| |
| |||||||
Log-Analyse und Auswertung: Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
23.06.2014, 11:36
| #1 |
 |  Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen) Hallo liebe Helfer, mein Problem ist folgendes: Mein Ultrabook von Samsung Serie 5 mit dem Betriebssystem Windows 7 (falls es relevant ist), hat seit ca. einem Monat ein Absturz Problem. Dieses geht einher mit dem Geräusch, welches kommt, wenn man etwas in den USB Port steckt. Dieses Geräusch kommt, wenn ich es hochnehme und irgendwo hinlege, manchmal aber auch einfach nur so und zwar oft hintereinander, also sporadisch. Ich habe natürlich nichts in den Ports stecken. Ich bin mir nicht sicher, ob es ein Soft-oder Hardware Problem ist. Das Ultrabook ist zu Beginn des Problems alle paar Minuten abgestürzt, es gab also den Sicherheits Blue Screen. Ich habe mir eingebildet, dass es (der Sound) von der Art und Weise kommt, wie ich es halte der bewege. Nun stürzt es fast täglich ab. Ist aber nicht so, dass der Sound kommt und es dann abstürzt, vielleicht hängt das auch gar nicht miteinander zusammen, aber beide Probleme sind zur selben Zeit aufgetreten. Außerdem habe ich seit dem Beginn des Problems auch einen Defekt bei meiner Anti Viren Software (avast), es sind Updates verfügbar, aber es kann keine Verbindung zum Server hergestellt werden. Hab das gegoogelt, aber das ist bei anderen Usern kein temporäres Problem wie bei mir. Im folgenden kommen die gewünschten Log Files: defogger disable: defogger_disable by jpshortstuff (23.02.10.1) Log created at 12:28 on 18/06/2014 (Samsung) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- _____________________________________________________________________________ Die restlichen Log Files hängen an. Ich hab leider noch keins von meinem normalen AntiViren Programm, es läuft gerade noch einmal durch. Ich kann das nachreichen. Ich hoffe, mir kann jemand weiter helfen. Danke schon einmal fürs Lesen! Viele Grüße, Anna. |
|
23.06.2014, 12:28
| #2 |
| /// the machine /// TB-Ausbilder    | Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen) Hi,
__________________Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen. Ich kann auf Arbeit keine Anhänge öffnen, danke.  So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
23.06.2014, 12:32
| #3 |
| | Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen)FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 18-06-2014
Ran by Samsung (administrator) on SAMSUNG-PC on 18-06-2014 23:47:59
Running from C:\Users\Samsung\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.7\GoogleCrashHandler64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(The Privoxy team - www.privoxy.org) C:\Program Files (x86)\MSR\Privoxy\privoxy.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Samsung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe
(Dropbox, Inc.) C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [hpqSRMon] => C:\Program Files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe [150528 2008-07-22] (Hewlett-Packard)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54840 2007-05-08] (Hewlett-Packard)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [fst_de_18] => [X]
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039240 2013-12-26] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3279623851-2464560472-1099086217-1000\...\Run: [Spotify Web Helper] => C:\Users\Samsung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-23] (Spotify Ltd)
HKU\S-1-5-21-3279623851-2464560472-1099086217-1000\...\RunOnce: [Uninstall C:\Users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.2003.1112\amd64"
HKU\S-1-5-21-3279623851-2464560472-1099086217-1000\...\RunOnce: [Uninstall C:\Users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64"
HKU\S-1-5-21-3279623851-2464560472-1099086217-1000\...\RunOnce: [Uninstall C:\Users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.2011.0627\amd64"
HKU\S-1-5-21-3279623851-2464560472-1099086217-1000\...\RunOnce: [Uninstall C:\Users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.2015.0811\amd64"
HKU\S-1-5-21-3279623851-2464560472-1099086217-1000\...\RunOnce: [Uninstall C:\Users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64] - C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.4029.0217\amd64"
HKU\S-1-5-21-3279623851-2464560472-1099086217-1000\...\MountPoints2: {ba662691-580b-11e3-b667-08002700b4b5} - D:\LaunchU3.exe
AppInit_DLLs: C:\PROGRA~2\SupTab\SEARCH~2.DLL => C:\PROGRA~2\SupTab\SEARCH~2.DLL File Not Found
Startup: C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\An OneNote senden.lnk
ShortcutTarget: An OneNote senden.lnk -> C:\Program Files\Microsoft Office 15\root\office15\ONENOTEM.EXE (Microsoft Corporation)
Startup: C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
==================== Internet (Whitelisted) ====================
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF63FEF6214DDCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.v9.com/web/?type=ds&ts=1401299731&from=cvs4&uid=SanDiskXSSDXi100X16GB_181000120312&i=psd&t=3433d5ec5&q={searchTerms}
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.v9.com/web/?type=ds&ts=1401299731&from=cvs4&uid=SanDiskXSSDXi100X16GB_181000120312&i=psd&t=3433d5ec5&q={searchTerms}
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.v9.com/web/?type=ds&ts=1401299731&from=cvs4&uid=SanDiskXSSDXi100X16GB_181000120312&i=psd&t=3433d5ec5&q={searchTerms}
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.v9.com/?type=sc&ts=1401299731&from=cvs4&uid=SanDiskXSSDXi100X16GB_181000120312&i=psd&t=3433d5ec5
SearchScopes: HKLM-x32 - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - DefaultScope {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{459A5E2F-6ED2-41B3-84B9-49B700994514}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t6nayio3.default
FF NetworkProxy: " type", 1);user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.7\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t6nayio3.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\v9.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Quick Start - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t6nayio3.default\Extensions\quick_start@gmail.com [2014-05-28]
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-18]
FF HKLM-x32\...\Firefox\Extensions: [quick_start@gmail.com] - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t6nayio3.default\extensions\quick_start@gmail.com
FF Extension: Quick Start - C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t6nayio3.default\extensions\quick_start@gmail.com [2014-05-28]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-02]
Chrome:
=======
CHR StartupUrls: "hxxp://google.de/"
CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-29]
CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-29]
CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-29]
CHR Extension: (Google-Suche) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-29]
CHR Extension: (AdBlock) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-29]
CHR Extension: (avast! WebRep) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-12-22]
CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-16]
CHR Extension: (Google Mail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-29]
CHR HKLM-x32\...\Chrome\Extension: [cacclhdpfoingihegojhoipnihfnoaki] - C:\Users\Samsung\AppData\Local\MediaBA\betterads.crx [2013-06-26]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-12-18]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2266296 2014-05-16] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
R2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] () [File not signed]
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-31] (AVAST Software)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-18 23:47 - 2014-06-18 23:48 - 00029889 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-06-18 23:47 - 2014-06-18 23:48 - 00000000 ____D () C:\FRST
2014-06-18 23:46 - 2014-06-18 23:47 - 02082304 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2014-06-18 23:45 - 2014-06-18 23:45 - 01072128 _____ (Farbar) C:\Users\Samsung\Downloads\FRST.exe
2014-06-18 23:31 - 2014-06-18 23:31 - 00000000 ___SH () C:\DkHyperbootSync
2014-06-18 19:02 - 2014-06-18 19:03 - 00262144 _____ () C:\Windows\Minidump\061814-44179-01.dmp
2014-06-18 12:28 - 2014-06-18 12:28 - 00000476 _____ () C:\Users\Samsung\Downloads\defogger_disable.log
2014-06-18 12:28 - 2014-06-18 12:28 - 00000000 _____ () C:\Users\Samsung\defogger_reenable
2014-06-18 12:26 - 2014-06-18 12:26 - 00050477 _____ () C:\Users\Samsung\Downloads\Defogger.exe
2014-06-18 12:15 - 2014-06-18 12:16 - 00332160 _____ () C:\Windows\Minidump\061814-23992-01.dmp
2014-06-17 13:38 - 2014-06-17 13:38 - 00262144 _____ () C:\Windows\Minidump\061714-20451-01.dmp
2014-06-17 13:32 - 2014-06-17 13:32 - 00262144 _____ () C:\Windows\Minidump\061714-24554-01.dmp
2014-06-16 14:58 - 2014-06-16 15:21 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_F61
2014-06-16 14:47 - 2014-06-16 14:47 - 02602496 _____ () C:\Users\Samsung\Downloads\Thema_7_USA_Innovationssystem.ppt
2014-06-16 14:42 - 2014-06-16 14:42 - 00689152 _____ () C:\Users\Samsung\Downloads\Thema_6_China_als_aufstrebendes_Innovationssystem.ppt
2014-06-16 14:10 - 2014-06-16 14:10 - 00000000 ____D () C:\Users\Samsung\Documents\OneNote-Notizbücher
2014-06-16 11:52 - 2014-06-16 11:52 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13 (1).ppt
2014-06-16 11:45 - 2014-06-16 11:45 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13.ppt
2014-06-16 09:56 - 2014-06-18 19:27 - 00005150 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Samsung-PC-Samsung Samsung-PC
2014-06-15 21:40 - 2014-06-15 21:40 - 00262144 _____ () C:\Windows\Minidump\061514-23743-01.dmp
2014-06-15 17:04 - 2014-06-15 17:04 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_1AC0
2014-06-15 17:03 - 2014-06-15 17:03 - 00072704 _____ () C:\Users\Samsung\Downloads\302011041P1G217.XLS
2014-06-15 17:03 - 2014-06-15 17:03 - 00062464 _____ () C:\Users\Samsung\Downloads\302011041P1G218.XLS
2014-06-15 15:25 - 2014-06-15 15:26 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_2BE7
2014-06-15 14:55 - 2014-06-15 14:55 - 01331200 _____ () C:\Users\Samsung\Downloads\Thema_3_Einflussfaktoren_National.ppt
2014-06-15 14:53 - 2014-06-15 14:53 - 00249856 _____ () C:\Users\Samsung\Downloads\Thema_1_Konstitutive_Elemente.PPT
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (2).ppt
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (1).ppt
2014-06-15 14:43 - 2014-06-15 14:43 - 00283648 _____ () C:\Users\Samsung\Downloads\Thema_4_Einflussfaktoren_Sektoral.ppt
2014-06-15 09:43 - 2014-06-15 09:43 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme.ppt
2014-06-15 09:37 - 2014-06-15 09:37 - 00852480 _____ () C:\Users\Samsung\Downloads\Thema_6_Netzwerk_InnovSys.ppt
2014-06-15 09:23 - 2014-06-15 09:23 - 01349120 _____ () C:\Users\Samsung\Downloads\Thema_5_Lokalbasierte_RIS.ppt
2014-06-15 09:22 - 2014-06-15 14:56 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_376D
2014-06-15 09:21 - 2014-06-15 09:21 - 00448512 _____ () C:\Users\Samsung\Downloads\Thema_2_Grundlagen_RIS.ppt
