system32\svchost.exe[2356] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   760889C7 5 Bytes  JMP 000B0FEF 
.text           C:\Windows\system32\svchost.exe[2356] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7609391E 5 Bytes  JMP 000B0F90 
.text           C:\Windows\system32\svchost.exe[2356] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               760941F1 5 Bytes  JMP 000B0F75 
.text           C:\Windows\system32\svchost.exe[2356] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76097C42 5 Bytes  JMP 000B0FCD 
.text           C:\Windows\system32\svchost.exe[2356] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7609E2B5 5 Bytes  JMP 000B0FDE 
.text           C:\Windows\system32\svchost.exe[2356] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 760A7BA1 5 Bytes  JMP 000B0FB2 
.text           C:\Windows\system32\svchost.exe[2356] WS2_32.dll!socket                                                                                                                                                                                                                          76D136D1 5 Bytes  JMP 006E0FEF 
.text           C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779443D4 5 Bytes  JMP 00CD0FEF 
.text           C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77944494 5 Bytes  JMP 00CD0FC3 
.text           C:\Windows\system32\svchost.exe[2524] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77944D34 5 Bytes  JMP 00CD0FDE 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               77A61929 5 Bytes  JMP 00D20F32 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               77A619C9 5 Bytes  JMP 00D20F43 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateProcessW                                                                                                                                                                                                                77A61BF3 5 Bytes  JMP 00D200AE 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateProcessA                                                                                                                                                                                                                77A61C28 5 Bytes  JMP 00D20093 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!VirtualProtect                                                                                                                                                                                                                77A61DC3 5 Bytes  JMP 00D20F83 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              77A62EF5 5 Bytes  JMP 00D20014 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              77A65C0C 5 Bytes  JMP 00D20025 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreatePipe                                                                                                                                                                                                                    77A88E6E 5 Bytes  JMP 00D2006E 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                77A89109 5 Bytes  JMP 00D2005D 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  77A89362 5 Bytes  JMP 00D20036 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                77A894B4 5 Bytes  JMP 00D20F94 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  77A894DC 5 Bytes  JMP 00D20FB9 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              77A8DBDA 5 Bytes  JMP 00D20F5E 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!GetProcAddress                                                                                                                                                                                                                77AA903B 5 Bytes  JMP 00D20EFC 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateFileW                                                                                                                                                                                                                   77AAAECB 5 Bytes  JMP 00D20FDE 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!CreateFileA                                                                                                                                                                                                                   77AACE5F 5 Bytes  JMP 00D20FEF 
.text           C:\Windows\system32\svchost.exe[2524] kernel32.dll!WinExec                                                                                                                                                                                                                       77AF5CF7 5 Bytes  JMP 00D20F21 
.text           C:\Windows\system32\svchost.exe[2524] msvcrt.dll!_wsystem                                                                                                                                                                                                                        774D7F2F 5 Bytes  JMP 00750038 
.text           C:\Windows\system32\svchost.exe[2524] msvcrt.dll!system                                                                                                                                                                                                                          774D804B 5 Bytes  JMP 00750FAD 
.text           C:\Windows\system32\svchost.exe[2524] msvcrt.dll!_creat                                                                                                                                                                                                                          774DBBE1 5 Bytes  JMP 00750FD9 
.text           C:\Windows\system32\svchost.exe[2524] msvcrt.dll!_open                                                                                                                                                                                                                           774DD106 5 Bytes  JMP 00750000 
.text           C:\Windows\system32\svchost.exe[2524] msvcrt.dll!_wcreat                                                                                                                                                                                                                         774DD326 5 Bytes  JMP 00750FC8 
.text           C:\Windows\system32\svchost.exe[2524] msvcrt.dll!_wopen                                                                                                                                                                                                                          774DD501 5 Bytes  JMP 00750011 
.text           C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               760839AB 5 Bytes  JMP 00210F94 
.text           C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76083BA9 5 Bytes  JMP 0021002C 
.text           C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   760889C7 5 Bytes  JMP 00210FEF 
.text           C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7609391E 5 Bytes  JMP 00210FA5 
.text           C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               760941F1 5 Bytes  JMP 00210F83 
.text           C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76097C42 5 Bytes  JMP 00210000 
.text           C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7609E2B5 5 Bytes  JMP 00210FCA 
.text           C:\Windows\system32\svchost.exe[2524] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 760A7BA1 5 Bytes  JMP 00210011 
.text           C:\Windows\system32\svchost.exe[2524] WS2_32.dll!socket                                                                                                                                                                                                                          76D136D1 5 Bytes  JMP 00700000 
.text           C:\Windows\System32\svchost.exe[2600] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779443D4 5 Bytes  JMP 00070FEF 
.text           C:\Windows\System32\svchost.exe[2600] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77944494 5 Bytes  JMP 0007001B 
.text           C:\Windows\System32\svchost.exe[2600] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77944D34 5 Bytes  JMP 0007000A 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               77A61929 5 Bytes  JMP 00090089 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               77A619C9 5 Bytes  JMP 00090F43 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!CreateProcessW                                                                                                                                                                                                                77A61BF3 5 Bytes  JMP 00090F06 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!CreateProcessA                                                                                                                                                                                                                77A61C28 5 Bytes  JMP 00090F21 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!VirtualProtect                                                                                                                                                                                                                77A61DC3 5 Bytes  JMP 00090F72 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              77A62EF5 5 Bytes  JMP 00090FCA 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              77A65C0C 5 Bytes  JMP 0009001B 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!CreatePipe                                                                                                                                                                                                                    77A88E6E 5 Bytes  JMP 0009006E 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                77A89109 3 Bytes  JMP 00090F83 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!LoadLibraryExW + 4                                                                                                                                                                                                            77A8910D 1 Byte  [88]
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  77A89362 5 Bytes  JMP 00090FAF 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                77A894B4 5 Bytes  JMP 00090F94 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  77A894DC 5 Bytes  JMP 0009002C 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              77A8DBDA 5 Bytes  JMP 0009005D 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!GetProcAddress                                                                                                                                                                                                                77AA903B 5 Bytes  JMP 00090EEB 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!CreateFileW                                                                                                                                                                                                                   77AAAECB 5 Bytes  JMP 00090FE5 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!CreateFileA                                                                                                                                                                                                                   77AACE5F 5 Bytes  JMP 00090000 
.text           C:\Windows\System32\svchost.exe[2600] kernel32.dll!WinExec                                                                                                                                                                                                                       77AF5CF7 5 Bytes  JMP 00090F32 
.text           C:\Windows\System32\svchost.exe[2600] msvcrt.dll!_wsystem                                                                                                                                                                                                                        774D7F2F 5 Bytes  JMP 00060011 
.text           C:\Windows\System32\svchost.exe[2600] msvcrt.dll!system                                                                                                                                                                                                                          774D804B 5 Bytes  JMP 00060000 
.text           C:\Windows\System32\svchost.exe[2600] msvcrt.dll!_creat                                                                                                                                                                                                                          774DBBE1 5 Bytes  JMP 00060FB5 
.text           C:\Windows\System32\svchost.exe[2600] msvcrt.dll!_open                                                                                                                                                                                                                           774DD106 5 Bytes  JMP 00060FE3 
.text           C:\Windows\System32\svchost.exe[2600] msvcrt.dll!_wcreat                                                                                                                                                                                                                         774DD326 5 Bytes  JMP 00060F90 
.text           C:\Windows\System32\svchost.exe[2600] msvcrt.dll!_wopen                                                                                                                                                                                                                          774DD501 5 Bytes  JMP 00060FD2 
.text           C:\Windows\System32\svchost.exe[2600] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               760839AB 5 Bytes  JMP 00050F83 
.text           C:\Windows\System32\svchost.exe[2600] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76083BA9 5 Bytes  JMP 00050025 
.text           C:\Windows\System32\svchost.exe[2600] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   760889C7 5 Bytes  JMP 00050FEF 
.text           C:\Windows\System32\svchost.exe[2600] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7609391E 5 Bytes  JMP 00050F94 
.text           C:\Windows\System32\svchost.exe[2600] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               760941F1 5 Bytes  JMP 00050036 
.text           C:\Windows\System32\svchost.exe[2600] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76097C42 5 Bytes  JMP 00050FC3 
.text           C:\Windows\System32\svchost.exe[2600] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7609E2B5 5 Bytes  JMP 00050FDE 
.text           C:\Windows\System32\svchost.exe[2600] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 760A7BA1 5 Bytes  JMP 00050014 
.text           C:\Windows\System32\svchost.exe[2600] WS2_32.dll!socket                                                                                                                                                                                                                          76D136D1 5 Bytes  JMP 00670000 
.text           C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2944] kernel32.dll!LoadLibraryW                                                                                                                                                                                      77A89362 5 Bytes  JMP 70C39AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text           C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[2944] kernel32.dll!LoadLibraryA                                                                                                                                                                                      77A894DC 5 Bytes  JMP 70C39A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text           C:\Windows\Explorer.EXE[5832] ntdll.dll!NtCreateFile                                                                                                                                                                                                                             779443D4 5 Bytes  JMP 00040000 
.text           C:\Windows\Explorer.EXE[5832] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                          77944494 5 Bytes  JMP 00040FCA 
.text           C:\Windows\Explorer.EXE[5832] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                                   77944D34 5 Bytes  JMP 00040FE5 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                                       77A61929 5 Bytes  JMP 00010F9C 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                                       77A619C9 5 Bytes  JMP 000100D8 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!CreateProcessW                                                                                                                                                                                                                        77A61BF3 5 Bytes  JMP 00010F66 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!CreateProcessA                                                                                                                                                                                                                        77A61C28 5 Bytes  JMP 00010F77 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!VirtualProtect                                                                                                                                                                                                                        77A61DC3 5 Bytes  JMP 00010FC1 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                                      77A62EF5 5 Bytes  JMP 00010025 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                                      77A65C0C 5 Bytes  JMP 00010040 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!CreatePipe                                                                                                                                                                                                                            77A88E6E 5 Bytes  JMP 000100C7 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                        77A89109 5 Bytes  JMP 0001009B 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                          77A89362 5 Bytes  JMP 00010065 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                        77A894B4 5 Bytes  JMP 00010080 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                          77A894DC 5 Bytes  JMP 00010FDE 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                                      77A8DBDA 5 Bytes  JMP 000100B6 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!GetProcAddress                                                                                                                                                                                                                        77AA903B 5 Bytes  JMP 00010F41 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!CreateFileW                                                                                                                                                                                                                           77AAAECB 5 Bytes  JMP 0001000A 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!CreateFileA                                                                                                                                                                                                                           77AACE5F 5 Bytes  JMP 00010FEF 
.text           C:\Windows\Explorer.EXE[5832] kernel32.dll!WinExec                                                                                                                                                                                                                               77AF5CF7 5 Bytes  JMP 000100FD 
.text           C:\Windows\Explorer.EXE[5832] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                                       760839AB 5 Bytes  JMP 00060F86 
.text           C:\Windows\Explorer.EXE[5832] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                         76083BA9 5 Bytes  JMP 00060028 
.text           C:\Windows\Explorer.EXE[5832] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                           760889C7 5 Bytes  JMP 00060FEF 
.text           C:\Windows\Explorer.EXE[5832] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                         7609391E 5 Bytes  JMP 00060F97 
.text           C:\Windows\Explorer.EXE[5832] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                                       760941F1 5 Bytes  JMP 00060F75 
.text           C:\Windows\Explorer.EXE[5832] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                         76097C42 5 Bytes  JMP 00060FCD 
.text           C:\Windows\Explorer.EXE[5832] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                           7609E2B5 5 Bytes  JMP 00060FDE 
.text           C:\Windows\Explorer.EXE[5832] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                         760A7BA1 5 Bytes  JMP 00060FBC 
.text           C:\Windows\Explorer.EXE[5832] msvcrt.dll!_wsystem                                                                                                                                                                                                                                774D7F2F 5 Bytes  JMP 00070FA6 
.text           C:\Windows\Explorer.EXE[5832] msvcrt.dll!system                                                                                                                                                                                                                                  774D804B 5 Bytes  JMP 00070031 
.text           C:\Windows\Explorer.EXE[5832] msvcrt.dll!_creat                                                                                                                                                                                                                                  774DBBE1 5 Bytes  JMP 00070FD2 
.text           C:\Windows\Explorer.EXE[5832] msvcrt.dll!_open                                                                                                                                                                                                                                   774DD106 5 Bytes  JMP 00070FEF 
.text           C:\Windows\Explorer.EXE[5832] msvcrt.dll!_wcreat                                                                                                                                                                                                                                 774DD326 5 Bytes  JMP 00070FB7 
.text           C:\Windows\Explorer.EXE[5832] msvcrt.dll!_wopen                                                                                                                                                                                                                                  774DD501 5 Bytes  JMP 0007000C 
.text           C:\Windows\Explorer.EXE[5832] WS2_32.dll!socket                                                                                                                                                                                                                                  76D136D1 5 Bytes  JMP 03850000 
.text           C:\Windows\Explorer.EXE[5832] WININET.dll!InternetOpenA                                                                                                                                                                                                                          7766D690 5 Bytes  JMP 03840FE5 
.text           C:\Windows\Explorer.EXE[5832] WININET.dll!InternetOpenW                                                                                                                                                                                                                          7766DB09 5 Bytes  JMP 03840FCA 
.text           C:\Windows\Explorer.EXE[5832] WININET.dll!InternetOpenUrlA                                                                                                                                                                                                                       7766F3A4 5 Bytes  JMP 03840FB9 
.text           C:\Windows\Explorer.EXE[5832] WININET.dll!InternetOpenUrlW                                                                                                                                                                                                                       776B6DDF 5 Bytes  JMP 03840FA8 

