| |
| |||||||
Log-Analyse und Auswertung: Windows 7: Festplatte wird immer vollerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
11.05.2014, 19:31
| #1 |
 |  Windows 7: Festplatte wird immer voller Hallo, seit einiger Zeit habe ich das Problem, dass meine SSD Festplatte (120GB) für Betriebssystem und Programme sich bis auf 0MB verfügbaren Speicherplatz füllt. Zuerst dachte ich das Windows mit seinen ständigen Updates dafür verantwortlich ist und habe durch Entfernen nicht häufig verwendetet Programme immer wieder Platz geschaffen (jeweils im Bereich 2-5GB). Der war aber nach wenigen Tagen wieder verbraucht. Vor zwei Tagen habe ich erst wieder ein Programm (Magix Video) mit 4,5GB deinstalliert, heute sind nur noch 550MB davon übrig. Mein McAfee Virenscanner hat vor ewigen Zeiten mal einen Trojaner gefunden, was ich aber nicht in direkten zeitlichen Zusammenhang mit dem Problem stellen kann. Sonst findet der aktuell nichts, auch Avira hat nichts gefunden. Anbei meine Log-Files nach Anleitung, einzig McAfee bietet hier keinen expliziten Ausdruck. Habt Ihr ne Idee was das ist? |
|
12.05.2014, 06:52
| #2 |
| /// the machine /// TB-Ausbilder    | Windows 7: Festplatte wird immer voller Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
12.05.2014, 18:54
| #3 |
| | Windows 7: Festplatte wird immer voller Hi Schrauber,
__________________in einen ging's nicht, also hier zuerst Addition: Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 11-05-2014
Ran by Alex at 2014-05-11 11:11:09
Running from C:\Users\Alex\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {ADA629C7-7F48-5689-624A-3B76997E0892}
AS: McAfee Anti-Virus und Anti-Spyware (Enabled - Up to date) {16C7C823-5972-5907-58FA-0004E2F9422F}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: McAfee Firewall (Enabled) {959DA8E2-3527-57D1-4915-924367AD4FE9}
==================== Installed Programs ======================
ABBYY FineReader OCR Engine (HKLM-x32\...\{345C90FB-FA10-11D5-9C2A-0080C85A0C2D}) (Version: - )
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.2.0.2070 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.206 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (HKLM-x32\...\Adobe Photoshop Elements 10) (Version: 10.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 10 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Adobe Reader X (10.1.9) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AA1000000001}) (Version: 10.1.9 - Adobe Systems Incorporated)
Apple Application Support (HKLM-x32\...\{AAC5D43E-816D-4C2D-8E51-55FFF35BE301}) (Version: 3.0.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft Software Suite (HKLM-x32\...\{497A1721-088F-41EF-8876-B43C9DA5528B}) (Version: 1.0 - ArcSoft)
AVM FRITZ!fax für FRITZ!Box (HKLM-x32\...\FRITZ! 2.0) (Version: - AVM Berlin)
Blu-ray Disc-Zusatz-Software (x32 Version: 5.0.00.00000 - Sony Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon Easy-PhotoPrint EX (HKLM-x32\...\Easy-PhotoPrint EX) (Version: - )
Canon iP7200 series Printer Driver (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP7200_series) (Version: - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.0.0 - Canon Inc.)
CD-LabelPrint (HKLM-x32\...\MediaNavigation.CDLabelPrint) (Version: - )
CicloTour 3.02 (HKLM-x32\...\CicloTour_is1) (Version: 3.02 - CicloSport)
CicloTrainer 5.00 (HKLM-x32\...\CicloTrainer_is1) (Version: 5 - CicloSport : http:\\www.ciclosport.de)
CyberLink BD Advisor 2.0 (HKLM-x32\...\{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}) (Version: - )
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3226 - CyberLink Corp.)
CyberLink Blu-ray Disc Suite (x32 Version: 6.0.3226 - CyberLink Corp.) Hidden
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.1916 - CyberLink Corp.)
CyberLink LabelPrint (x32 Version: 2.5.1916 - CyberLink Corp.) Hidden
CyberLink LG Burning Tool (HKLM-x32\...\InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 6.2.3714 - CyberLink Corp.)
CyberLink LG Burning Tool (x32 Version: 6.2.3714 - CyberLink Corp.) Hidden
CyberLink MediaShow (HKLM-x32\...\InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}) (Version: 4.1.3402 - CyberLink Corp.)
CyberLink MediaShow (x32 Version: 4.1.3402 - CyberLink Corp.) Hidden
CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.4322.52 - CyberLink Corp.)
CyberLink PowerDVD 9 (x32 Version: 9.0.4322.52 - CyberLink Corp.) Hidden
CyberLink PowerProducer (HKLM-x32\...\InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}) (Version: 5.0.1.1520 - CyberLink Corp.)
CyberLink PowerProducer (x32 Version: 5.0.1.1520 - CyberLink Corp.) Hidden
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 1.0.2609 - CyberLink Corp.)
CyberLink YouCam (x32 Version: 1.0.2609 - CyberLink Corp.) Hidden
Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5971CA1F-6BDE-498F-952C-9F2BF94070A4}) (Version: - Microsoft)
Designer 2.0 (HKLM-x32\...\Designer 2.0_is1) (Version: 7.8.9 - Fomanu AG)
Elements 10 Organizer (x32 Version: 10.0 - Ihr Firmenname) Hidden
Firebird SQL Server - MAGIX Edition (HKLM-x32\...\{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}) (Version: 2.1.27.0 - MAGIX AG)
Fragenbär - Richtig Mathe (HKLM-x32\...\de.fragenbaer.FBRichtigMathe.78FC3472EF1CDFE575EF75508F015569D511C052.1) (Version: 1.1 - SL-Lernsoftware)
Hactronic 1.82 (HKLM-x32\...\Hactronic_is1) (Version: 1.82 - CicloSport)
Hauppauge WinTV 7 (HKLM-x32\...\Hauppauge WinTV 7) (Version: v7.0.30347 (CD 2.6d) - Hauppauge Computer Works)
iTunes (HKLM\...\{B8BA155B-1E75-405F-9CB4-8A99615D09DC}) (Version: 11.1.5.5 - Apple Inc.)
Lernerfolg Vorschule - Capt'n Sharky (HKLM-x32\...\Lernerfolg Vorschule - Capt'n Sharky) (Version: - )
Lexware Info Service (HKLM-x32\...\{8AE7E507-BC49-4DF0-A236-26878691AB53}) (Version: 2.90.00.0009 - Haufe-Lexware GmbH & Co.KG)
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
LightScribe System Software (HKLM-x32\...\{F132000C-1CBA-458F-BF2F-FD43D59410F9}) (Version: 1.18.27.10 - LightScribe)
MAGIX Fotos auf CD & DVD 9 deluxe 9.0.0.18 (D) (HKLM-x32\...\MAGIX Fotos auf CD & DVD 9 deluxe D) (Version: 9.0.0.18 - MAGIX AG)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 12.8.957 - McAfee, Inc.)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Access MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Excel MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Office 64-bit Components 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office OneNote MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Outlook MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office PowerPoint MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Professional 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Proof (English) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (French) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proof (Italian) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Proofing (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Publisher MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared 64-bit MUI (German) 2010 (Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Shared MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Single Image 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft Office Word MUI (German) 2010 (x32 Version: 14.0.7015.1000 - Microsoft Corporation) Hidden
Microsoft SQL Server Compact 3.5 SP1 English (HKLM-x32\...\{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP1 x64 English (HKLM\...\{F83779DF-E1F5-43A2-A7BE-732F856FADB7}) (Version: 3.5.5692.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{A49F249F-0C91-497F-86DF-B2585E8E76B7}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}) (Version: 8.0.50727.42 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (HKLM-x32\...\{196467F1-C11F-4F76-858B-5812ADC83B94}) (Version: 4.30.2100.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB973685) (HKLM-x32\...\{859DFA95-E4A6-48CD-B88E-A3E483E89B44}) (Version: 4.30.2107.0 - Microsoft Corporation)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version: - )
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.3 - Frank Heindörfer, Philip Chinery)
pdfforge Toolbar v9.1 (HKLM-x32\...\{E5E7189A-197A-4BC9-9548-083415C04E72}) (Version: 9.1 - Spigot, Inc.) <==== ATTENTION
PHOTOfunSTUDIO 4.0 (HKLM-x32\...\{381D847E-7E56-4E82-B261-F799E0F40EB4}) (Version: 4.00.065 - Panasonic Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PMB (HKLM-x32\...\{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}) (Version: 5.8.02.10270 - Sony Corporation)
ProtectDisc Driver, Version 11 (HKLM-x32\...\ProtectDisc Driver 11) (Version: 11.0.0.14 - ProtectDisc Software GmbH)
PSE10 STI Installer (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.3.13043_14 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.43.0 - SAMSUNG Electronics Co., Ltd.)
ScanWizard 5 (HKLM-x32\...\{B08D262E-D902-11D5-9C28-0080C85A0C2D}) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (x32 Version: - Microsoft) Hidden
SES Driver (HKLM\...\{D8CC254C-C671-4664-9A38-FA368D1E2C97}) (Version: 1.0.0 - Western Digital)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
TAXMAN 2013 für Vermieter (HKLM-x32\...\{E168A47B-9800-4A15-A2D2-D8EF2635131E}) (Version: 19.06.00.0003 - Haufe-Lexware GmbH & Co.KG)
Update for Microsoft Access 2010 (KB2553446) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{B4A38370-2ADB-46B0-A1B0-0C4A2F7DCA31}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft Filter Pack 2.0 (KB2837594) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{D3C85176-ACCC-4AF0-817D-1BC803303B74}) (Version: - Microsoft)
Update for Microsoft InfoPath 2010 (KB2817369) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{4EEA3D3E-989C-4DF4-AB0A-3042C0C12AA3}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2494150) (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{3FCFD88F-4D13-4F38-8625-ABABEA7F61EA}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589298) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DADF7E25-FFA4-4D02-BE84-1DAE62C18516}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589352) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{F4284D93-7AE8-4309-8CF3-9AD394F35F3A}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2589375) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{287A1E92-9E41-4BC1-8920-B3D0E9220800}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2597087) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{9D69691D-823D-4C3E-9B12-563A3F520366}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760598) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{ECFE33A3-B8B7-439A-ADE4-59FBD29EF9B8}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2760631) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{35698CB7-AAA2-4577-B505-DBFF504AEF23}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2794737) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{5AA578BB-759C-40FD-9661-A737C0884541}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{C70D2038-A2C4-4A99-87DE-5272BB44F0CE}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2850079) 32-Bit Edition (HKLM-x32\...\{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{82F87E28-B18E-46D6-A399-E2F19CF5949B}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2863818) 32-Bit Edition (HKLM-x32\...\{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{83B1B530-7D9E-4C6A-907F-E979CEE9C295}) (Version: - Microsoft)
Update for Microsoft Office 2010 (KB2878225) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{EFF5EBA3-40AD-4859-85E7-3C1CF4F297EB}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft OneNote 2010 (KB2837595) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{51CCA922-A0CC-47C4-8910-6936D97CAC2E}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{A0657506-69DC-44AE-8DC1-58E7C6F5B1C9}) (Version: - Microsoft)
Update for Microsoft Outlook 2010 (KB2687567) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2AB483F1-C86E-427A-83B4-23889B03512D}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{40EC8FB1-5202-469D-9232-C28FB1C6FC64}) (Version: - Microsoft)
Update for Microsoft PowerPoint 2010 (KB2837579) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{2BA40F82-F3A4-441C-BF1A-ED4C42FF4872}) (Version: - Microsoft)
Update for Microsoft SharePoint Workspace 2010 (KB2760601) 32-Bit Edition (HKLM-x32\...\{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{F9F5A080-AF38-4966-9A6B-C43DCA465035}) (Version: - Microsoft)
Update for Microsoft Visio 2010 (KB2553444) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{799005D3-9B70-4219-AFE0-BC479614CC4D}) (Version: - Microsoft)
Update for Microsoft Visio Viewer 2010 (KB2810066) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{8C55AA83-54C2-4236-A622-78440A411DC5}) (Version: - Microsoft)
VBA (3821b) (x32 Version: 6.01.00.1234 - Microsoft Corporation) Hidden
WD SmartWare (HKLM\...\{23B47A34-0517-48DA-8B76-015DA8546893}) (Version: 1.5.1 - Western Digital)
Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (03/06/2009 1.0.0008.0) (HKLM\...\422991454CB076E9B856C21BBF99AF2B82317EDA) (Version: 03/06/2009 1.0.0008.0 - Western Digital Technologies)
==================== Restore Points =========================
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1B467434-AD34-4A83-897A-F2C2948D85A8} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {978F364E-A657-479F-810D-6F44B880EF93} - System32\Tasks\AdobeAAMUpdater-1.0-Gandalf-Stephie => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)
Task: {A19C3AD5-EADB-4138-A222-249779727DB1} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-01] (Adobe Systems Incorporated)
Task: {B4956709-C8A9-4E9B-BB13-8A64EFEC9E4E} - System32\Tasks\{BA0B619C-4F95-4A45-AF75-E547BA61B044} => E:\setup.exe
Task: {E2AF6D76-1F59-41EB-80E3-C623C7C27314} - System32\Tasks\{49090437-E7FC-41D0-89B1-86C97C74570D} => E:\setup.exe
Task: {E4722E03-A4CD-4948-BCF7-1C46959ED0F0} - System32\Tasks\AdobeAAMUpdater-1.0-Gandalf-Alex => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2013-09-25] (Adobe Systems Incorporated)
Task: {E7FE2C17-7A76-4D66-A1B6-0EB2A1F5E627} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Loaded Modules (whitelisted) =============
2011-09-28 20:30 - 2006-02-23 12:35 - 00020480 _____ () C:\Windows\System32\FritzColorPort64.dll
2011-09-28 20:30 - 2006-02-22 11:39 - 00020480 _____ () C:\Windows\System32\FritzPort64.dll
2011-11-28 21:38 - 2005-03-12 02:07 - 00087040 _____ () C:\Windows\System32\pdfcmnnt.dll
2013-06-29 18:09 - 2009-07-02 16:02 - 00244904 ____N () C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
2010-11-02 09:33 - 2010-11-02 09:33 - 01083392 _____ () C:\Program Files\Western Digital\WD SmartWare\System.Data.SQLite.dll
2011-08-01 08:35 - 2011-08-01 08:35 - 00082944 _____ () C:\Program Files\Western Digital\WD SmartWare\WDCollections.dll
2011-07-29 20:37 - 2003-06-30 09:30 - 00315392 _____ () C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
2014-01-20 14:17 - 2014-01-20 14:17 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-01-20 14:16 - 2014-01-20 14:16 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2011-07-29 20:37 - 2004-07-26 11:03 - 00249856 _____ () C:\Program Files (x86)\ScanWizard 5\SFRes.dll
2011-07-29 20:37 - 2003-08-25 12:55 - 00086016 _____ () C:\Program Files (x86)\ScanWizard 5\scanners\Msmgr32.dll
2011-07-29 20:37 - 2004-03-05 11:33 - 00045056 _____ () C:\Program Files (x86)\ScanWizard 5\scanners\MS32RES.DLL
2011-07-29 20:37 - 2003-04-17 17:22 - 00049152 _____ () C:\Program Files (x86)\ScanWizard 5\scanners\MPHASE32.DLL
2009-12-15 13:46 - 2009-12-15 13:46 - 00619816 ____N () D:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll
2009-12-15 13:49 - 2009-12-15 13:49 - 00013096 ____N () D:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Driver"
==================== EXE Association (whitelisted) =============
==================== Disabled items from MSCONFIG ==============
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/11/2014 11:01:00 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: Name der fehlerhaften Anwendung: iexplore.exe, Version: 11.0.9600.17041, Zeitstempel: 0x53180888
Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000007fe88d21920
ID des fehlerhaften Prozesses: 0x1434
Startzeit der fehlerhaften Anwendung: 0xiexplore.exe0
Pfad der fehlerhaften Anwendung: iexplore.exe1
Pfad des fehlerhaften Moduls: iexplore.exe2
Berichtskennung: iexplore.exe3
Error: (05/11/2014 10:40:22 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3011)
Description: Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error: (05/11/2014 10:40:22 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3012)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (05/11/2014 10:40:22 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3012)
Description: Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error: (05/10/2014 10:31:02 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: Programm IEXPLORE.EXE, Version 11.0.9600.17041 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 860
Startzeit: 01cf6c8c3ddf77b9
Endzeit: 127
Anwendungspfad: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Berichts-ID:
Error: (05/10/2014 09:42:51 PM) (Source: ESENT) (User: ) (EventID: 492)
Description: Windows (4848) Windows: Die Protokolldatei-Reihenfolge in "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\" wurde durch einen schwerwiegenden Fehler angehalten. Für die Datenbank, die diese Protokolldatei-Reihenfolge verwendet, sind keine weiteren Aktualisierungen möglich. Bitte korrigieren Sie das Problem, und starten Sie erneut, oder führen Sie eine Wiederherstellung aus einer Sicherung durch.
Error: (05/10/2014 09:42:51 PM) (Source: ESENT) (User: ) (EventID: 413)
Description: Windows (4848) Windows: Neue Protokolldatei konnte nicht erstellt werden, weil die Datenbank nicht auf das Protokolllaufwerk schreiben kann. Das Laufwerk ist möglicherweise schreibgeschützt, falsch konfiguriert, beschädigt oder hat zu wenig freien Speicherplatz. Fehler -1032.
Error: (05/10/2014 07:47:02 PM) (Source: ESENT) (User: ) (EventID: 439)
Description: Windows (4848) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk konnte nicht geschrieben werden. Fehler -1032.