2014-06-14 15:09 - 2014-06-14 15:25 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 15:08 - 2014-06-14 15:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-06-14 15:08 - 2014-06-14 15:08 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-14 15:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-14 15:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-14 15:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-14 15:07 - 2014-06-14 15:07 - 00719128 _____ ( ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-06-13 11:17 - 2014-06-13 11:18 - 00262144 _____ () C:\Windows\Minidump\061314-17503-01.dmp
2014-06-12 09:46 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 09:46 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 09:46 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 09:46 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 09:46 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 09:46 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 09:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 09:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 09:46 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 09:46 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 09:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 09:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 09:45 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 09:45 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 09:45 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 09:45 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 09:45 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 09:45 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 09:45 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 09:45 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 09:45 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 09:45 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 09:45 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 09:45 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 09:45 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 09:45 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 09:45 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 09:45 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 09:45 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 09:45 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 09:45 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 09:45 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 09:45 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 09:45 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 09:45 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 09:45 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 09:45 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 09:45 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 09:45 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 09:45 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 09:45 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 09:45 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 09:45 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 09:45 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 09:45 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 09:45 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 09:45 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 09:45 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 09:45 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 09:45 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 09:45 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 09:45 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 09:45 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 09:45 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 09:45 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 09:45 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 09:45 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 09:45 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 09:45 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 09:45 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 09:45 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 09:45 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 09:45 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 09:45 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 17:05 - 2014-06-11 17:05 - 00029170 _____ () C:\Users\Samsung\Desktop\Gesamt.xlsx
2014-06-11 16:51 - 2014-06-11 17:05 - 00029142 _____ () C:\Users\Samsung\Downloads\Gesamt.xlsx
2014-06-11 16:48 - 2014-06-11 16:48 - 00032256 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle2.xls
2014-06-11 16:00 - 2014-06-11 16:00 - 00033792 _____ () C:\Users\Samsung\Desktop\Inspiration,Hemmende_FaktorenSummary GP2014.xls
2014-06-11 15:56 - 2014-06-11 15:56 - 00030720 _____ () C:\Users\Samsung\Desktop\GPExcelSummary.xls
2014-06-11 15:55 - 2014-06-11 15:56 - 00030720 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle.xls
2014-06-11 15:43 - 2014-06-11 15:44 - 02478592 _____ () C:\Users\Samsung\Desktop\GP2014 (2).xls
2014-06-11 14:17 - 2014-06-12 09:35 - 04247552 _____ () C:\Users\Samsung\Downloads\GP2014 (2).mx5
2014-06-11 13:05 - 2014-06-11 14:17 - 00323584 _____ () C:\Users\Samsung\Downloads\GP2014 (1).mx5
2014-06-10 16:20 - 2014-06-11 14:16 - 00991232 _____ () C:\Users\Samsung\Downloads\GP2014.mx5
2014-06-10 12:54 - 2014-06-10 14:17 - 00000000 ____D () C:\Users\Samsung\Documents\MAXQDA11
2014-06-10 12:54 - 2014-06-10 14:17 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00001017 _____ () C:\Users\Samsung\Desktop\MAXQDA 11.lnk
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXQDA 11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Public\Documents\MAXQDA11_Examples
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\ProgramData\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Program Files (x86)\MAXQDA11
2014-06-10 12:52 - 2014-06-10 12:53 - 79687955 _____ () C:\Users\Samsung\Downloads\MAXQDA11_Demo.exe
2014-06-10 00:22 - 2014-06-10 00:22 - 00334176 _____ () C:\Windows\Minidump\061014-15678-01.dmp
2014-06-08 03:37 - 2014-06-08 03:38 - 00262144 _____ () C:\Windows\Minidump\060814-15880-01.dmp
2014-06-06 23:26 - 2014-06-06 23:26 - 00262144 _____ () C:\Windows\Minidump\060614-24304-01.dmp
2014-06-06 09:48 - 2014-06-06 09:48 - 00262144 _____ () C:\Windows\Minidump\060614-26192-01.dmp
2014-06-05 15:27 - 2014-06-05 15:28 - 00262144 _____ () C:\Windows\Minidump\060514-16442-01.dmp
2014-06-04 09:10 - 2014-06-04 09:12 - 00262144 _____ () C:\Windows\Minidump\060414-18735-01.dmp
2014-05-29 17:27 - 2014-05-29 17:27 - 00000000 ____D () C:\Program Files (x86)\predm
2014-05-29 17:26 - 2014-05-29 17:26 - 00000000 ____D () C:\adobeTemp
2014-05-29 11:41 - 2014-05-29 11:42 - 02953520 _____ (AVAST Software) C:\Users\Samsung\Downloads\avast-browser-cleanup_9.0.0.224.exe
2014-05-29 11:32 - 2014-05-29 11:32 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290932
2014-05-29 11:30 - 2014-05-29 11:30 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290930
2014-05-29 11:17 - 2014-05-29 11:18 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieUserList
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieSiteList
2014-05-29 11:07 - 2014-05-29 17:28 - 00000000 ____D () C:\Program Files (x86)\fst_de_18
2014-05-29 11:07 - 2014-05-29 11:07 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\InetStat
2014-05-29 11:06 - 2014-05-29 11:06 - 00000000 _____ () C:\end
2014-05-29 11:04 - 2014-05-29 11:04 - 00332288 _____ () C:\Users\Samsung\Downloads\Adobe Universal Patcher is Here !!!__2957_il424.exe
2014-05-29 10:59 - 2014-05-29 10:59 - 05910989 _____ () C:\Users\Samsung\Downloads\Adobe_Creative_Cloud_Cleaner_Tool.zip
2014-05-29 10:53 - 2014-05-29 10:54 - 00000000 ____D () C:\Users\Samsung\Desktop\Adobe Illustrator CC Serial Number-Keygen-Crack 32-64 Bit WIN-MAC
2014-05-29 10:50 - 2014-05-29 10:51 - 19654946 _____ () C:\Users\Samsung\Downloads\Adobe Illustrator CC Serial Number-Keygen-Crack 32-64 Bit WIN-MAC.rar
2014-05-28 22:27 - 2014-05-28 22:27 - 00000000 _____ () C:\autoexec.bat
2014-05-28 22:25 - 2014-05-28 22:25 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-28 22:24 - 2014-05-29 17:21 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-28 21:56 - 2014-05-28 21:56 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Samsung\Downloads\SpyHunter-Installer.exe
2014-05-28 19:56 - 2014-06-15 07:36 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-05-28 19:56 - 2014-05-28 19:56 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\SupTab
2014-05-28 19:52 - 2014-05-28 19:52 - 00467472 _____ () C:\Users\Samsung\Downloads\Adobe-Illustrator-CC---Serial-Key - BitLord.exe
2014-05-28 18:50 - 2013-06-21 11:29 - 00000000 ____D () C:\Users\Samsung\Desktop\Adobe.Illustrator.CC.v17.0.0.Multilingual.Incl.Patch-PainteR
2014-05-28 18:31 - 2013-06-21 11:29 - 00000000 ____D () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.Multilingual.Incl.Patch-PainteR
2014-05-28 09:18 - 2014-05-28 09:18 - 00336728 _____ () C:\Windows\Minidump\052814-23774-01.dmp
2014-05-28 00:06 - 2014-05-28 21:30 - 39945907 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part12.rar
2014-05-27 22:51 - 2014-05-27 23:33 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part11.rar
2014-05-27 22:08 - 2014-05-27 22:50 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part10.rar
2014-05-27 21:13 - 2014-05-27 22:07 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part08.rar
2014-05-27 20:30 - 2014-05-27 21:12 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part09.rar
2014-05-27 13:01 - 2014-05-28 18:31 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part07.rar
2014-05-27 12:39 - 2014-05-27 13:00 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part06.rar
2014-05-27 12:17 - 2014-05-27 12:38 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part05.rar
2014-05-26 21:21 - 2014-05-27 11:19 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part04.rar
2014-05-26 19:35 - 2014-05-26 21:20 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part03.rar
2014-05-26 18:44 - 2014-05-26 19:34 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part02.rar
2014-05-26 18:06 - 2014-05-26 18:43 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part01.rar
2014-05-26 09:20 - 2013-11-22 16:12 - 00000000 ____D () C:\Users\Samsung\Downloads\Adobe.Illustrator.CS6
2014-05-26 09:19 - 2014-05-26 09:19 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\WinRAR
2014-05-25 18:44 - 2014-05-25 18:44 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\TeamViewer
2014-05-25 18:42 - 2014-05-25 18:43 - 04099392 _____ (TeamViewer) C:\Users\Samsung\Downloads\TeamViewerQJ_de-idm37773159.exe
2014-05-25 17:38 - 2014-05-25 17:56 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part52.rar
2014-05-25 17:20 - 2014-05-25 17:38 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part51.rar
2014-05-25 16:57 - 2014-05-25 17:15 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part50.rar
2014-05-25 16:38 - 2014-05-25 16:55 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part45.rar
2014-05-25 16:19 - 2014-05-25 16:36 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part44.rar
2014-05-25 15:58 - 2014-05-25 16:16 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part42.rar