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2140] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW]                                                                                                                                              [00A476E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT             C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2140] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]                                                                                                                                                  [00A47740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv1.exe[5560] @ C:\Windows\system32\shell32.dll [USER32.dll!CreateWindowExW]                                                                                                                                                                [00419A16] C:\Users\ge012796\AppData\Local\Temp\Fv1.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv1.exe[5560] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowPos]                                                                                                                                                                   [00419B42] C:\Users\ge012796\AppData\Local\Temp\Fv1.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv1.exe[5560] @ C:\Windows\system32\shell32.dll [USER32.dll!ShowWindow]                                                                                                                                                                     [00419A90] C:\Users\ge012796\AppData\Local\Temp\Fv1.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv1.exe[5560] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA]                                                                                                                                                                [0041999C] C:\Users\ge012796\AppData\Local\Temp\Fv1.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv1.exe[5560] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW]                                                                                                                                                                [00419A16] C:\Users\ge012796\AppData\Local\Temp\Fv1.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv1.exe[5560] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateWindowExW]                                                                                                                                                                  [00419A16] C:\Users\ge012796\AppData\Local\Temp\Fv1.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv1.exe[5560] @ C:\Windows\system32\ole32.dll [USER32.dll!ShowWindow]                                                                                                                                                                       [00419A90] C:\Users\ge012796\AppData\Local\Temp\Fv1.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv1.exe[5560] @ C:\Windows\system32\WININET.dll [USER32.dll!SetWindowPos]                                                                                                                                                                   [00419B42] C:\Users\ge012796\AppData\Local\Temp\Fv1.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv1.exe[5560] @ C:\Windows\system32\WININET.dll [USER32.dll!CreateWindowExW]                                                                                                                                                                [00419A16] C:\Users\ge012796\AppData\Local\Temp\Fv1.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\shell32.dll [USER32.dll!MessageBoxW]                                                                                                                                                                    [00418A36] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\shell32.dll [USER32.dll!CreateWindowExW]                                                                                                                                                                [00418898] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\shell32.dll [USER32.dll!SetWindowPos]                                                                                                                                                                   [004189BE] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\shell32.dll [USER32.dll!DialogBoxParamW]                                                                                                                                                                [00418A2A] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\shell32.dll [USER32.dll!ShowWindow]                                                                                                                                                                     [00418910] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\shell32.dll [USER32.dll!MessageBoxIndirectW]                                                                                                                                                            [00418A24] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExA]                                                                                                                                                                [00418820] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!CreateWindowExW]                                                                                                                                                                [00418898] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamA]                                                                                                                                                                [00418A2A] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!DialogBoxParamW]                                                                                                                                                                [00418A2A] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!MessageBoxW]                                                                                                                                                                    [00418A36] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\ole32.dll [USER32.dll!CreateWindowExW]                                                                                                                                                                  [00418898] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\ole32.dll [USER32.dll!DialogBoxParamW]                                                                                                                                                                  [00418A2A] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\ole32.dll [USER32.dll!MessageBoxW]                                                                                                                                                                      [00418A36] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\ole32.dll [USER32.dll!ShowWindow]                                                                                                                                                                       [00418910] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\wininet.dll [USER32.dll!SetWindowPos]                                                                                                                                                                   [004189BE] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\wininet.dll [USER32.dll!DialogBoxParamW]                                                                                                                                                                [00418A2A] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\wininet.dll [USER32.dll!CreateWindowExW]                                                                                                                                                                [00418898] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\wininet.dll [USER32.dll!MessageBoxW]                                                                                                                                                                    [00418A36] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)
IAT             C:\Users\ge012796\AppData\Local\Temp\Fv3.exe[5884] @ C:\Windows\system32\CRYPT32.dll [USER32.dll!MessageBoxW]                                                                                                                                                                    [00418A36] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Apex/ApexDC++ Development Team)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                                                                                                                                           mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                                                                                                                                                          mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                                                                                                                                                          mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                                                                                         mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat                                                                                                                                                                                          0xB7 0xA2 0x11 0xEA ...

---- Files - GMER 1.0.15 ----

File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80CHS.dll  40960 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80CHT.dll  45056 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80DEU.dll  65536 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ENU.dll  57344 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ESP.dll  61440 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80FRA.dll  61440 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ITA.dll  61440 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80JPN.dll  49152 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80KOR.dll  49152 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437\vcomp.dll     65536 bytes executable

---- EOF - GMER 1.0.15 ----
  4. 14.08.2010, 14:54 #4
    Swisstreasure
    Swisstreasure ist offline
    Moderator Team-Mitglied Avatar von Swisstreasure
    Registriert seit
    13.08.2009
    Ort
    Schweiz
    Beiträge
    3.660
    Swisstreasure eine Nachricht über MSN schicken

    AW: Internet Verbindung steht, aber IE, Firefox usw. gehen nicht online

    Schritt 1

    Java aktualisieren

    Deine Javaversion ist nicht aktuell. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, deinstalliere zunächst alle vorhandenen Java-Versionen über Systemsteuerung => Software => deinstallieren. Starte den Rechner neu.

    Downloade nun die Offline-Version von Java Version 6 Update 21 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

    Schritt 2

    Fixen mit OTL
    • Starte die OTL.exe.
    • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
    • Kopiere folgendes Skript:
    Code:
    :OTL
PRC - C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (ApexDC++ Development Team)
PRC - C:\Users\ge012796\AppData\Local\Temp\Fv1.exe (ApexDC++ Development Team)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKCU..\Run: [Halo2] C:\Users\ge012796\AppData\Local\Temp\sshnas21.DLL (ApexDC++ Development Team)
O4 - HKCU..\Run: [JRMX9X1GML] C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (ApexDC++ Development Team)
O4 - HKCU..\Run: [Metropolis] C:\Users\ge012796\AppData\Local\Temp\sshnas21.DLL (ApexDC++ Development Team)
O4 - HKCU..\Run: [ZE18MW23GY] C:\Users\ge012796\AppData\Local\Temp\Fv1.exe (ApexDC++ Development Team)
O33 - MountPoints2\{3a98a223-5481-11df-8169-00040ec7b443}\Shell\AutoRun\command - "" = I:\Menu.exe -- File not found
O33 - MountPoints2\{a9be3f84-bef7-11dd-a658-00224311af7c}\Shell - "" = AutoRun
O33 - MountPoints2\{a9be3f84-bef7-11dd-a658-00224311af7c}\Shell\AutoRun\command - "" = I:\pushinst.exe -- File not found
[2010.08.14 10:23:01 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job
[2010.08.14 09:37:01 | 000,000,298 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
:Commands
[purity]
[emptytemp]
    • und füge es hier ein:
    • Schließe alle Programme.
    • Klicke auf den Fix Button.
    • Klick auf .
    • OTL verlangt einen Neustart. Bitte zulassen.
    • Nach dem Neustart findest Du ein Textdokument.
      Kopiere den Inhalt hier in Code-Tags in Deinen Thread.


    Schritt 3

    Downloade Malwarebytes Anti-Malware (ca. 2 MB) von diesen Downloadspiegel:

    • Anwendbar auf Windows 2000, XP und Vista.
    • Installiere das Programm in den vorgegebenen Pfad.
    • Denke daran, bei Vista das Programm als Admin zu starten, ansonsten per Doppelklick starten.
    • Lasse es online updaten (Reiter Updates), wenn das nicht automatisch passiert (ca. 1 MB).
    • Aktiviere "Komplett Scan durchführen" => Scan.
    • Wähle alle verfügbaren Laufwerke aus und starte den Scan.
    • Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
    • Versichere Dich, dass alle Funde markiert sind und drücke "Löschen".
    • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
    • Nachträglich kannst du den Bericht unter "Scan-Berichte" finden.
    • Berichte, wie der Rechner nun läuft.

    Hier findest Du eine ausführliche und bebilderte Anleitung.

    Schritt 4

    Poste mit ein neues GMER Log.

    Schritt 5

    Erneuter Systemscan mit OTL

    • Doppelklick auf die OTL.exe
    • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
    • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
    • Unter Extra Registry, wähle bitte Use SafeList
    • Klicke nun auf Run Scan links oben
    • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
    • Poste die Logfiles in Code-Tags hier in den Thread.
    Gruss Swiss

    freiwillige Spende
  5. 20.08.2010, 23:04 #5
    Swisstreasure
    Swisstreasure ist offline
    Moderator Team-Mitglied Avatar von Swisstreasure
    Registriert seit
    13.08.2009
    Ort
    Schweiz
    Beiträge
    3.660
    Swisstreasure eine Nachricht über MSN schicken

    AW: Internet Verbindung steht, aber IE, Firefox usw. gehen nicht online

    Fehlende Rückmeldung

    Gibt es Probleme beim Abarbeiten obiger Anleitung, wenn ja welche? Wenn ich innerhalb von fünf Tagen keine Rückmeldung von Dir erhalte, gehe ich davon aus, dass Du nicht mehr weitermachen möchtest und werde diesen Thread kommentarlos schließen, damit Kapazitäten für andere wartende User frei werden.

    Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.
    Gruss Swiss

    freiwillige Spende
  6. 22.08.2010, 19:12 #6
    Holger1773
    Holger1773 ist offline
    Einsteiger
    Registriert seit
    13.08.2010
    Beiträge
    15

    AW: Internet Verbindung steht, aber IE, Firefox usw. gehen nicht online

    Hallo,

    sorry dass ich erst heute antworte, ich bin erst dieses Wochenende zurück gekommen von einem Seminar. Ich habe jetzt nach Anleitung alles ausgeführt aber mächtig Probleme.
    Mit Malewarebytes das lief astrein. Bei OTl mit dem FIX ist der PC komplett hängen geblieben, nach einem Restart und einem erneuten Fix mit dem genannten Code kam immer dass die gesuchten Dateien nicht vorhanden seien.

    Danach OTL Scan gemacht, funktioniert aber ich erhalte nur einen Log Output (OTL), den Extras erhalte ich nicht?
    Wenn ich Gmer starte geht der Computer auf Bluescreen und ich erhalte eine Fhlermeldung.

    Ich habe jetzt mal alles gepostet was ich an Infos bekommen konnte:

    Code:
    Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4451

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18943

20.08.2010 19:41:59
mbam-log-2010-08-20 (19-41-59).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 334247
Laufzeit: 1 Stunde(n), 32 Minute(n), 52 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 7
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 13

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
C:\Users\ge012796\AppData\Local\Temp\sshnas21.dll (Trojan.Agent.Gen) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1d4db7d2-6ec9-47a3-bd87-1e41684e07bb} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{bb05bd70-4605-4829-93fc-ad80d8cc5b66} (Rogue.PerformanceCenter) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\JDK5SWFMZY (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\VO3N0SLJ2I (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\XML (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\ZE18MW23GY (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\halo2 (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\metropolis (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ze18mw23gy (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\jrmx9x1gml (Trojan.Agent.Gen) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\ge012796\AppData\Local\Temp\sshnas21.dll (Trojan.Agent.Gen) -> Delete on reboot.
C:\Users\ge012796\AppData\Local\Temp\Fv1.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\ge012796\AppData\Local\Temp\Fv3.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\aurora_dvd\Wondershare.Video2DVD.Burner.v2.5.7.Portable\Wondershare Video to DVD Burner v2.5.7 Portable\Portable Wondershare Video to DVD Burner v2.5.7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\Users\ge012796\AppData\Local\Temp\Fv0.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\ge012796\AppData\Local\Temp\Fv2.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\ge012796\AppData\Local\Temp\Fv4.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\ge012796\AppData\Local\Temp\Fvz.exe (Trojan.Agent.Gen) -> Quarantined and deleted successfully.
C:\Users\ge012796\AppData\Roaming\avdrn.dat (Malware.Trace) -> Quarantined and deleted successfully.
C:\Users\Public\Desktop\Spyware Striker.url (Rogue.Multiple) -> Quarantined and deleted successfully.
C:\Users\ge012796\AppData\Local\Temp\a.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{62C40AA6-4406-467a-A5A5-DFDF1B559B7A}.job (Trojan.FakeAlert) -> Quarantined and deleted successfully.
    Code:
    OTL logfile created on: 22.08.2010 19:55:03 - Run 4
OTL by OldTimer - Version 3.2.9.1     Folder = C:\Users\ge012796\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18943)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 71,00% Memory free
7,00 Gb Paging File | 6,00 Gb Available in Paging File | 83,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 911,51 Gb Total Space | 671,90 Gb Free Space | 73,71% Space Free | Partition Type: NTFS
Drive D: | 19,99 Gb Total Space | 1,25 Gb Free Space | 6,24% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
Drive I: | 973,17 Mb Total Space | 188,98 Mb Free Space | 19,42% Space Free | Partition Type: FAT
Drive J: | 5,58 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: GE012796-PC
Current User Name: ge012796
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\ge012796\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mcshield.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
PRC - C:\Programme\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
PRC - C:\Programme\Web.de\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
PRC - C:\Programme\Internetradio Player\ps_agent.exe (phonostar)
PRC - C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
PRC - C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\Napster\napster.exe (Napster)
PRC - C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
PRC - C:\Programme\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
PRC - C:\Programme\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Programme\FRITZ!DSL\StCenter.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
PRC - C:\Programme\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\ge012796\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (GoogleDesktopManager-051210-111108) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV - (mfevtp) -- C:\Programme\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee, Inc.)
SRV - (WPFFontCache_v0400) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (McODS) -- C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SRV - (McComponentHostService) -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McProxy) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNASvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McNaiAnn) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (mcmscsvc) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)
SRV - (AVM WLAN Connection Service) -- C:\Programme\avmwlanstick\WLanNetService.exe (AVM Berlin)
SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (TVECapSvc) TVEnhance Background Capture Service (TBCS) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVECapSvc.exe ()
SRV - (TVESched) TVEnhance Task Scheduler (TTS)) -- C:\Program Files\HomeCinema\TV Enhance\Kernel\TV\TVESched.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (IAANTMON) Intel(R) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (IGDCTRL) -- C:\Program Files\FRITZ!DSL\IGDCTRL.EXE (AVM Berlin)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (UPnPService) -- C:\Programme\Common Files\MAGIX Shared\UPnPService\UPnPService.exe (Magix AG)
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (NwlnkFwd) -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- C:\Windows\System32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- C:\Windows\System32\DRIVERS\ipinip.sys File not found
DRV - (mfehidk) -- C:\Windows\system32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.)
DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.)
DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.)
DRV - (mfenlfk) -- C:\Windows\System32\drivers\mfenlfk.sys (McAfee, Inc.)
DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG)
DRV - (RRNetCapMP) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (RRNetCap) -- C:\Windows\System32\drivers\rrnetcap.sys (RapidSolution Software AG)
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (avmeject) -- C:\Windows\System32\drivers\avmeject.sys (AVM Berlin)
DRV - (FWLANUSB) -- C:\Windows\System32\drivers\fwlanusb.sys (AVM GmbH)
DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (netr28u) -- C:\Windows\System32\drivers\netr28u.sys (Ralink Technology Corp.)
DRV - (e1express) Intel(R) -- C:\Windows\System32\drivers\e1e6032.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (iaStor) -- C:\Windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.aldi.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://de.yahoo.com/?fr=fp-yie8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0F 40 8E 31 3D 86 CA 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "WEB.DE Suche"
FF - prefs.js..browser.search.order.1: "GMX Suche"
FF - prefs.js..browser.search.order.2: "1und1 Suche"
FF - prefs.js..browser.search.order.3: "amazon.de"
FF - prefs.js..browser.search.order.4: "WEB.DE Suche"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://web.de"
FF - prefs.js..extensions.enabledItems: {95f24680-9e31-11da-a746-0800200c9a66}:0.1.5.5
FF - prefs.js..extensions.enabledItems: {a82d0125-000a-4a57-abbc-5d4b0dbaab54}:1.7.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: piclens@cooliris.com:1.12.0.36949
FF - prefs.js..keyword.URL: "http://wa.ui-portal.de/webde/webde/s?produkte.browser.link.searchlink&s_brand=webde&t_link=searchlink&ns_type=clickin&ns_url=http://suche.web.de/search/web/?origin=searchplugin&su="
 