Error: (05/10/2014 07:47:02 PM) (Source: ESENT) (User: ) (EventID: 490)
Description: Windows (4848) Windows: Versuch, Datei "C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk" für den Lese-/Schreibzugriff zu öffnen, ist mit Systemfehler 32 (0x00000020): "Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. " fehlgeschlagen. Fehler -1032 (0xfffffbf8) beim Öffnen von Dateien.
Error: (05/10/2014 07:12:54 PM) (Source: ESENT) (User: ) (EventID: 439)
Description: Windows (4848) Windows: Die Shadowkopfzeile für Datei C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk konnte nicht geschrieben werden. Fehler -1032.
System errors:
=============
Error: (05/11/2014 10:33:31 AM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UimBus
Uim_IM
Uim_VIM
Error: (05/11/2014 00:37:37 AM) (Source: Service Control Manager) (User: ) (EventID: 7026)
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
UimBus
Uim_IM
Uim_VIM
Error: (05/10/2014 10:20:25 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/10/2014 10:20:25 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Platform Services erreicht.
Error: (05/10/2014 10:20:24 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/10/2014 10:20:24 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Platform Services erreicht.
Error: (05/10/2014 10:20:21 PM) (Source: DCOM) (User: ) (EventID: 10010)
Description: {209500FC-6B45-4693-8871-6296C4843751}
Error: (05/10/2014 04:02:34 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (05/10/2014 04:02:34 PM) (Source: Service Control Manager) (User: ) (EventID: 7009)
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst McAfee Platform Services erreicht.
Error: (05/10/2014 04:02:31 PM) (Source: Service Control Manager) (User: ) (EventID: 7000)
Description: Der Dienst "McAfee Platform Services" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Microsoft Office Sessions:
=========================
Error: (05/11/2014 11:01:00 AM) (Source: Application Error) (User: ) (EventID: 1000)
Description: iexplore.exe11.0.9600.1704153180888unknown0.0.0.000000000c0000005000007fe88d21920143401cf6cf5d691efd5C:\Program Files\Internet Explorer\iexplore.exeunknownc561d832-d8ea-11e3-9971-00123fc969ec
Error: (05/11/2014 10:40:22 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3011)
Description: WmiApRplWmiApRpl8F20300004D070000
Error: (05/11/2014 10:40:22 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3012)
Description: Performance1637070000000000000000000009030000
Error: (05/11/2014 10:40:22 AM) (Source: Microsoft-Windows-LoadPerf) (User: NT-AUTORITÄT) (EventID: 3012)
Description: Performance1637070000000000000000000009030000
Error: (05/10/2014 10:31:02 PM) (Source: Application Hang) (User: ) (EventID: 1002)
Description: IEXPLORE.EXE11.0.9600.1704186001cf6c8c3ddf77b9127C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Error: (05/10/2014 09:42:51 PM) (Source: ESENT) (User: ) (EventID: 492)
Description: Windows4848Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\
Error: (05/10/2014 09:42:51 PM) (Source: ESENT) (User: ) (EventID: 413)
Description: Windows4848Windows: -1032
Error: (05/10/2014 07:47:02 PM) (Source: ESENT) (User: ) (EventID: 439)
Description: Windows4848Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032
Error: (05/10/2014 07:47:02 PM) (Source: ESENT) (User: ) (EventID: 490)
Description: Windows4848Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032 (0xfffffbf8)32 (0x00000020)Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird.
Error: (05/10/2014 07:12:54 PM) (Source: ESENT) (User: ) (EventID: 439)
Description: Windows4848Windows: C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS.chk-1032
==================== Memory info ===========================
Percentage of memory in use: 69%
Total physical RAM: 3582.15 MB
Available physical RAM: 1088.16 MB
Total Pagefile: 7162.48 MB
Available Pagefile: 4747.07 MB
Total Virtual: 8192 MB
Available Virtual: 8191.85 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:107.03 GB) (Free:0.55 GB) NTFS
Drive d: (Lokaler Datenträger) (Fixed) (Total:1397.25 GB) (Free:684.12 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 107 GB) (Disk ID: 32355DC4)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=107 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1397 GB) (Disk ID: D206F05F)
Partition 1: (Not Active) - (Size=-698732183552) - (Type=OF Extended)
==================== End Of Log ============================
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 11-05-2014
Ran by Alex (administrator) on GANDALF on 11-05-2014 11:07:48
Running from C:\Users\Alex\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Spigot, Inc.) C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(Panasonic Corporation) C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 4.0\AutoStartupService.exe
() C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(CyberLink) D:\Programme\CyberLink\Power2Go\CLMLSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(CyberLink Corp.) D:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Spigot, Inc.) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe
(Spigot Inc) C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil64_13_0_0_206_ActiveX.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [195072 2009-06-19] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => D:\Programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [MDS_Menu] => D:\Programme\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => D:\Programme\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => D:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl9] => D:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-08-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-23] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => D:\Programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => D:\Programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => D:\Programme\LGTool\lgfw.exe [27760 2013-06-29] (Bitleader)
HKLM-x32\...\Run: [UpdatePSTShortCut] => D:\Programme\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-06-02] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SearchSettings] => C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe [1401664 2014-04-25] (Spigot, Inc.)
HKLM-x32\...\Run: [Allin1Convert_8h Browser Plugin Loader 64] => C:\PROGRA~2\ALLIN1~2\bar\1.bin\8hbrmon64.exe
HKLM\...\Policies\Explorer: [NoControlPanel] 0
HKU\.DEFAULT\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-4044853685-2408808152-1568560140-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-05-11] (Samsung)
HKU\S-1-5-21-4044853685-2408808152-1568560140-1001\...\Run: [KiesAirMessage] => C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-4044853685-2408808152-1568560140-1001\...\Run: [] => C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [845120 2014-04-23] (Samsung)
HKU\S-1-5-21-4044853685-2408808152-1568560140-1001\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Alex\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
HKU\S-1-5-21-4044853685-2408808152-1568560140-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4044853685-2408808152-1568560140-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 4.0.lnk
ShortcutTarget: PHOTOfunSTUDIO 4.0.lnk -> C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 4.0\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
ShortcutTarget: Scanner Finder.lnk -> C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
GroupPolicyUsers\S-1-5-21-4044853685-2408808152-1568560140-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4044853685-2408808152-1568560140-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4044853685-2408808152-1568560140-1003\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x37628E468E4CCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE64.dll (Spigot, Inc.)
URLSearchHook: HKCU - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
SearchScopes: HKCU - DefaultScope {848B9794-9099-47E5-BF5C-F3B5E5C60CF4} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {848B9794-9099-47E5-BF5C-F3B5E5C60CF4} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {9A3B43AC-87D8-4859-9E78-7B960E48427D} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE64.dll (Spigot, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - pdfforge Toolbar - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE.dll (Spigot, Inc.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-07-03]
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S2 CLKMSVC10_BB1DDEDD; D:\Programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [317328 2011-08-01] (WDC)
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital )
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital )
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2012-12-20] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-20] (AVM Berlin)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [33792 2011-09-29] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-11 11:07 - 2014-05-11 11:09 - 00018567 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-05-11 11:07 - 2014-05-11 11:07 - 00000000 ____D () C:\FRST
2014-05-11 11:06 - 2014-05-11 11:06 - 02066432 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-05-11 11:03 - 2014-05-11 11:04 - 00000470 _____ () C:\Users\Alex\Desktop\defogger_disable.log
2014-05-11 11:03 - 2014-05-11 11:03 - 00000000 _____ () C:\Users\Alex\defogger_reenable
2014-05-11 10:51 - 2014-05-11 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-05-11 10:39 - 2014-05-11 10:39 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-05-11 10:37 - 2014-05-11 10:37 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-07 22:33 - 2014-05-07 22:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 22:13 - 2014-05-07 22:13 - 00001939 _____ () C:\Users\Alex\Desktop\McAfee Total Protection.lnk
2014-05-07 22:07 - 2014-05-07 22:07 - 00050477 _____ () C:\Users\Alex\Desktop\Defogger.exe
2014-05-07 18:08 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-07 18:08 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-05 20:46 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 20:46 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 20:46 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 20:46 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 10:05 - 2014-05-01 10:05 - 00000000 __SHD () C:\Users\Stephie\AppData\Local\EmieUserList
2014-05-01 10:05 - 2014-05-01 10:05 - 00000000 __SHD () C:\Users\Stephie\AppData\Local\EmieSiteList
2014-05-01 09:34 - 2014-05-01 09:34 - 00000000 ____D () C:\Program Files (x86)\pdfforge Toolbar
2014-05-01 09:34 - 2014-05-01 09:34 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-04-29 19:48 - 2014-04-29 19:48 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieUserList
2014-04-29 19:48 - 2014-04-29 19:48 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieSiteList
2014-04-29 19:47 - 2014-04-29 19:47 - 00010875 _____ () C:\Users\Alex\Desktop\Mappe1 (Automatisch gespeichert).xlsx
2014-04-29 19:19 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 19:19 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 19:19 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 19:19 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 19:19 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 19:19 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 19:19 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 19:19 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 19:19 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 19:19 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 19:19 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 19:19 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 19:19 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 19:19 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-29 19:19 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-29 19:19 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-29 19:19 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 19:19 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 19:19 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-29 19:19 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-29 19:19 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 19:19 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-29 19:19 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-29 19:19 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-29 19:19 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-29 19:19 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 19:19 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-29 19:19 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-29 19:19 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-29 19:19 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-29 19:19 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 19:19 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-29 19:18 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 19:18 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 19:18 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-29 19:18 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-29 19:18 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 19:18 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 19:18 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-29 19:18 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-29 19:18 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 19:18 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-29 19:18 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-29 19:18 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-27 13:21 - 2014-04-27 13:21 - 00410455 _____ () C:\Users\Alex\Downloads\2014-04-27_2662592_rennrad-tour_export.gpx
2014-04-25 16:57 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-04-18 12:34 - 2014-04-18 12:34 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
==================== One Month Modified Files and Folders =======
2014-05-11 11:09 - 2014-05-11 11:07 - 00018567 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-05-11 11:08 - 2011-07-25 20:54 - 01735985 _____ () C:\Windows\WindowsUpdate.log
2014-05-11 11:07 - 2014-05-11 11:07 - 00000000 ____D () C:\FRST
2014-05-11 11:06 - 2014-05-11 11:06 - 02066432 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-05-11 11:04 - 2014-05-11 11:03 - 00000470 _____ () C:\Users\Alex\Desktop\defogger_disable.log
2014-05-11 11:03 - 2014-05-11 11:03 - 00000000 _____ () C:\Users\Alex\defogger_reenable
2014-05-11 11:03 - 2011-07-25 20:54 - 00000000 ____D () C:\Users\Alex
2014-05-11 10:57 - 2012-07-13 20:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-11 10:51 - 2014-05-11 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-05-11 10:51 - 2013-05-06 22:23 - 00000000 ____D () C:\Program Files (x86)\MyFree Codec
2014-05-11 10:50 - 2013-05-06 22:33 - 00002006 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-05-11 10:43 - 2011-07-27 21:50 - 00000000 ____D () C:\Users\Alex\AppData\Local\Adobe
2014-05-11 10:41 - 2009-07-14 06:45 - 00013728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-11 10:41 - 2009-07-14 06:45 - 00013728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-11 10:40 - 2009-07-14 19:58 - 09532676 _____ () C:\Windows\system32\perfh007.dat
2014-05-11 10:40 - 2009-07-14 19:58 - 02905772 _____ () C:\Windows\system32\perfc007.dat
2014-05-11 10:40 - 2009-07-14 07:13 - 00006456 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-11 10:39 - 2014-05-11 10:39 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-05-11 10:38 - 2013-07-03 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-11 10:37 - 2014-05-11 10:37 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-11 10:36 - 2013-01-08 20:57 - 00000000 __RSD () C:\Users\Alex\Documents\McAfee-Tresore
2014-05-11 10:33 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-11 10:33 - 2009-07-14 06:51 - 00091866 _____ () C:\Windows\setupact.log
2014-05-11 00:37 - 2011-07-25 22:35 - 00410780 _____ () C:\Windows\PFRO.log
2014-05-10 23:09 - 2011-07-29 18:58 - 00000000 ____D () C:\Users\Stephie\Documents\Outlook-Dateien
2014-05-10 14:13 - 2013-01-07 23:55 - 00000000 __RSD () C:\Users\Stephie\Documents\McAfee-Tresore
2014-05-07 22:33 - 2014-05-07 22:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 22:33 - 2011-07-25 21:29 - 00000000 ____D () C:\Users\Alex\Documents\Outlook-Dateien
2014-05-07 22:13 - 2014-05-07 22:13 - 00001939 _____ () C:\Users\Alex\Desktop\McAfee Total Protection.lnk
2014-05-07 22:07 - 2014-05-07 22:07 - 00050477 _____ () C:\Users\Alex\Desktop\Defogger.exe
2014-05-07 21:19 - 2011-07-29 19:26 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-05-07 21:09 - 2011-07-27 21:16 - 00000000 ____D () C:\Users\Alex\Documents\BMW
2014-05-07 18:31 - 2011-07-26 12:28 - 00000000 ____D () C:\Users\Stephie
2014-05-07 18:28 - 2012-06-13 21:04 - 00000000 ____D () C:\Users\Stephie\0000gemischt
2014-05-07 18:27 - 2011-11-21 14:11 - 00000000 ____D () C:\Users\Stephie\Documents\00BEWERBUNG
2014-05-07 18:13 - 2011-08-17 07:56 - 00000000 ____D () C:\Users\Stephie\AppData\Local\Adobe
2014-05-05 20:06 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-05 19:51 - 2011-07-29 19:32 - 00000000 ____D () C:\ProgramData\MAGIX
2014-05-02 07:26 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-01 17:49 - 2011-07-26 12:29 - 00000000 ___RD () C:\Users\Stephie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-01 10:05 - 2014-05-01 10:05 - 00000000 __SHD () C:\Users\Stephie\AppData\Local\EmieUserList
2014-05-01 10:05 - 2014-05-01 10:05 - 00000000 __SHD () C:\Users\Stephie\AppData\Local\EmieSiteList
2014-05-01 09:57 - 2012-07-13 20:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-01 09:57 - 2012-04-03 20:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-01 09:57 - 2011-07-27 21:49 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-01 09:34 - 2014-05-01 09:34 - 00000000 ____D () C:\Program Files (x86)\pdfforge Toolbar
2014-05-01 09:34 - 2014-05-01 09:34 - 00000000 ____D () C:\Program Files (x86)\Application Updater
2014-04-29 21:08 - 2013-06-29 18:39 - 00000358 _____ () C:\Windows\lgfwup.ini
2014-04-29 19:50 - 2013-07-02 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2014-04-29 19:50 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 19:48 - 2014-04-29 19:48 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieUserList
2014-04-29 19:48 - 2014-04-29 19:48 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieSiteList
2014-04-29 19:47 - 2014-04-29 19:47 - 00010875 _____ () C:\Users\Alex\Desktop\Mappe1 (Automatisch gespeichert).xlsx
2014-04-29 19:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-29 16:01 - 2014-05-05 20:46 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-05 20:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-05 20:46 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-05 20:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-27 13:21 - 2014-04-27 13:21 - 00410455 _____ () C:\Users\Alex\Downloads\2014-04-27_2662592_rennrad-tour_export.gpx
2014-04-27 13:01 - 2011-08-04 19:12 - 00000000 ____D () C:\Users\Alex\AppData\Local\Canon Easy-PhotoPrint EX
2014-04-27 12:32 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-23 20:57 - 2011-07-27 21:39 - 00000000 ____D () C:\Users\Alex\Documents\Krankenkasse
2014-04-18 12:34 - 2014-04-18 12:34 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-04-18 09:06 - 2011-07-27 21:15 - 00000000 ____D () C:\Users\Alex\Documents\Bike
2014-04-16 22:16 - 2013-10-10 21:22 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Canon
2014-04-16 21:45 - 2013-07-02 21:38 - 00038194 _____ () C:\Windows\Irremote.ini
2014-04-16 21:45 - 2013-07-02 21:36 - 00000000 ____D () C:\ProgramData\Hauppauge
2014-04-16 21:45 - 2011-07-27 21:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-14 04:24 - 2014-05-07 18:08 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-07 18:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\avgnt.exe
C:\Users\Alex\AppData\Local\Temp\ose00000.exe
C:\Users\Alex\AppData\Local\Temp\unwise.exe
C:\Users\Stephie\AppData\Local\Temp\avgnt.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-10 20:43
==================== End Of Log ============================
Geändert von Kermit70 (12.05.2014 um 19:18 Uhr) |
|
12.05.2014, 18:59
| #4 |
| | Windows 7: Festplatte wird immer voller Gmer Teil 1/4 Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-11 19:36:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 OCZ-VERTEX2 rev.1.29 107,13GB