2014-05-25 15:38 - 2014-05-25 15:56 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part43.rar
2014-05-25 15:20 - 2014-05-25 15:37 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part41.rar
2014-05-25 14:45 - 2014-05-25 15:03 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part40.rar
2014-05-25 14:27 - 2014-05-25 14:44 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part39.rar
2014-05-25 13:46 - 2014-05-25 14:00 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part37.rar
2014-05-25 13:12 - 2014-05-25 13:17 - 34688623 _____ () C:\Users\Samsung\Downloads\ai.part55.rar
2014-05-25 12:57 - 2014-05-25 13:11 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part54.rar
2014-05-25 12:42 - 2014-05-25 12:56 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part53.rar
2014-05-25 12:20 - 2014-05-25 12:34 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part49.rar
2014-05-25 12:05 - 2014-05-25 12:19 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part48.rar
2014-05-25 11:54 - 2014-05-25 12:04 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part47.rar
2014-05-25 11:42 - 2014-05-25 11:53 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part36.rar
2014-05-25 11:30 - 2014-05-25 11:41 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part46.rar
2014-05-25 10:59 - 2014-05-25 11:07 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part35.rar
2014-05-25 10:49 - 2014-05-25 10:58 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part34.rar
2014-05-25 10:40 - 2014-05-25 10:48 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part33.rar
2014-05-25 10:30 - 2014-05-25 10:39 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part32.rar
2014-05-25 10:21 - 2014-05-25 10:29 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part31.rar
2014-05-25 10:11 - 2014-05-25 10:20 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part30.rar
2014-05-25 10:02 - 2014-05-25 10:10 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part29.rar
2014-05-25 09:43 - 2014-05-25 09:51 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part28.rar
2014-05-25 01:33 - 2014-05-25 10:01 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part27.rar
2014-05-25 01:24 - 2014-05-25 01:32 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part26.rar
2014-05-25 01:14 - 2014-05-25 01:23 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part25.rar
2014-05-25 01:05 - 2014-05-25 01:14 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part24.rar
2014-05-25 00:56 - 2014-05-25 01:04 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part23.rar
2014-05-25 00:46 - 2014-05-25 00:54 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part22.rar
2014-05-25 00:36 - 2014-05-25 00:45 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part21.rar
2014-05-25 00:27 - 2014-05-25 00:35 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part20.rar
2014-05-25 00:17 - 2014-05-25 00:26 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part19.rar
2014-05-25 00:08 - 2014-05-25 00:16 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part18.rar
2014-05-24 23:53 - 2014-05-25 00:07 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part17.rar
2014-05-24 23:38 - 2014-05-24 23:52 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part16.rar
2014-05-24 23:23 - 2014-05-24 23:37 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part15.rar
2014-05-24 23:08 - 2014-05-24 23:22 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part14.rar
2014-05-24 22:49 - 2014-05-24 23:07 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part13.rar
2014-05-24 22:30 - 2014-05-24 22:48 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part12.rar
2014-05-24 22:10 - 2014-05-24 22:28 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part11.rar
2014-05-24 21:52 - 2014-05-24 22:10 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part10.rar
2014-05-24 21:33 - 2014-05-24 21:51 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part09.rar
2014-05-24 21:15 - 2014-05-24 21:33 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part08.rar
2014-05-24 20:56 - 2014-05-24 21:14 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part07.rar
2014-05-24 20:37 - 2014-05-24 20:55 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part06.rar
2014-05-24 20:17 - 2014-05-24 20:35 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part05.rar
2014-05-24 19:58 - 2014-05-24 20:16 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part04.rar
2014-05-24 19:40 - 2014-05-24 19:57 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part03.rar
2014-05-24 19:21 - 2014-05-24 19:39 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part01.rar
2014-05-24 19:02 - 2014-05-24 19:20 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part02.rar
2014-05-24 19:01 - 2014-05-24 19:01 - 00014724 _____ () C:\Users\Samsung\Downloads\Adobe_Illustrator_CS6_v8.0_LS4-xtzpqwm7rcez.dlc
2014-05-24 18:56 - 2014-05-24 18:56 - 00003952 _____ () C:\Users\Samsung\Downloads\q5kur56mw8l67v1.dlc
2014-05-24 18:55 - 2014-05-24 18:55 - 00002047 _____ () C:\Users\Samsung\Desktop\JDownloader.lnk
2014-05-24 18:54 - 2014-05-24 18:54 - 00002011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2014-05-24 18:54 - 2014-05-24 18:54 - 00001955 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2014-05-24 18:54 - 2014-05-24 18:54 - 00001934 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2014-05-24 18:53 - 2014-05-24 19:11 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-05-24 18:51 - 2014-05-24 18:52 - 00076456 _____ (AppWork GmbH) C:\Users\Samsung\Downloads\WebInstaller.exe
2014-05-22 19:46 - 2014-05-22 19:47 - 00000000 ____D () C:\ballmer
2014-05-22 18:50 - 2014-05-22 18:51 - 00262144 _____ () C:\Windows\Minidump\052214-23446-01.dmp
2014-05-22 10:42 - 2014-05-22 10:42 - 00262144 _____ () C:\Windows\Minidump\052214-15771-01.dmp
2014-05-21 19:19 - 2014-05-21 19:19 - 00000000 _____ () C:\Users\Samsung\AppData\Local\{ADF5F7E6-FAB5-45E4-A54E-64DC0ADC32D4}
2014-05-21 19:17 - 2014-05-21 19:18 - 00262144 _____ () C:\Windows\Minidump\052114-15927-01.dmp
2014-05-21 19:15 - 2014-05-21 19:16 - 00340856 _____ () C:\Windows\Minidump\052114-17409-01.dmp
==================== One Month Modified Files and Folders =======
2014-06-18 23:48 - 2014-06-18 23:47 - 00029889 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-06-18 23:48 - 2014-06-18 23:47 - 00000000 ____D () C:\FRST
2014-06-18 23:47 - 2014-06-18 23:46 - 02082304 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2014-06-18 23:45 - 2014-06-18 23:45 - 01072128 _____ (Farbar) C:\Users\Samsung\Downloads\FRST.exe
2014-06-18 23:38 - 2012-12-18 15:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-18 23:31 - 2014-06-18 23:31 - 00000000 ___SH () C:\DkHyperbootSync
2014-06-18 23:17 - 2013-09-10 12:51 - 01126859 _____ () C:\Windows\WindowsUpdate.log
2014-06-18 23:11 - 2012-12-18 15:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-18 23:04 - 2013-01-13 01:00 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Dropbox
2014-06-18 23:03 - 2013-01-13 01:06 - 00000000 ___RD () C:\Users\Samsung\Dropbox
2014-06-18 23:01 - 2012-12-18 15:05 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-18 19:27 - 2014-06-16 09:56 - 00005150 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Samsung-PC-Samsung Samsung-PC
2014-06-18 19:12 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-18 19:12 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-18 19:08 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-18 19:08 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-18 19:08 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-18 19:05 - 2014-05-15 10:59 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\DropboxMaster
2014-06-18 19:03 - 2014-06-18 19:02 - 00262144 _____ () C:\Windows\Minidump\061814-44179-01.dmp
2014-06-18 19:02 - 2014-04-16 17:50 - 00008000 _____ () C:\Windows\setupact.log
2014-06-18 19:02 - 2013-02-26 18:23 - 00000000 ____D () C:\Windows\Minidump
2014-06-18 19:02 - 2012-12-18 15:05 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-18 19:02 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-18 19:01 - 2014-04-25 21:40 - 1463395760 _____ () C:\Windows\MEMORY.DMP
2014-06-18 15:57 - 2013-12-16 13:55 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Spotify
2014-06-18 12:28 - 2014-06-18 12:28 - 00000476 _____ () C:\Users\Samsung\Downloads\defogger_disable.log
2014-06-18 12:28 - 2014-06-18 12:28 - 00000000 _____ () C:\Users\Samsung\defogger_reenable
2014-06-18 12:28 - 2012-12-12 11:06 - 00000000 ____D () C:\Users\Samsung
2014-06-18 12:26 - 2014-06-18 12:26 - 00050477 _____ () C:\Users\Samsung\Downloads\Defogger.exe
2014-06-18 12:16 - 2014-06-18 12:15 - 00332160 _____ () C:\Windows\Minidump\061814-23992-01.dmp
2014-06-18 10:39 - 2012-12-23 15:57 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Adobe
2014-06-17 13:38 - 2014-06-17 13:38 - 00262144 _____ () C:\Windows\Minidump\061714-20451-01.dmp
2014-06-17 13:32 - 2014-06-17 13:32 - 00262144 _____ () C:\Windows\Minidump\061714-24554-01.dmp
2014-06-16 21:32 - 2013-12-16 13:55 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Spotify
2014-06-16 15:21 - 2014-06-16 14:58 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_F61
2014-06-16 14:47 - 2014-06-16 14:47 - 02602496 _____ () C:\Users\Samsung\Downloads\Thema_7_USA_Innovationssystem.ppt
2014-06-16 14:42 - 2014-06-16 14:42 - 00689152 _____ () C:\Users\Samsung\Downloads\Thema_6_China_als_aufstrebendes_Innovationssystem.ppt
2014-06-16 14:10 - 2014-06-16 14:10 - 00000000 ____D () C:\Users\Samsung\Documents\OneNote-Notizbücher
2014-06-16 11:52 - 2014-06-16 11:52 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13 (1).ppt
2014-06-16 11:45 - 2014-06-16 11:45 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13.ppt
2014-06-15 21:40 - 2014-06-15 21:40 - 00262144 _____ () C:\Windows\Minidump\061514-23743-01.dmp
2014-06-15 18:53 - 2014-04-18 18:43 - 00009862 _____ () C:\Windows\PFRO.log
2014-06-15 17:04 - 2014-06-15 17:04 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_1AC0
2014-06-15 17:03 - 2014-06-15 17:03 - 00072704 _____ () C:\Users\Samsung\Downloads\302011041P1G217.XLS
2014-06-15 17:03 - 2014-06-15 17:03 - 00062464 _____ () C:\Users\Samsung\Downloads\302011041P1G218.XLS
2014-06-15 15:26 - 2014-06-15 15:25 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_2BE7
2014-06-15 14:56 - 2014-06-15 09:22 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_376D
2014-06-15 14:55 - 2014-06-15 14:55 - 01331200 _____ () C:\Users\Samsung\Downloads\Thema_3_Einflussfaktoren_National.ppt
2014-06-15 14:53 - 2014-06-15 14:53 - 00249856 _____ () C:\Users\Samsung\Downloads\Thema_1_Konstitutive_Elemente.PPT
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (2).ppt
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (1).ppt
2014-06-15 14:43 - 2014-06-15 14:43 - 00283648 _____ () C:\Users\Samsung\Downloads\Thema_4_Einflussfaktoren_Sektoral.ppt
2014-06-15 09:43 - 2014-06-15 09:43 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme.ppt
2014-06-15 09:37 - 2014-06-15 09:37 - 00852480 _____ () C:\Users\Samsung\Downloads\Thema_6_Netzwerk_InnovSys.ppt
2014-06-15 09:23 - 2014-06-15 09:23 - 01349120 _____ () C:\Users\Samsung\Downloads\Thema_5_Lokalbasierte_RIS.ppt