FF - HKLM\software\mozilla\Firefox\Extensions\\videoraptor-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\Videoraptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\ [2009.07.05 09:53:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.08.10 19:11:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.08.10 19:11:15 | 000,000,000 | ---D | M]
 
[2010.02.19 18:29:23 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\mozilla\Extensions
[2010.08.18 21:23:16 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\mozilla\Firefox\Profiles\reo7tjns.default\extensions
[2010.05.01 09:03:19 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\ge012796\AppData\Roaming\mozilla\Firefox\Profiles\reo7tjns.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.02.19 18:28:53 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Users\ge012796\AppData\Roaming\mozilla\Firefox\Profiles\reo7tjns.default\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.04.10 15:47:09 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Users\ge012796\AppData\Roaming\mozilla\Firefox\Profiles\reo7tjns.default\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2010.06.19 17:56:35 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\mozilla\Firefox\Profiles\reo7tjns.default\extensions\piclens@cooliris.com
[2010.02.19 18:29:52 | 000,005,591 | ---- | M] () -- C:\Users\ge012796\AppData\Roaming\Mozilla\FireFox\Profiles\reo7tjns.default\searchplugins\1und1-suche.xml
[2010.02.19 18:29:52 | 000,001,371 | ---- | M] () -- C:\Users\ge012796\AppData\Roaming\Mozilla\FireFox\Profiles\reo7tjns.default\searchplugins\amazonde.xml
[2010.02.19 18:29:52 | 000,010,605 | ---- | M] () -- C:\Users\ge012796\AppData\Roaming\Mozilla\FireFox\Profiles\reo7tjns.default\searchplugins\gmx-suche.xml
[2010.04.21 09:18:33 | 000,001,420 | ---- | M] () -- C:\Users\ge012796\AppData\Roaming\Mozilla\FireFox\Profiles\reo7tjns.default\searchplugins\preisvergleich.xml
[2010.02.19 18:29:52 | 000,005,588 | ---- | M] () -- C:\Users\ge012796\AppData\Roaming\Mozilla\FireFox\Profiles\reo7tjns.default\searchplugins\webde-suche.xml
[2010.06.06 10:43:43 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions
[2010.02.19 18:28:40 | 000,000,000 | ---D | M] (Update Notifier) -- C:\Programme\Mozilla Firefox\extensions\{95f24680-9e31-11da-a746-0800200c9a66}
[2010.02.19 18:28:40 | 000,000,000 | ---D | M] (WEB.DE Firefox Addon) -- C:\Programme\Mozilla Firefox\extensions\{a82d0125-000a-4a57-abbc-5d4b0dbaab54}
[2010.06.06 10:43:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.04.27 17:16:24 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Programme\Mozilla Firefox\components\Scriptff.dll
[2010.04.12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Mozilla Firefox\plugins\npdeployJava1.dll
[2008.12.19 01:30:20 | 000,106,128 | ---- | M] ( ) -- C:\Programme\Mozilla Firefox\plugins\npstrlnk.dll
[2010.08.10 19:10:57 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.08.10 19:10:57 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.08.10 19:10:57 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.08.10 19:10:57 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.08.10 19:10:57 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (Videoraptor_WebRipPlugin Class) - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Programme\RapidSolution\Videoraptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20100718102604.dll (McAfee, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Programme\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Programme\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\WLanGUI.exe (AVM Berlin)
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NapsterShell] C:\Program Files\Napster\napster.exe (Napster)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [PC SpeedScan Pro] C:\Program Files\Ascentive\PC SpeedScan Pro\PCSpeedScan.exe (Ascentive LLC)
O4 - HKLM..\Run: [Performance Center] C:\Program Files\Ascentive\Performance Center\APCMain.exe (Ascentive)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TVEService] C:\Program Files\HomeCinema\TV Enhance\TVEService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [WEB.DE Update] C:\Programme\Web.de\LiveUpdate\m2LUTray.exe (mquadr.at software engineering und consulting GmbH)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [1und1Agent] C:\Programme\Internetradio Player\ps_agent.exe (phonostar)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: C:\Users\ge012796\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk = C:\Programme\FRITZ!DSL\FritzDsl.exe (AVM Berlin)
O4 - Startup: C:\Users\ge012796\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Protect.lnk = C:\Programme\FRITZ!DSL\FwebProt.exe (AVM Berlin)
O4 - Startup: C:\Users\ge012796\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\HDDlife.lnk = C:\Programme\zoneLINK\HDDlife\HDDlifePro.exe (BinarySense, Ltd.)
O4 - Startup: C:\Users\ge012796\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\ge012796\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote Inhaltsverzeichnis.onetoc2 ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\FRITZ!DSL\\sarah.dll ()
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files\FRITZ!DSL\sarah.dll (AVM Berlin)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Lokales Intranet)
O15 - HKCU\..Trusted Domains: web.de ([freemailng6104] https in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Ranges: GD ([http] in Lokales Intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {22E5D91F-89E6-4405-AD9C-0AF27BA6F06B} file:///C:/Users/ge012796/Videos/Schottland_270708/components/hidinputmonitorx.ocx (HidInputMonitorX Control)
O16 - DPF: {4F63D44B-6274-4D60-8AB1-CAA7116B8AF3} file:///C:/Users/ge012796/Videos/Schottland_270708/components/A9.ocx (A9Helper.A9)
O16 - DPF: {59136DB4-6CA3-4B40-8F2F-BBF84B6F1E91} https://stream.web.de/mail/activex/mail_upload_11213.cab (Attachment Upload Control)
O16 - DPF: {5BF3E4A3-7E64-4D53-B512-2E242E837D24} https://einfach.otto.de/ottoproj/ottomce//bin/activex/MCEControls.cab (CMCEInputCtl Object)
O16 - DPF: {7030CC6C-1A88-4591-BB5A-651B9F7F0C30} file:///C:/Users/ge012796/Videos/Schottland_270708/components/wmvhdrating.ocx (WMVHDRatingCtrl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.5.10
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Toco Toucan.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Toco Toucan.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.10.04 23:02:54 | 000,000,279 | R--- | M] () - J:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{7190e7d7-ac82-11df-ba14-002185f9734b}\Shell - "" = AutoRun
O33 - MountPoints2\{7190e7d7-ac82-11df-ba14-002185f9734b}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- [2006.09.20 03:00:25 | 001,114,112 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.08.20 19:49:27 | 000,000,000 | ---D | C] -- C:\_OTL
[2010.08.20 17:37:04 | 000,000,000 | ---D | C] -- C:\Users\ge012796\AppData\Roaming\Malwarebytes
[2010.08.20 17:30:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.08.20 17:30:41 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.08.20 17:30:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.08.20 17:30:40 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.08.14 13:47:09 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010.08.14 10:18:31 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Users\ge012796\Desktop\OTL.exe
[2010.08.12 20:03:42 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2010.08.12 19:20:19 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2010.08.12 19:20:18 | 000,387,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2010.08.12 19:20:18 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2010.08.12 19:20:17 | 001,469,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2010.08.12 19:20:17 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mstime.dll
[2010.08.12 19:20:15 | 000,184,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll
[2010.08.12 19:20:15 | 000,164,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2010.08.12 19:20:15 | 000,133,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2010.08.12 19:20:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2010.08.12 19:20:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2010.08.12 19:20:15 | 000,055,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2010.08.12 19:20:15 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll
[2010.08.12 19:20:14 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2010.08.12 19:20:14 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2010.08.12 19:20:14 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe
[2010.08.12 19:20:13 | 000,081,920 | ---- | C] (Radius Inc.) -- C:\Windows\System32\iccvid.dll
[2010.08.12 19:20:07 | 002,037,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2010.08.12 19:20:05 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rtutils.dll
[2010.08.12 19:19:55 | 003,600,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2010.08.12 19:19:55 | 003,548,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
 
========== Files - Modified Within 30 Days ==========
 
[2010.08.22 19:56:06 | 003,145,728 | -HS- | M] () -- C:\Users\ge012796\NTUSER.DAT
[2010.08.22 19:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010.08.22 19:27:06 | 000,003,454 | ---- | M] () -- C:\Users\ge012796\AppData\Roaming\wklnhst.dat
[2010.08.22 19:26:07 | 000,079,829 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.08.22 19:26:07 | 000,079,829 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.08.22 19:26:07 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.08.22 19:25:53 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.08.22 19:20:00 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee Internet Security Suite.lnk
[2010.08.22 19:17:56 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.08.22 19:17:56 | 000,003,744 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.08.22 19:17:54 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.08.22 19:17:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.08.22 19:17:48 | 3487,748,096 | -HS- | M] () -- C:\hiberfil.sys
[2010.08.22 19:17:47 | 311,810,850 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010.08.20 20:05:13 | 000,524,288 | -HS- | M] () -- C:\Users\ge012796\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TMContainer00000000000000000001.regtrans-ms
[2010.08.20 20:05:13 | 000,065,536 | -HS- | M] () -- C:\Users\ge012796\NTUSER.DAT{3a539871-6a70-11db-887c-d362bd253390}.TM.blf
[2010.08.20 20:01:51 | 000,007,916 | ---- | M] () -- C:\Users\ge012796\AppData\Local\d3d9caps.dat
[2010.08.20 20:00:13 | 004,233,573 | -H-- | M] () -- C:\Users\ge012796\AppData\Local\IconCache.db
[2010.08.20 19:49:47 | 001,445,310 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.08.20 19:49:47 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.08.20 19:49:47 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.08.20 19:49:47 | 000,126,248 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.08.20 19:49:47 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.08.20 17:30:44 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.15 14:23:27 | 000,099,840 | ---- | M] () -- C:\Users\ge012796\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.14 10:15:58 | 000,293,376 | ---- | M] () -- C:\Users\ge012796\Desktop\frv9h7qf.exe
[2010.08.14 10:15:32 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Users\ge012796\Desktop\OTL.exe
[2010.08.13 17:38:36 | 000,416,120 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.08.13 17:26:07 | 000,000,118 | ---- | M] () -- C:\Windows\System32\MRT.INI
[2010.08.12 19:26:30 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.08.07 17:29:47 | 000,000,853 | ---- | M] () -- C:\Users\ge012796\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
[2010.08.07 17:02:46 | 000,000,718 | ---- | M] () -- C:\Users\Public\Desktop\Opera.lnk
 
========== Files Created - No Company Name ==========
 
[2010.08.20 17:30:44 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.08.14 13:47:04 | 311,810,850 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010.08.14 10:27:37 | 000,293,376 | ---- | C] () -- C:\Users\ge012796\Desktop\frv9h7qf.exe
[2010.08.13 17:26:07 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2010.08.07 17:29:47 | 000,000,853 | ---- | C] () -- C:\Users\ge012796\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FRITZ!DSL Internet.lnk
[2009.11.25 14:40:50 | 000,085,504 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2009.11.22 11:47:54 | 000,307,200 | ---- | C] () -- C:\Windows\System32\AscSQLite.dll
[2009.09.24 19:32:55 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.03.27 18:02:24 | 000,120,200 | ---- | C] () -- C:\Windows\System32\DLLDEV32i.dll
[2009.03.02 12:33:32 | 000,000,547 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2008.12.14 12:09:59 | 000,061,440 | ---- | C] () -- C:\Windows\System32\cdTextCtl.dll
[2008.12.14 12:06:23 | 000,000,000 | ---- | C] () -- C:\Windows\homeDVD-Fotos5.INI
[2008.12.14 11:25:06 | 000,010,240 | ---- | C] () -- C:\Windows\System32\vidx16.dll
[2008.12.14 11:24:37 | 000,019,968 | ---- | C] () -- C:\Windows\System32\cpuinf32.dll
[2008.12.14 11:19:14 | 000,007,256 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2008.12.14 11:08:53 | 000,150,240 | ---- | C] () -- C:\Windows\System32\drivers\MLTCAP.sys
[2008.12.07 17:51:49 | 000,000,025 | ---- | C] () -- C:\Windows\CDEC66SeriesEuro.ini
[2008.10.20 10:35:26 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2008.10.17 17:15:05 | 000,000,917 | ---- | C] () -- C:\Windows\System32\CLWatson.ini
[2008.10.17 16:56:47 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2008.09.19 08:45:40 | 000,058,648 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2008.06.05 08:58:26 | 000,197,912 | ---- | C] () -- C:\Windows\System32\physxcudart_20.dll
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
 