Running: Gmer-19357.exe; Driver: C:\Users\Alex\AppData\Local\Temp\uwldqpob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\system32\ntoskrnl.exe!KePulseEvent + 468 fffff80003067860 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KePulseEvent + 560 fffff800030678bc 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\ntoskrnl.exe!ExSystemTimeToLocalTime + 137 fffff8000306d0f9 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExSystemTimeToLocalTime + 197 fffff8000306d135 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\ntoskrnl.exe!FsRtlInsertPerStreamContext + 137 fffff8000306e555 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeTryToAcquireQueuedSpinLock + 87 fffff8000306e67f 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!IoSetFileOrigin + 395 fffff80003070d0b 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!RtlGetAce + 622 fffff80003078b3e 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExfReleasePushLock + 8 fffff80003079608 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcScheduleReadAhead + 933 fffff8000307a4c5 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcGetDirtyPages + 134 fffff8000307b7ee 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcGetDirtyPages + 743 fffff8000307ba4f 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!MmForceSectionClosed + 664 fffff8000307c758 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExSetResourceOwnerPointerEx + 96 fffff8000307cc70 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!IoGetDeviceAttachmentBaseRef + 116 fffff8000307ce54 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!PoSetPowerRequest + 171 fffff8000307cfc7 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExAcquireSharedWaitForExclusive + 95 fffff8000307d59b 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeQueryDpcWatchdogInformation + 158 fffff8000307f74e 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeQueryDpcWatchdogInformation + 233 fffff8000307f799 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!RtlFreeHeap + 62 fffff8000308436a 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!PsGetProcessWow64Process + 659 fffff80003089f53 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeQueryNodeActiveAffinity + 473 fffff8000308a70d 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeQueryHighestNodeNumber + 182 fffff8000308a84a 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeQueryHighestNodeNumber + 412 fffff8000308a930 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\ntoskrnl.exe!RtlInitializeGenericTableAvl + 527 fffff8000308b6a7 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!_wcsicmp + 81 fffff8000308b7d5 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcPurgeCacheSection + 217 fffff8000308c7e9 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcPurgeCacheSection + 703 fffff8000308c9cf 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!NtYieldExecution + 751 fffff8000308d27f 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!PsGetJobUIRestrictionsClass + 333 fffff80003090ae5 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!FsRtlTruncateBaseMcb + 499 fffff800030914f7 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExEnterCriticalRegionAndAcquireResourceShared + 88 fffff800030921dc 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!IoBuildPartialMdl + 618 fffff8000309c12a 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeInitializeDpc + 259 fffff8000309c4cb 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeInitializeDpc + 663 fffff8000309c65f 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeSetEventBoostPriority + 731 fffff8000309e95b 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!IoGetAttachedDeviceReference + 209 fffff800030a22f1 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcSetLogHandleForFile + 270 fffff800030a32e6 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!bsearch + 470 fffff800030a58f6 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!bsearch + 838 fffff800030a5a66 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeInsertQueueDpc + 399 fffff800030a80ef 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeInsertQueueDpc + 627 fffff800030a81d3 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!NtWaitForWorkViaWorkerFactory + 481 fffff800030a9d61 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!NtWaitForWorkViaWorkerFactory + 846 fffff800030a9ece 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!NtReleaseWorkerFactoryWorker + 289 fffff800030aa4ad 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!NtReleaseWorkerFactoryWorker + 620 fffff800030aa5f8 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeResetEvent + 540 fffff800030aa8c8 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExAcquireRundownProtectionCacheAware + 33 fffff800030aad4d 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!FsRtlIsNameInExpression + 900 fffff800030ad0e4 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExConvertExclusiveToSharedLite + 28 fffff800030ad158 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExConvertExclusiveToSharedLite + 347 fffff800030ad297 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!NtSetInformationWorkerFactory + 740 fffff800030ad9c4 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!PsGetProcessJob + 945 fffff800030af501 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExfAcquirePushLockExclusive + 28 fffff800030afbdc 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExfAcquirePushLockExclusive + 225 fffff800030afca1 1 byte {JMP 0x11}
.text ... * 2
.text C:\Windows\system32\ntoskrnl.exe!PsIsSystemProcess + 401 fffff800030b1f45 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!NtWorkerFactoryWorkerReady + 207 fffff800030b212f 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!NtWorkerFactoryWorkerReady + 275 fffff800030b2173 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\ntoskrnl.exe!ExfReleasePushLockShared + 8 fffff800030b3c4c 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeAcquireSpinLockAtDpcLevel + 233 fffff800030b3fa9 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExpInterlockedPopEntrySList + 7 fffff800030b6aa7 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExpInterlockedPopEntrySList + 62 fffff800030b6ade 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExpInterlockedPushEntrySList + 3 fffff800030b6b23 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExpInterlockedFlushSList + 3 fffff800030b6bb3 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExpInterlockedFlushSList + 99 fffff800030b6c13 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExInterlockedInsertHeadList + 2 fffff800030b6d72 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExInterlockedInsertTailList + 2 fffff800030b6dd2 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExInterlockedPushEntryList + 2 fffff800030b6ee2 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeWaitForMultipleObjects + 194 fffff800030c0f42 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeWaitForMultipleObjects + 774 fffff800030c1186 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExAcquireResourceExclusiveLite + 101 fffff800030c3cd5 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + 46 fffff800030c3eae 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeReleaseInStackQueuedSpinLockFromDpcLevel + 722 fffff800030c4152 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeDelayExecutionThread + 95 fffff800030c486b 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExAcquireResourceSharedLite + 92 fffff800030c4b0c 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeWaitForMutexObject + 112 fffff800030c5870 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeWaitForMutexObject + 756 fffff800030c5af4 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeRemoveQueueEx + 107 fffff800030c5f2b 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeReleaseInStackQueuedSpinLock + 46 fffff800030c7f9e 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeReleaseInStackQueuedSpinLock + 631 fffff800030c81e7 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\ntoskrnl.exe!KeUpdateSystemTime + 957 fffff800030c873d 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeInterlockedSetProcessorAffinityEx + 44 fffff800030c887c 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeInterlockedClearProcessorAffinityEx + 50 fffff800030c88e2 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeReleaseMutant + 152 fffff800030c8dc8 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeSetTimer + 158 fffff800030c994e 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeSetTimer + 501 fffff800030c9aa5 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeUpdateRunTime + 248 fffff800030ca1f8 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!IoFreeWorkItem + 499 fffff800030cdb43 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExIsResourceAcquiredExclusiveLite + 62 fffff800030cf76e 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExIsResourceAcquiredExclusiveLite + 170 fffff800030cf7da 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\ntoskrnl.exe!IoGetRelatedDeviceObject + 850 fffff800030d1d12 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!IoGetIoPriorityHint + 822 fffff800030d2386 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!IoGetIoPriorityHint + 946 fffff800030d2402 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!RtlCopyUnicodeString + 358 fffff800030d4e16 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!RtlCopyUnicodeString + 762 fffff800030d4faa 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcSetParallelFlushFile + 220 fffff800030d699c 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcInitializeCacheMap + 511 fffff800030d6def 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcUninitializeCacheMap + 470 fffff800030d79e6 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcUninitializeCacheMap + 625 fffff800030d7a81 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\ntoskrnl.exe!ExIsResourceAcquiredSharedLite + 108 fffff800030d88bc 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!MmUnlockPages + 854 fffff800030dc1c6 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!IoReleaseCancelSpinLock + 56 fffff800030dd498 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExReleaseRundownProtection + 563 fffff800030dd753 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExReleaseRundownProtection + 585 fffff800030dd769 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExAcquireSharedStarveExclusive + 94 fffff800030dfcae 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ObDereferenceObjectDeferDelete + 255 fffff800030e15a7 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ObDereferenceObjectDeferDelete + 702 fffff800030e1766 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcSetDirtyPinnedData + 576 fffff800030e3ec0 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcSetFileSizesEx + 330 fffff800030e4b06 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcSetFileSizesEx + 594 fffff800030e4c0e 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeReleaseQueuedSpinLock + 63 fffff800030e4eff 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!IoSetIoPriorityHint + 58 fffff800030e559a 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!FsRtlDissectName + 385 fffff800030e8001 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!RtlLookupFunctionEntry + 148 fffff800030e8a44 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeRestoreFloatingPointState + 639 fffff800030ebb0f 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExfAcquirePushLockShared + 28 fffff800030ee74c 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExfAcquirePushLockShared + 183 fffff800030ee7e7 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeUnstackDetachProcess + 594 fffff800030eeb82 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcFlushCache + 393 fffff800030ff379 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!FsRtlLookupPerStreamContextInternal + 160 fffff80003106ec0 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!FsRtlLookupPerStreamContextInternal + 449 fffff80003106fe1 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExDisableResourceBoostLite + 28 fffff80003108b90 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExfTryAcquirePushLockShared + 4 fffff80003147ec4 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ObIsKernelHandle + 913 fffff8000314db21 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!EtwProviderEnabled + 174 fffff800031548be 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!EtwProviderEnabled + 829 fffff80003154b4d 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\ntoskrnl.exe!KeTryToAcquireQueuedSpinLockRaiseToSynch + 104 fffff800031619d8 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExAcquireSpinLockSharedAtDpcLevel + 85 fffff80003165da5 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!FsRtlFastCheckLockForRead + 633 fffff80003169759 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!FsRtlFastCheckLockForRead + 749 fffff800031697cd 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeReleaseGuardedMutexUnsafe + 290 fffff8000317d7f2 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeReleaseGuardedMutexUnsafe + 527 fffff8000317d8df 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!MmMarkPhysicalMemoryAsGood + 67 fffff8000317f583 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExUnregisterAttributeInformationCallback + 283 fffff800031838ab 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!ExUnregisterAttributeInformationCallback + 343 fffff800031838e7 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!RtlTraceDatabaseValidate + 386 fffff800031842c2 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!RtlTraceDatabaseValidate + 469 fffff80003184315 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\ntoskrnl.exe!RtlSizeHeap + 26 fffff800031859ea 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!MmMarkPhysicalMemoryAsBad + 848 fffff80003197c00 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!MmAdvanceMdl + 428 fffff800031a10fc 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!MmAdvanceMdl + 493 fffff800031a113d 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!FsRtlLookupPerFileContext + 170 fffff800031a9d5a 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!EtwSendTraceBuffer + 311 fffff800031a9f17 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!EtwSendTraceBuffer + 655 fffff800031aa06f 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!FsRtlRemovePerStreamContext + 270 fffff800031aa20e 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!FsRtlRemovePerFileContext + 188 fffff800031aa39c 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!WmiTraceMessageVa + 531 fffff800031aa633 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!WmiTraceMessageVa + 770 fffff800031aa722 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!RtlPcToFileHeader + 111 fffff800031abcdf 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!KeEnterKernelDebugger + 268 fffff800031b019c 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!MmFreePagesFromMdl + 524 fffff800031b7bcc 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!MmFreePagesFromMdl + 611 fffff800031b7c23 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!IoApplyPriorityInfoThread + 454 fffff800031b86f6 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcUnpinRepinnedBcb + 203 fffff800031bb20b 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!IoCallDriver + 903 fffff800031c32e7 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcFastCopyWrite + 438 fffff800031c37c6 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!CcFastCopyWrite + 675 fffff800031c38b3 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!FsRtlFastUnlockAllByKey + 152 fffff800031c5768 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!FsRtlFastUnlockAllByKey + 296 fffff800031c57f8 1 byte [1F]
.text ... * 3
.text C:\Windows\system32\ntoskrnl.exe!IoRaiseHardError + 275 fffff800031d2c83 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!IoRaiseHardError + 483 fffff800031d2d53 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!NtQueryInformationWorkerFactory + 540 fffff800031dc3bc 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!FsRtlInsertPerFileContext + 187 fffff800031dc53b 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!IoTranslateBusAddress + 707 fffff800031dcdb3 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!PoRequestPowerIrp + 584 fffff800031de748 1 byte [1F]
.text C:\Windows\system32\ntoskrnl.exe!FsRtlCreateSectionForDataScan + 996 fffff800031e7fa4 1 byte [1F]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800031eb000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 575 fffff800031eb02f 18 bytes [00, 01, 00, 06, 00, 00, 00, ...]
PAGE C:\Windows\system32\ntoskrnl.exe!RtlFreeOemString + 329 fffff80003310839 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!RtlFreeOemString + 867 fffff80003310a53 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!SeOpenObjectAuditAlarmForNonObObject + 591 fffff80003311f77 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!SeOpenObjectAuditAlarmForNonObObject + 612 fffff80003311f8c 1 byte [1F]
PAGE ... * 4
PAGE C:\Windows\system32\ntoskrnl.exe!NtAreMappedFilesTheSame + 250 fffff80003312e9a 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAllocateUuids + 806 fffff80003313396 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtSuspendThread + 247 fffff800033139d3 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtSuspendThread + 353 fffff80003313a3d 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtGetContextThread + 283 fffff80003313baf 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!FsRtlNotifyCleanup + 798 fffff800033141c2 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAddAtom + 871 fffff80003316093 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtDeleteFile + 596 fffff8000331d194 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!IoGetDeviceProperty + 788 fffff8000332fba4 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtCreatePrivateNamespace + 483 fffff80003330303 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!FsRtlDeleteKeyFromTunnelCache + 486 fffff80003330b82 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!FsRtlDeleteKeyFromTunnelCache + 625 fffff80003330c0d 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!ProbeForRead + 162 fffff80003331b26 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ProbeForRead + 576 fffff80003331cc4 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!RtlDuplicateUnicodeString + 555 fffff8000333eee3 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtDeleteKey + 378 fffff8000333f816 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!TmPrePrepareEnlistment + 467 fffff80003342c67 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!TmPrePrepareEnlistment + 683 fffff80003342d3f 1 byte [1F]
PAGE ... * 3
PAGE C:\Windows\system32\ntoskrnl.exe!NtRecoverResourceManager + 975 fffff800033460f7 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtSystemDebugControl + 654 fffff8000335020a 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtSystemDebugControl + 896 fffff800033502fc 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!FsRtlOplockBreakH + 711 fffff80003352107 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtOpenPrivateNamespace + 258 fffff8000335656e 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtOpenPrivateNamespace + 400 fffff800033565fc 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ObMakeTemporaryObject + 53 fffff800033570f1 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ObFindHandleForObject + 121 fffff8000335742d 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ExEnumHandleTable + 102 fffff8000335750e 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ObSetSecurityDescriptorInfo + 264 fffff800033599c0 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ObSetSecurityDescriptorInfo + 354 fffff80003359a1a 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcCreateSectionView + 365 fffff8000335a18d 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcCreateSectionView + 407 fffff8000335a1b7 1 byte [1F]
PAGE ... * 3
PAGE C:\Windows\system32\ntoskrnl.exe!RtlCompareUnicodeString + 551 fffff8000335b63b 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!RtlCompareUnicodeString + 744 fffff8000335b6fc 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!IoGetIrpExtraCreateParameter + 196 fffff8000335bc24 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtFlushKey + 353 fffff8000335de45 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!SeReleaseSubjectContext + 185 fffff8000335e955 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!SeReleaseSubjectContext + 218 fffff8000335e976 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcDeleteSecurityContext + 221 fffff8000335ee09 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAccessCheckByTypeAndAuditAlarm + 244 fffff8000335f2e0 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAccessCheckByTypeAndAuditAlarm + 468 fffff8000335f3c0 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!ObSetHandleAttributes + 307 fffff80003361d93 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!PsSetThreadWin32Thread + 191 fffff80003361ed7 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!PsSetThreadWin32Thread + 847 fffff80003362167 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!MmSecureVirtualMemory + 114 fffff800033635fe 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!RtlRunOnceBeginInitialize + 50 fffff800033668b2 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!RtlRunOnceBeginInitialize + 828 fffff80003366bbc 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!PsReferenceProcessFilePointer + 34 fffff80003367762 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!PsReferenceProcessFilePointer + 103 fffff800033677a7 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtQuerySymbolicLinkObject + 464 fffff80003369490 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!SeTokenType + 676 fffff8000336fe7c 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!SeTokenType + 753 fffff8000336fec9 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtShutdownWorkerFactory + 227 fffff80003374ea7 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAssignProcessToJobObject + 184 fffff80003375d6c 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAssignProcessToJobObject + 367 fffff80003375e23 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcDisconnectPort + 307 fffff8000337738b 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcDisconnectPort + 486 fffff8000337743e 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtTerminateProcess + 133 fffff80003377605 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtTerminateProcess + 171 fffff8000337762b 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcDeleteSectionView + 191 fffff800033778a3 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcDeleteSectionView + 950 fffff80003377b9a 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAcceptConnectPort + 343 fffff80003378437 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!FsRtlTeardownPerStreamContexts + 123 fffff80003378afb 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!FsRtlTeardownPerStreamContexts + 471 fffff80003378c57 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcOpenSenderThread + 558 fffff8000337a006 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcOpenSenderThread + 717 fffff8000337a0a5 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!LpcRequestPort + 279 fffff8000337b25b 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtSetInformationThread + 978 fffff80003386bb2 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtOpenProcess + 289 fffff800033904f1 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcQueryInformationMessage + 604 fffff800033909fc 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcImpersonateClientOfPort + 388 fffff80003390dc4 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!RtlCopySidAndAttributesArray + 692 fffff80003391c04 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!RtlCopySidAndAttributesArray + 901 fffff80003391cd5 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtDuplicateObject + 751 fffff80003396fcf 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtCreateSection + 434 fffff80003398c6e 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!SeCreateClientSecurity + 571 fffff80003399903 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!SeCreateClientSecurity + 631 fffff8000339993f 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ObReferenceObjectByName + 309 fffff8000339ad6d 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ObOpenObjectByPointer + 375 fffff8000339b5c7 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!FsRtlGetFileSize + 345 fffff8000339d9dd 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtQueryObject + 963 fffff8000339f123 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcOpenSenderProcess + 558 fffff800033a0ed6 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcOpenSenderProcess + 750 fffff800033a0f96 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!NtAccessCheckAndAuditAlarm + 558 fffff800033a207e 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAccessCheckAndAuditAlarm + 665 fffff800033a20e9 1 byte [1F]