2014-06-15 09:21 - 2014-06-15 09:21 - 00448512 _____ () C:\Users\Samsung\Downloads\Thema_2_Grundlagen_RIS.ppt
2014-06-15 07:36 - 2014-05-28 19:56 - 00000000 ____D () C:\ProgramData\IePluginServices
2014-06-15 07:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2014-06-15 03:09 - 2013-07-17 23:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-15 03:04 - 2013-01-10 23:29 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-14 16:38 - 2013-05-30 23:52 - 00475136 ___SH () C:\Users\Samsung\Documents\Thumbs.db
2014-06-14 15:25 - 2014-06-14 15:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 15:08 - 2014-06-14 15:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-06-14 15:08 - 2014-06-14 15:08 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-14 15:07 - 2014-06-14 15:07 - 00719128 _____ ( ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-06-13 11:18 - 2014-06-13 11:17 - 00262144 _____ () C:\Windows\Minidump\061314-17503-01.dmp
2014-06-12 09:35 - 2014-06-11 14:17 - 04247552 _____ () C:\Users\Samsung\Downloads\GP2014 (2).mx5
2014-06-11 23:12 - 2013-04-07 16:27 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\vlc
2014-06-11 17:05 - 2014-06-11 17:05 - 00029170 _____ () C:\Users\Samsung\Desktop\Gesamt.xlsx
2014-06-11 17:05 - 2014-06-11 16:51 - 00029142 _____ () C:\Users\Samsung\Downloads\Gesamt.xlsx
2014-06-11 16:48 - 2014-06-11 16:48 - 00032256 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle2.xls
2014-06-11 16:00 - 2014-06-11 16:00 - 00033792 _____ () C:\Users\Samsung\Desktop\Inspiration,Hemmende_FaktorenSummary GP2014.xls
2014-06-11 15:56 - 2014-06-11 15:56 - 00030720 _____ () C:\Users\Samsung\Desktop\GPExcelSummary.xls
2014-06-11 15:56 - 2014-06-11 15:55 - 00030720 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle.xls
2014-06-11 15:44 - 2014-06-11 15:43 - 02478592 _____ () C:\Users\Samsung\Desktop\GP2014 (2).xls
2014-06-11 15:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-11 14:17 - 2014-06-11 13:05 - 00323584 _____ () C:\Users\Samsung\Downloads\GP2014 (1).mx5
2014-06-11 14:16 - 2014-06-10 16:20 - 00991232 _____ () C:\Users\Samsung\Downloads\GP2014.mx5
2014-06-10 14:17 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\Documents\MAXQDA11
2014-06-10 14:17 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00001017 _____ () C:\Users\Samsung\Desktop\MAXQDA 11.lnk
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXQDA 11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Public\Documents\MAXQDA11_Examples
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\ProgramData\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Program Files (x86)\MAXQDA11
2014-06-10 12:53 - 2014-06-10 12:52 - 79687955 _____ () C:\Users\Samsung\Downloads\MAXQDA11_Demo.exe
2014-06-10 00:22 - 2014-06-10 00:22 - 00334176 _____ () C:\Windows\Minidump\061014-15678-01.dmp
2014-06-08 03:38 - 2014-06-08 03:37 - 00262144 _____ () C:\Windows\Minidump\060814-15880-01.dmp
2014-06-06 23:26 - 2014-06-06 23:26 - 00262144 _____ () C:\Windows\Minidump\060614-24304-01.dmp
2014-06-06 09:48 - 2014-06-06 09:48 - 00262144 _____ () C:\Windows\Minidump\060614-26192-01.dmp
2014-06-05 15:28 - 2014-06-05 15:27 - 00262144 _____ () C:\Windows\Minidump\060514-16442-01.dmp
2014-06-05 13:03 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-04 09:12 - 2014-06-04 09:10 - 00262144 _____ () C:\Windows\Minidump\060414-18735-01.dmp
2014-06-01 09:32 - 2009-07-14 06:45 - 05185952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-30 12:21 - 2014-06-12 09:45 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 09:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 09:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 09:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 09:45 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 09:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 09:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 09:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 09:45 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 09:45 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 09:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-12 09:45 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-12 09:45 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 09:45 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 09:45 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 09:45 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 09:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 09:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 09:45 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 09:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 09:45 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 09:45 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 09:45 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 09:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 09:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 09:45 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 09:45 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 09:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 09:45 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 09:45 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 09:45 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 09:45 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 09:45 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 09:45 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 09:45 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 09:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 09:45 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 09:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 09:45 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 09:45 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 09:45 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 09:45 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 09:45 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 09:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 09:45 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 09:45 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 09:45 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 09:45 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 09:45 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 09:45 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 09:45 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 17:50 - 2012-12-18 15:05 - 00146400 _____ () C:\Users\Samsung\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-29 17:34 - 2014-04-21 00:46 - 00001653 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC.lnk
2014-05-29 17:31 - 2014-04-21 00:44 - 00001517 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC (64 Bit).lnk
2014-05-29 17:28 - 2014-05-29 11:07 - 00000000 ____D () C:\Program Files (x86)\fst_de_18
2014-05-29 17:27 - 2014-05-29 17:27 - 00000000 ____D () C:\Program Files (x86)\predm
2014-05-29 17:26 - 2014-05-29 17:26 - 00000000 ____D () C:\adobeTemp
2014-05-29 17:25 - 2012-12-18 15:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-29 17:21 - 2014-05-28 22:24 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-29 11:43 - 2012-12-18 15:06 - 00002253 _____ () C:\Users\Samsung\Desktop\Google Chrome.lnk
2014-05-29 11:42 - 2014-05-29 11:41 - 02953520 _____ (AVAST Software) C:\Users\Samsung\Downloads\avast-browser-cleanup_9.0.0.224.exe
2014-05-29 11:42 - 2013-12-21 12:16 - 00001145 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-29 11:42 - 2013-12-21 12:16 - 00001145 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-29 11:37 - 2013-01-08 21:17 - 00001339 _____ () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-29 11:32 - 2014-05-29 11:32 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290932
2014-05-29 11:30 - 2014-05-29 11:30 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290930
2014-05-29 11:18 - 2014-05-29 11:17 - 00000000 ____D () C:\Program Files (x86)\MSR
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieUserList
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieSiteList
2014-05-29 11:07 - 2014-05-29 11:07 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\InetStat
2014-05-29 11:06 - 2014-05-29 11:06 - 00000000 _____ () C:\end
2014-05-29 11:04 - 2014-05-29 11:04 - 00332288 _____ () C:\Users\Samsung\Downloads\Adobe Universal Patcher is Here !!!__2957_il424.exe
2014-05-29 10:59 - 2014-05-29 10:59 - 05910989 _____ () C:\Users\Samsung\Downloads\Adobe_Creative_Cloud_Cleaner_Tool.zip
2014-05-29 10:54 - 2014-05-29 10:53 - 00000000 ____D () C:\Users\Samsung\Desktop\Adobe Illustrator CC Serial Number-Keygen-Crack 32-64 Bit WIN-MAC
2014-05-29 10:51 - 2014-05-29 10:50 - 19654946 _____ () C:\Users\Samsung\Downloads\Adobe Illustrator CC Serial Number-Keygen-Crack 32-64 Bit WIN-MAC.rar
2014-05-28 22:27 - 2014-05-28 22:27 - 00000000 _____ () C:\autoexec.bat
2014-05-28 22:25 - 2014-05-28 22:25 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-28 21:56 - 2014-05-28 21:56 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Samsung\Downloads\SpyHunter-Installer.exe
2014-05-28 21:30 - 2014-05-28 00:06 - 39945907 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part12.rar
2014-05-28 19:56 - 2014-05-28 19:56 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\SupTab
2014-05-28 19:52 - 2014-05-28 19:52 - 00467472 _____ () C:\Users\Samsung\Downloads\Adobe-Illustrator-CC---Serial-Key - BitLord.exe
2014-05-28 18:31 - 2014-05-27 13:01 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part07.rar
2014-05-28 09:18 - 2014-05-28 09:18 - 00336728 _____ () C:\Windows\Minidump\052814-23774-01.dmp
2014-05-27 23:33 - 2014-05-27 22:51 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part11.rar
2014-05-27 22:50 - 2014-05-27 22:08 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part10.rar
2014-05-27 22:07 - 2014-05-27 21:13 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part08.rar
2014-05-27 21:12 - 2014-05-27 20:30 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part09.rar
2014-05-27 13:00 - 2014-05-27 12:39 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part06.rar
2014-05-27 12:38 - 2014-05-27 12:17 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part05.rar
2014-05-27 11:19 - 2014-05-26 21:21 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part04.rar
2014-05-26 21:20 - 2014-05-26 19:35 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part03.rar
2014-05-26 19:34 - 2014-05-26 18:44 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part02.rar
2014-05-26 18:43 - 2014-05-26 18:06 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part01.rar
2014-05-26 09:19 - 2014-05-26 09:19 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\WinRAR
2014-05-25 18:44 - 2014-05-25 18:44 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\TeamViewer
2014-05-25 18:43 - 2014-05-25 18:42 - 04099392 _____ (TeamViewer) C:\Users\Samsung\Downloads\TeamViewerQJ_de-idm37773159.exe
2014-05-25 17:56 - 2014-05-25 17:38 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part52.rar
2014-05-25 17:38 - 2014-05-25 17:20 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part51.rar
2014-05-25 17:15 - 2014-05-25 16:57 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part50.rar