========== LOP Check ==========
 
[2009.07.05 12:05:38 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\BinarySense
[2010.04.25 11:05:06 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\CoSoSys
[2010.08.20 20:03:34 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\FRITZ!
[2009.06.23 19:55:31 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\Imaxel
[2010.08.13 18:43:14 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\Internet-Radio Player
[2009.12.24 19:22:10 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\MAGIX
[2009.06.28 16:15:07 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\MyPublisher
[2010.05.01 08:58:16 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\Opera
[2009.07.05 10:20:29 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\RapidSolution
[2009.04.17 17:20:41 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\Template
[2010.04.21 20:45:18 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\Thinstall
[2008.12.11 19:42:27 | 000,000,000 | ---D | M] -- C:\Users\ge012796\AppData\Roaming\WEBDE
[2010.08.20 20:05:15 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010.08.22 19:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
 
========== Purity Check ==========
 
 
< End of report >
    Code:
    Problemsignatur:
  Problemereignisname:	BlueScreen
  Betriebsystemversion:	6.0.6002.2.2.0.768.3
  Gebietsschema-ID:	1031

Zusatzinformationen zum Problem:
  BCCode:	4e
  BCP1:	00000007
  BCP2:	00069F67
  BCP3:	00000001
  BCP4:	00000000
  OS Version:	6_0_6002
  Service Pack:	2_0
  Product:	768_1

Dateien, die bei der Beschreibung des Problems hilfreich sind:
  C:\Windows\Minidump\Mini082210-02.dmp
  C:\Users\ge012796\AppData\Local\Temp\WER-507970-0.sysdata.xml
  C:\Users\ge012796\AppData\Local\Temp\WERF758.tmp.version.txt
    Danke für die Hilfe und viele Grüße

    Holger
  7. 22.08.2010, 20:49 #7
    Swisstreasure
    Swisstreasure ist offline
    Moderator Team-Mitglied Avatar von Swisstreasure
    Registriert seit
    13.08.2009
    Ort
    Schweiz
    Beiträge
    3.660
    Swisstreasure eine Nachricht über MSN schicken

    AW: Internet Verbindung steht, aber IE, Firefox usw. gehen nicht online

    Schritt 1

    Was jetzt nötig ist, sind Online-Scans, da wir immer nur einen kleinen Teil des Rechners prüfen können. Mit Online-Scans kann man den kompletten Rechner auf Schädlinge prüfen lassen. Nimm am besten gleich den Internet Explorer.

    Vorbereitung

    • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
    • Bitte während der Online-Scans deaktivieren:
      Anti-Virus-Programm und Firewall.
    • Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
    • unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
      Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
    • Während der Online-Scans auf andere Online-Aktivitäten verzichten.
    • Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.


    • .


    ESET Online Scanner
    Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
    • Anmerkung für Vista und Win7 User: Bitte den Browser unbedingt als Administrator starten.
    • Dein Anti-Virus-Programm während des Scans deaktivieren.
    • Button drücken.
      • Firefox-User: Bitte esetsmartinstaller_enu.exe downloaden.Das Firefox-Addon auf dem Desktop speichern und dann installieren.
      • IE-User: müssen das Installieren eines ActiveX Elements erlauben.
    • Setze den einen Hacken bei Yes, i accept the Terms of Use.
    • Drücke den Button.
    • Warte bis die Komponenten herunter geladen wurden.
    • Setze einen Haken bei "Remove found threads" und "Scan archives".
    • drücken.
    • Die Signaturen werden herunter geladen.Der Scan beginnt automatisch.

    Wenn der Scan beendet wurde
    • Klicke Finish.
    • Browser schließen.
    • Explorer öffnen.
    • C:\Programme\Eset\EsetOnlineScanner\log.txt suchen und mit Deinem Editor öffnen.
    • Logfile hier posten.


    Schritt 2

    Führe erneut GMER aus und poste mir das neue Log.
    Gruss Swiss

    freiwillige Spende
  8. 23.08.2010, 12:55 #8
    Holger1773
    Holger1773 ist offline
    Einsteiger
    Registriert seit
    13.08.2010
    Beiträge
    15

    AW: Internet Verbindung steht, aber IE, Firefox usw. gehen nicht online

    Hallo,

    habe beides ausgeführt, der Online Scanner hat eine Datei gefunden und entfernt. Im Log steht allerdings nichts drin, nur 2 Zeilen.
    Gmer lief diesmal durch und ein Log habe ich auch.
    Ansonsten kommt der Bluescreen ab und zu immer noch wenn ich z.B. Programme wechsel.

    Code:
    ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
    Code:
    GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-08-23 08:53:35
Windows 6.0.6002 Service Pack 2
Running: frv9h7qf.exe; Driver: C:\Users\ge012796\AppData\Local\Temp\kgrdrkog.sys


---- System - GMER 1.0.15 ----

Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                                                                                                                                       ZwMapViewOfSection [0x82F46D88]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                                                                                                                                       ZwTerminateProcess [0x82F46DB2]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                                                                                                                                       ZwUnmapViewOfSection [0x82F46D9E]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                                                                                                                                       ZwYieldExecution [0x82F46D74]
Code            \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)                                                                                                                                                                                                       NtMapViewOfSection

---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwYieldExecution                                                                                                                                                                                                                                                    828739D2 5 Bytes  JMP 82F46D78 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwTerminateProcess                                                                                                                                                                                                                                                  82A38DA3 5 Bytes  JMP 82F46DB6 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!NtMapViewOfSection                                                                                                                                                                                                                                                  82A584FA 7 Bytes  JMP 82F46D8C \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
PAGE            ntkrnlpa.exe!ZwUnmapViewOfSection                                                                                                                                                                                                                                                82A587BD 5 Bytes  JMP 82F46DA2 \SystemRoot\system32\drivers\mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- User code sections - GMER 1.0.15 ----