PAGE ... * 3
PAGE C:\Windows\system32\ntoskrnl.exe!RtlAnsiStringToUnicodeString + 554 fffff800033a3c9a 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!RtlAnsiStringToUnicodeString + 948 fffff800033a3e24 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!RtlGUIDFromString + 527 fffff800033a47f7 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ExQueryAttributeInformation + 27 fffff800033a50db 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ExQueryAttributeInformation + 78 fffff800033a510e 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcSetInformation + 382 fffff800033a53da 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcSetInformation + 832 fffff800033a559c 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlertThread + 766 fffff800033a5e16 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlertThread + 918 fffff800033a5eae 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcCreatePort + 633 fffff800033a6459 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcCreatePort + 759 fffff800033a64d7 1 byte [1F]
PAGE ... * 3
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcCreateResourceReserve + 315 fffff800033a675f 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ObLogSecurityDescriptor + 261 fffff800033a8ca5 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!RtlAreAllAccessesGranted + 693 fffff800033aa1b9 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!RtlAreAllAccessesGranted + 957 fffff800033aa2c1 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtCreateThreadEx + 967 fffff800033ae6d3 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ObReferenceObjectByHandleWithTag + 229 fffff800033b4865 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ObReferenceObjectByHandleWithTag + 265 fffff800033b4889 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!NtDelayExecution + 401 fffff800033b4e05 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtWaitForMultipleObjects + 562 fffff800033b542a 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcSendWaitReceivePort + 951 fffff800033cd467 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtWriteFile + 217 fffff800033d2479 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!FsRtlGetEcpListFromIrp + 714 fffff800033d3a5e 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!FsRtlGetEcpListFromIrp + 875 fffff800033d3aff 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!FsRtlInitializeOplock + 587 fffff800033d5c73 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!FsRtlInitializeOplock + 868 fffff800033d5d8c 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ObDereferenceSecurityDescriptor + 592 fffff800033d6c50 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtUnmapViewOfSection + 970 fffff800033d7d9e 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!RtlUnicodeStringToAnsiString + 671 fffff800033dc05f 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtQuerySection + 350 fffff800033dd33e 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtDeletePrivateNamespace + 545 fffff800033de481 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtDeletePrivateNamespace + 673 fffff800033de501 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!MmGetSystemRoutineAddress + 456 fffff800033e2848 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!PsDereferenceKernelStack + 929 fffff800033e6771 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!PsAcquireProcessExitSynchronization + 12 fffff8000343bd8c 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ExRaiseDatatypeMisalignment + 499 fffff8000344a783 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ExRaiseDatatypeMisalignment + 571 fffff8000344a7cb 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!PsReleaseProcessExitSynchronization + 12 fffff8000344a8ac 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!PsSetCurrentThreadPrefetching + 148 fffff8000344c464 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!PsSetCurrentThreadPrefetching + 579 fffff8000344c613 1 byte [1F]
PAGE ... * 3
PAGE C:\Windows\system32\ntoskrnl.exe!RtlRunOnceComplete + 103 fffff8000344ec67 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!MmUnmapViewInSessionSpace + 214 fffff80003469a76 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!MmUnmapViewInSessionSpace + 375 fffff80003469b17 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!NtAlpcRevokeSecurityContext + 223 fffff8000349323f 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtQueryEnvironmentVariableInfoEx + 481 fffff800034b3161 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtQueryEnvironmentVariableInfoEx + 945 fffff800034b3331 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ExGetLicenseTamperState + 903 fffff800034b37d7 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!IoRegisterFileSystem + 663 fffff800034b4857 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ExSetLicenseTamperState + 835 fffff800034b65e3 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!PsResumeProcess + 38 fffff800034b7516 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!PsResumeProcess + 128 fffff800034b7570 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!PsQueryProcessExceptionFlags + 187 fffff800034b769b 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!PsQueryProcessExceptionFlags + 414 fffff800034b777e 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!PsSuspendProcess + 38 fffff800034b7b36 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!PsSuspendProcess + 130 fffff800034b7b92 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!PoUserShutdownInitiated + 589 fffff800034b800d 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!IoDeleteController + 570 fffff800034ba25a 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!IoWMIAllocateInstanceIds + 476 fffff800034bdd7c 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ObUnRegisterCallbacks + 136 fffff800034cdb38 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ObUnRegisterCallbacks + 686 fffff800034cdd5e 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!ObCreateObjectType + 567 fffff800034ce817 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!ObCreateObjectType + 809 fffff800034ce909 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!EmClientRuleEvaluate + 294 fffff800034cf1b6 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtMapUserPhysicalPagesScatter + 845 fffff800034d2ffd 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtMapUserPhysicalPages + 715 fffff800034d378b 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtSetTimerResolution + 121 fffff800034e9869 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtSetTimerResolution + 208 fffff800034e98c0 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtStopProfile + 615 fffff800034ee617 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtStopProfile + 738 fffff800034ee692 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!CmCallbackGetKeyObjectID + 208 fffff800034eeac0 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtLockRegistryKey + 662 fffff800034f08c6 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtLockRegistryKey + 783 fffff800034f093f 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!ExRaiseHardError + 976 fffff800034f1d10 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!SeFilterToken + 496 fffff800034f51d0 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!SeFilterToken + 653 fffff800034f526d 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtMakePermanentObject + 151 fffff800034f99a7 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!IoUnregisterContainerNotification + 130 fffff800034f9f52 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!CmSetCallbackObjectContext + 231 fffff800034fa0b7 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!CmSetCallbackObjectContext + 553 fffff800034fa1f9 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!ObRegisterCallbacks + 525 fffff800034fafad 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!CmUnRegisterCallback + 272 fffff800034fb8e0 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!CmUnRegisterCallback + 505 fffff800034fb9c9 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!IoRegisterContainerNotification + 352 fffff800034fdd30 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtDebugActiveProcess + 268 fffff8000351234c 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtDebugActiveProcess + 369 fffff800035123b1 1 byte [1F]
PAGE ... * 2
PAGE C:\Windows\system32\ntoskrnl.exe!NtCompressKey + 544 fffff800035424a0 1 byte [1F]
PAGE C:\Windows\system32\ntoskrnl.exe!NtCompressKey + 617 fffff800035424e9 1 byte [1F]
.text C:\Windows\system32\hal.dll!HalQueryMaximumProcessorCount + 91 fffff80003012b3b 1 byte [1F]
.text C:\Windows\system32\drivers\fltmgr.sys!FltReleasePushLock + 5 fffff8800106e715 1 byte [1F]
.text C:\Windows\system32\drivers\fltmgr.sys!FltPerformAsynchronousIo + 837 fffff880010734b5 1 byte [1F]
.text C:\Windows\system32\drivers\fltmgr.sys!FltGetInstanceContext + 148 fffff88001074014 1 byte [1F]
.text C:\Windows\system32\drivers\fltmgr.sys!FltDeleteInstanceContext + 98 fffff88001074e52 1 byte [1F]
.text C:\Windows\system32\drivers\fltmgr.sys!FltDeleteInstanceContext + 232 fffff88001074ed8 1 byte [1F]
.text C:\Windows\system32\drivers\fltmgr.sys!FltGetVolumeContext + 187 fffff8800107a48b 1 byte [1F]
.text C:\Windows\system32\drivers\fltmgr.sys!FltQueueGenericWorkItem + 930 fffff8800107bf92 1 byte [1F]
.text C:\Windows\system32\drivers\fltmgr.sys!FltSetInstanceContext + 482 fffff8800107c222 1 byte [1F]
.text C:\Windows\system32\drivers\fltmgr.sys!FltSetVolumeContext + 562 fffff8800107c722 1 byte [1F]
.text C:\Windows\system32\drivers\fltmgr.sys!FltDeleteContext + 302 fffff8800107c94e 1 byte [1F]
.text C:\Windows\system32\drivers\fltmgr.sys!FltGetStreamContext + 760 fffff8800107d078 1 byte [1F]
PAGEKRPC C:\Windows\System32\Drivers\msrpc.sys!RpcBindingCreateW + 888 fffff880011bd538 1 byte [1F]
PAGEKRPC C:\Windows\System32\Drivers\msrpc.sys!RpcBindingSetOption + 687 fffff880011bd9ff 1 byte [1F]
.text C:\Windows\system32\drivers\NETIO.SYS!KfdCheckClassifyNeededAndUpdateEpoch + 97 fffff8800173b011 1 byte [1F]
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\csrss.exe[516] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\system32\KERNELBASE.dll!GetLocaleInfoW + 504 000007fefceeea48 1 byte [1F]
.text C:\Windows\system32\wininit.exe[584] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\csrss.exe[604] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 392 0000000076fd2168 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 182 0000000076fd853e 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlInitEnumerationHashTable + 163 0000000076fd8b03 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 175 0000000076fe217f 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlSetEnvironmentStrings + 708 0000000076fe4474 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlSetEnvironmentStrings + 886 0000000076fe4526 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\system32\services.exe[644] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForTimer + 293 0000000076fdd9c5 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteTimer + 211 0000000076fddb23 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualDomainName + 551 0000000076fe0817 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\lsass.exe[660] C:\Windows\SYSTEM32\ntdll.dll!TpCancelAsyncIoOperation + 385 00000000770a0161 1 byte [1F]
.text C:\Windows\system32\lsass.exe[660] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152
Geändert von Kermit70 (12.05.2014 um 19:09 Uhr) |
|
12.05.2014, 19:01
| #5 |
| | Windows 7: Festplatte wird immer voller Teil 2/4: Code:
ATTFilter 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\lsm.exe[668] C:\Windows\SYSTEM32\ntdll.dll!RtlGetUserInfoHeap + 138 00000000770bd34a 1 byte [1F]
.text C:\Windows\system32\lsm.exe[668] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForTimer + 293 0000000076fdd9c5 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteTimer + 211 0000000076fddb23 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\system32\winlogon.exe[724] C:\Windows\system32\KERNELBASE.dll!GetLocaleInfoW + 504 000007fefceeea48 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 182 0000000076fd853e 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlInitEnumerationHashTable + 163 0000000076fd8b03 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Windows\system32\svchost.exe[812] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlInitEnumerationHashTable + 163 0000000076fd8b03 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForTimer + 293 0000000076fdd9c5 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteTimer + 211 0000000076fddb23 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualDomainName + 551 0000000076fe0817 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 175 0000000076fe217f 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\svchost.exe[892] c:\windows\system32\rpcss.dll!WhichService + 742 000007fefc00bd02 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 175 0000000076fe217f 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Windows\System32\svchost.exe[980] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 182 0000000076fd853e 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1020] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForTimer + 293 0000000076fdd9c5 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteTimer + 211 0000000076fddb23 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualDomainName + 551 0000000076fe0817 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 175 0000000076fe217f 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!TpReleasePool + 196 0000000077018884 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\system32\DNSAPI.dll!DnsGetProxyInformation + 110 000007fefc415f7a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\system32\DNSAPI.dll!DnsGetProxyInformation + 138 000007fefc415f96 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\system32\wsdapi.dll!WSDAllocateLinkedMemory + 54 000007fef97e4daa 1 byte [1F]
.text C:\Windows\system32\svchost.exe[284] C:\Windows\system32\wsdapi.dll!WSDAttachLinkedMemory + 36 000007fef97e7704 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 182 0000000076fd853e 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForTimer + 293 0000000076fdd9c5 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteTimer + 211 0000000076fddb23 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualDomainName + 551 0000000076fe0817 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 175 0000000076fe217f 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlSetEnvironmentStrings + 419 0000000076fe4353 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlSetEnvironmentStrings + 610 0000000076fe4412 1 byte [1F]
.text ... * 3
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlCompareUnicodeString + 202 00000000770083ba 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlCompareUnicodeString + 258 00000000770083f2 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\system32\DNSAPI.dll!DnsGetProxyInformation + 110 000007fefc415f7a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] C:\Windows\system32\DNSAPI.dll!DnsGetProxyInformation + 138 000007fefc415f96 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] c:\windows\system32\ESENT.dll!JetSetSystemParameter + 226 000007fef0e12b92 1 byte [1F]
.text C:\Windows\system32\svchost.exe[464] c:\windows\system32\ESENT.dll!JetSetSystemParameter + 350 000007fef0e12c0e 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[464] c:\windows\system32\ESENT.dll!DebugExtensionNotify + 687 000007fef0e3a50f 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!TpAllocCleanupGroup + 386 0000000076fd8042 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForTimer + 293 0000000076fdd9c5 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteTimer + 211 0000000076fddb23 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualDomainName + 551 0000000076fe0817 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlGetUserInfoHeap + 138 00000000770bd34a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\SYSTEM32\ntdll.dll!RtlGetUserInfoHeap + 435 00000000770bd473 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] c:\windows\system32\DNSAPI.dll!Query_Main + 889 000007fefc4133a1 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] c:\windows\system32\DNSAPI.dll!DnsGetProxyInfoPrivate + 89 000007fefc415481 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] c:\windows\system32\DNSAPI.dll!DnsGetProxyInformation + 110 000007fefc415f7a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] c:\windows\system32\DNSAPI.dll!DnsGetProxyInformation + 138 000007fefc415f96 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] c:\windows\system32\DNSAPI.dll!DnsGetPolicyTableInfoPrivate + 131 000007fefc41ffeb 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] c:\windows\system32\DNSAPI.dll!DnsGetPolicyTableInfoPrivate + 286 000007fefc420086 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] c:\windows\system32\DNSAPI.dll!DnsLogTime + 853 000007fefc420529 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\ESENT.dll!JetSetSystemParameter + 226 000007fef0e12b92 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\ESENT.dll!JetSetSystemParameter + 350 000007fef0e12c0e 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1100] C:\Windows\system32\ESENT.dll!DebugExtensionNotify + 687 000007fef0e3a50f 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Windows\System32\spoolsv.exe[1288] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForTimer + 293 0000000076fdd9c5 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteTimer + 211 0000000076fddb23 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 175 0000000076fe217f 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlSetEnvironmentStrings + 708 0000000076fe4474 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlSetEnvironmentStrings + 886 0000000076fe4526 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteTimerQueueEx + 211 00000000770a0853 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1324] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1448] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Program Files\Bonjour\mDNSResponder.exe[1576] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 182 0000000076fd853e 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlInitEnumerationHashTable + 163 0000000076fd8b03 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForTimer + 293 0000000076fdd9c5 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteTimer + 211 0000000076fddb23 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualDomainName + 551 0000000076fe0817 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] c:\windows\system32\wsdapi.dll!WSDAllocateLinkedMemory + 54 000007fef97e4daa 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] c:\windows\system32\wsdapi.dll!WSDAttachLinkedMemory + 36 000007fef97e7704 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\system32\DNSAPI.dll!DnsGetProxyInformation + 110 000007fefc415f7a 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1708] C:\Windows\system32\DNSAPI.dll!DnsGetProxyInformation + 138 000007fefc415f96 1 byte [1F]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe[1736] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 175 0000000076fe217f 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736
Geändert von Kermit70 (12.05.2014 um 19:09 Uhr) |
|
12.05.2014, 19:04
| #6 |
| | Windows 7: Festplatte wird immer voller Teil 3/4: Code:
ATTFilter 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\mfevtps.exe[1804] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\system32\svchost.exe[1956] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe[2000] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe[2044] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\rundll32.exe[1388] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 392 0000000076fd2168 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 175 0000000076fe217f 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe[2096] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 182 0000000076fd853e 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlInitEnumerationHashTable + 163 0000000076fd8b03 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 175 0000000076fe217f 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDFME.exe[2568] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\svchost.exe[2992] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\System32\WUDFHost.exe[1616] C:\Windows\system32\KERNELBASE.dll!GetLocaleInfoW + 504 000007fefceeea48 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 182 0000000076fd853e 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForTimer + 293 0000000076fdd9c5 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteTimer + 211 0000000076fddb23 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\SYSTEM32\ntdll.dll!RtlGetUserInfoHeap + 435 00000000770bd473 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\system32\ESENT.dll!JetSetSystemParameter + 226 000007fef0e12b92 1 byte [1F]