2014-05-25 16:55 - 2014-05-25 16:38 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part45.rar
2014-05-25 16:36 - 2014-05-25 16:19 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part44.rar
2014-05-25 16:16 - 2014-05-25 15:58 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part42.rar
2014-05-25 15:56 - 2014-05-25 15:38 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part43.rar
2014-05-25 15:37 - 2014-05-25 15:20 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part41.rar
2014-05-25 15:03 - 2014-05-25 14:45 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part40.rar
2014-05-25 14:44 - 2014-05-25 14:27 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part39.rar
2014-05-25 14:00 - 2014-05-25 13:46 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part37.rar
2014-05-25 13:17 - 2014-05-25 13:12 - 34688623 _____ () C:\Users\Samsung\Downloads\ai.part55.rar
2014-05-25 13:11 - 2014-05-25 12:57 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part54.rar
2014-05-25 12:56 - 2014-05-25 12:42 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part53.rar
2014-05-25 12:34 - 2014-05-25 12:20 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part49.rar
2014-05-25 12:19 - 2014-05-25 12:05 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part48.rar
2014-05-25 12:04 - 2014-05-25 11:54 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part47.rar
2014-05-25 11:53 - 2014-05-25 11:42 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part36.rar
2014-05-25 11:41 - 2014-05-25 11:30 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part46.rar
2014-05-25 11:07 - 2014-05-25 10:59 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part35.rar
2014-05-25 10:58 - 2014-05-25 10:49 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part34.rar
2014-05-25 10:48 - 2014-05-25 10:40 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part33.rar
2014-05-25 10:39 - 2014-05-25 10:30 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part32.rar
2014-05-25 10:29 - 2014-05-25 10:21 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part31.rar
2014-05-25 10:25 - 2013-06-21 10:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-05-25 10:20 - 2014-05-25 10:11 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part30.rar
2014-05-25 10:10 - 2014-05-25 10:02 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part29.rar
2014-05-25 10:01 - 2014-05-25 01:33 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part27.rar
2014-05-25 09:51 - 2014-05-25 09:43 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part28.rar
2014-05-25 01:32 - 2014-05-25 01:24 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part26.rar
2014-05-25 01:23 - 2014-05-25 01:14 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part25.rar
2014-05-25 01:14 - 2014-05-25 01:05 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part24.rar
2014-05-25 01:04 - 2014-05-25 00:56 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part23.rar
2014-05-25 00:54 - 2014-05-25 00:46 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part22.rar
2014-05-25 00:45 - 2014-05-25 00:36 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part21.rar
2014-05-25 00:35 - 2014-05-25 00:27 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part20.rar
2014-05-25 00:26 - 2014-05-25 00:17 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part19.rar
2014-05-25 00:16 - 2014-05-25 00:08 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part18.rar
2014-05-25 00:07 - 2014-05-24 23:53 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part17.rar
2014-05-24 23:52 - 2014-05-24 23:38 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part16.rar
2014-05-24 23:37 - 2014-05-24 23:23 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part15.rar
2014-05-24 23:22 - 2014-05-24 23:08 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part14.rar
2014-05-24 23:07 - 2014-05-24 22:49 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part13.rar
2014-05-24 22:48 - 2014-05-24 22:30 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part12.rar
2014-05-24 22:28 - 2014-05-24 22:10 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part11.rar
2014-05-24 22:10 - 2014-05-24 21:52 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part10.rar
2014-05-24 21:51 - 2014-05-24 21:33 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part09.rar
2014-05-24 21:33 - 2014-05-24 21:15 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part08.rar
2014-05-24 21:14 - 2014-05-24 20:56 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part07.rar
2014-05-24 20:55 - 2014-05-24 20:37 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part06.rar
2014-05-24 20:35 - 2014-05-24 20:17 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part05.rar
2014-05-24 20:16 - 2014-05-24 19:58 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part04.rar
2014-05-24 19:57 - 2014-05-24 19:40 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part03.rar
2014-05-24 19:39 - 2014-05-24 19:21 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part01.rar
2014-05-24 19:20 - 2014-05-24 19:02 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part02.rar
2014-05-24 19:11 - 2014-05-24 18:53 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-05-24 19:01 - 2014-05-24 19:01 - 00014724 _____ () C:\Users\Samsung\Downloads\Adobe_Illustrator_CS6_v8.0_LS4-xtzpqwm7rcez.dlc
2014-05-24 18:56 - 2014-05-24 18:56 - 00003952 _____ () C:\Users\Samsung\Downloads\q5kur56mw8l67v1.dlc
2014-05-24 18:55 - 2014-05-24 18:55 - 00002047 _____ () C:\Users\Samsung\Desktop\JDownloader.lnk
2014-05-24 18:54 - 2014-05-24 18:54 - 00002011 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
2014-05-24 18:54 - 2014-05-24 18:54 - 00001955 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
2014-05-24 18:54 - 2014-05-24 18:54 - 00001934 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
2014-05-24 18:52 - 2014-05-24 18:51 - 00076456 _____ (AppWork GmbH) C:\Users\Samsung\Downloads\WebInstaller.exe
2014-05-23 14:18 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-05-23 09:34 - 2013-01-13 01:06 - 00001033 _____ () C:\Users\Samsung\Desktop\Dropbox.lnk
2014-05-23 09:34 - 2013-01-13 01:03 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2014-05-22 22:16 - 2013-10-30 17:04 - 00000000 ____D () C:\Users\Samsung\.VirtualBox
2014-05-22 22:15 - 2013-10-21 12:00 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\CodeBlocks
2014-05-22 19:47 - 2014-05-22 19:46 - 00000000 ____D () C:\ballmer
2014-05-22 18:51 - 2014-05-22 18:50 - 00262144 _____ () C:\Windows\Minidump\052214-23446-01.dmp
2014-05-22 10:42 - 2014-05-22 10:42 - 00262144 _____ () C:\Windows\Minidump\052214-15771-01.dmp
2014-05-21 19:19 - 2014-05-21 19:19 - 00000000 _____ () C:\Users\Samsung\AppData\Local\{ADF5F7E6-FAB5-45E4-A54E-64DC0ADC32D4}
2014-05-21 19:18 - 2014-05-21 19:17 - 00262144 _____ () C:\Windows\Minidump\052114-15927-01.dmp
2014-05-21 19:16 - 2014-05-21 19:15 - 00340856 _____ () C:\Windows\Minidump\052114-17409-01.dmp
2014-05-19 01:08 - 2013-06-10 11:10 - 00000000 ____D () C:\Users\Samsung\Documents\Bewerbung
Some content of TEMP:
====================
C:\Users\Samsung\AppData\Local\Temp\Creative Cloud Helper.exe
C:\Users\Samsung\AppData\Local\Temp\CreativeCloudSet-Up.exe
C:\Users\Samsung\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl14hvz.dll
C:\Users\Samsung\AppData\Local\Temp\JDSetup130454239438575503.exe
C:\Users\Samsung\AppData\Local\Temp\SHSetup.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-05-23 14:08
==================== End Of Log ============================
Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 18-06-2014
Ran by Samsung at 2014-06-18 23:49:35
Running from C:\Users\Samsung\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: avast! Antivirus (Enabled - Up to date) {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AS: avast! Antivirus (Enabled - Up to date) {904CF271-6431-DA47-5FCE-A87D98DFB681}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
"Minimal SYStem 1.0.11" (HKLM-x32\...\MSYS-1.0_is1) (Version: 1.0.11 - MinGW)
64 Bit HP CIO Components Installer (Version: 6.2.1 - Hewlett-Packard) Hidden
7-Zip 9.20 (HKLM-x32\...\7-Zip) (Version: - )
Adobe Flash Player 13 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Illustrator CC (HKLM-x32\...\{F2321021-08A2-44D6-B1DF-BDB415F23EC3}) (Version: 17.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
AIO_Scan (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcGIS 10.2 for Desktop - Sprachpaket Deutsch (HKLM-x32\...\ArcGIS 10.2 for Desktop - Sprachpaket Deutsch) (Version: 10.2.3348 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2 for Desktop - Sprachpaket Deutsch (x32 Version: 10.2.3348 - Environmental Systems Research Institute, Inc.) Hidden
ArcGIS 10.2 for Desktop (HKLM-x32\...\ArcGIS 10.2 for Desktop) (Version: 10.2.3348 - Environmental Systems Research Institute, Inc.)
ArcGIS 10.2 for Desktop (x32 Version: 10.2.3348 - Environmental Systems Research Institute, Inc.) Hidden
Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.3.0 - Asmedia Technology)
Astah Community 6.7 (HKLM\...\astah* community_is1) (Version: - Change Vision, Inc.)
avast! Free Antivirus (HKLM-x32\...\avast) (Version: 7.0.1474.0 - AVAST Software)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
BufferChm (x32 Version: 130.0.331.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.03 - Piriform)
Citrix Authentication Manager (x32 Version: 5.1.0.62606 - Citrix Systems, Inc.) Hidden
Citrix Receiver (DV) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HDX Flash-Umleitung) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver (HKLM-x32\...\CitrixOnlinePluginPackWeb) (Version: 14.1.0.0 - Citrix Systems, Inc.)
Citrix Receiver (USB) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
Citrix Receiver Inside (x32 Version: 4.1.0.56471 - Citrix Systems, Inc.) Hidden
Citrix Receiver Updater (x32 Version: 4.1.0.56461 - Citrix Systems, Inc.) Hidden
Citrix Receiver(Aero) (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
CodeBlocks (HKCU\...\CodeBlocks) (Version: 12.11 - The Code::Blocks Team)
Copy (x32 Version: 130.0.428.000 - Hewlett-Packard) Hidden
Destinations (x32 Version: 130.0.0.0 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 130.0.465.000 - Hewlett-Packard) Hidden
DJ_AIO_ProductContext (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
DJ_AIO_Software_min (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Easy Settings (HKLM-x32\...\{17283B95-21A8-4996-97DA-547A48DB266F}) (Version: 1.1 - Samsung Electronics CO., LTD.)
ETDWare PS/2-X64 10.0.7.3_WHQL (HKLM\...\Elantech) (Version: 10.0.7.3 - ELAN Microelectronic Corp.)
ExpressCache (HKLM\...\{2EBEFDA8-F905-4C39-AC1C-D5ABE7B3E0AE}) (Version: 1.0.86 - Diskeeper Corporation)
F4100 (x32 Version: 130.0.365.000 - Hewlett-Packard) Hidden
F4100_Help (x32 Version: 90.0.222.000 - Hewlett-Packard) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Earth (HKLM-x32\...\{4D2A6330-2F8B-11E3-9C40-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.24.7 - Google Inc.) Hidden
Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google)
GPBaseService2 (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HL-2130 (HKLM-x32\...\{E2A97415-BD97-4867-B906-05E39E9EE51F}) (Version: 1.0.7.0 - Brother Industries, Ltd.)