.text           C:\Windows\Explorer.EXE[164] ntdll.dll!NtCreateFile                                                                                                                                                                                                                              779643D4 5 Bytes  JMP 0004000A 
.text           C:\Windows\Explorer.EXE[164] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                           77964494 5 Bytes  JMP 00040FDE 
.text           C:\Windows\Explorer.EXE[164] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                                    77964D34 5 Bytes  JMP 00040FEF 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                                        75FE1929 5 Bytes  JMP 00010F5B 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                                        75FE19C9 5 Bytes  JMP 00010F80 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!CreateProcessW                                                                                                                                                                                                                         75FE1BF3 5 Bytes  JMP 000100D0 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!CreateProcessA                                                                                                                                                                                                                         75FE1C28 5 Bytes  JMP 00010F39 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!VirtualProtect                                                                                                                                                                                                                         75FE1DC3 5 Bytes  JMP 0001009A 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                                       75FE2EF5 5 Bytes  JMP 0001002C 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                                       75FE5C0C 5 Bytes  JMP 00010FDB 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!CreatePipe                                                                                                                                                                                                                             76008E6E 5 Bytes  JMP 00010F9B 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                         76009109 5 Bytes  JMP 00010089 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                           76009362 5 Bytes  JMP 00010FCA 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                         760094B4 5 Bytes  JMP 0001006C 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                           760094DC 5 Bytes  JMP 00010047 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                                       7600DBDA 5 Bytes  JMP 000100AB 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!GetProcAddress                                                                                                                                                                                                                         7602903B 5 Bytes  JMP 000100EB 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!CreateFileW                                                                                                                                                                                                                            7602AECB 5 Bytes  JMP 0001001B 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!CreateFileA                                                                                                                                                                                                                            7602CE5F 5 Bytes  JMP 00010000 
.text           C:\Windows\Explorer.EXE[164] kernel32.dll!WinExec                                                                                                                                                                                                                                76075CF7 5 Bytes  JMP 00010F4A 
.text           C:\Windows\Explorer.EXE[164] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                                        761839AB 5 Bytes  JMP 00060047 
.text           C:\Windows\Explorer.EXE[164] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                          76183BA9 5 Bytes  JMP 00060FA5 
.text           C:\Windows\Explorer.EXE[164] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                            761889C7 5 Bytes  JMP 00060000 
.text           C:\Windows\Explorer.EXE[164] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                          7619391E 5 Bytes  JMP 00060036 
.text           C:\Windows\Explorer.EXE[164] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                                        761941F1 5 Bytes  JMP 00060062 
.text           C:\Windows\Explorer.EXE[164] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                          76197C42 5 Bytes  JMP 0006001B 
.text           C:\Windows\Explorer.EXE[164] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                            7619E2B5 5 Bytes  JMP 00060FE5 
.text           C:\Windows\Explorer.EXE[164] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                          761A7BA1 5 Bytes  JMP 00060FCA 
.text           C:\Windows\Explorer.EXE[164] msvcrt.dll!_wsystem                                                                                                                                                                                                                                 76717F2F 5 Bytes  JMP 00070FC0 
.text           C:\Windows\Explorer.EXE[164] msvcrt.dll!system                                                                                                                                                                                                                                   7671804B 5 Bytes  JMP 0007004B 
.text           C:\Windows\Explorer.EXE[164] msvcrt.dll!_creat                                                                                                                                                                                                                                   7671BBE1 5 Bytes  JMP 0007003A 
.text           C:\Windows\Explorer.EXE[164] msvcrt.dll!_open                                                                                                                                                                                                                                    7671D106 5 Bytes  JMP 00070000 
.text           C:\Windows\Explorer.EXE[164] msvcrt.dll!_wcreat                                                                                                                                                                                                                                  7671D326 5 Bytes  JMP 00070FDB 
.text           C:\Windows\Explorer.EXE[164] msvcrt.dll!_wopen                                                                                                                                                                                                                                   7671D501 5 Bytes  JMP 00070029 
.text           C:\Windows\Explorer.EXE[164] WS2_32.dll!socket                                                                                                                                                                                                                                   75FB36D1 5 Bytes  JMP 02FC0FEF 
.text           C:\Windows\Explorer.EXE[164] WININET.dll!InternetOpenA                                                                                                                                                                                                                           763AD690 5 Bytes  JMP 02FB0000 
.text           C:\Windows\Explorer.EXE[164] WININET.dll!InternetOpenW                                                                                                                                                                                                                           763ADB09 5 Bytes  JMP 02FB001B 
.text           C:\Windows\Explorer.EXE[164] WININET.dll!InternetOpenUrlA                                                                                                                                                                                                                        763AF3A4 5 Bytes  JMP 02FB0040 
.text           C:\Windows\Explorer.EXE[164] WININET.dll!InternetOpenUrlW                                                                                                                                                                                                                        763F6DDF 5 Bytes  JMP 02FB0051 
.text           C:\Windows\system32\services.exe[796] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779643D4 5 Bytes  JMP 0077000A 
.text           C:\Windows\system32\services.exe[796] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77964494 5 Bytes  JMP 00770FD4 
.text           C:\Windows\system32\services.exe[796] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77964D34 5 Bytes  JMP 00770FEF 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               75FE1929 5 Bytes  JMP 00760087 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               75FE19C9 5 Bytes  JMP 0076006C 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!CreateProcessW                                                                                                                                                                                                                75FE1BF3 5 Bytes  JMP 007600B3 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!CreateProcessA                                                                                                                                                                                                                75FE1C28 5 Bytes  JMP 00760098 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!VirtualProtect                                                                                                                                                                                                                75FE1DC3 5 Bytes  JMP 0076005B 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              75FE2EF5 5 Bytes  JMP 00760FCA 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              75FE5C0C 5 Bytes  JMP 00760FAF 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!CreatePipe                                                                                                                                                                                                                    76008E6E 5 Bytes  JMP 00760F4B 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                76009109 5 Bytes  JMP 00760040 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  76009362 5 Bytes  JMP 00760F94 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                760094B4 5 Bytes  JMP 00760F83 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  760094DC 5 Bytes  JMP 00760025 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              7600DBDA 5 Bytes  JMP 00760F66 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!GetProcAddress                                                                                                                                                                                                                7602903B 5 Bytes  JMP 007600C4 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!CreateFileW                                                                                                                                                                                                                   7602AECB 5 Bytes  JMP 00760FE5 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!CreateFileA                                                                                                                                                                                                                   7602CE5F 5 Bytes  JMP 00760000 
.text           C:\Windows\system32\services.exe[796] kernel32.dll!WinExec                                                                                                                                                                                                                       76075CF7 5 Bytes  JMP 00760F26 
.text           C:\Windows\system32\services.exe[796] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 1 Byte  [E9]
.text           C:\Windows\system32\services.exe[796] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 5 Bytes  JMP 00C30FAF 
.text           C:\Windows\system32\services.exe[796] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76183BA9 5 Bytes  JMP 00C30FCA 
.text           C:\Windows\system32\services.exe[796] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   761889C7 5 Bytes  JMP 00C30FEF 
.text           C:\Windows\system32\services.exe[796] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7619391E 5 Bytes  JMP 00C30047 
.text           C:\Windows\system32\services.exe[796] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               761941F1 5 Bytes  JMP 00C30076 
.text           C:\Windows\system32\services.exe[796] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76197C42 5 Bytes  JMP 00C30011 
.text           C:\Windows\system32\services.exe[796] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7619E2B5 5 Bytes  JMP 00C30000 
.text           C:\Windows\system32\services.exe[796] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 761A7BA1 5 Bytes  JMP 00C30036 
.text           C:\Windows\system32\services.exe[796] msvcrt.dll!_wsystem                                                                                                                                                                                                                        76717F2F 5 Bytes  JMP 00C40064 
.text           C:\Windows\system32\services.exe[796] msvcrt.dll!system                                                                                                                                                                                                                          7671804B 5 Bytes  JMP 00C40053 
.text           C:\Windows\system32\services.exe[796] msvcrt.dll!_creat                                                                                                                                                                                                                          7671BBE1 5 Bytes  JMP 00C40FD9 
.text           C:\Windows\system32\services.exe[796] msvcrt.dll!_open                                                                                                                                                                                                                           7671D106 5 Bytes  JMP 00C40000 
.text           C:\Windows\system32\services.exe[796] msvcrt.dll!_wcreat                                                                                                                                                                                                                         7671D326 5 Bytes  JMP 00C4002E 
.text           C:\Windows\system32\services.exe[796] msvcrt.dll!_wopen                                                                                                                                                                                                                          7671D501 5 Bytes  JMP 00C40011 
.text           C:\Windows\system32\services.exe[796] WS2_32.dll!socket                                                                                                                                                                                                                          75FB36D1 5 Bytes  JMP 00780FEF 
.text           C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateFile                                                                                                                                                                                                                        779643D4 5 Bytes  JMP 000B0FEF 
.text           C:\Windows\system32\lsass.exe[844] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                     77964494 5 Bytes  JMP 000B0FCD 
.text           C:\Windows\system32\lsass.exe[844] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                              77964D34 5 Bytes  JMP 000B0FDE 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                                  75FE1929 5 Bytes  JMP 0009006C 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                                  75FE19C9 5 Bytes  JMP 00090F1C 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateProcessW                                                                                                                                                                                                                   75FE1BF3 5 Bytes  JMP 00090EF0 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateProcessA                                                                                                                                                                                                                   75FE1C28 5 Bytes  JMP 00090F0B 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!VirtualProtect                                                                                                                                                                                                                   75FE1DC3 5 Bytes  JMP 00090F5C 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                                 75FE2EF5 5 Bytes  JMP 00090FC0 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                                 75FE5C0C 5 Bytes  JMP 00090FA5 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!CreatePipe                                                                                                                                                                                                                       76008E6E 5 Bytes  JMP 00090F41 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                   76009109 5 Bytes  JMP 00090F6D 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                     76009362 5 Bytes  JMP 00090025 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                   760094B4 5 Bytes  JMP 00090036 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                     760094DC 5 Bytes  JMP 00090F94 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                                 7600DBDA 5 Bytes  JMP 00090051 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!GetProcAddress                                                                                                                                                                                                                   7602903B 5 Bytes  JMP 00090EDF 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateFileW                                                                                                                                                                                                                      7602AECB 5 Bytes  JMP 00090FDB 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!CreateFileA                                                                                                                                                                                                                      7602CE5F 5 Bytes  JMP 00090000 
.text           C:\Windows\system32\lsass.exe[844] kernel32.dll!WinExec                                                                                                                                                                                                                          76075CF7 5 Bytes  JMP 00090087 
.text           C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                                  761839AB 5 Bytes  JMP 003D0036 
.text           C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                    76183BA9 5 Bytes  JMP 003D0025 
.text           C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                      761889C7 5 Bytes  JMP 003D0FEF 
.text           C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                    7619391E 5 Bytes  JMP 003D0F94 
.text           C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                                  761941F1 5 Bytes  JMP 003D0047 
.text           C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                    76197C42 5 Bytes  JMP 003D0FD4 
.text           C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                      7619E2B5 5 Bytes  JMP 003D000A 
.text           C:\Windows\system32\lsass.exe[844] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                    761A7BA1 5 Bytes  JMP 003D0FC3 
.text           C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wsystem                                                                                                                                                                                                                           76717F2F 5 Bytes  JMP 00500F97 
.text           C:\Windows\system32\lsass.exe[844] msvcrt.dll!system                                                                                                                                                                                                                             7671804B 5 Bytes  JMP 0050002C 
.text           C:\Windows\system32\lsass.exe[844] msvcrt.dll!_creat                                                                                                                                                                                                                             7671BBE1 5 Bytes  JMP 00500FD7 
.text           C:\Windows\system32\lsass.exe[844] msvcrt.dll!_open                                                                                                                                                                                                                              7671D106 5 Bytes  JMP 00500000 
.text           C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wcreat                                                                                                                                                                                                                            7671D326 5 Bytes  JMP 00500FC6 
.text           C:\Windows\system32\lsass.exe[844] msvcrt.dll!_wopen                                                                                                                                                                                                                             7671D501 5 Bytes  JMP 00500011 
.text           C:\Windows\system32\lsass.exe[844] WS2_32.dll!socket                                                                                                                                                                                                                             75FB36D1 5 Bytes  JMP 003C000A 
.text           C:\Windows\system32\svchost.exe[1032] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779643D4 5 Bytes  JMP 004C0000 
.text           C:\Windows\system32\svchost.exe[1032] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77964494 5 Bytes  JMP 004C0FCA 
.text           C:\Windows\system32\svchost.exe[1032] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77964D34 5 Bytes  JMP 004C0FE5 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               75FE1929 5 Bytes  JMP 004B0F61 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               75FE19C9 5 Bytes  JMP 004B00A7 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateProcessW                                                                                                                                                                                                                75FE1BF3 5 Bytes  JMP 004B0F3F 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateProcessA                                                                                                                                                                                                                75FE1C28 5 Bytes  JMP 004B00CC 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!VirtualProtect                                                                                                                                                                                                                75FE1DC3 5 Bytes  JMP 004B0FA1 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              75FE2EF5 5 Bytes  JMP 004B0FC3 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              75FE5C0C 5 Bytes  JMP 004B001E 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreatePipe                                                                                                                                                                                                                    76008E6E 5 Bytes  JMP 004B008C 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                76009109 5 Bytes  JMP 004B006F 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  76009362 5 Bytes  JMP 004B004A 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                760094B4 5 Bytes  JMP 004B0FB2 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  760094DC 5 Bytes  JMP 004B002F 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              7600DBDA 5 Bytes  JMP 004B0F86 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!GetProcAddress                                                                                                                                                                                                                7602903B 5 Bytes  JMP 004B0F24 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateFileW                                                                                                                                                                                                                   7602AECB 5 Bytes  JMP 004B0FD4 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!CreateFileA                                                                                                                                                                                                                   7602CE5F 5 Bytes  JMP 004B0FEF 
.text           C:\Windows\system32\svchost.exe[1032] kernel32.dll!WinExec                                                                                                                                                                                                                       76075CF7 5 Bytes  JMP 004B0F50 
.text           C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_wsystem                                                                                                                                                                                                                        76717F2F 5 Bytes  JMP 0053005F 
.text           C:\Windows\system32\svchost.exe[1032] msvcrt.dll!system                                                                                                                                                                                                                          7671804B 5 Bytes  JMP 00530FD4 
.text           C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_creat                                                                                                                                                                                                                          7671BBE1 5 Bytes  JMP 0053003A 
.text           C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_open                                                                                                                                                                                                                           7671D106 5 Bytes  JMP 00530000 
.text           C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_wcreat                                                                                                                                                                                                                         7671D326 5 Bytes  JMP 00530FE5 
.text           C:\Windows\system32\svchost.exe[1032] msvcrt.dll!_wopen                                                                                                                                                                                                                          7671D501 5 Bytes  JMP 0053001D 
.text           C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 5 Bytes  JMP 00520054 
.text           C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76183BA9 5 Bytes  JMP 00520FC3 
.text           C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   761889C7 5 Bytes  JMP 00520FEF 
.text           C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7619391E 5 Bytes  JMP 00520FB2 
.text           C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               761941F1 5 Bytes  JMP 00520065 
.text           C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76197C42 5 Bytes  JMP 0052002F 
.text           C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7619E2B5 5 Bytes  JMP 0052000A 
.text           C:\Windows\system32\svchost.exe[1032] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 761A7BA1 5 Bytes  JMP 00520FD4 
.text           C:\Windows\system32\svchost.exe[1032] WS2_32.dll!socket                                                                                                                                                                                                                          75FB36D1 5 Bytes  JMP 004D0FEF 
.text           C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779643D4 5 Bytes  JMP 00310FEF 
.text           C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77964494 5 Bytes  JMP 0031001B 
.text           C:\Windows\system32\svchost.exe[1112] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77964D34 5 Bytes  JMP 0031000A 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               75FE1929 5 Bytes  JMP 00170067 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               75FE19C9 5 Bytes  JMP 00170F2B 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessW                                                                                                                                                                                                                75FE1BF3 5 Bytes  JMP 00170EE4 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateProcessA                                                                                                                                                                                                                75FE1C28 5 Bytes  JMP 00170EFF 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!VirtualProtect                                                                                                                                                                                                                75FE1DC3 5 Bytes  JMP 0017003B 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              75FE2EF5 5 Bytes  JMP 00170FCD 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              75FE5C0C 5 Bytes  JMP 00170FB2 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreatePipe                                                                                                                                                                                                                    76008E6E 5 Bytes  JMP 00170F46 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                76009109 5 Bytes  JMP 00170F61 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  76009362 5 Bytes  JMP 0017001E 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                760094B4 5 Bytes  JMP 00170F7C 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  760094DC 5 Bytes  JMP 00170F97 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              7600DBDA 5 Bytes  JMP 0017004C 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!GetProcAddress                                                                                                                                                                                                                7602903B 5 Bytes  JMP 00170096 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateFileW                                                                                                                                                                                                                   7602AECB 5 Bytes  JMP 00170FDE 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!CreateFileA                                                                                                                                                                                                                   7602CE5F 5 Bytes  JMP 00170FEF 
.text           C:\Windows\system32\svchost.exe[1112] kernel32.dll!WinExec                                                                                                                                                                                                                       76075CF7 5 Bytes  JMP 00170F10 
.text           C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wsystem                                                                                                                                                                                                                        76717F2F 5 Bytes  JMP 00340F90 
.text           C:\Windows\system32\svchost.exe[1112] msvcrt.dll!system                                                                                                                                                                                                                          7671804B 5 Bytes  JMP 00340FAB 
.text           C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_creat                                                                                                                                                                                                                          7671BBE1 5 Bytes  JMP 00340FBC 
.text           C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_open                                                                                                                                                                                                                           7671D106 5 Bytes  JMP 00340FE3 
.text           C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wcreat                                                                                                                                                                                                                         7671D326 5 Bytes  JMP 0034001B 
.text           C:\Windows\system32\svchost.exe[1112] msvcrt.dll!_wopen                                                                                                                                                                                                                          7671D501 5 Bytes  JMP 00340000 
.text           C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 5 Bytes  JMP 00330047 
.text           C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76183BA9 5 Bytes  JMP 00330036 
.text           C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   761889C7 5 Bytes  JMP 0033000A 
.text           C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7619391E 5 Bytes  JMP 00330FA5 
.text           C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               761941F1 5 Bytes  JMP 00330F8A 
.text           C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76197C42 5 Bytes  JMP 00330FD4 
.text           C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7619E2B5 5 Bytes  JMP 00330FE5 
.text           C:\Windows\system32\svchost.exe[1112] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 761A7BA1 5 Bytes  JMP 0033001B 
.text           C:\Windows\system32\svchost.exe[1112] WS2_32.dll!socket                                                                                                                                                                                                                          75FB36D1 5 Bytes  JMP 00320000 
.text           C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779643D4 5 Bytes  JMP 00160000 
.text           C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77964494 5 Bytes  JMP 0016001B 