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\system32\ESENT.dll!JetSetSystemParameter + 350 000007fef0e12c0e 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\taskhost.exe[3280] C:\Windows\system32\ESENT.dll!DebugExtensionNotify + 687 000007fef0e3a50f 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 175 0000000076fe217f 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\Dwm.exe[3472] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 182 0000000076fd853e 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlInitEnumerationHashTable + 163 0000000076fd8b03 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 175 0000000076fe217f 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlSetEnvironmentStrings + 419 0000000076fe4353 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlSetEnvironmentStrings + 610 0000000076fe4412 1 byte [1F]
.text ... * 3
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text ... * 2
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlGetUserInfoHeap + 138 00000000770bd34a 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\SYSTEM32\ntdll.dll!RtlGetUserInfoHeap + 435 00000000770bd473 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\system32\KERNELBASE.dll!GetLocaleInfoW + 504 000007fefceeea48 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Windows\Explorer.EXE[3504] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe[3796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe[3796] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualDomainName + 551 0000000076fe0817 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text ... * 2
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\SYSTEM32\ntdll.dll!TpCancelAsyncIoOperation + 385 00000000770a0161 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\system32\DNSAPI.dll!DnsGetProxyInformation + 110 000007fefc415f7a 1 byte [1F]
.text C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe[3848] C:\Windows\system32\DNSAPI.dll!DnsGetProxyInformation + 138 000007fefc415f96 1 byte [1F]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[3888] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[3924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe[3924] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text D:\Programme\CyberLink\Power2Go\CLMLSvc.exe[3308] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text D:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text D:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text C:\Program Files (x86)\Cyberlink\Shared files\brs.exe[908] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155
|
|
12.05.2014, 19:08
| #7 |
| | Windows 7: Festplatte wird immer voller so nun Teil 4/4, ganz schön viel Zeug...:  Code:
ATTFilter 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForTimer + 293 0000000076fdd9c5 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteTimer + 211 0000000076fddb23 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlSetEnvironmentStrings + 419 0000000076fe4353 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlSetEnvironmentStrings + 610 0000000076fe4412 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\system32\KERNELBASE.dll!GetLocaleInfoW + 504 000007fefceeea48 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\system32\ESENT.dll!JetSetSystemParameter + 226 000007fef0e12b92 1 byte [1F]
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\system32\ESENT.dll!JetSetSystemParameter + 350 000007fef0e12c0e 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\SearchIndexer.exe[3260] C:\Windows\system32\ESENT.dll!DebugExtensionNotify + 687 000007fef0e3a50f 1 byte [1F]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3812] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe[3768] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe[4192] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4380] C:\Windows\system32\KERNELBASE.dll!GetLocaleInfoW + 504 000007fefceeea48 1 byte [1F]
.text C:\Program Files\Windows Media Player\wmpnetwk.exe[4380] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\system32\KERNELBASE.dll!GetLocaleInfoW + 504 000007fefceeea48 1 byte [1F]
.text C:\Program Files\iPod\bin\iPodService.exe[4428] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!wcscspn + 182 0000000076fd853e 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForTimer + 293 0000000076fdd9c5 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteTimer + 211 0000000076fddb23 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlEqualDomainName + 551 0000000076fe0817 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!TpStartAsyncIoOperation + 196 0000000076fe0ab4 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteTimerQueueEx + 211 00000000770a0853 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] c:\windows\system32\ESENT.dll!JetSetSystemParameter + 226 000007fef0e12b92 1 byte [1F]
.text C:\Windows\System32\svchost.exe[4104] c:\windows\system32\ESENT.dll!JetSetSystemParameter + 350 000007fef0e12c0e 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\svchost.exe[4104] c:\windows\system32\ESENT.dll!DebugExtensionNotify + 687 000007fef0e3a50f 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!TpWaitForTimer + 293 0000000076fdd9c5 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteTimer + 211 0000000076fddb23 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 175 0000000076fe217f 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackMayRunLong + 282 0000000076ff13ca 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!TpReleasePool + 196 0000000077018884 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\system32\KERNELBASE.dll!GetLocaleInfoW + 504 000007fefceeea48 1 byte [1F]
.text C:\Windows\System32\svchost.exe[1340] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlSetUserValueHeap + 87 000000007701ab27 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text ... * 2
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\SYSTEM32\ntdll.dll!RtlGetUserInfoHeap + 435 00000000770bd473 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\system32\RPCRT4.dll!MesEncodeDynBufferHandleCreate + 176 000007fefdcc96c0 1 byte [1F]
.text C:\Program Files\McAfee\MAT\McPvTray.exe[3820] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\PROGRA~1\McAfee\MSM\McSmtFwk.exe[5304] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 175 0000000076fe217f 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe[3596] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000074c51465 2 bytes [C5, 74]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[5388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000074c514bb 2 bytes [C5, 74]
.text ... * 2
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Windows\system32\AUDIODG.EXE[5264] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlDeregisterWaitEx + 190 0000000076fdc4ce 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 396 0000000076fdc6ac 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseWait + 485 0000000076fdc705 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseTimer + 592 0000000076fdd850 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlDoesFileExists_U + 175 0000000076fe217f 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!TpCallbackIndependent + 135 0000000076fe4c67 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!DbgPrint + 115 0000000076fe5923 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!TpReleaseIoCompletion + 680 0000000076fe5fe8 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 550 0000000076fea956 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!TpIsTimerSet + 767 0000000076feaa2f 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!TpSetTimer + 468 0000000076feb4f4 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 45 0000000076ff0b4d 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlRealSuccessor + 736 0000000076ff0e00 1 byte [1F]
.text ... * 2
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 215 0000000076ff6a87 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!_wcsicmp + 311 0000000076ff6ae7 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceExecuteOnce + 36 0000000076ff7534 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlSizeHeap + 49 0000000076ff8331 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 564 00000000770032e4 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlMultiAppendUnicodeStringBuffer + 620 000000007700331c 1 byte [1F]
.text ... * 2
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 101 0000000077003fb5 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlReAllocateHeap + 350 00000000770040ae 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlExpandEnvironmentStrings + 387 0000000077004383 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceComplete + 90 000000007700915a 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlRunOnceBeginInitialize + 56 000000007700dde8 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlCleanUpTEBLangLists + 732 0000000077016e1c 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 122 000000007701831a 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!LdrFindResource_U + 333 00000000770183ed 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListResume16 + 2 0000000077020656 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 26 00000000770206d2 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!ExpInterlockedPopEntrySListEnd + 154 0000000077020752 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlInterlockedPushListSList + 2 00000000770207b1 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 76 000000007702320c 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlFreeHeap + 152 0000000077023258 1 byte [1F]
.text ... * 2
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 197 0000000077025425 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\SYSTEM32\ntdll.dll!RtlInitUnicodeStringEx + 278 0000000077025476 1 byte [1F]
.text C:\Program Files\Common Files\McAfee\Platform\Core\mchost.exe[2796] C:\Windows\system32\RPCRT4.dll!I_RpcReceive + 741 000007fefdcd2b95 1 byte [1F]
---- User IAT/EAT - GMER 2.1 ----
IAT C:\Windows\system32\mfevtps.exe[1804] @ C:\Windows\system32\CRYPT32.dll[KERNEL32.dll!LoadLibraryA] [13f6fbbb0] C:\Windows\system32\mfevtps.exe
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [1340:2284] 000007feea359688
---- EOF - GMER 2.1 ----
|
|
13.05.2014, 15:25
| #8 |
| /// the machine /// TB-Ausbilder | Windows 7: Festplatte wird immer voller hi, Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
13.05.2014, 19:25
| #9 |
| | Windows 7: Festplatte wird immer voller Hi Schrauber, hab's gemacht wie beschrieben, ich bin bloß nach dem Start aus dem Zimmer gegangen, als ich wieder kam war der Anmeldebildschirm da und ComboFix hat nach dem Anmelden das Logfile geschrieben, passt so, oder? Code:
ATTFilter ComboFix 14-05-13.01 - Alex 13.05.2014 19:37:16.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3582.1066 [GMT 2:00]
ausgeführt von:: c:\users\Alex\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Disabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Disabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stephie\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A39C217A-A1DA-4DF6-8A48-3053AA6588C4}.xps
c:\users\Stephie\Documents\~WRL0130.tmp
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ACEDRV11
-------\Service_acedrv11
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-04-13 bis 2014-05-13 ))))))))))))))))))))))))))))))
.
.
2014-05-11 09:07 . 2014-05-11 09:13 -------- d-----w- C:\FRST
2014-05-11 09:06 . 2014-04-17 03:31 10651704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBF10610-6A49-4DE6-942D-AAB37CE6BD68}\mpengine.dll
2014-05-11 08:39 . 2014-05-11 08:39 -------- d-----w- c:\program files (x86)\MarkAny
2014-05-07 20:33 . 2014-05-07 20:33 -------- d-s---w- c:\windows\system32\CompatTel
2014-05-07 16:08 . 2014-04-14 02:24 465408 ----a-w- c:\windows\system32\aepdu.dll
2014-05-07 16:08 . 2014-04-14 02:19 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-05 18:46 . 2014-04-29 14:01 23547904 ----a-w- c:\windows\system32\mshtml.dll
2014-05-05 18:46 . 2014-04-29 13:40 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-05 18:46 . 2014-04-29 12:34 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-01 08:05 . 2014-05-01 08:05 -------- d-sh--w- c:\users\Stephie\AppData\Local\EmieUserList
2014-05-01 08:05 . 2014-05-01 08:05 -------- d-sh--w- c:\users\Stephie\AppData\Local\EmieSiteList
2014-05-01 07:34 . 2014-05-01 07:34 -------- d-----w- c:\program files (x86)\Application Updater
2014-05-01 07:34 . 2014-05-01 07:34 -------- d-----w- c:\program files (x86)\pdfforge Toolbar
2014-05-01 07:34 . 2014-05-01 07:34 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2014-04-29 17:48 . 2014-04-29 17:48 -------- d-sh--w- c:\users\Alex\AppData\Local\EmieUserList
2014-04-29 17:48 . 2014-04-29 17:48 -------- d-sh--w- c:\users\Alex\AppData\Local\EmieSiteList
2014-04-29 17:18 . 2014-03-06 07:37 1796608 ----a-w- c:\program files\Internet Explorer\F12.dll
2014-04-25 14:57 . 2013-09-23 11:49 197704 ----a-w- c:\windows\system32\drivers\HipShieldK.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-12 17:08 . 2013-07-02 19:52 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2014-05-12 17:08 . 2013-07-02 19:51 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2014-05-07 16:09 . 2011-07-29 18:51 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2014-05-07 16:09 . 2011-07-29 18:51 42168 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2014-05-07 16:09 . 2011-07-29 18:51 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2014-05-01 07:57 . 2012-04-03 18:25 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-01 07:57 . 2011-07-27 19:49 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-18 07:00 . 2011-10-08 17:55 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2014-04-10 15:47 . 2011-07-27 11:33 90655440 ----a-w- c:\windows\system32\MRT.exe
2014-03-31 07:35 . 2011-07-25 19:17 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-03-17 17:02 . 2013-07-03 19:04 70592 ----a-w- c:\windows\system32\drivers\cfwids.sys
2014-03-17 16:54 . 2013-07-03 19:04 345456 ----a-w- c:\windows\system32\drivers\mfewfpk.sys
2014-03-17 16:54 . 2011-03-13 15:45 185792 ----a-w- c:\windows\system32\mfevtps.exe
2014-03-17 16:49 . 2013-07-03 19:04 783864 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2014-03-17 16:47 . 2013-07-03 19:04 522360 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2014-03-17 16:45 . 2013-07-03 19:04 311600 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2014-03-17 16:44 . 2013-07-03 19:04 180272 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2014-03-04 09:44 . 2014-04-10 15:06 243712 ----a-w- c:\windows\system32\wow64.dll
2014-03-04 09:44 . 2014-04-10 15:06 362496 ----a-w- c:\windows\system32\wow64win.dll
2014-03-04 09:44 . 2014-04-10 15:06 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2014-03-04 09:44 . 2014-04-10 15:06 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2014-03-04 09:44 . 2014-04-10 15:06 1163264 ----a-w- c:\windows\system32\kernel32.dll
2014-03-04 09:17 . 2014-04-10 15:06 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2014-03-04 09:17 . 2014-04-10 15:06 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-03-04 09:16 . 2014-04-10 15:06 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2014-03-04 09:16 . 2014-04-10 15:06 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2014-03-04 08:09 . 2014-04-10 15:06 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2014-03-04 08:09 . 2014-04-10 15:06 2048 ----a-w- c:\windows\SysWow64\user.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}]
2014-04-25 09:22 1398592 ----a-w- c:\program files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{B922D405-6D13-4A2B-AE89-08A030DA4402}"= "c:\program files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE.dll" [2014-04-25 1398592]
.
[HKEY_CLASSES_ROOT\clsid\{b922d405-6d13-4a2b-ae89-08a030da4402}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2014-05-11 1564992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2009-06-19 195072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2014-02-12 43848]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-08-24 651832]
"mcui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2014-04-23 311616]
"UpdateLBPShortCut"="d:\programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"MDS_Menu"="d:\programme\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"CLMLServer"="d:\programme\CyberLink\Power2Go\CLMLSvc.exe" [2009-12-15 103720]
"UpdateP2GoShortCut"="d:\programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"RemoteControl9"="d:\programme\CyberLink\PowerDVD9\PDVD9Serv.exe" [2010-08-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-23 75048]
"UpdatePPShortCut"="d:\programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"UCam_Menu"="d:\programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-02-17 218408]
"LGODDFU"="d:\programme\LGTool\lgfw.exe" [2013-06-29 27760]
"UpdatePSTShortCut"="d:\programme\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" [2010-06-02 222504]
"mcpltui_exe"="c:\program files\McAfee.com\Agent\mcagent.exe" [2014-04-25 537992]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2011-07-31 189808]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2014-02-21 152392]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2014-04-25 1401664]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"{90140000-003D-0000-0000-0000000FF1CE}"="del" [X]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
PHOTOfunSTUDIO 4.0.lnk - c:\program files (x86)\Panasonic\PHOTOfunSTUDIO 4.0\AutoStartupService.exe -e "c:\program files (x86)\Panasonic\PHOTOfunSTUDIO 4.0\PHOTOfunSTUDIO.exe" [2011-7-28 146432]
Scanner Finder.lnk - c:\program files (x86)\ScanWizard 5\ScannerFinder.exe [2011-7-29 315392]
WD Quick View.lnk - c:\program files\Western Digital\WD SmartWare\WDDMStatus.exe [2011-8-1 4221840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc]
@=""
.
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
R2 CLKMSVC10_BB1DDEDD;CyberLink Product - 2014/01/11 19:34;d:\programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe;d:\programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [x]
R3 HipShieldK;McAfee Inc. HipShieldK;c:\windows\system32\drivers\HipShieldK.sys;c:\windows\SYSNATIVE\drivers\HipShieldK.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 McAWFwk;McAfee Activation Service;c:\progra~1\mcafee\msc\mcawfwk.exe;c:\progra~1\mcafee\msc\mcawfwk.exe [x]
R3 mfencrk;McAfee Inc. mfencrk;c:\windows\system32\DRIVERS\mfencrk.sys;c:\windows\SYSNATIVE\DRIVERS\mfencrk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys;c:\windows\SYSNATIVE\DRIVERS\wdcsam64.sys [x]
R4 McOobeSv;McAfee OOBE Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S0 McPvDrv;McPvDrv Driver;c:\windows\system32\drivers\McPvDrv.sys;c:\windows\SYSNATIVE\drivers\McPvDrv.sys [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys;c:\windows\SYSNATIVE\drivers\mfewfpk.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [x]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [x]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [x]
S2 HomeNetSvc;McAfee Home Network;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\McSvcHost\McSvHost.exe [x]
S2 McAPExe;McAfee AP Service;c:\program files\McAfee\MSC\McAPExe.exe;c:\program files\McAfee\MSC\McAPExe.exe [x]
S2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mcpltsvc;McAfee Platform Services;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe;c:\program files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [x]
S2 mfecore;McAfee Anti-Malware Core;c:\program files\Common Files\McAfee\AMCore\mcshield.exe;c:\program files\Common Files\McAfee\AMCore\mcshield.exe [x]
S2 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe;c:\program files\Common Files\McAfee\SystemCore\\mfefire.exe [x]
S2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe;c:\windows\SYSNATIVE\mfevtps.exe [x]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [x]
S2 WDDMService;WDDMService;c:\program files\Western Digital\WD SmartWare\WDDMService.exe;c:\program files\Western Digital\WD SmartWare\WDDMService.exe [x]
S2 WDFMEService;WDFMEService;c:\program files\Western Digital\WD SmartWare\WDFME.exe;c:\program files\Western Digital\WD SmartWare\WDFME.exe [x]
S2 WDRulesService;WDRulesService;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe;c:\program files\Western Digital\WD SmartWare\WDRulesEngine.exe [x]
S3 avmaudio;AVM Audio;c:\windows\system32\DRIVERS\avmaudio.sys;c:\windows\SYSNATIVE\DRIVERS\avmaudio.sys [x]
S3 avmaura;AVM USB-Fernanschluss;c:\windows\system32\DRIVERS\avmaura.sys;c:\windows\SYSNATIVE\DRIVERS\avmaura.sys [x]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys;c:\windows\SYSNATIVE\drivers\cfwids.sys [x]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys;c:\windows\SYSNATIVE\drivers\HCW85BDA.sys [x]
S3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys;c:\windows\SYSNATIVE\drivers\mfefirek.sys [x]
S3 mfencbdc;McAfee Inc. mfencbdc;c:\windows\system32\DRIVERS\mfencbdc.sys;c:\windows\SYSNATIVE\DRIVERS\mfencbdc.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_BB1DDEDD
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2013-01-16 10:46 454176 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-05-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 07:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2013-09-25 472984]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Wow6432Node-HKCU-Run-AmazonMP3DownloaderHelper - c:\users\Alex\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Wow6432Node-HKLM-Run-Allin1Convert_8h Browser Plugin Loader 64 - c:\progra~2\ALLIN1~2\bar\1.bin\8hbrmon64.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-FRITZ! 2.0 - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_206_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_206.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Cyberlink\Shared files\RichVideo.exe
c:\windows\SysWOW64\rundll32.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-05-13 20:16:28 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-05-13 18:16
.
Vor Suchlauf: 3.809.714.176 Bytes frei
Nach Suchlauf: 15 Verzeichnis(se), 59.789.742.080 Bytes frei
.