HP Customer Participation Program 13.0 (HKLM\...\HPExtendedCapabilities) (Version: 13.0 - HP)
HP Deskjet All-In-One Driver Software 13.0 Rel. 1 (HKLM\...\{EB773820-0871-46A8-9B96-F2B04F8B34F0}) (Version: 13.0 - HP)
HP Imaging Device Functions 13.0 (HKLM\...\HP Imaging Device Functions) (Version: 13.0 - HP)
HP Photosmart Essential 3.5 (HKLM\...\HP Photosmart Essential) (Version: 3.5 - HP)
HP Smart Web Printing 4.51 (HKLM\...\HP Smart Web Printing) (Version: 4.51 - HP)
HP Solution Center 13.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 13.0 - HP)
HP Update (HKLM-x32\...\{7059BDA7-E1DB-442C-B7A1-6144596720A4}) (Version: 4.000.011.006 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 130.0.282.000 - Hewlett-Packard) Hidden
HPPhotoSmartDiscLabelContent1 (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPPhotosmartEssential (x32 Version: 2.04.0000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 130.0.371.000 - Hewlett-Packard) Hidden
ICQ 8.2 (build 6870) (HKCU\...\ICQ) (Version: 8.2.6870.0 - Mail.Ru)
Intel PROSet Wireless (Version: - ) Hidden
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2622 - Intel Corporation)
Intel(R) PROSet/Wireless for Bluetooth(R) 3.0 + High Speed (HKLM\...\{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}) (Version: 15.0.0.0059 - Intel Corporation)
Intel(R) Rapid Start Technology (HKLM-x32\...\3D073343-CEEB-4ce7-85AC-A69A7631B5D6) (Version: 1.0.0.1008 - Intel Corporation)
Intel® PROSet/Wireless WiFi-Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iTunes (HKLM\...\{0225AD21-F3E2-4916-BFF3-65D3F9052582}) (Version: 11.0.2.26 - Apple Inc.)
Java 7 Update 45 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86417045FF}) (Version: 7.0.450 - Oracle)
Java 7 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.450 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Java SE Development Kit 7 Update 45 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170450}) (Version: 1.7.0.450 - Oracle)
Java(TM) 6 Update 34 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86416034FF}) (Version: 6.0.340 - Oracle)
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Malwarebytes Anti-Malware Version 2.0.2.1012 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.2.1012 - Malwarebytes Corporation)
MarketResearch (x32 Version: 130.0.374.000 - Hewlett-Packard) Hidden
MAXQDA 11 (Release 11.0.8) (HKLM-x32\...\MAXQDA11) (Version: (Release 11.0.8) - VERBI Software.Consult.Sozialforschung GmbH)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office 365 - de-de (HKLM\...\O365HomePremRetail - de-de) (Version: 15.0.4615.1002 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft OneDrive (HKCU\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030 (Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030 (x32 Version: 11.0.61030 - Microsoft Corporation) Hidden
Mozilla Firefox 26.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 26.0 (x86 de)) (Version: 26.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 24.5.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 24.5.0 (x86 de)) (Version: 24.5.0 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4615.1002 - Microsoft Corporation) Hidden
Online Plug-in (x32 Version: 14.1.0.0 - Citrix Systems, Inc.) Hidden
OpenOffice.org 3.4.1 (HKLM-x32\...\{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}) (Version: 3.41.9593 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.0 (HKLM\...\{7CBBEE56-EEF2-462D-B1CE-EACDBBF6457E}) (Version: 4.3.0 - Oracle Corporation)
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
PDF24 Creator 5.5.1 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
QuickTime (HKLM-x32\...\{7BE15435-2D3E-4B58-867F-9C75BED0208C}) (Version: 7.71.80.42 - Apple Inc.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.45.516.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6622 - Realtek Semiconductor Corp.)
Scan (x32 Version: 13.0.0.0 - Hewlett-Packard) Hidden
Self-Service Plug-in (x32 Version: 4.1.0.41738 - Citrix Systems, Inc.) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 13.0 - HP)
Skype™ 6.11 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.11.102 - Skype Technologies S.A.)
SmartWebPrinting (x32 Version: 130.0.457.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 130.0.373.000 - Hewlett-Packard) Hidden
Spotify (HKCU\...\Spotify) (Version: 0.9.10.14.g578d350b - Spotify AB)
Status (x32 Version: 130.0.469.000 - Hewlett-Packard) Hidden
System Update kb70007 (x32 Version: 1.0.0 - MSR) Hidden
Toolbox (x32 Version: 130.0.648.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 130.0.422.000 - Hewlett-Packard) Hidden
UnloadSupport (x32 Version: 11.0.0 - Hewlett-Packard) Hidden
VIS (HKLM-x32\...\VIS) (Version: - ) <==== ATTENTION
VLC media player 2.0.5 (HKLM-x32\...\VLC media player) (Version: 2.0.5 - VideoLAN)
WebReg (x32 Version: 130.0.132.017 - Hewlett-Packard) Hidden
==================== Restore Points =========================
15-06-2014 01:00:28 Windows Update
18-06-2014 10:31:26 Windows-Sicherung
18-06-2014 15:57:28 Windows-Sicherung
18-06-2014 16:36:10 Windows-Sicherung
18-06-2014 17:18:55 Windows-Sicherung
==================== Hosts content: ==========================
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____N C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
Task: {1CE1C92D-C373-43B7-BF64-C3A273A526B0} - System32\Tasks\WLANStartup => C:\Program Files (x86)\Samsung\Easy Settings\WLANStartup.exe [2012-04-03] (Samsung Electronics)
Task: {31996927-3C4E-4798-8BF1-C1EEFD44A2C6} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2014-04-15] (Microsoft Corporation)
Task: {33CB7AE3-ACCD-4F40-A097-11735B3F7553} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2013-06-19] (Piriform Ltd)
Task: {4826D78C-3A9C-49F9-BA08-E6FBA787D77F} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Samsung-PC-Samsung Samsung-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2014-05-25] (Microsoft Corporation)
Task: {5921A036-F7DB-43D3-949D-658AFAEE9FE0} - System32\Tasks\MovieColorEnhancer => C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe [2012-04-25] (Samsung Electronics Co., Ltd.)
Task: {5D2E526D-095D-40A0-A215-1A4FBF3B1559} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-18] (Google Inc.)
Task: {69E5856B-DFCD-4369-8501-22ED481E1D22} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2012-10-31] (AVAST Software)
Task: {6D046C3B-D0F4-4B41-958C-93D02D173A69} - System32\Tasks\AdobeAAMUpdater-1.0-Samsung-PC-Samsung => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2014-02-27] (Adobe Systems Incorporated)
Task: {6EE5ED23-F756-45D1-BB42-470988B49C42} - System32\Tasks\EasyDisplayMgr => C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe [2012-04-17] (Samsung Electronics Co., Ltd.)
Task: {71A4FD34-0BF4-40E5-A9A6-C4FDD97CCC32} - System32\Tasks\SCCSpeedBoot => C:\Program Files (x86)\Samsung\Easy Settings\SCCSpeedBoot.exe [2012-03-27] (Samsung Electronics Co., Ltd.)
Task: {7CFB5C90-E0E9-4657-85B7-6F7F6FD77427} - \Dealply No Task File <==== ATTENTION
Task: {9418E62B-7DF8-45AB-AC9F-A88BC4FDA2DC} - System32\Tasks\Microsoft\Windows\WindowsBackup\AutomaticBackup => Rundll32.exe /d sdengin2.dll,ExecuteScheduledBackup
Task: {9D5866DE-CE39-48B5-81D5-E1C06321FC25} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {A32EA36E-4618-4F48-B395-3C62D1D1DAAD} - System32\Tasks\EasyBatteryManager => C:\Program Files (x86)\Samsung\Easy Settings\EBM\EasyBatteryMgr4.exe [2011-11-18] (SAMSUNG Electronics co., LTD.)
Task: {ADADE4A8-5C89-4F3E-8A7B-E71ABDEF7F4E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2014-05-25] (Microsoft Corporation)
Task: {B539B722-4F67-4BAB-909E-9C3CAC77AEFB} - System32\Tasks\Desk 365 RunAsStdUser => C:\Program Files (x86)\Desk 365\desk365.exe <==== ATTENTION
Task: {E7E3C383-218E-4B08-B819-6368758C27AC} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-12-18] (Google Inc.)
Task: {EA59A087-E022-4E42-96AA-AD11435EF47A} - System32\Tasks\SmartSetting => C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe [2012-05-02] (Samsung Electronics Co., Ltd.)