.text           C:\Windows\System32\svchost.exe[1232] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77964D34 5 Bytes  JMP 00160FE5 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               75FE1929 5 Bytes  JMP 00150F65 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               75FE19C9 5 Bytes  JMP 001500B5 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateProcessW                                                                                                                                                                                                                75FE1BF3 5 Bytes  JMP 00150F28 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateProcessA                                                                                                                                                                                                                75FE1C28 5 Bytes  JMP 00150F43 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!VirtualProtect                                                                                                                                                                                                                75FE1DC3 5 Bytes  JMP 00150089 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              75FE2EF5 5 Bytes  JMP 00150FE5 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              75FE5C0C 5 Bytes  JMP 00150036 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreatePipe                                                                                                                                                                                                                    76008E6E 5 Bytes  JMP 0015009A 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                76009109 5 Bytes  JMP 00150FAF 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  76009362 5 Bytes  JMP 0015005B 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                760094B4 5 Bytes  JMP 0015006C 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  760094DC 5 Bytes  JMP 00150FCA 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              7600DBDA 5 Bytes  JMP 00150F8A 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!GetProcAddress                                                                                                                                                                                                                7602903B 5 Bytes  JMP 00150F17 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileW                                                                                                                                                                                                                   7602AECB 5 Bytes  JMP 0015001B 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!CreateFileA                                                                                                                                                                                                                   7602CE5F 5 Bytes  JMP 00150000 
.text           C:\Windows\System32\svchost.exe[1232] kernel32.dll!WinExec                                                                                                                                                                                                                       76075CF7 5 Bytes  JMP 00150F54 
.text           C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wsystem                                                                                                                                                                                                                        76717F2F 5 Bytes  JMP 00E8003A 
.text           C:\Windows\System32\svchost.exe[1232] msvcrt.dll!system                                                                                                                                                                                                                          7671804B 5 Bytes  JMP 00E80FB9 
.text           C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_creat                                                                                                                                                                                                                          7671BBE1 1 Byte  [E9]
.text           C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_creat                                                                                                                                                                                                                          7671BBE1 5 Bytes  JMP 00E80FE5 
.text           C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_open                                                                                                                                                                                                                           7671D106 5 Bytes  JMP 00E80000 
.text           C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wcreat                                                                                                                                                                                                                         7671D326 5 Bytes  JMP 00E80FD4 
.text           C:\Windows\System32\svchost.exe[1232] msvcrt.dll!_wopen                                                                                                                                                                                                                          7671D501 5 Bytes  JMP 00E80029 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 5 Bytes  JMP 00A6006C 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76183BA9 5 Bytes  JMP 00A60051 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   761889C7 5 Bytes  JMP 00A60FE5 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7619391E 5 Bytes  JMP 00A60FCA 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               761941F1 5 Bytes  JMP 00A60087 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76197C42 5 Bytes  JMP 00A6001B 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7619E2B5 5 Bytes  JMP 00A6000A 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 761A7BA1 3 Bytes  JMP 00A6002C 
.text           C:\Windows\System32\svchost.exe[1232] ADVAPI32.dll!RegOpenKeyExW + 4                                                                                                                                                                                                             761A7BA5 1 Byte  [8A]
.text           C:\Windows\System32\svchost.exe[1232] WS2_32.dll!socket                                                                                                                                                                                                                          75FB36D1 5 Bytes  JMP 00500000 
.text           C:\Windows\System32\svchost.exe[1260] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779643D4 5 Bytes  JMP 017E0000 
.text           C:\Windows\System32\svchost.exe[1260] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77964494 5 Bytes  JMP 017E0025 
.text           C:\Windows\System32\svchost.exe[1260] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77964D34 5 Bytes  JMP 017E0FE5 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               75FE1929 5 Bytes  JMP 017D00D7 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               75FE19C9 5 Bytes  JMP 017D00C6 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateProcessW                                                                                                                                                                                                                75FE1BF3 5 Bytes  JMP 017D0F6C 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateProcessA                                                                                                                                                                                                                75FE1C28 5 Bytes  JMP 017D0103 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!VirtualProtect                                                                                                                                                                                                                75FE1DC3 5 Bytes  JMP 017D0089 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              75FE2EF5 5 Bytes  JMP 017D002C 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              75FE5C0C 5 Bytes  JMP 017D0FDB 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreatePipe                                                                                                                                                                                                                    76008E6E 5 Bytes  JMP 017D00B5 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                76009109 5 Bytes  JMP 017D0FAF 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  76009362 5 Bytes  JMP 017D0FCA 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                760094B4 5 Bytes  JMP 017D006C 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  760094DC 5 Bytes  JMP 017D0047 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              7600DBDA 5 Bytes  JMP 017D009A 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!GetProcAddress                                                                                                                                                                                                                7602903B 5 Bytes  JMP 017D0F51 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateFileW                                                                                                                                                                                                                   7602AECB 5 Bytes  JMP 017D0011 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!CreateFileA                                                                                                                                                                                                                   7602CE5F 5 Bytes  JMP 017D0000 
.text           C:\Windows\System32\svchost.exe[1260] kernel32.dll!WinExec                                                                                                                                                                                                                       76075CF7 5 Bytes  JMP 017D00E8 
.text           C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_wsystem                                                                                                                                                                                                                        76717F2F 5 Bytes  JMP 01960011 
.text           C:\Windows\System32\svchost.exe[1260] msvcrt.dll!system                                                                                                                                                                                                                          7671804B 5 Bytes  JMP 01960F90 
.text           C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_creat                                                                                                                                                                                                                          7671BBE1 5 Bytes  JMP 01960FBC 
.text           C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_open                                                                                                                                                                                                                           7671D106 5 Bytes  JMP 01960FEF 
.text           C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_wcreat                                                                                                                                                                                                                         7671D326 5 Bytes  JMP 01960FA1 
.text           C:\Windows\System32\svchost.exe[1260] msvcrt.dll!_wopen                                                                                                                                                                                                                          7671D501 5 Bytes  JMP 01960000 
.text           C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 5 Bytes  JMP 01940040 
.text           C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76183BA9 5 Bytes  JMP 01940FB9 
.text           C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   761889C7 5 Bytes  JMP 01940000 
.text           C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7619391E 5 Bytes  JMP 01940F9E 
.text           C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               761941F1 5 Bytes  JMP 01940F79 
.text           C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76197C42 5 Bytes  JMP 01940FDB 
.text           C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7619E2B5 5 Bytes  JMP 01940011 
.text           C:\Windows\System32\svchost.exe[1260] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 761A7BA1 5 Bytes  JMP 01940FCA 
.text           C:\Windows\System32\svchost.exe[1260] WS2_32.dll!socket                                                                                                                                                                                                                          75FB36D1 5 Bytes  JMP 0193000A 
.text           C:\Windows\system32\svchost.exe[1276] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779643D4 5 Bytes  JMP 011B0FEF 
.text           C:\Windows\system32\svchost.exe[1276] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77964494 5 Bytes  JMP 011B0011 
.text           C:\Windows\system32\svchost.exe[1276] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77964D34 5 Bytes  JMP 011B0000 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               75FE1929 5 Bytes  JMP 01190F32 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               75FE19C9 5 Bytes  JMP 01190F4D 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateProcessW                                                                                                                                                                                                                75FE1BF3 5 Bytes  JMP 011900BF 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateProcessA                                                                                                                                                                                                                75FE1C28 5 Bytes  JMP 011900A4 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!VirtualProtect                                                                                                                                                                                                                75FE1DC3 5 Bytes  JMP 0119005D 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              75FE2EF5 5 Bytes  JMP 01190FE5 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              75FE5C0C 5 Bytes  JMP 01190FD4 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreatePipe                                                                                                                                                                                                                    76008E6E 5 Bytes  JMP 0119006E 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                76009109 5 Bytes  JMP 01190040 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  76009362 5 Bytes  JMP 01190F9E 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                760094B4 5 Bytes  JMP 01190F83 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  760094DC 5 Bytes  JMP 01190FB9 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              7600DBDA 5 Bytes  JMP 01190F5E 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!GetProcAddress                                                                                                                                                                                                                7602903B 5 Bytes  JMP 01190F0D 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateFileW                                                                                                                                                                                                                   7602AECB 5 Bytes  JMP 0119001B 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!CreateFileA                                                                                                                                                                                                                   7602CE5F 5 Bytes  JMP 01190000 
.text           C:\Windows\system32\svchost.exe[1276] kernel32.dll!WinExec                                                                                                                                                                                                                       76075CF7 5 Bytes  JMP 01190089 
.text           C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_wsystem                                                                                                                                                                                                                        76717F2F 5 Bytes  JMP 012C0FA8 
.text           C:\Windows\system32\svchost.exe[1276] msvcrt.dll!system                                                                                                                                                                                                                          7671804B 5 Bytes  JMP 012C003D 
.text           C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_creat                                                                                                                                                                                                                          7671BBE1 5 Bytes  JMP 012C0FD7 
.text           C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_open                                                                                                                                                                                                                           7671D106 5 Bytes  JMP 012C0000 
.text           C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_wcreat                                                                                                                                                                                                                         7671D326 5 Bytes  JMP 012C002C 
.text           C:\Windows\system32\svchost.exe[1276] msvcrt.dll!_wopen                                                                                                                                                                                                                          7671D501 5 Bytes  JMP 012C0011 
.text           C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 5 Bytes  JMP 012B0040 
.text           C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76183BA9 5 Bytes  JMP 012B002F 
.text           C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   761889C7 5 Bytes  JMP 012B000A 
.text           C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7619391E 5 Bytes  JMP 012B0FA8 
.text           C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               761941F1 5 Bytes  JMP 012B005B 
.text           C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76197C42 5 Bytes  JMP 012B0FDE 
.text           C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7619E2B5 5 Bytes  JMP 012B0FEF 
.text           C:\Windows\system32\svchost.exe[1276] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 761A7BA1 5 Bytes  JMP 012B0FB9 
.text           C:\Windows\system32\svchost.exe[1276] WS2_32.dll!socket                                                                                                                                                                                                                          75FB36D1 5 Bytes  JMP 012A0000 
.text           C:\Windows\system32\svchost.exe[1276] WININET.dll!InternetOpenA                                                                                                                                                                                                                  763AD690 5 Bytes  JMP 01CE0000 
.text           C:\Windows\system32\svchost.exe[1276] WININET.dll!InternetOpenW                                                                                                                                                                                                                  763ADB09 5 Bytes  JMP 01CE001B 
.text           C:\Windows\system32\svchost.exe[1276] WININET.dll!InternetOpenUrlA                                                                                                                                                                                                               763AF3A4 5 Bytes  JMP 01CE0036 
.text           C:\Windows\system32\svchost.exe[1276] WININET.dll!InternetOpenUrlW                                                                                                                                                                                                               763F6DDF 5 Bytes  JMP 01CE0047 
.text           C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779643D4 5 Bytes  JMP 004C000A 
.text           C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77964494 5 Bytes  JMP 004C0FD4 
.text           C:\Windows\system32\svchost.exe[1464] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77964D34 5 Bytes  JMP 004C0FEF 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               75FE1929 5 Bytes  JMP 00300F3F 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               75FE19C9 5 Bytes  JMP 00300085 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateProcessW                                                                                                                                                                                                                75FE1BF3 5 Bytes  JMP 00300F1D 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateProcessA                                                                                                                                                                                                                75FE1C28 5 Bytes  JMP 003000AA 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!VirtualProtect                                                                                                                                                                                                                75FE1DC3 5 Bytes  JMP 00300F7C 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              75FE2EF5 5 Bytes  JMP 00300FD4 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              75FE5C0C 5 Bytes  JMP 00300025 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreatePipe                                                                                                                                                                                                                    76008E6E 5 Bytes  JMP 00300F5A 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                76009109 5 Bytes  JMP 00300F8D 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  76009362 5 Bytes  JMP 00300FB9 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                760094B4 5 Bytes  JMP 00300FA8 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  760094DC 5 Bytes  JMP 00300040 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              7600DBDA 5 Bytes  JMP 00300F6B 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!GetProcAddress                                                                                                                                                                                                                7602903B 5 Bytes  JMP 00300F0C 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateFileW                                                                                                                                                                                                                   7602AECB 5 Bytes  JMP 0030000A 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!CreateFileA                                                                                                                                                                                                                   7602CE5F 5 Bytes  JMP 00300FEF 
.text           C:\Windows\system32\svchost.exe[1464] kernel32.dll!WinExec                                                                                                                                                                                                                       76075CF7 5 Bytes  JMP 00300F2E 
.text           C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_wsystem                                                                                                                                                                                                                        76717F2F 5 Bytes  JMP 004E001D 
.text           C:\Windows\system32\svchost.exe[1464] msvcrt.dll!system                                                                                                                                                                                                                          7671804B 5 Bytes  JMP 004E0F9C 
.text           C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_creat                                                                                                                                                                                                                          7671BBE1 5 Bytes  JMP 004E000C 
.text           C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_open                                                                                                                                                                                                                           7671D106 5 Bytes  JMP 004E0FEF 
.text           C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_wcreat                                                                                                                                                                                                                         7671D326 5 Bytes  JMP 004E0FAD 
.text           C:\Windows\system32\svchost.exe[1464] msvcrt.dll!_wopen                                                                                                                                                                                                                          7671D501 5 Bytes  JMP 004E0FD2 
.text           C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 5 Bytes  JMP 0031005B 
.text           C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76183BA9 5 Bytes  JMP 00310040 
.text           C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   761889C7 5 Bytes  JMP 00310000 
.text           C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7619391E 5 Bytes  JMP 00310FB9 
.text           C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               761941F1 5 Bytes  JMP 00310080 
.text           C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76197C42 5 Bytes  JMP 0031001B 
.text           C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7619E2B5 5 Bytes  JMP 00310FE5 
.text           C:\Windows\system32\svchost.exe[1464] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 761A7BA1 5 Bytes  JMP 00310FCA 
.text           C:\Windows\system32\svchost.exe[1464] WS2_32.dll!socket                                                                                                                                                                                                                          75FB36D1 5 Bytes  JMP 004D0000 
.text           C:\Windows\system32\svchost.exe[1536] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779643D4 5 Bytes  JMP 01000000 
.text           C:\Windows\system32\svchost.exe[1536] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77964494 5 Bytes  JMP 01000FCA 
.text           C:\Windows\system32\svchost.exe[1536] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77964D34 5 Bytes  JMP 01000FDB 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               75FE1929 5 Bytes  JMP 001900CA 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               75FE19C9 5 Bytes  JMP 001900AF 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!CreateProcessW                                                                                                                                                                                                                75FE1BF3 5 Bytes  JMP 001900E5 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!CreateProcessA                                                                                                                                                                                                                75FE1C28 5 Bytes  JMP 00190F4E 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!VirtualProtect                                                                                                                                                                                                                75FE1DC3 5 Bytes  JMP 0019008A 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              75FE2EF5 5 Bytes  JMP 00190036 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              75FE5C0C 5 Bytes  JMP 00190FEF 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!CreatePipe                                                                                                                                                                                                                    76008E6E 5 Bytes  JMP 00190F84 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                76009109 5 Bytes  JMP 00190FB2 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  76009362 5 Bytes  JMP 00190FD4 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                760094B4 5 Bytes  JMP 00190FC3 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  760094DC 5 Bytes  JMP 0019005B 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              7600DBDA 5 Bytes  JMP 00190F95 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!GetProcAddress                                                                                                                                                                                                                7602903B 5 Bytes  JMP 00190100 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!CreateFileW                                                                                                                                                                                                                   7602AECB 5 Bytes  JMP 00190025 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!CreateFileA                                                                                                                                                                                                                   7602CE5F 5 Bytes  JMP 00190000 
.text           C:\Windows\system32\svchost.exe[1536] kernel32.dll!WinExec                                                                                                                                                                                                                       76075CF7 5 Bytes  JMP 00190F5F 
.text           C:\Windows\system32\svchost.exe[1536] msvcrt.dll!_wsystem                                                                                                                                                                                                                        76717F2F 5 Bytes  JMP 01070047 
.text           C:\Windows\system32\svchost.exe[1536] msvcrt.dll!system                                                                                                                                                                                                                          7671804B 5 Bytes  JMP 01070036 
.text           C:\Windows\system32\svchost.exe[1536] msvcrt.dll!_creat                                                                                                                                                                                                                          7671BBE1 5 Bytes  JMP 01070FC6 
.text           C:\Windows\system32\svchost.exe[1536] msvcrt.dll!_open                                                                                                                                                                                                                           7671D106 5 Bytes  JMP 01070000 
.text           C:\Windows\system32\svchost.exe[1536] msvcrt.dll!_wcreat                                                                                                                                                                                                                         7671D326 5 Bytes  JMP 0107001B 
.text           C:\Windows\system32\svchost.exe[1536] msvcrt.dll!_wopen                                                                                                                                                                                                                          7671D501 5 Bytes  JMP 01070FD7 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 1 Byte  [E9]
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 5 Bytes  JMP 00CE0FAF 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76183BA9 5 Bytes  JMP 00CE0FCA 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   761889C7 5 Bytes  JMP 00CE0FEF 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7619391E 5 Bytes  JMP 00CE0051 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               761941F1 5 Bytes  JMP 00CE0F94 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76197C42 5 Bytes  JMP 00CE001B 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7619E2B5 5 Bytes  JMP 00CE000A 
.text           C:\Windows\system32\svchost.exe[1536] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 761A7BA1 5 Bytes  JMP 00CE0036 
.text           C:\Windows\system32\svchost.exe[1536] WS2_32.dll!socket                                                                                                                                                                                                                          75FB36D1 5 Bytes  JMP 01050FEF 
.text           C:\Windows\system32\svchost.exe[1536] WinInet.dll!InternetOpenA                                                                                                                                                                                                                  763AD690 5 Bytes  JMP 01060FEF 
.text           C:\Windows\system32\svchost.exe[1536] WinInet.dll!InternetOpenW                                                                                                                                                                                                                  763ADB09 5 Bytes  JMP 01060FD4 
.text           C:\Windows\system32\svchost.exe[1536] WinInet.dll!InternetOpenUrlA                                                                                                                                                                                                               763AF3A4 5 Bytes  JMP 0106000A 
.text           C:\Windows\system32\svchost.exe[1536] WinInet.dll!InternetOpenUrlW                                                                                                                                                                                                               763F6DDF 5 Bytes  JMP 01060FB9 
.text           C:\Windows\system32\svchost.exe[1660] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779643D4 5 Bytes  JMP 01770000 
.text           C:\Windows\system32\svchost.exe[1660] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77964494 5 Bytes  JMP 0177002F 
.text           C:\Windows\system32\svchost.exe[1660] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77964D34 5 Bytes  JMP 01770FEF 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               75FE1929 5 Bytes  JMP 01750F68 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               75FE19C9 5 Bytes  JMP 017500A4 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!CreateProcessW                                                                                                                                                                                                                75FE1BF3 5 Bytes  JMP 01750F28 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!CreateProcessA                                                                                                                                                                                                                75FE1C28 5 Bytes  JMP 017500BF 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!VirtualProtect                                                                                                                                                                                                                75FE1DC3 5 Bytes  JMP 01750F9E 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              75FE2EF5 5 Bytes  JMP 01750FEF 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              75FE5C0C 5 Bytes  JMP 01750FD4 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!CreatePipe                                                                                                                                                                                                                    76008E6E 5 Bytes  JMP 01750F79 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                76009109 5 Bytes  JMP 01750078 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  76009362 5 Bytes  JMP 01750FAF 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                760094B4 5 Bytes  JMP 01750051 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  760094DC 5 Bytes  JMP 01750040 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              7600DBDA 5 Bytes  JMP 01750089 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!GetProcAddress                                                                                                                                                                                                                7602903B 5 Bytes  JMP 01750F03 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!CreateFileW                                                                                                                                                                                                                   7602AECB 5 Bytes  JMP 0175001B 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!CreateFileA                                                                                                                                                                                                                   7602CE5F 5 Bytes  JMP 0175000A 