- - End Of File - - EDDC582C6C2F97642AF239D5A108B6D3
A36C5E4F47E84449FF07ED3517B43A31
Kermit |
|
14.05.2014, 19:09
| #10 |
| /// the machine /// TB-Ausbilder | Windows 7: Festplatte wird immer voller passt  Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
14.05.2014, 22:35
| #11 |
| | Windows 7: Festplatte wird immer voller Hi Schrauber, anbei alles bis aufs FRST, das ganz frische FRST Log mach ich Dir morgen. Ist ja der Wahnsinn, schon nach dem MBAM waren wieder 50GB frei!!!!  Eine riesen Dankeschön! Aber eigentlich bin ich auch ganz schön nachdenklich geworden. Hast Du ne Ahnung was das Ding gemacht hat, sollte ich z.B. alle Passwörter ändern? Und was ist mit externen Festplatten (die am PC war ausgesteckt seit ich was vermutet habe), aber nicht die Festpatte an der Fritzbox und was ist mit dem Laptop der auch ab und zu im Heimnetzwerk betrieben wird? Und wie kann ich das Ganze in Zukunft verhindern? Du siehst schon Fragen über Fragen....  Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Alex on 14.05.2014 at 22:48:37,51
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E58CDA9-3B21-4611-A859-26EE28950E61}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 14.05.2014 at 23:14:11,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 14.05.2014 Suchlauf-Zeit: 22:12:54 Logdatei: MBAM.txt Administrator: Ja Version: 2.00.1.1004 Malware Datenbank: v2014.05.14.08 Rootkit Datenbank: v2014.03.27.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Chameleon: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Alex Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 388589 Verstrichene Zeit: 37 Min, 0 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Shuriken: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 2 PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe, 4648, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040] PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe, 4816, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040] Module: 16 PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], Registrierungsschlüssel: 1 PUP.Optional.MindSpark.A, HKU\S-1-5-21-4044853685-2408808152-1568560140-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Allin1Convert_8h, In Quarantäne, [7bd5aaa7ec8ff244f5d5b515f80b827e], Registrierungswerte: 2 PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\SHAREDDLLS|C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\SEARCH SETTINGS\SEARCHSETTINGS.EXE, 1, In Quarantäne, [3e122d2484f72d093c01067403ffc040] PUP.Optional.Spigot.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\RUN|SearchSettings, "C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe", In Quarantäne, [3e122d2484f72d093c01067403ffc040] Registrierungsdaten: 0 (No malicious items detected) Ordner: 3 PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang, In Quarantäne, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Res, In Quarantäne, [3e122d2484f72d093c01067403ffc040], Dateien: 18 PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ff.xml, In Quarantäne, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\baidu_ie.xml, In Quarantäne, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\config.ini, In Quarantäne, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ff.xml, In Quarantäne, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\searchcom_ie.xml, In Quarantäne, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings64.exe, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wth181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\wthx181.dll, Löschen bei Neustart, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ff.xml, In Quarantäne, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yahoo_ie.xml, In Quarantäne, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ff.xml, In Quarantäne, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\yandex_ie.xml, In Quarantäne, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1031.ini, In Quarantäne, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1033.ini, In Quarantäne, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1034.ini, In Quarantäne, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1036.ini, In Quarantäne, [3e122d2484f72d093c01067403ffc040], PUP.Optional.Spigot.A, C:\Program Files (x86)\Common Files\Spigot\Search Settings\Lang\res1040.ini, In Quarantäne, [3e122d2484f72d093c01067403ffc040], Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.208 - Bericht erstellt am 14/05/2014 um 22:40:25
# Aktualisiert 11/05/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Alex - GANDALF
# Gestartet von : C:\Users\Alex\Desktop\adwcleaner_3.208.exe
# Option : Löschen
***** [ Dienste ] *****
Dienst Gelöscht : Application Updater
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\Program Files (x86)\Application Updater
Ordner Gelöscht : C:\Program Files (x86)\pdfforge Toolbar
Ordner Gelöscht : C:\Program Files (x86)\Common Files\Spigot
Ordner Gelöscht : C:\Users\Alex\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Alex\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Alex\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Hannah\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Maja\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Users\Stephie\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Stephie\AppData\LocalLow\Search Settings
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ToolbarProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Allin1Convert_8h.ToolbarProtector.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{889F49D2-6CEA-40BE-BE5F-7217485F9745}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2561FD25-FE31-4E56-A120-AF7FEAAE3124}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{7CAEFAFC-9A1E-4BCC-94DD-BC7D8D52717A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{B922D405-6D13-4A2B-AE89-08A030DA4402}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{B922D405-6D13-4A2B-AE89-08A030DA4402}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKCU\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\allin1convert_8h
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Search Settings
Schlüssel Gelöscht : HKLM\Software\Application Updater
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17041
*************************
AdwCleaner[R0].txt - [3907 octets] - [14/05/2014 22:27:09]
AdwCleaner[S0].txt - [3711 octets] - [14/05/2014 22:40:25]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [3771 octets] ##########
FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-05-2014
Ran by Alex (administrator) on GANDALF on 14-05-2014 23:32:36
Running from C:\Users\Alex\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Panasonic Corporation) C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 4.0\AutoStartupService.exe
() C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CyberLink) D:\Programme\CyberLink\Power2Go\CLMLSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(CyberLink Corp.) D:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\OUTLOOK.EXE
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\microsoft shared\Source Engine\OSE.EXE
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [195072 2009-06-19] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => D:\Programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [MDS_Menu] => D:\Programme\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => D:\Programme\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => D:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl9] => D:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-08-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-23] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => D:\Programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => D:\Programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => D:\Programme\LGTool\lgfw.exe [27760 2013-06-29] (Bitleader)
HKLM-x32\...\Run: [UpdatePSTShortCut] => D:\Programme\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-06-02] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\.DEFAULT\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-4044853685-2408808152-1568560140-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-05-11] (Samsung)
HKU\S-1-5-21-4044853685-2408808152-1568560140-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4044853685-2408808152-1568560140-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 4.0.lnk
ShortcutTarget: PHOTOfunSTUDIO 4.0.lnk -> C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 4.0\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
ShortcutTarget: Scanner Finder.lnk -> C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
GroupPolicyUsers\S-1-5-21-4044853685-2408808152-1568560140-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4044853685-2408808152-1568560140-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4044853685-2408808152-1568560140-1003\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x37628E468E4CCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {848B9794-9099-47E5-BF5C-F3B5E5C60CF4} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {848B9794-9099-47E5-BF5C-F3B5E5C60CF4} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {9A3B43AC-87D8-4859-9E78-7B960E48427D} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-07-03]
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S2 CLKMSVC10_BB1DDEDD; D:\Programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [317328 2011-08-01] (WDC)
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital )
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital )
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2012-12-20] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-20] (AVM Berlin)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [33792 2011-09-29] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-14 23:31 - 2014-05-14 23:31 - 00000000 ____D () C:\Users\Alex\Desktop\FRST-OlderVersion
2014-05-14 23:14 - 2014-05-14 23:14 - 00001015 _____ () C:\Users\Alex\Desktop\JRT.txt
2014-05-14 22:48 - 2014-05-14 22:48 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 22:47 - 2014-05-14 22:47 - 01016261 _____ (Thisisu) C:\Users\Alex\Desktop\JRT.exe
2014-05-14 22:43 - 2014-05-14 22:43 - 00003859 _____ () C:\Users\Alex\Desktop\AdwCleaner[S0].txt
2014-05-14 22:27 - 2014-05-14 22:40 - 00000000 ____D () C:\AdwCleaner
2014-05-14 22:25 - 2014-05-14 22:26 - 01325827 _____ () C:\Users\Alex\Desktop\adwcleaner_3.208.exe
2014-05-14 22:21 - 2014-05-14 22:21 - 00007594 _____ () C:\Users\Alex\Desktop\MBAM.txt
2014-05-14 21:35 - 2014-05-14 22:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 21:32 - 2014-05-14 21:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 21:32 - 2014-05-14 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-14 21:32 - 2014-05-14 21:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 21:32 - 2014-05-14 21:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-14 21:32 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-14 21:32 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-14 21:32 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-13 20:18 - 2014-05-13 20:18 - 00023339 _____ () C:\Users\Alex\Desktop\ComboFix.txt
2014-05-13 20:16 - 2014-05-13 20:16 - 00023339 _____ () C:\ComboFix.txt
2014-05-13 19:32 - 2014-05-13 20:16 - 00000000 ____D () C:\Qoobox
2014-05-13 19:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-13 19:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-13 19:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-13 19:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-13 19:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-13 19:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-13 19:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-13 19:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-13 19:31 - 2014-05-13 20:11 - 00000000 ____D () C:\Windows\erdnt
2014-05-13 19:24 - 2014-05-13 19:24 - 05200050 ____R (Swearware) C:\Users\Alex\Desktop\ComboFix.exe
2014-05-11 20:54 - 2014-05-11 20:54 - 00514632 _____ () C:\Windows\Minidump\051114-21699-01.dmp
2014-05-11 20:30 - 2014-05-11 20:30 - 00023066 _____ () C:\Users\Alex\Desktop\Gmer.zip
2014-05-11 19:36 - 2014-05-11 19:36 - 00362848 _____ () C:\Users\Alex\Desktop\Gmer.log
2014-05-11 11:17 - 2014-05-11 11:17 - 00380416 _____ () C:\Users\Alex\Desktop\Gmer-19357.exe
2014-05-11 11:11 - 2014-05-11 11:13 - 00032102 _____ () C:\Users\Alex\Desktop\Addition.txt
2014-05-11 11:07 - 2014-05-14 23:32 - 00017297 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-05-11 11:07 - 2014-05-14 23:32 - 00000000 ____D () C:\FRST
2014-05-11 11:06 - 2014-05-14 23:31 - 02066944 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-05-11 11:03 - 2014-05-11 11:04 - 00000470 _____ () C:\Users\Alex\Desktop\defogger_disable.log
2014-05-11 11:03 - 2014-05-11 11:03 - 00000000 _____ () C:\Users\Alex\defogger_reenable
2014-05-11 10:51 - 2014-05-11 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-05-11 10:39 - 2014-05-11 10:39 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-05-11 10:37 - 2014-05-11 10:37 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-07 22:33 - 2014-05-07 22:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 22:13 - 2014-05-07 22:13 - 00001939 _____ () C:\Users\Alex\Desktop\McAfee Total Protection.lnk
2014-05-07 22:07 - 2014-05-07 22:07 - 00050477 _____ () C:\Users\Alex\Desktop\Defogger.exe
2014-05-07 18:08 - 2014-04-14 04:24 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-07 18:08 - 2014-04-14 04:19 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-05 20:46 - 2014-04-29 16:01 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-05 20:46 - 2014-04-29 15:40 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-05 20:46 - 2014-04-29 14:48 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-05 20:46 - 2014-04-29 14:34 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-01 10:05 - 2014-05-01 10:05 - 00000000 __SHD () C:\Users\Stephie\AppData\Local\EmieUserList
2014-05-01 10:05 - 2014-05-01 10:05 - 00000000 __SHD () C:\Users\Stephie\AppData\Local\EmieSiteList
2014-04-29 19:48 - 2014-04-29 19:48 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieUserList
2014-04-29 19:48 - 2014-04-29 19:48 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieSiteList
2014-04-29 19:47 - 2014-04-29 19:47 - 00010875 _____ () C:\Users\Alex\Desktop\Mappe1 (Automatisch gespeichert).xlsx
2014-04-29 19:19 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 19:19 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 19:19 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 19:19 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 19:19 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 19:19 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 19:19 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 19:19 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 19:19 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 19:19 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 19:19 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 19:19 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 19:19 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 19:19 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-29 19:19 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-29 19:19 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-29 19:19 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 19:19 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 19:19 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-29 19:19 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-29 19:19 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 19:19 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-29 19:19 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-29 19:19 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-29 19:19 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-29 19:19 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 19:19 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-29 19:19 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-29 19:19 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-29 19:19 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-29 19:19 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 19:19 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-29 19:18 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 19:18 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 19:18 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-29 19:18 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-29 19:18 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 19:18 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 19:18 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-29 19:18 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-29 19:18 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 19:18 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-29 19:18 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-29 19:18 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-27 13:21 - 2014-04-27 13:21 - 00410455 _____ () C:\Users\Alex\Downloads\2014-04-27_2662592_rennrad-tour_export.gpx
2014-04-25 16:57 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-04-18 12:34 - 2014-04-18 12:34 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
==================== One Month Modified Files and Folders =======
2014-05-14 23:32 - 2014-05-11 11:07 - 00017297 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-05-14 23:32 - 2014-05-11 11:07 - 00000000 ____D () C:\FRST
2014-05-14 23:31 - 2014-05-14 23:31 - 00000000 ____D () C:\Users\Alex\Desktop\FRST-OlderVersion
2014-05-14 23:31 - 2014-05-11 11:06 - 02066944 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-05-14 23:14 - 2014-05-14 23:14 - 00001015 _____ () C:\Users\Alex\Desktop\JRT.txt
2014-05-14 23:10 - 2011-07-25 21:29 - 00000000 ____D () C:\Users\Alex\Documents\Outlook-Dateien
2014-05-14 22:57 - 2012-07-13 20:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-14 22:50 - 2009-07-14 19:58 - 09650356 _____ () C:\Windows\system32\perfh007.dat
2014-05-14 22:50 - 2009-07-14 19:58 - 02943260 _____ () C:\Windows\system32\perfc007.dat
2014-05-14 22:50 - 2009-07-14 07:13 - 00006456 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-14 22:50 - 2009-07-14 06:45 - 00013728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-14 22:50 - 2009-07-14 06:45 - 00013728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-14 22:48 - 2014-05-14 22:48 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 22:48 - 2011-07-25 20:54 - 02028843 _____ () C:\Windows\WindowsUpdate.log
2014-05-14 22:47 - 2014-05-14 22:47 - 01016261 _____ (Thisisu) C:\Users\Alex\Desktop\JRT.exe
2014-05-14 22:46 - 2013-07-03 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-14 22:44 - 2013-01-08 20:57 - 00000000 __RSD () C:\Users\Alex\Documents\McAfee-Tresore
2014-05-14 22:43 - 2014-05-14 22:43 - 00003859 _____ () C:\Users\Alex\Desktop\AdwCleaner[S0].txt
2014-05-14 22:42 - 2011-07-25 22:35 - 00416312 _____ () C:\Windows\PFRO.log
2014-05-14 22:42 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-14 22:42 - 2009-07-14 06:51 - 00092258 _____ () C:\Windows\setupact.log
2014-05-14 22:40 - 2014-05-14 22:27 - 00000000 ____D () C:\AdwCleaner
2014-05-14 22:26 - 2014-05-14 22:25 - 01325827 _____ () C:\Users\Alex\Desktop\adwcleaner_3.208.exe
2014-05-14 22:21 - 2014-05-14 22:21 - 00007594 _____ () C:\Users\Alex\Desktop\MBAM.txt
2014-05-14 22:18 - 2011-07-27 21:39 - 00000000 ____D () C:\Users\Alex\Documents\Krankenkasse
2014-05-14 22:16 - 2014-05-14 21:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 21:32 - 2014-05-14 21:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 21:32 - 2014-05-14 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-14 21:32 - 2014-05-14 21:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 21:32 - 2014-05-14 21:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-14 21:22 - 2011-07-27 21:50 - 00000000 ____D () C:\Users\Alex\AppData\Local\Adobe
2014-05-13 20:58 - 2012-07-13 20:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 20:57 - 2012-04-03 20:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 20:57 - 2011-07-27 21:49 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 20:18 - 2014-05-13 20:18 - 00023339 _____ () C:\Users\Alex\Desktop\ComboFix.txt
2014-05-13 20:16 - 2014-05-13 20:16 - 00023339 _____ () C:\ComboFix.txt
2014-05-13 20:16 - 2014-05-13 19:32 - 00000000 ____D () C:\Qoobox
2014-05-13 20:11 - 2014-05-13 19:31 - 00000000 ____D () C:\Windows\erdnt
2014-05-13 20:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-13 20:00 - 2009-07-14 04:34 - 75235328 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-13 20:00 - 2009-07-14 04:34 - 20447232 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-13 20:00 - 2009-07-14 04:34 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-13 20:00 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-13 20:00 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-13 19:24 - 2014-05-13 19:24 - 05200050 ____R (Swearware) C:\Users\Alex\Desktop\ComboFix.exe
2014-05-12 19:44 - 2013-06-29 18:39 - 00000357 _____ () C:\Windows\lgfwup.ini
2014-05-11 22:27 - 2011-07-29 18:58 - 00000000 ____D () C:\Users\Stephie\Documents\Outlook-Dateien
2014-05-11 22:26 - 2013-01-07 23:55 - 00000000 __RSD () C:\Users\Stephie\Documents\McAfee-Tresore
2014-05-11 20:54 - 2014-05-11 20:54 - 00514632 _____ () C:\Windows\Minidump\051114-21699-01.dmp
2014-05-11 20:54 - 2012-07-04 20:50 - 00000000 ____D () C:\Windows\Minidump
2014-05-11 20:30 - 2014-05-11 20:30 - 00023066 _____ () C:\Users\Alex\Desktop\Gmer.zip
2014-05-11 19:36 - 2014-05-11 19:36 - 00362848 _____ () C:\Users\Alex\Desktop\Gmer.log
2014-05-11 11:17 - 2014-05-11 11:17 - 00380416 _____ () C:\Users\Alex\Desktop\Gmer-19357.exe
2014-05-11 11:13 - 2014-05-11 11:11 - 00032102 _____ () C:\Users\Alex\Desktop\Addition.txt
2014-05-11 11:04 - 2014-05-11 11:03 - 00000470 _____ () C:\Users\Alex\Desktop\defogger_disable.log
2014-05-11 11:03 - 2014-05-11 11:03 - 00000000 _____ () C:\Users\Alex\defogger_reenable
2014-05-11 11:03 - 2011-07-25 20:54 - 00000000 ____D () C:\Users\Alex
2014-05-11 10:51 - 2014-05-11 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-05-11 10:50 - 2013-05-06 22:33 - 00002006 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-05-11 10:39 - 2014-05-11 10:39 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-05-11 10:37 - 2014-05-11 10:37 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-07 22:33 - 2014-05-07 22:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 22:13 - 2014-05-07 22:13 - 00001939 _____ () C:\Users\Alex\Desktop\McAfee Total Protection.lnk
2014-05-07 22:07 - 2014-05-07 22:07 - 00050477 _____ () C:\Users\Alex\Desktop\Defogger.exe
2014-05-07 21:19 - 2011-07-29 19:26 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-05-07 21:09 - 2011-07-27 21:16 - 00000000 ____D () C:\Users\Alex\Documents\BMW
2014-05-07 18:31 - 2011-07-26 12:28 - 00000000 ____D () C:\Users\Stephie
2014-05-07 18:28 - 2012-06-13 21:04 - 00000000 ____D () C:\Users\Stephie\0000gemischt
2014-05-07 18:27 - 2011-11-21 14:11 - 00000000 ____D () C:\Users\Stephie\Documents\00BEWERBUNG
2014-05-07 18:13 - 2011-08-17 07:56 - 00000000 ____D () C:\Users\Stephie\AppData\Local\Adobe
2014-05-05 20:06 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-05 19:51 - 2011-07-29 19:32 - 00000000 ____D () C:\ProgramData\MAGIX
2014-05-02 07:26 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-01 17:49 - 2011-07-26 12:29 - 00000000 ___RD () C:\Users\Stephie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-01 10:05 - 2014-05-01 10:05 - 00000000 __SHD () C:\Users\Stephie\AppData\Local\EmieUserList
2014-05-01 10:05 - 2014-05-01 10:05 - 00000000 __SHD () C:\Users\Stephie\AppData\Local\EmieSiteList
2014-04-29 19:50 - 2013-07-02 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2014-04-29 19:50 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 19:48 - 2014-04-29 19:48 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieUserList
2014-04-29 19:48 - 2014-04-29 19:48 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieSiteList
2014-04-29 19:47 - 2014-04-29 19:47 - 00010875 _____ () C:\Users\Alex\Desktop\Mappe1 (Automatisch gespeichert).xlsx
2014-04-29 19:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-29 16:01 - 2014-05-05 20:46 - 23547904 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-29 15:40 - 2014-05-05 20:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-29 14:48 - 2014-05-05 20:46 - 17384448 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-29 14:34 - 2014-05-05 20:46 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-27 13:21 - 2014-04-27 13:21 - 00410455 _____ () C:\Users\Alex\Downloads\2014-04-27_2662592_rennrad-tour_export.gpx
2014-04-27 13:01 - 2011-08-04 19:12 - 00000000 ____D () C:\Users\Alex\AppData\Local\Canon Easy-PhotoPrint EX
2014-04-27 12:32 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-18 12:34 - 2014-04-18 12:34 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-04-18 09:06 - 2011-07-27 21:15 - 00000000 ____D () C:\Users\Alex\Documents\Bike
2014-04-16 22:16 - 2013-10-10 21:22 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Canon
2014-04-16 21:45 - 2013-07-02 21:38 - 00038194 _____ () C:\Windows\Irremote.ini
2014-04-16 21:45 - 2013-07-02 21:36 - 00000000 ____D () C:\ProgramData\Hauppauge
2014-04-16 21:45 - 2011-07-27 21:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-14 04:24 - 2014-05-07 18:08 - 00465408 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-04-14 04:19 - 2014-05-07 18:08 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-10 20:43
==================== End Of Log ============================
--- --- --- --- --- --- |
|
15.05.2014, 19:55
| #12 |
| /// the machine /// TB-Ausbilder | Windows 7: Festplatte wird immer vollerESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
16.05.2014, 21:15
| #13 |
| | Windows 7: Festplatte wird immer voller Hi, also der erste Scan mit ESET endete in einem Neustart, am Abend gestartet und in der Früh war der Anmeldebildschirm da. Der zweite Versuch hier angehängt, die angeschlossenen Laufwerke habe ich angehakt. Das Laufwerk an der Fritzbox konnte ich allerdings nicht anwählen. Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=b115462ad6fd1047ba43bff0807217ec
# engine=18282
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-05-16 07:46:02
# local_time=2014-05-16 09:46:02 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5122 16777214 66 88 5618317 163083340 0 0
# compatibility_mode=5893 16776573 100 94 62994 151899412 0 0
# scanned=292360
# found=4
# cleaned=0
# scan_time=51991
sh=99549A0A27EC4873E6C7E7DFCB2A0EC70F211031 ft=1 fh=dbecfbd57f6d6578 vn="Variante von Win64/Toolbar.Widgi.B evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\pdfforge Toolbar\IE\9.1\pdfforgeToolbarIE64.dll.vir"
sh=3D09B4A1E2E55E7D1DF62B739D434F3F4E51DB90 ft=1 fh=31688d33c108b3f2 vn="Win32/Toolbar.Widgi evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe"
sh=6E3FB28E665A19061E3F555DC7BA416B5E7D2CFC ft=1 fh=d83f2b50ba447a77 vn="Variante von Win32/Packed.MoleboxUltra.A evtl. unerwünschte Anwendung" ac=I fn="C:\Program Files (x86)\SL-Lernsoftware\FB-Richtig-Mathe\FB-Richtig-Mathe.exe"
sh=D93B5D720ACA4C62F09FDB523FFE2DE7B098912B ft=0 fh=0000000000000000 vn="Variante von Win64/Toolbar.Widgi.A evtl. unerwünschte Anwendung" ac=I fn="C:\Windows\Installer\56cf2.msi"
Code:
ATTFilter Results of screen317's Security Check version 0.99.82
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
McAfee Anti-Virus und Anti-Spyware
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Adobe Reader 10.1.9 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-05-2014
Ran by Alex (administrator) on GANDALF on 16-05-2014 22:03:15
Running from C:\Users\Alex\Desktop
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(MAGIX AG) C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
() C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe
(WDC) C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Western Digital ) C:\Program Files\Western Digital\WD SmartWare\WDFME.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Panasonic Corporation) C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 4.0\AutoStartupService.exe
() C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe
(Western Digital Technologies, Inc.) C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(CyberLink) D:\Programme\CyberLink\Power2Go\CLMLSvc.exe
(CyberLink Corp.) D:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe
(cyberlink) C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\saUI.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSM\McSmtFwk.exe
(Microsoft Corporation) C:\Windows\ehome\ehrecvr.exe
(Microsoft Corporation) C:\Windows\ehome\mcGlidHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Haufe-Lexware GmbH & Co. KG) C:\Program Files (x86)\Common Files\Lexware\LxWebAccess\LxWebAccess.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-09-25] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [195072 2009-06-19] (ArcSoft Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [43848 2014-02-12] (Apple Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [651832 2011-08-24] (Sony Corporation)
HKLM-x32\...\Run: [mcui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311616 2014-04-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [UpdateLBPShortCut] => D:\Programme\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [MDS_Menu] => D:\Programme\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe [218408 2009-02-25] (CyberLink Corp.)
HKLM-x32\...\Run: [CLMLServer] => D:\Programme\CyberLink\Power2Go\CLMLSvc.exe [103720 2009-12-15] (CyberLink)
HKLM-x32\...\Run: [UpdateP2GoShortCut] => D:\Programme\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl9] => D:\Programme\CyberLink\PowerDVD9\PDVD9Serv.exe [87336 2010-08-02] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] => C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-11-23] (cyberlink)
HKLM-x32\...\Run: [UpdatePPShortCut] => D:\Programme\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [218408 2008-12-03] (CyberLink Corp.)
HKLM-x32\...\Run: [UCam_Menu] => D:\Programme\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [218408 2009-02-17] (CyberLink Corp.)
HKLM-x32\...\Run: [LGODDFU] => D:\Programme\LGTool\lgfw.exe [27760 2013-06-29] (Bitleader)
HKLM-x32\...\Run: [UpdatePSTShortCut] => D:\Programme\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe [222504 2010-06-02] (CyberLink Corp.)
HKLM-x32\...\Run: [mcpltui_exe] => C:\Program Files\McAfee.com\Agent\mcagent.exe [537992 2014-04-25] (McAfee, Inc.)
HKLM-x32\...\Run: [LexwareInfoService] => C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe [189808 2011-07-31] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-02-21] (Apple Inc.)
HKLM-x32\...\Run: [] => [X]
HKU\.DEFAULT\...\RunOnce: [{90140000-003D-0000-0000-0000000FF1CE}] - C:\Windows\system32\cmd.exe /C del "C:\ProgramData\Microsoft Help\Rgstrtn.lck" /Q /A:H
HKU\S-1-5-21-4044853685-2408808152-1568560140-1001\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1564992 2014-05-11] (Samsung)
HKU\S-1-5-21-4044853685-2408808152-1568560140-1001\...\Policies\system: [LogonHoursAction] 2
HKU\S-1-5-21-4044853685-2408808152-1568560140-1001\...\Policies\system: [DontDisplayLogonHoursWarnings] 1
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PHOTOfunSTUDIO 4.0.lnk
ShortcutTarget: PHOTOfunSTUDIO 4.0.lnk -> C:\Program Files (x86)\Panasonic\PHOTOfunSTUDIO 4.0\AutoStartupService.exe (Panasonic Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Scanner Finder.lnk
ShortcutTarget: Scanner Finder.lnk -> C:\Program Files (x86)\ScanWizard 5\ScannerFinder.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WD Quick View.lnk
ShortcutTarget: WD Quick View.lnk -> C:\Program Files\Western Digital\WD SmartWare\WDDMStatus.exe (Western Digital Technologies, Inc.)
GroupPolicyUsers\S-1-5-21-4044853685-2408808152-1568560140-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4044853685-2408808152-1568560140-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4044853685-2408808152-1568560140-1003\User: Group Policy restriction detected <======= ATTENTION
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x37628E468E4CCC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
URLSearchHook: HKCU - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - DefaultScope {848B9794-9099-47E5-BF5C-F3B5E5C60CF4} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {848B9794-9099-47E5-BF5C-F3B5E5C60CF4} URL = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
SearchScopes: HKCU - {9A3B43AC-87D8-4859-9E78-7B960E48427D} URL = hxxp://de.search.yahoo.com/search?fr=mcafee&type=A011DE0&p={SearchTerms}
BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Toolbar: HKCU - No Name - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - C:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - C:\Program Files (x86)\McAfee\MSC\McSnIePl.dll (McAfee, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 - c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.10.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 - c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL ()
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor
FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2013-07-03]
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2013-07-03]
==================== Services (Whitelisted) =================
S2 0146191400269405mcinstcleanup; C:\Windows\TEMP\014619~1.EXE [827456 2012-01-09] (McAfee, Inc.)
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [109056 2009-02-06] (ArcSoft Inc.)
R2 AdobeActiveFileMonitor10.0; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [169624 2011-09-01] (Adobe Systems Incorporated)
S2 CLKMSVC10_BB1DDEDD; D:\Programme\CyberLink\PowerDVD9\NavFilter\kmsvc.exe [240112 2010-11-23] (CyberLink)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McAfee SiteAdvisor Service; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [178528 2014-04-25] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\McAfee\MSC\McAWFwk.exe [225216 2011-01-28] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [602944 2013-08-02] (McAfee, Inc.)
S4 McOobeSv; C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe [201304 2012-08-31] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 mfecore; C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe [1025712 2014-01-21] (McAfee, Inc.)
R2 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [219752 2014-03-17] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [185792 2014-03-17] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [328928 2013-07-30] (McAfee, Inc.)
R2 RichVideo; C:\Program Files (x86)\Cyberlink\Shared files\RichVideo.exe [244904 2009-07-02] ()
R2 WDDMService; C:\Program Files\Western Digital\WD SmartWare\WDDMService.exe [317328 2011-08-01] (WDC)
R2 WDFMEService; C:\Program Files\Western Digital\WD SmartWare\WDFME.exe [1978256 2011-08-01] (Western Digital )
R2 WDRulesService; C:\Program Files\Western Digital\WD SmartWare\WDRulesEngine.exe [1338256 2011-08-01] (Western Digital )
==================== Drivers (Whitelisted) ====================
S3 61883; C:\Windows\System32\DRIVERS\61883.sys [60288 2009-07-14] (Microsoft Corporation)
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R3 avmaudio; C:\Windows\System32\DRIVERS\avmaudio.sys [116480 2012-12-20] (AVM Berlin)
R3 avmaura; C:\Windows\System32\DRIVERS\avmaura.sys [116480 2012-12-20] (AVM Berlin)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [70592 2014-03-17] (McAfee, Inc.)
R3 E100B; C:\Windows\System32\DRIVERS\efe5b32e.sys [192256 2009-06-10] (Intel Corporation)
R3 hcw85cir; C:\Windows\System32\drivers\hcw85cir3.sys [33792 2011-09-29] (Hauppauge Computer Works, Inc.)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [197704 2013-09-23] (McAfee, Inc.)
R0 McPvDrv; C:\Windows\System32\drivers\McPvDrv.sys [74560 2013-09-09] (McAfee, Inc.)
R3 mfeapfk; C:\Windows\System32\drivers\mfeapfk.sys [180272 2014-03-17] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [311600 2014-03-17] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [522360 2014-03-17] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [783864 2014-03-17] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [422712 2014-01-21] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [96592 2014-01-21] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [345456 2014-03-17] (McAfee, Inc.)
S3 Serial; C:\Windows\system32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [59184 2011-11-17] (Windows (R) 2000 DDK provider)
S1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [572336 2011-11-17] (Paragon)
S1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [352816 2011-11-17] (Paragon)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-05-16 22:01 - 2014-05-16 22:01 - 00000720 _____ () C:\Users\Alex\Desktop\checkup.txt
2014-05-16 21:56 - 2014-05-16 21:56 - 00855379 _____ () C:\Users\Alex\Desktop\SecurityCheck.exe
2014-05-16 06:18 - 2014-05-16 06:18 - 00000000 ____D () C:\Windows\rescache
2014-05-16 03:35 - 2014-05-06 06:40 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-16 03:35 - 2014-05-06 06:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-16 03:35 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-16 03:35 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-16 03:35 - 2014-05-06 05:00 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-16 03:35 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-15 21:15 - 2014-05-15 21:15 - 02347384 _____ (ESET) C:\Users\Alex\Desktop\esetsmartinstaller_deu.exe
2014-05-15 20:12 - 2014-05-09 08:14 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-15 20:12 - 2014-05-09 08:11 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-15 20:12 - 2014-03-25 04:43 - 14175744 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-15 20:12 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2014-05-15 20:11 - 2014-04-12 04:22 - 00155072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-15 20:11 - 2014-04-12 04:22 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-15 20:11 - 2014-04-12 04:19 - 01460736 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-15 20:11 - 2014-04-12 04:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-15 20:11 - 2014-04-12 04:19 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-15 20:11 - 2014-04-12 04:19 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-15 20:11 - 2014-04-12 04:19 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-15 20:11 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2014-05-15 20:11 - 2014-04-12 04:10 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2014-05-15 20:11 - 2014-03-04 11:47 - 05550016 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-15 20:11 - 2014-03-04 11:44 - 00728064 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-15 20:11 - 2014-03-04 11:44 - 00722944 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-15 20:11 - 2014-03-04 11:44 - 00424960 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-15 20:11 - 2014-03-04 11:44 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-15 20:11 - 2014-03-04 11:44 - 00314880 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-15 20:11 - 2014-03-04 11:44 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-15 20:11 - 2014-03-04 11:44 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-15 20:11 - 2014-03-04 11:44 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-15 20:11 - 2014-03-04 11:43 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-15 20:11 - 2014-03-04 11:43 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-15 20:11 - 2014-03-04 11:43 - 00056832 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-15 20:11 - 2014-03-04 11:43 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-15 20:11 - 2014-03-04 11:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-15 20:11 - 2014-03-04 11:43 - 00044544 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-15 20:11 - 2014-03-04 11:43 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-15 20:11 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2014-05-15 20:11 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2014-05-15 20:11 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2014-05-15 20:11 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\objsel.dll
2014-05-15 20:11 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2014-05-15 20:11 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2014-05-15 20:11 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2014-05-15 20:11 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2014-05-15 20:11 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cngprovider.dll
2014-05-15 20:11 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adprovider.dll
2014-05-15 20:11 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\capiprovider.dll
2014-05-15 20:11 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dpapiprovider.dll
2014-05-15 20:11 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dimsroam.dll
2014-05-15 20:11 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wincredprovider.dll
2014-05-15 20:11 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2014-05-15 20:11 - 2014-03-04 11:16 - 00274944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2014-05-14 23:34 - 2014-05-14 23:34 - 00038406 _____ () C:\Users\Alex\Desktop\FRST01.txt
2014-05-14 23:31 - 2014-05-16 22:03 - 00000000 ____D () C:\Users\Alex\Desktop\FRST-OlderVersion
2014-05-14 23:14 - 2014-05-14 23:14 - 00001015 _____ () C:\Users\Alex\Desktop\JRT.txt
2014-05-14 22:48 - 2014-05-14 22:48 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 22:47 - 2014-05-14 22:47 - 01016261 _____ (Thisisu) C:\Users\Alex\Desktop\JRT.exe
2014-05-14 22:43 - 2014-05-14 22:43 - 00003859 _____ () C:\Users\Alex\Desktop\AdwCleaner[S0].txt
2014-05-14 22:27 - 2014-05-14 22:40 - 00000000 ____D () C:\AdwCleaner
2014-05-14 22:25 - 2014-05-14 22:26 - 01325827 _____ () C:\Users\Alex\Desktop\adwcleaner_3.208.exe
2014-05-14 22:21 - 2014-05-14 22:21 - 00007594 _____ () C:\Users\Alex\Desktop\MBAM.txt
2014-05-14 21:35 - 2014-05-14 22:16 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 21:32 - 2014-05-14 21:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 21:32 - 2014-05-14 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-14 21:32 - 2014-05-14 21:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 21:32 - 2014-05-14 21:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-14 21:32 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-14 21:32 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-14 21:32 - 2014-04-03 09:50 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-13 20:18 - 2014-05-13 20:18 - 00023339 _____ () C:\Users\Alex\Desktop\ComboFix.txt
2014-05-13 20:16 - 2014-05-13 20:16 - 00023339 _____ () C:\ComboFix.txt
2014-05-13 19:32 - 2014-05-13 20:16 - 00000000 ____D () C:\Qoobox
2014-05-13 19:32 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-05-13 19:32 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-05-13 19:32 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-05-13 19:32 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-05-13 19:32 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-05-13 19:32 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-05-13 19:32 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-05-13 19:32 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-05-13 19:31 - 2014-05-13 20:11 - 00000000 ____D () C:\Windows\erdnt
2014-05-13 19:24 - 2014-05-13 19:24 - 05200050 ____R (Swearware) C:\Users\Alex\Desktop\ComboFix.exe
2014-05-11 20:54 - 2014-05-11 20:54 - 00514632 _____ () C:\Windows\Minidump\051114-21699-01.dmp
2014-05-11 20:30 - 2014-05-11 20:30 - 00023066 _____ () C:\Users\Alex\Desktop\Gmer.zip
2014-05-11 19:36 - 2014-05-11 19:36 - 00362848 _____ () C:\Users\Alex\Desktop\Gmer.log
2014-05-11 11:17 - 2014-05-11 11:17 - 00380416 _____ () C:\Users\Alex\Desktop\Gmer-19357.exe
2014-05-11 11:11 - 2014-05-11 11:13 - 00032102 _____ () C:\Users\Alex\Desktop\Addition.txt
2014-05-11 11:07 - 2014-05-16 22:03 - 00017395 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-05-11 11:07 - 2014-05-16 22:03 - 00000000 ____D () C:\FRST
2014-05-11 11:06 - 2014-05-16 22:03 - 02067456 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-05-11 11:03 - 2014-05-11 11:04 - 00000470 _____ () C:\Users\Alex\Desktop\defogger_disable.log
2014-05-11 11:03 - 2014-05-11 11:03 - 00000000 _____ () C:\Users\Alex\defogger_reenable
2014-05-11 10:51 - 2014-05-11 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-05-11 10:39 - 2014-05-11 10:39 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-05-11 10:37 - 2014-05-11 10:37 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-07 22:33 - 2014-05-16 03:56 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-07 22:13 - 2014-05-07 22:13 - 00001939 _____ () C:\Users\Alex\Desktop\McAfee Total Protection.lnk
2014-05-07 22:07 - 2014-05-07 22:07 - 00050477 _____ () C:\Users\Alex\Desktop\Defogger.exe
2014-05-01 10:05 - 2014-05-01 10:05 - 00000000 __SHD () C:\Users\Stephie\AppData\Local\EmieUserList
2014-05-01 10:05 - 2014-05-01 10:05 - 00000000 __SHD () C:\Users\Stephie\AppData\Local\EmieSiteList
2014-04-29 19:48 - 2014-04-29 19:48 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieUserList
2014-04-29 19:48 - 2014-04-29 19:48 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieSiteList
2014-04-29 19:47 - 2014-04-29 19:47 - 00010875 _____ () C:\Users\Alex\Desktop\Mappe1 (Automatisch gespeichert).xlsx