.text           C:\Windows\system32\svchost.exe[1660] kernel32.dll!WinExec                                                                                                                                                                                                                       76075CF7 5 Bytes  JMP 01750F43 
.text           C:\Windows\system32\svchost.exe[1660] msvcrt.dll!_wsystem                                                                                                                                                                                                                        76717F2F 5 Bytes  JMP 02300F9C 
.text           C:\Windows\system32\svchost.exe[1660] msvcrt.dll!system                                                                                                                                                                                                                          7671804B 5 Bytes  JMP 02300027 
.text           C:\Windows\system32\svchost.exe[1660] msvcrt.dll!_creat                                                                                                                                                                                                                          7671BBE1 5 Bytes  JMP 0230000C 
.text           C:\Windows\system32\svchost.exe[1660] msvcrt.dll!_open                                                                                                                                                                                                                           7671D106 5 Bytes  JMP 02300FEF 
.text           C:\Windows\system32\svchost.exe[1660] msvcrt.dll!_wcreat                                                                                                                                                                                                                         7671D326 5 Bytes  JMP 02300FB7 
.text           C:\Windows\system32\svchost.exe[1660] msvcrt.dll!_wopen                                                                                                                                                                                                                          7671D501 5 Bytes  JMP 02300FDE 
.text           C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 5 Bytes  JMP 01760FA5 
.text           C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76183BA9 5 Bytes  JMP 01760FCA 
.text           C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   761889C7 5 Bytes  JMP 01760000 
.text           C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7619391E 5 Bytes  JMP 01760051 
.text           C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               761941F1 5 Bytes  JMP 01760062 
.text           C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76197C42 5 Bytes  JMP 0176001B 
.text           C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7619E2B5 5 Bytes  JMP 01760FE5 
.text           C:\Windows\system32\svchost.exe[1660] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 761A7BA1 5 Bytes  JMP 0176002C 
.text           C:\Windows\system32\svchost.exe[1660] WS2_32.dll!socket                                                                                                                                                                                                                          75FB36D1 5 Bytes  JMP 01780000 
.text           C:\Windows\system32\svchost.exe[1944] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779643D4 5 Bytes  JMP 00DF0FEF 
.text           C:\Windows\system32\svchost.exe[1944] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77964494 5 Bytes  JMP 00DF0FC3 
.text           C:\Windows\system32\svchost.exe[1944] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77964D34 5 Bytes  JMP 00DF0FD4 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               75FE1929 5 Bytes  JMP 007C0F79 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               75FE19C9 5 Bytes  JMP 007C00BF 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreateProcessW                                                                                                                                                                                                                75FE1BF3 5 Bytes  JMP 007C00FF 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreateProcessA                                                                                                                                                                                                                75FE1C28 5 Bytes  JMP 007C0F5E 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!VirtualProtect                                                                                                                                                                                                                75FE1DC3 5 Bytes  JMP 007C009A 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              75FE2EF5 5 Bytes  JMP 007C001B 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              75FE5C0C 5 Bytes  JMP 007C0FD4 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreatePipe                                                                                                                                                                                                                    76008E6E 5 Bytes  JMP 007C0F94 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                76009109 5 Bytes  JMP 007C007F 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  76009362 5 Bytes  JMP 007C0051 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                760094B4 5 Bytes  JMP 007C0062 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  760094DC 5 Bytes  JMP 007C0040 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              7600DBDA 5 Bytes  JMP 007C0FA5 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!GetProcAddress                                                                                                                                                                                                                7602903B 5 Bytes  JMP 007C0F4D 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreateFileW                                                                                                                                                                                                                   7602AECB 5 Bytes  JMP 007C0FEF 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!CreateFileA                                                                                                                                                                                                                   7602CE5F 5 Bytes  JMP 007C0000 
.text           C:\Windows\system32\svchost.exe[1944] kernel32.dll!WinExec                                                                                                                                                                                                                       76075CF7 5 Bytes  JMP 007C00DA 
.text           C:\Windows\system32\svchost.exe[1944] msvcrt.dll!_wsystem                                                                                                                                                                                                                        76717F2F 5 Bytes  JMP 01010036 
.text           C:\Windows\system32\svchost.exe[1944] msvcrt.dll!system                                                                                                                                                                                                                          7671804B 5 Bytes  JMP 01010011 
.text           C:\Windows\system32\svchost.exe[1944] msvcrt.dll!_creat                                                                                                                                                                                                                          7671BBE1 5 Bytes  JMP 01010FAB 
.text           C:\Windows\system32\svchost.exe[1944] msvcrt.dll!_open                                                                                                                                                                                                                           7671D106 5 Bytes  JMP 01010FEF 
.text           C:\Windows\system32\svchost.exe[1944] msvcrt.dll!_wcreat                                                                                                                                                                                                                         7671D326 5 Bytes  JMP 01010000 
.text           C:\Windows\system32\svchost.exe[1944] msvcrt.dll!_wopen                                                                                                                                                                                                                          7671D501 5 Bytes  JMP 01010FD2 
.text           C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 5 Bytes  JMP 007D0FA8 
.text           C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76183BA9 5 Bytes  JMP 007D0FC3 
.text           C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   761889C7 5 Bytes  JMP 007D0000 
.text           C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7619391E 5 Bytes  JMP 007D004A 
.text           C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               761941F1 5 Bytes  JMP 007D0065 
.text           C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76197C42 5 Bytes  JMP 007D0FD4 
.text           C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7619E2B5 5 Bytes  JMP 007D0FE5 
.text           C:\Windows\system32\svchost.exe[1944] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 761A7BA1 5 Bytes  JMP 007D002F 
.text           C:\Windows\system32\svchost.exe[1944] WS2_32.dll!socket                                                                                                                                                                                                                          75FB36D1 5 Bytes  JMP 01000FEF 
.text           C:\Windows\system32\svchost.exe[2408] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779643D4 5 Bytes  JMP 00430FEF 
.text           C:\Windows\system32\svchost.exe[2408] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77964494 5 Bytes  JMP 0043000A 
.text           C:\Windows\system32\svchost.exe[2408] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77964D34 5 Bytes  JMP 00430FDE 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               75FE1929 5 Bytes  JMP 00210F41 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               75FE19C9 5 Bytes  JMP 00210091 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!CreateProcessW                                                                                                                                                                                                                75FE1BF3 5 Bytes  JMP 00210F04 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!CreateProcessA                                                                                                                                                                                                                75FE1C28 5 Bytes  JMP 00210F15 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!VirtualProtect                                                                                                                                                                                                                75FE1DC3 5 Bytes  JMP 00210040 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              75FE2EF5 5 Bytes  JMP 0021000A 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              75FE5C0C 5 Bytes  JMP 00210FB9 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!CreatePipe                                                                                                                                                                                                                    76008E6E 5 Bytes  JMP 0021006C 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                76009109 5 Bytes  JMP 00210F5C 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  76009362 5 Bytes  JMP 00210F94 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                760094B4 5 Bytes  JMP 00210F79 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  760094DC 5 Bytes  JMP 0021001B 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              7600DBDA 5 Bytes  JMP 0021005B 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!GetProcAddress                                                                                                                                                                                                                7602903B 5 Bytes  JMP 00210EF3 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!CreateFileW                                                                                                                                                                                                                   7602AECB 5 Bytes  JMP 00210FD4 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!CreateFileA                                                                                                                                                                                                                   7602CE5F 5 Bytes  JMP 00210FE5 
.text           C:\Windows\system32\svchost.exe[2408] kernel32.dll!WinExec                                                                                                                                                                                                                       76075CF7 5 Bytes  JMP 00210F30 
.text           C:\Windows\system32\svchost.exe[2408] msvcrt.dll!_wsystem                                                                                                                                                                                                                        76717F2F 5 Bytes  JMP 00420F8D 
.text           C:\Windows\system32\svchost.exe[2408] msvcrt.dll!system                                                                                                                                                                                                                          7671804B 5 Bytes  JMP 00420FA8 
.text           C:\Windows\system32\svchost.exe[2408] msvcrt.dll!_creat                                                                                                                                                                                                                          7671BBE1 5 Bytes  JMP 00420FDE 
.text           C:\Windows\system32\svchost.exe[2408] msvcrt.dll!_open                                                                                                                                                                                                                           7671D106 5 Bytes  JMP 00420000 
.text           C:\Windows\system32\svchost.exe[2408] msvcrt.dll!_wcreat                                                                                                                                                                                                                         7671D326 5 Bytes  JMP 00420FC3 
.text           C:\Windows\system32\svchost.exe[2408] msvcrt.dll!_wopen                                                                                                                                                                                                                          7671D501 5 Bytes  JMP 00420FEF 
.text           C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 5 Bytes  JMP 0024005B 
.text           C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76183BA9 5 Bytes  JMP 00240040 
.text           C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   761889C7 5 Bytes  JMP 00240000 
.text           C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7619391E 5 Bytes  JMP 00240FB9 
.text           C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               761941F1 5 Bytes  JMP 00240F9E 
.text           C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76197C42 5 Bytes  JMP 0024001B 
.text           C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7619E2B5 5 Bytes  JMP 00240FE5 
.text           C:\Windows\system32\svchost.exe[2408] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 761A7BA1 5 Bytes  JMP 00240FD4 
.text           C:\Windows\system32\svchost.exe[2408] WS2_32.dll!socket                                                                                                                                                                                                                          75FB36D1 5 Bytes  JMP 00100FEF 
.text           C:\Windows\system32\svchost.exe[2552] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779643D4 5 Bytes  JMP 00580000 
.text           C:\Windows\system32\svchost.exe[2552] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77964494 5 Bytes  JMP 0058001B 
.text           C:\Windows\system32\svchost.exe[2552] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77964D34 5 Bytes  JMP 00580FE5 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               75FE1929 5 Bytes  JMP 001B0085 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               75FE19C9 5 Bytes  JMP 001B0F3F 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!CreateProcessW                                                                                                                                                                                                                75FE1BF3 5 Bytes  JMP 001B0F02 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!CreateProcessA                                                                                                                                                                                                                75FE1C28 5 Bytes  JMP 001B0F1D 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!VirtualProtect                                                                                                                                                                                                                75FE1DC3 5 Bytes  JMP 001B0F86 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              75FE2EF5 5 Bytes  JMP 001B001B 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              75FE5C0C 5 Bytes  JMP 001B0FD4 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!CreatePipe                                                                                                                                                                                                                    76008E6E 5 Bytes  JMP 001B0F50 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                76009109 5 Bytes  JMP 001B0F97 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  76009362 5 Bytes  JMP 001B0FB2 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                760094B4 5 Bytes  JMP 001B0054 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  760094DC 5 Bytes  JMP 001B0FC3 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              7600DBDA 5 Bytes  JMP 001B0F6B 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!GetProcAddress                                                                                                                                                                                                                7602903B 5 Bytes  JMP 001B00AA 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!CreateFileW                                                                                                                                                                                                                   7602AECB 5 Bytes  JMP 001B0FE5 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!CreateFileA                                                                                                                                                                                                                   7602CE5F 5 Bytes  JMP 001B0000 
.text           C:\Windows\system32\svchost.exe[2552] kernel32.dll!WinExec                                                                                                                                                                                                                       76075CF7 5 Bytes  JMP 001B0F2E 
.text           C:\Windows\system32\svchost.exe[2552] msvcrt.dll!_wsystem                                                                                                                                                                                                                        76717F2F 5 Bytes  JMP 00570FCA 
.text           C:\Windows\system32\svchost.exe[2552] msvcrt.dll!system                                                                                                                                                                                                                          7671804B 5 Bytes  JMP 00570055 
.text           C:\Windows\system32\svchost.exe[2552] msvcrt.dll!_creat                                                                                                                                                                                                                          7671BBE1 5 Bytes  JMP 00570029 
.text           C:\Windows\system32\svchost.exe[2552] msvcrt.dll!_open                                                                                                                                                                                                                           7671D106 5 Bytes  JMP 0057000C 
.text           C:\Windows\system32\svchost.exe[2552] msvcrt.dll!_wcreat                                                                                                                                                                                                                         7671D326 5 Bytes  JMP 00570044 
.text           C:\Windows\system32\svchost.exe[2552] msvcrt.dll!_wopen                                                                                                                                                                                                                          7671D501 5 Bytes  JMP 00570FEF 
.text           C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 5 Bytes  JMP 001C0F9E 
.text           C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76183BA9 5 Bytes  JMP 001C0FAF 
.text           C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   761889C7 5 Bytes  JMP 001C0000 
.text           C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7619391E 5 Bytes  JMP 001C0040 
.text           C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               761941F1 5 Bytes  JMP 001C0F83 
.text           C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76197C42 5 Bytes  JMP 001C0FC0 
.text           C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7619E2B5 5 Bytes  JMP 001C0FE5 
.text           C:\Windows\system32\svchost.exe[2552] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 761A7BA1 5 Bytes  JMP 001C0011 
.text           C:\Windows\system32\svchost.exe[2552] WS2_32.dll!socket                                                                                                                                                                                                                          75FB36D1 5 Bytes  JMP 001A000A 
.text           C:\Windows\System32\svchost.exe[2624] ntdll.dll!NtCreateFile                                                                                                                                                                                                                     779643D4 5 Bytes  JMP 00080FEF 
.text           C:\Windows\System32\svchost.exe[2624] ntdll.dll!NtCreateProcess                                                                                                                                                                                                                  77964494 5 Bytes  JMP 00080014 
.text           C:\Windows\System32\svchost.exe[2624] ntdll.dll!NtProtectVirtualMemory                                                                                                                                                                                                           77964D34 5 Bytes  JMP 00080FDE 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!GetStartupInfoW                                                                                                                                                                                                               75FE1929 5 Bytes  JMP 00050F55 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!GetStartupInfoA                                                                                                                                                                                                               75FE19C9 5 Bytes  JMP 00050F66 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!CreateProcessW                                                                                                                                                                                                                75FE1BF3 5 Bytes  JMP 00050F3A 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!CreateProcessA                                                                                                                                                                                                                75FE1C28 5 Bytes  JMP 000500D1 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!VirtualProtect                                                                                                                                                                                                                75FE1DC3 5 Bytes  JMP 0005006C 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!CreateNamedPipeA                                                                                                                                                                                                              75FE2EF5 5 Bytes  JMP 00050014 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!CreateNamedPipeW                                                                                                                                                                                                              75FE5C0C 5 Bytes  JMP 0005002F 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!CreatePipe                                                                                                                                                                                                                    76008E6E 5 Bytes  JMP 00050F77 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!LoadLibraryExW                                                                                                                                                                                                                76009109 5 Bytes  JMP 0005005B 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!LoadLibraryW                                                                                                                                                                                                                  76009362 5 Bytes  JMP 00050FB9 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!LoadLibraryExA                                                                                                                                                                                                                760094B4 5 Bytes  JMP 00050FA8 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!LoadLibraryA                                                                                                                                                                                                                  760094DC 5 Bytes  JMP 00050040 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!VirtualProtectEx                                                                                                                                                                                                              7600DBDA 5 Bytes  JMP 00050087 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!GetProcAddress                                                                                                                                                                                                                7602903B 5 Bytes  JMP 00050F29 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!CreateFileW                                                                                                                                                                                                                   7602AECB 5 Bytes  JMP 00050FD4 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!CreateFileA                                                                                                                                                                                                                   7602CE5F 5 Bytes  JMP 00050FE5 
.text           C:\Windows\System32\svchost.exe[2624] kernel32.dll!WinExec                                                                                                                                                                                                                       76075CF7 5 Bytes  JMP 000500B6 
.text           C:\Windows\System32\svchost.exe[2624] msvcrt.dll!_wsystem                                                                                                                                                                                                                        76717F2F 5 Bytes  JMP 00070FBE 
.text           C:\Windows\System32\svchost.exe[2624] msvcrt.dll!system                                                                                                                                                                                                                          7671804B 5 Bytes  JMP 00070049 
.text           C:\Windows\System32\svchost.exe[2624] msvcrt.dll!_creat                                                                                                                                                                                                                          7671BBE1 5 Bytes  JMP 00070FD9 
.text           C:\Windows\System32\svchost.exe[2624] msvcrt.dll!_open                                                                                                                                                                                                                           7671D106 5 Bytes  JMP 00070000 
.text           C:\Windows\System32\svchost.exe[2624] msvcrt.dll!_wcreat                                                                                                                                                                                                                         7671D326 5 Bytes  JMP 00070038 
.text           C:\Windows\System32\svchost.exe[2624] msvcrt.dll!_wopen                                                                                                                                                                                                                          7671D501 5 Bytes  JMP 0007001D 
.text           C:\Windows\System32\svchost.exe[2624] ADVAPI32.dll!RegCreateKeyExA                                                                                                                                                                                                               761839AB 5 Bytes  JMP 00060076 
.text           C:\Windows\System32\svchost.exe[2624] ADVAPI32.dll!RegCreateKeyA                                                                                                                                                                                                                 76183BA9 5 Bytes  JMP 0006005B 
.text           C:\Windows\System32\svchost.exe[2624] ADVAPI32.dll!RegOpenKeyA                                                                                                                                                                                                                   761889C7 5 Bytes  JMP 00060000 
.text           C:\Windows\System32\svchost.exe[2624] ADVAPI32.dll!RegCreateKeyW                                                                                                                                                                                                                 7619391E 5 Bytes  JMP 00060FD4 
.text           C:\Windows\System32\svchost.exe[2624] ADVAPI32.dll!RegCreateKeyExW                                                                                                                                                                                                               761941F1 5 Bytes  JMP 00060FB9 
.text           C:\Windows\System32\svchost.exe[2624] ADVAPI32.dll!RegOpenKeyExA                                                                                                                                                                                                                 76197C42 5 Bytes  JMP 0006002F 
.text           C:\Windows\System32\svchost.exe[2624] ADVAPI32.dll!RegOpenKeyW                                                                                                                                                                                                                   7619E2B5 5 Bytes  JMP 00060FEF 
.text           C:\Windows\System32\svchost.exe[2624] ADVAPI32.dll!RegOpenKeyExW                                                                                                                                                                                                                 761A7BA1 5 Bytes  JMP 00060040 
.text           C:\Windows\System32\svchost.exe[2624] WS2_32.dll!socket                                                                                                                                                                                                                          75FB36D1 5 Bytes  JMP 001A0FE5 
.text           C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3012] kernel32.dll!LoadLibraryW                                                                                                                                                                                      76009362 5 Bytes  JMP 70EA9AE2 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)
.text           C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe[3012] kernel32.dll!LoadLibraryA                                                                                                                                                                                      760094DC 5 Bytes  JMP 70EA9A20 C:\Program Files\Common Files\McAfee\McProxy\mcproxy.dll (McAfee Proxy Service Module/McAfee, Inc.)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2184] @ C:\Windows\system32\CRYPT32.dll [ADVAPI32.dll!RegQueryValueExW]                                                                                                                                              [010D76E0] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)
IAT             C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe[2184] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA]                                                                                                                                                  [010D7740] C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe (McAfee Process Validation Service/McAfee, Inc.)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\Ntfs \Ntfs                                                                                                                                                                                                                                                           mfehidk.sys (McAfee Link Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Tcp                                                                                                                                                                                                                                                          mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \Driver\tdx \Device\Udp                                                                                                                                                                                                                                                          mfewfpk.sys (Anti-Virus Mini-Firewall Driver/McAfee, Inc.)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                                                                                         fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)
AttachedDevice  \FileSystem\fastfat \Fat                                                                                                                                                                                                                                                         mfehidk.sys (McAfee Link Driver/McAfee, Inc.)