2014-04-29 19:19 - 2014-03-06 11:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 19:19 - 2014-03-06 10:59 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 19:19 - 2014-03-06 10:57 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 19:19 - 2014-03-06 10:57 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 19:19 - 2014-03-06 10:40 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 19:19 - 2014-03-06 10:39 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 19:19 - 2014-03-06 10:32 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 19:19 - 2014-03-06 10:29 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 19:19 - 2014-03-06 10:29 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 19:19 - 2014-03-06 10:28 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 19:19 - 2014-03-06 10:15 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 19:19 - 2014-03-06 10:09 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 19:19 - 2014-03-06 10:03 - 00586240 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 19:19 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-04-29 19:19 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-04-29 19:19 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-04-29 19:19 - 2014-03-06 09:56 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 19:19 - 2014-03-06 09:48 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 19:19 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-04-29 19:19 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-04-29 19:19 - 2014-03-06 09:42 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 19:19 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-04-29 19:19 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-04-29 19:19 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-04-29 19:19 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-04-29 19:19 - 2014-03-06 09:21 - 00628736 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 19:19 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-04-29 19:19 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-04-29 19:19 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-04-29 19:19 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-04-29 19:19 - 2014-03-06 07:50 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 19:19 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-04-29 19:18 - 2014-03-06 10:53 - 02767360 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 19:18 - 2014-03-06 10:11 - 05784064 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 19:18 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-04-29 19:18 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-04-29 19:18 - 2014-03-06 09:11 - 02043904 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 19:18 - 2014-03-06 08:53 - 13551104 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 19:18 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-04-29 19:18 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-04-29 19:18 - 2014-03-06 08:22 - 02260480 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 19:18 - 2014-03-06 07:58 - 01400832 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-29 19:18 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-04-29 19:18 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-04-27 13:21 - 2014-04-27 13:21 - 00410455 _____ () C:\Users\Alex\Downloads\2014-04-27_2662592_rennrad-tour_export.gpx
2014-04-25 16:57 - 2013-09-23 13:49 - 00197704 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2014-04-18 12:34 - 2014-04-18 12:34 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
==================== One Month Modified Files and Folders =======
2014-05-16 22:03 - 2014-05-14 23:31 - 00000000 ____D () C:\Users\Alex\Desktop\FRST-OlderVersion
2014-05-16 22:03 - 2014-05-11 11:07 - 00017395 _____ () C:\Users\Alex\Desktop\FRST.txt
2014-05-16 22:03 - 2014-05-11 11:07 - 00000000 ____D () C:\FRST
2014-05-16 22:03 - 2014-05-11 11:06 - 02067456 _____ (Farbar) C:\Users\Alex\Desktop\FRST64.exe
2014-05-16 22:01 - 2014-05-16 22:01 - 00000720 _____ () C:\Users\Alex\Desktop\checkup.txt
2014-05-16 21:57 - 2012-07-13 20:40 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-16 21:56 - 2014-05-16 21:56 - 00855379 _____ () C:\Users\Alex\Desktop\SecurityCheck.exe
2014-05-16 21:15 - 2011-07-25 20:54 - 01170971 _____ () C:\Windows\WindowsUpdate.log
2014-05-16 20:02 - 2013-07-03 21:05 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2014-05-16 07:06 - 2011-07-25 21:29 - 00000000 ____D () C:\Users\Alex\Documents\Outlook-Dateien
2014-05-16 07:03 - 2013-01-08 20:57 - 00000000 __RSD () C:\Users\Alex\Documents\McAfee-Tresore
2014-05-16 07:02 - 2011-07-25 21:02 - 00000680 __RSH () C:\Users\Alex\ntuser.pol
2014-05-16 07:02 - 2011-07-25 20:54 - 00000000 ___RD () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-16 07:02 - 2011-07-25 20:54 - 00000000 ___RD () C:\Users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2014-05-16 07:02 - 2011-07-25 20:54 - 00000000 ____D () C:\Users\Alex
2014-05-16 06:18 - 2014-05-16 06:18 - 00000000 ____D () C:\Windows\rescache
2014-05-16 04:14 - 2009-07-14 06:45 - 00013728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-16 04:14 - 2009-07-14 06:45 - 00013728 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-16 04:11 - 2009-07-14 19:58 - 09694486 _____ () C:\Windows\system32\perfh007.dat
2014-05-16 04:11 - 2009-07-14 19:58 - 02957318 _____ () C:\Windows\system32\perfc007.dat
2014-05-16 04:11 - 2009-07-14 07:13 - 00006456 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-16 04:05 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-16 04:05 - 2009-07-14 06:51 - 00092370 _____ () C:\Windows\setupact.log
2014-05-16 03:56 - 2014-05-07 22:33 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-16 03:41 - 2011-07-25 21:10 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-05-16 03:22 - 2013-08-15 12:22 - 00000000 ____D () C:\Windows\system32\MRT
2014-05-16 03:22 - 2011-07-27 13:33 - 93223848 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-05-16 02:00 - 2011-07-27 21:50 - 00000000 ____D () C:\Users\Alex\AppData\Local\Adobe
2014-05-15 21:15 - 2014-05-15 21:15 - 02347384 _____ (ESET) C:\Users\Alex\Desktop\esetsmartinstaller_deu.exe
2014-05-14 23:34 - 2014-05-14 23:34 - 00038406 _____ () C:\Users\Alex\Desktop\FRST01.txt
2014-05-14 23:14 - 2014-05-14 23:14 - 00001015 _____ () C:\Users\Alex\Desktop\JRT.txt
2014-05-14 22:48 - 2014-05-14 22:48 - 00000000 ____D () C:\Windows\ERUNT
2014-05-14 22:47 - 2014-05-14 22:47 - 01016261 _____ (Thisisu) C:\Users\Alex\Desktop\JRT.exe
2014-05-14 22:43 - 2014-05-14 22:43 - 00003859 _____ () C:\Users\Alex\Desktop\AdwCleaner[S0].txt
2014-05-14 22:42 - 2011-07-25 22:35 - 00416312 _____ () C:\Windows\PFRO.log
2014-05-14 22:40 - 2014-05-14 22:27 - 00000000 ____D () C:\AdwCleaner
2014-05-14 22:26 - 2014-05-14 22:25 - 01325827 _____ () C:\Users\Alex\Desktop\adwcleaner_3.208.exe
2014-05-14 22:21 - 2014-05-14 22:21 - 00007594 _____ () C:\Users\Alex\Desktop\MBAM.txt
2014-05-14 22:18 - 2011-07-27 21:39 - 00000000 ____D () C:\Users\Alex\Documents\Krankenkasse
2014-05-14 22:16 - 2014-05-14 21:35 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 21:32 - 2014-05-14 21:32 - 00001106 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 21:32 - 2014-05-14 21:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-05-14 21:32 - 2014-05-14 21:32 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 21:32 - 2014-05-14 21:32 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-05-13 20:58 - 2012-07-13 20:40 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-05-13 20:57 - 2012-04-03 20:25 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-05-13 20:57 - 2011-07-27 21:49 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-05-13 20:18 - 2014-05-13 20:18 - 00023339 _____ () C:\Users\Alex\Desktop\ComboFix.txt
2014-05-13 20:16 - 2014-05-13 20:16 - 00023339 _____ () C:\ComboFix.txt
2014-05-13 20:16 - 2014-05-13 19:32 - 00000000 ____D () C:\Qoobox
2014-05-13 20:11 - 2014-05-13 19:31 - 00000000 ____D () C:\Windows\erdnt
2014-05-13 20:10 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-05-13 20:00 - 2009-07-14 04:34 - 75235328 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-05-13 20:00 - 2009-07-14 04:34 - 20447232 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-05-13 20:00 - 2009-07-14 04:34 - 00786432 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-05-13 20:00 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-05-13 20:00 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-05-13 19:24 - 2014-05-13 19:24 - 05200050 ____R (Swearware) C:\Users\Alex\Desktop\ComboFix.exe
2014-05-12 19:44 - 2013-06-29 18:39 - 00000357 _____ () C:\Windows\lgfwup.ini
2014-05-11 22:27 - 2011-07-29 18:58 - 00000000 ____D () C:\Users\Stephie\Documents\Outlook-Dateien
2014-05-11 22:26 - 2013-01-07 23:55 - 00000000 __RSD () C:\Users\Stephie\Documents\McAfee-Tresore
2014-05-11 20:54 - 2014-05-11 20:54 - 00514632 _____ () C:\Windows\Minidump\051114-21699-01.dmp
2014-05-11 20:54 - 2012-07-04 20:50 - 00000000 ____D () C:\Windows\Minidump
2014-05-11 20:30 - 2014-05-11 20:30 - 00023066 _____ () C:\Users\Alex\Desktop\Gmer.zip
2014-05-11 19:36 - 2014-05-11 19:36 - 00362848 _____ () C:\Users\Alex\Desktop\Gmer.log
2014-05-11 11:17 - 2014-05-11 11:17 - 00380416 _____ () C:\Users\Alex\Desktop\Gmer-19357.exe
2014-05-11 11:13 - 2014-05-11 11:11 - 00032102 _____ () C:\Users\Alex\Desktop\Addition.txt
2014-05-11 11:04 - 2014-05-11 11:03 - 00000470 _____ () C:\Users\Alex\Desktop\defogger_disable.log
2014-05-11 11:03 - 2014-05-11 11:03 - 00000000 _____ () C:\Users\Alex\defogger_reenable
2014-05-11 10:51 - 2014-05-11 10:51 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyFree Codec
2014-05-11 10:50 - 2013-05-06 22:33 - 00002006 _____ () C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
2014-05-11 10:39 - 2014-05-11 10:39 - 00000000 ____D () C:\Program Files (x86)\MarkAny
2014-05-11 10:37 - 2014-05-11 10:37 - 00000000 ____D () C:\Users\Public\Documents\CrashDump
2014-05-09 08:14 - 2014-05-15 20:12 - 00477184 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 08:11 - 2014-05-15 20:12 - 00424448 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-07 22:13 - 2014-05-07 22:13 - 00001939 _____ () C:\Users\Alex\Desktop\McAfee Total Protection.lnk
2014-05-07 22:07 - 2014-05-07 22:07 - 00050477 _____ () C:\Users\Alex\Desktop\Defogger.exe
2014-05-07 21:19 - 2011-07-29 19:26 - 00000000 ____D () C:\Program Files (x86)\MAGIX
2014-05-07 21:09 - 2011-07-27 21:16 - 00000000 ____D () C:\Users\Alex\Documents\BMW
2014-05-07 18:31 - 2011-07-26 12:28 - 00000000 ____D () C:\Users\Stephie
2014-05-07 18:28 - 2012-06-13 21:04 - 00000000 ____D () C:\Users\Stephie\0000gemischt
2014-05-07 18:27 - 2011-11-21 14:11 - 00000000 ____D () C:\Users\Stephie\Documents\00BEWERBUNG
2014-05-07 18:13 - 2011-08-17 07:56 - 00000000 ____D () C:\Users\Stephie\AppData\Local\Adobe
2014-05-06 06:40 - 2014-05-16 03:35 - 23544320 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 06:17 - 2014-05-16 03:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 05:25 - 2014-05-16 03:35 - 17382912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-06 05:07 - 2014-05-16 03:35 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-06 05:00 - 2014-05-16 03:35 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-06 04:10 - 2014-05-16 03:35 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-05 20:06 - 2009-07-14 20:18 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-05-05 19:51 - 2011-07-29 19:32 - 00000000 ____D () C:\ProgramData\MAGIX
2014-05-02 07:26 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-05-01 17:49 - 2011-07-26 12:29 - 00000000 ___RD () C:\Users\Stephie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-05-01 10:05 - 2014-05-01 10:05 - 00000000 __SHD () C:\Users\Stephie\AppData\Local\EmieUserList
2014-05-01 10:05 - 2014-05-01 10:05 - 00000000 __SHD () C:\Users\Stephie\AppData\Local\EmieSiteList
2014-04-29 19:50 - 2013-07-02 21:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Hauppauge WinTV
2014-04-29 19:50 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-29 19:48 - 2014-04-29 19:48 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieUserList
2014-04-29 19:48 - 2014-04-29 19:48 - 00000000 __SHD () C:\Users\Alex\AppData\Local\EmieSiteList
2014-04-29 19:47 - 2014-04-29 19:47 - 00010875 _____ () C:\Users\Alex\Desktop\Mappe1 (Automatisch gespeichert).xlsx
2014-04-29 19:38 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2014-04-27 13:21 - 2014-04-27 13:21 - 00410455 _____ () C:\Users\Alex\Downloads\2014-04-27_2662592_rennrad-tour_export.gpx
2014-04-27 13:01 - 2011-08-04 19:12 - 00000000 ____D () C:\Users\Alex\AppData\Local\Canon Easy-PhotoPrint EX
2014-04-27 12:32 - 2009-07-14 07:32 - 00000000 ____D () C:\Windows\system32\FxsTmp
2014-04-18 12:34 - 2014-04-18 12:34 - 00000000 ____D () C:\Users\Public\Documents\NativeFus_Log
2014-04-18 09:06 - 2011-07-27 21:15 - 00000000 ____D () C:\Users\Alex\Documents\Bike
2014-04-16 22:16 - 2013-10-10 21:22 - 00000000 ____D () C:\Users\Alex\AppData\Roaming\Canon
2014-04-16 21:45 - 2013-07-02 21:38 - 00038194 _____ () C:\Windows\Irremote.ini
2014-04-16 21:45 - 2013-07-02 21:36 - 00000000 ____D () C:\ProgramData\Hauppauge
2014-04-16 21:45 - 2011-07-27 21:58 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
Some content of TEMP:
====================
C:\Users\Alex\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe
[2014-05-15 20:11] - [2014-03-04 11:43] - 0455168 ____A (Microsoft Corporation) 88AB9B72B4BF3963A0DE0820B4B0B06C
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2014-05-10 20:43
==================== End Of Log ============================
--- --- --- |
|
17.05.2014, 19:49
| #14 |
| /// the machine /// TB-Ausbilder | Windows 7: Festplatte wird immer voller Adobe updaten. Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop. Schließe nun alle offenen Programme und trenne Dich von dem Internet. Doppelklick auf die TFC.exe und drücke auf Start. Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter GroupPolicyUsers\S-1-5-21-4044853685-2408808152-1568560140-1005\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4044853685-2408808152-1568560140-1004\User: Group Policy restriction detected <======= ATTENTION
GroupPolicyUsers\S-1-5-21-4044853685-2408808152-1568560140-1003\User: Group Policy restriction detected <======= ATTENTION
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Fertig Die Reihenfolge ist hier entscheidend.
Falls Du Lob oder Kritik abgeben möchtest kannst Du das hier tun Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
20.05.2014, 20:08
| #15 |
| | Windows 7: Festplatte wird immer voller Hallo Schrauber, hab fast alles so gemacht wie beschrieben, Adobe Update, TFC (lief die Nacht durch), Fixlist erstellt und FRST laufen lassen. Dann hab ich allerdings gleich mit DelFix weiter gemacht und natürlich damit die erstellte Fixlog.txt Datei gelöscht.  Soll ich FRST noch mal downloaden und wie beschrieben laufen lassen? Ansonsten war alles super, toll beschrieben und es hat alles wunderbar geklappt.  Vielen Dank nochmal, hab Euch schon weiter empfohlen und eine kleine Spende getätigt, ist doch klar. Ich mach mich jetzt daran Deine Tipps zu befolgen und mein System abzusichern. Ach ja, soll ich den McAfee evtl. durch was Anderes ersetzen? Grüße Kermit P.S. kann es sein, dass der Internetexplorer jetzt eine Macke hat, findet z.B. Google und Yahoo nicht mehr? Muss mich das interessieren, denn mit dem frisch installierten Firefox geht's. |
|
| Themen zu Windows 7: Festplatte wird immer voller |
| anleitung, avira, bereich, betriebssystem, biete, bietet, entfernen, festplatte, heute, mcafee, nichts, platte, problem, programme, scan, scanner, speicherplatz, ssd festplatte, trojaner, updates, video, virenscan, virenscanner, windows, windows 7, windows 7 64 bit, zeiten, zugemüllt |
Linear-Darstellung