---- Registry - GMER 1.0.15 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Media Center\Service\Scheduler@Heartbeat                                                                                                                                                                                          0x10 0x2C 0xC8 0x7A ...

---- Files - GMER 1.0.15 ----

File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80CHS.dll  40960 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80CHT.dll  45056 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80DEU.dll  65536 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ENU.dll  57344 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ESP.dll  61440 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80FRA.dll  61440 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80ITA.dll  61440 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80JPN.dll  49152 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.mfcloc_1fc8b3b9a1e18e3b_8.0.50727.4053_none_03ca5532205cb096\mfc80KOR.dll  49152 bytes executable
File            C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable_LatestPirate.com\Nero_9.4.26_Micro_Portable\Thinstall\Nero 9.4.26.0 Micro\%SystemRoot%\WinSxS\x86_microsoft.vc80.openmp_1fc8b3b9a1e18e3b_8.0.50727.4053_none_3b0e32bdc9afe437\vcomp.dll     65536 bytes executable

---- EOF - GMER 1.0.15 ----
    Vielen Dank und Gruß

    Holger
  9. 23.08.2010, 20:11 #9
    Swisstreasure
    Swisstreasure ist offline
    Moderator Team-Mitglied Avatar von Swisstreasure
    Registriert seit
    13.08.2009
    Ort
    Schweiz
    Beiträge
    3.660
    Swisstreasure eine Nachricht über MSN schicken

    AW: Internet Verbindung steht, aber IE, Firefox usw. gehen nicht online

    C:\aurora_dvd\Nero_9.4.26_Micro_Portable_LatestPirate.com
    Was ist das?
    Gruss Swiss

    freiwillige Spende
  10. 23.08.2010, 20:21 #10
    Holger1773
    Holger1773 ist offline
    Einsteiger
    Registriert seit
    13.08.2010
    Beiträge
    15

    AW: Internet Verbindung steht, aber IE, Firefox usw. gehen nicht online

    Ich kann es nicht sagen, wenn ich es mir aber anschaue sieht es so aus als ob mein Sohn sich was runter geladen hätte.
    Vom Namen her würde ich sagen Nero Portable, aber gibt es das überhaupt?

    Gruß

    Holger
Seite 1 von 4 123 ... LetzteLetzte
« Vorheriges Thema | Nächstes Thema »

Aktive Benutzer

Aktive Benutzer

Aktive Benutzer in diesem Thema: 1 (Registrierte Benutzer: 0, Gäste: 1)

Ähnliche Themen

  1. Internet steht, aber weder Firefox noch andere Browser können Seiten öffnen...
    Von Sakerfalke im Forum Archiv
    Antworten: 9
    Letzter Beitrag: 14.07.2010, 12:09
  2. Internetverbindung steht, aber trotzdem keine Verbindung??
    Von sepete im Forum Archiv
    Antworten: 40
    Letzter Beitrag: 07.10.2008, 20:30
  3. Internet Explorer und Windows Mail funktionieren nicht mehr, Firefox geht aber!
    Von m___k im Forum Vista-Archiv
    Antworten: 1
    Letzter Beitrag: 21.03.2008, 14:47
  4. Verbindung steht aber NIX geht.....
    Von erkan67 im Forum Archiv
    Antworten: 3
    Letzter Beitrag: 20.04.2007, 06:39
  5. Verbindung zum Provider steht, aber kein Internet und kein Outlook Express möglich
    Von Depeche im Forum Archiv
    Antworten: 5
    Letzter Beitrag: 03.07.2005, 13:34

Berechtigungen

  • Neue Themen erstellen: Nein
  • Themen beantworten: Nein
  • Anhänge hochladen: Nein
  • Beiträge bearbeiten: Nein
  •  

Foren-Regeln