Task: {F2941F40-D48A-4758-B5D1-E1C681D5899F} - System32\Tasks\EasySpeedUpManager => C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe [2012-01-31] (Samsung Electronics)
Task: {FBD271D4-D6AE-4DDC-B369-1E1D66601F5B} - System32\Tasks\{DA151349-DC54-4B8F-A81C-F35D5D99D683} => C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe [2012-08-13] (OpenOffice.org)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-02-27 21:55 - 2013-10-31 18:13 - 00102568 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-06-21 10:23 - 2014-04-15 03:39 - 00630952 _____ () C:\Program Files\Microsoft Office 15\ClientX64\StreamServer.dll
2012-12-12 11:11 - 2012-02-13 16:02 - 00031624 _____ () C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
2014-05-29 11:18 - 2014-05-08 11:45 - 00018944 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
2012-10-26 18:32 - 2012-01-10 14:12 - 00094208 _____ () C:\Windows\system32\IccLibDll_x64.dll
2014-05-28 21:56 - 2014-05-28 19:02 - 02295808 _____ () C:\Program Files\AVAST Software\Avast\defs\14052801\algo.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-01-28 14:08 - 2013-01-28 14:08 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-05-29 11:18 - 2014-05-08 11:45 - 00061952 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll
2014-05-29 11:18 - 2014-05-08 11:45 - 00016896 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\Installer.dll
2012-12-12 11:11 - 2006-08-12 13:48 - 00049152 _____ () C:\Program Files (x86)\Samsung\Easy Settings\HookDllPS2.dll
2012-12-12 11:11 - 2011-02-17 02:03 - 00203776 _____ () C:\Program Files (x86)\Samsung\Easy Settings\WinCRT.dll
2014-05-29 11:18 - 2014-06-18 19:03 - 00086528 _____ () C:\Program Files (x86)\MSR\Privoxy\mgwz.dll
2014-04-09 11:07 - 2014-04-09 11:07 - 00316584 _____ () C:\Program Files\Microsoft Office 15\root\office15\AppVIsvStream32.dll
2014-06-18 19:04 - 2014-06-18 19:04 - 00043008 _____ () c:\users\samsung\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpl14hvz.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Samsung\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-12 20:02 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-12 20:02 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-06-12 20:02 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-12 20:02 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-12 20:02 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-06-12 20:02 - 2014-06-05 15:58 - 14612296 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\PepperFlash\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk => C:\Windows\pss\HP Digital Imaging Monitor.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Adobe Creative Cloud => "C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe" --showwindow=false --onOSstartup=true
MSCONFIG\startupreg: AdobeAAMUpdater-1.0 => "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
MSCONFIG\startupreg: BrStsMon00 => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe /AUTORUN
MSCONFIG\startupreg: CitrixReceiver => "C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Citrix\Receiver Updater.lnk"
MSCONFIG\startupreg: ConnectionCenter => "C:\Program Files (x86)\Citrix\ICA Client\concentr.exe" /startup
MSCONFIG\startupreg: icq => C:\Users\Samsung\AppData\Roaming\ICQM\icq.exe -CU
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: PDFPrint => C:\Program Files (x86)\PDF24\pdf24.exe
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Redirector => "C:\Program Files (x86)\Citrix\ICA Client\redirector.exe" /startup
MSCONFIG\startupreg: SkyDrive => "C:\Users\Samsung\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Samsung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (06/18/2014 06:17:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
Error: (06/18/2014 06:17:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999
Error: (06/18/2014 06:17:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/18/2014 06:14:55 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Die Sicherung war nicht erfolgreich. Fehler: "Zugriff verweigert (0x80070005)"
Error: (06/18/2014 05:43:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4509
Error: (06/18/2014 05:43:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4509
Error: (06/18/2014 05:43:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/18/2014 05:43:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3401
Error: (06/18/2014 05:43:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3401
Error: (06/18/2014 05:43:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
System errors:
=============
Error: (06/18/2014 07:03:05 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000fe (0x0000000000000008, 0x0000000000000006, 0x0000000000000005, 0xfffffa8006901160)C:\Windows\MEMORY.DMP061814-44179-01
Error: (06/18/2014 07:02:43 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (06/18/2014 07:02:13 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 18.06.2014 um 18:59:54 unerwartet heruntergefahren.
Error: (06/18/2014 06:35:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst lmhosts erreicht.
Error: (06/18/2014 06:35:37 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst wuauserv erreicht.
Error: (06/18/2014 04:11:52 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung von Dienst EFS erreicht.
Error: (06/18/2014 00:16:44 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Error: (06/18/2014 00:16:29 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000fe (0x0000000000000008, 0x0000000000000006, 0x0000000000000005, 0xfffffa8008496160)C:\Windows\MEMORY.DMP061814-23992-01
Error: (06/18/2014 00:15:46 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am 18.06.2014 um 12:13:57 unerwartet heruntergefahren.
Error: (06/18/2014 10:38:57 AM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
cdrom
Microsoft Office Sessions:
=========================
Error: (06/18/2014 06:17:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 999
Error: (06/18/2014 06:17:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 999
Error: (06/18/2014 06:17:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/18/2014 06:14:55 PM) (Source: Windows Backup) (EventID: 4104) (User: )
Description: Zugriff verweigert (0x80070005)
Error: (06/18/2014 05:43:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 4509
Error: (06/18/2014 05:43:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 4509
Error: (06/18/2014 05:43:42 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (06/18/2014 05:43:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3401
Error: (06/18/2014 05:43:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3401
Error: (06/18/2014 05:43:41 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
==================== Memory info ===========================
Percentage of memory in use: 78%
Total physical RAM: 3990.23 MB
Available physical RAM: 845.76 MB
Total Pagefile: 7978.65 MB
Available Pagefile: 4282.34 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: (Volume) (Fixed) (Total:465.76 GB) (Free:232.84 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (Size: 15 GB) (Disk ID: 74F02DEA)
Partition 1: (Not Active) - (Size=11 GB) - (Type=73)
Partition 2: (Not Active) - (Size=4 GB) - (Type=84)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 21148897)
Partition 1: (Active) - (Size=466 GB) - (Type=07 NTFS)
==================== End Of Log ============================
|
|
23.06.2014, 12:37
| #4 |
| | Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen)Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-06-23 12:12:05
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS545050A7E380 rev.GG2OA6C0 465,76GB
Running: Gmer-19357.exe; Driver: C:\Users\Samsung\AppData\Local\Temp\kglirfoc.sys
---- User code sections - GMER 2.1 ----
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 0000000149e70440
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 0000000149e70430
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 0000000149e70450
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 0000000149e703b0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 0000000149e70320
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 0000000149e70380
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 0000000149e702e0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 0000000149e70410
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 0000000149e702d0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 0000000149e70310
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 0000000149e70390
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 0000000149e703c0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 0000000149e70230
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 0000000149e70460
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 0000000149e70370
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 0000000149e702f0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 0000000149e70350
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 0000000149e70290
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 0000000149e702b0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 0000000149e703a0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 0000000149e70330
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 0000000149e703e0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 0000000149e70240
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 0000000149e701e0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 0000000149e70250
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 0000000149e70470
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 0000000149e70480
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 0000000149e70300
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 0000000149e70360
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 0000000149e702a0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 0000000149e702c0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 0000000149e70340
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 0000000149e70420
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 0000000149e70260
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 0000000149e70270
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 0000000149e703d0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 0000000149e701f0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 0000000149e70210
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 0000000149e70200
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 0000000149e703f0
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 0000000149e70400
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 0000000149e70220
.text C:\Windows\system32\csrss.exe[608] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 0000000149e70280
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\wininit.exe[696] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\wininit.exe[696] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 0000000149e70440
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 0000000149e70430
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 0000000149e70450
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 0000000149e703b0
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 0000000149e70320
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 0000000149e70380
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 0000000149e702e0
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 0000000149e70410
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 0000000149e702d0
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 0000000149e70310
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 0000000149e70390
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 0000000149e703c0
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 0000000149e70230
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 0000000149e70460
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 0000000149e70370
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 0000000149e702f0
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 0000000149e70350
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 0000000149e70290
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 0000000149e702b0
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 0000000149e703a0
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 0000000149e70330
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 0000000149e703e0
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 0000000149e70240
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 0000000149e701e0
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 0000000149e70250
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 0000000149e70470
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 0000000149e70480
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 0000000149e70300
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 0000000149e70360
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 0000000149e702a0
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 0000000149e702c0
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 0000000149e70340
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 0000000149e70420
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 0000000149e70260
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 0000000149e70270
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 0000000149e703d0
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 0000000149e701f0
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 0000000149e70210
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 0000000149e70200
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 0000000149e703f0
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 0000000149e70400
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 0000000149e70220
.text C:\Windows\system32\csrss.exe[704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 0000000149e70280
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 0000000100040440
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 0000000100040430
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 0000000100040450
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000001000403b0
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 0000000100040320
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 0000000100040380
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000001000402e0
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 0000000100040410
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000001000402d0
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 0000000100040310
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 0000000100040390
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000001000403c0
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 0000000100040230
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 0000000100040460
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 0000000100040370
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000001000402f0
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 0000000100040350
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 0000000100040290
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000001000402b0
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000001000403a0
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 0000000100040330
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000001000403e0
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 0000000100040240
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000001000401e0
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 0000000100040250
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 0000000100040470
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 0000000100040480
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 0000000100040300
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 0000000100040360
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000001000402a0
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000001000402c0
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 0000000100040340
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 0000000100040420
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 0000000100040260
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 0000000100040270
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000001000403d0
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000001000401f0
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 0000000100040210
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 0000000100040200
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000001000403f0
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 0000000100040400
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 0000000100040220
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 0000000100040280
.text C:\Windows\system32\winlogon.exe[760] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\services.exe[804] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\services.exe[804] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 0000000100070440
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 0000000100070450
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 0000000100070380
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 0000000100070410
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 0000000100070390
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 0000000100070460
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 0000000100070370
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 0000000100070470
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 0000000100070480
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 0000000100070400
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\lsass.exe[820] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\lsass.exe[820] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\lsm.exe[836] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\svchost.exe[932] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\svchost.exe[932] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 0000000100070440
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 0000000100070450
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 0000000100070380
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 0000000100070410
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 0000000100070390
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 0000000100070460
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 0000000100070370
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 0000000100070470
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 0000000100070480
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 0000000100070400
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\svchost.exe[1020] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
|
|
23.06.2014, 12:39
| #5 |
| | Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen)Code:
ATTFilter .text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\System32\svchost.exe[652] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\System32\svchost.exe[652] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\System32\svchost.exe[692] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\System32\svchost.exe[692] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\svchost.exe[888] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\svchost.exe[888] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\svchost.exe[1036] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\AUDIODG.EXE[1104] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\svchost.exe[1224] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 0000000100070440
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 0000000100070430
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 0000000100070450
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000001000703b0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 0000000100070320
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 0000000100070380
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000001000702e0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 0000000100070410
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000001000702d0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 0000000100070310
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 0000000100070390
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000001000703c0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 0000000100070230
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 0000000100070460
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 0000000100070370
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000001000702f0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 0000000100070350
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 0000000100070290
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000001000702b0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000001000703a0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 0000000100070330
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000001000703e0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 0000000100070240
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000001000701e0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 0000000100070250
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 0000000100070470
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 0000000100070480
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 0000000100070300
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 0000000100070360
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000001000702a0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000001000702c0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 0000000100070340
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 0000000100070420
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 0000000100070260
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 0000000100070270
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000001000703d0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000001000701f0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 0000000100070210
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 0000000100070200
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000001000703f0
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 0000000100070400
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 0000000100070220
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 0000000100070280
.text C:\Windows\system32\Dwm.exe[1480] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\Explorer.EXE[1488] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\Explorer.EXE[1488] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\System32\spoolsv.exe[1684] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
Fortsetzung folgt... |
|
23.06.2014, 12:44
| #6 |
| | Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen)Code:
ATTFilter .text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\taskhost.exe[1704] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\svchost.exe[1756] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189
.text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1896] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1936] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Program Files\Bonjour\mDNSResponder.exe[2028] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe[1096] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\taskeng.exe[1448] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe[1604] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\SysWOW64\svchost.exe[1888] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Windows\SysWOW64\irstrtsv.exe[1840] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Windows\System32\svchost.exe[812] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\System32\svchost.exe[612] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe[1304] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\svchost.exe[2140] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe[2164] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\taskeng.exe[472] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
|
|
23.06.2014, 12:45
| #7 |
| | Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen)Code:
ATTFilter .text C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe[1556] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe[2564] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe[3088] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe[3096] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Program Files\Windows Sidebar\sidebar.exe[3168] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Users\Samsung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3216] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe[3296] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe[3296] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076061465 2 bytes [06, 76]
.text C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe[3296] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 00000000760614bb 2 bytes [06, 76]
.text ... * 2
.text C:\Program Files\AVAST Software\Avast\AvastUI.exe[3332] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Program Files (x86)\HP\Digital Imaging\bin\HpqSRmon.exe[3352] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Program Files (x86)\HP\HP Software Update\hpwuSchd2.exe[3360] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3388] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtClose 000000007792f9e0 5 bytes JMP 000000016ff6f270
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 000000007792fa28 5 bytes JMP 000000016ff6f8d2
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 000000007792fa40 5 bytes JMP 000000016ff6e00d
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 000000007792fa90 5 bytes JMP 000000016ff6db69
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 000000007792faa8 5 bytes JMP 000000016ff6de5a
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 000000007792fb40 5 bytes JMP 000000016ff6fb12
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 000000007792fc38 5 bytes JMP 000000016ff7accc
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 000000007792fd4c 5 bytes JMP 000000016ff6d9b1
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 000000007792fd64 5 bytes JMP 000000016ff7a2ee
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 000000007792fd98 5 bytes JMP 000000016ff7a5e9
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 000000007792fe44 5 bytes JMP 000000016ff6ee45
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 000000007792fe5c 5 bytes JMP 000000016ff7a417
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 00000000779300b4 5 bytes JMP 000000016ff7a133
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 00000000779301c4 5 bytes JMP 000000016ff6e1b5
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted 0000000077930754 5 bytes JMP 000000016ff6fbb4
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 00000000779309e4 5 bytes JMP 000000016ff7a32b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 00000000779309fc 5 bytes JMP 000000016ff6d785
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077930a44 5 bytes JMP 000000016ff6e36b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077930b80 5 bytes JMP 000000016ff6d89b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077930f70 5 bytes JMP 000000016ff6e7f8
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077930f88 5 bytes JMP 000000016ff6e994
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077931018 5 bytes JMP 000000016ff6f95f
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted 0000000077931030 5 bytes JMP 000000016ff6fa82
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx 0000000077931048 5 bytes JMP 000000016ff6f9ef
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 000000007793133c 5 bytes JMP 000000016ff7a500
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 000000007793147c 5 bytes JMP 000000016ff6e66b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077931528 5 bytes JMP 000000016ff6eb58
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077931718 5 bytes JMP 000000016ff6e4e3
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077931a58 5 bytes JMP 000000016ff6dd12
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077931b9c 5 bytes JMP 000000016ff6ecda
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\syswow64\kernel32.dll!CreateProcessW 00000000753a103d 5 bytes JMP 000000016ff535da
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\syswow64\kernel32.dll!CreateProcessA 00000000753a1072 5 bytes JMP 000000016ff53a3e
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 00000000753cc9b5 5 bytes JMP 000000016ff536f4
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\syswow64\kernel32.dll!WinExec 0000000075422ff1 5 bytes JMP 000000016ff53938
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000075922642 5 bytes JMP 000000016ff53c4b
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000077309ebd 5 bytes JMP 000000016d3d7099
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000077310afa 5 bytes JMP 000000016d3dbbee
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000077311361 5 bytes JMP 000000016d3ea336
.text C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe[3560] C:\Windows\syswow64\USER32.dll!ValidateRect 0000000077317849 5 bytes JMP 000000016d550f1a
.text C:\Program Files (x86)\MSR\Privoxy\privoxy.exe[3580] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\SearchIndexer.exe[3656] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\svchost.exe[3860] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 00000000778e03b0
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Windows\system32\wbem\wmiprvse.exe[3240] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077753b10 5 bytes JMP 000000010029075c
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077757ac0 5 bytes JMP 00000001002903a4
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077781430 5 bytes JMP 0000000100290b14
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077781490 5 bytes JMP 0000000100290ecc
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 000000010029163c
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777817b0 5 bytes JMP 0000000100291284
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd9c6e00 5 bytes JMP 000007ff7d9e1dac
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd9c6f2c 5 bytes JMP 000007ff7d9e0ecc
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd9c7220 5 bytes JMP 000007ff7d9e1284
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd9c739c 5 bytes JMP 000007ff7d9e163c
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd9c7538 5 bytes JMP 000007ff7d9e19f4
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9c75e8 5 bytes JMP 000007ff7d9e03a4
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd9c790c 5 bytes JMP 000007ff7d9e075c
.text C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe[4364] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd9c7ab4 5 bytes JMP 000007ff7d9e0b14
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007792fac0 5 bytes JMP 00000001000d0600
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007792fb58 5 bytes JMP 00000001000d0804
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007792fcb0 5 bytes JMP 00000001000d0c0c
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077930038 5 bytes JMP 00000001000d0a08
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007794c4dd 5 bytes JMP 00000001000d01f8
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077951287 5 bytes JMP 00000001000d03fc
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007730ee09 5 bytes JMP 00000001000e01f8
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077313982 5 bytes JMP 00000001000e03fc
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077317603 5 bytes JMP 00000001000e0804
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007731835c 5 bytes JMP 00000001000e0600
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007732f52b 5 bytes JMP 00000001000e0a08
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075765181 5 bytes JMP 00000001000f1014
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075765254 5 bytes JMP 00000001000f0804
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000757653d5 5 bytes JMP 00000001000f0a08
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000757654c2 5 bytes JMP 00000001000f0c0c
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000757655e2 5 bytes JMP 00000001000f0e10
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007576567c 5 bytes JMP 00000001000f01f8
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007576589f 3 bytes JMP 00000001000f03fc
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 4 00000000757658a3 1 byte [8A]
.text C:\Windows\SysWOW64\ctfmon.exe[4448] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075765a22 5 bytes JMP 00000001000f0600
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!LdrUnloadDll 0000000077753b10 5 bytes JMP 000000010036075c
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!LdrLoadDll 0000000077757ac0 5 bytes JMP 00000001003603a4
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077781360 5 bytes JMP 00000000778e0440
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 00000000777813b0 5 bytes JMP 00000000778e0430
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtAllocateVirtualMemory 0000000077781430 5 bytes JMP 0000000100360b14
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtFreeVirtualMemory 0000000077781490 5 bytes JMP 0000000100360ecc
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077781560 5 bytes JMP 00000000778e0450
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077781570 5 bytes JMP 000000010036163c
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077781620 5 bytes JMP 00000000778e0320
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077781650 5 bytes JMP 00000000778e0380
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 00000000777816b0 5 bytes JMP 00000000778e02e0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077781700 5 bytes JMP 00000000778e0410
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077781730 5 bytes JMP 00000000778e02d0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077781750 5 bytes JMP 00000000778e0310
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077781790 5 bytes JMP 00000000778e0390
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtProtectVirtualMemory 00000000777817b0 5 bytes JMP 0000000100361284
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 00000000777817e0 5 bytes JMP 00000000778e03c0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077781940 5 bytes JMP 00000000778e0230
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077781b00 5 bytes JMP 00000000778e0460
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077781b30 5 bytes JMP 00000000778e0370
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077781c10 5 bytes JMP 00000000778e02f0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077781c20 5 bytes JMP 00000000778e0350
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077781c80 5 bytes JMP 00000000778e0290
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077781d10 5 bytes JMP 00000000778e02b0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077781d30 5 bytes JMP 00000000778e03a0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077781d40 5 bytes JMP 00000000778e0330
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077781db0 5 bytes JMP 00000000778e03e0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077781de0 5 bytes JMP 00000000778e0240
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 00000000777820a0 5 bytes JMP 00000000778e01e0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077782160 5 bytes JMP 00000000778e0250
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077782190 5 bytes JMP 00000000778e0470
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 00000000777821a0 5 bytes JMP 00000000778e0480
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 00000000777821d0 5 bytes JMP 00000000778e0300
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 00000000777821e0 5 bytes JMP 00000000778e0360
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077782240 5 bytes JMP 00000000778e02a0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077782290 5 bytes JMP 00000000778e02c0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 00000000777822d0 5 bytes JMP 00000000778e0340
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 00000000777825c0 5 bytes JMP 00000000778e0420
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 00000000777827c0 5 bytes JMP 00000000778e0260
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 00000000777827d0 5 bytes JMP 00000000778e0270
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777827e0 5 bytes JMP 00000000778e03d0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 00000000777829a0 5 bytes JMP 00000000778e01f0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 00000000777829b0 5 bytes JMP 00000000778e0210
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077782a20 5 bytes JMP 00000000778e0200
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077782a80 5 bytes JMP 00000000778e03f0
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077782a90 5 bytes JMP 00000000778e0400
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077782aa0 5 bytes JMP 00000000778e0220
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077782b80 5 bytes JMP 00000000778e0280
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\sechost.dll!SetServiceObjectSecurity 000007fefd9c6e00 5 bytes JMP 000007ff7d9e1dac
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigA 000007fefd9c6f2c 5 bytes JMP 000007ff7d9e0ecc
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfigW 000007fefd9c7220 5 bytes JMP 000007ff7d9e1284
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2A 000007fefd9c739c 5 bytes JMP 000007ff7d9e163c
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\sechost.dll!ChangeServiceConfig2W 000007fefd9c7538 5 bytes JMP 000007ff7d9e19f4
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\sechost.dll!CreateServiceA 000007fefd9c75e8 5 bytes JMP 000007ff7d9e03a4
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\sechost.dll!CreateServiceW 000007fefd9c790c 5 bytes JMP 000007ff7d9e075c
.text C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe[4612] C:\Windows\SYSTEM32\sechost.dll!DeleteService 000007fefd9c7ab4 5 bytes JMP 000007ff7d9e0b14
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtAllocateVirtualMemory 000000007792fac0 5 bytes JMP 00000001003c0600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtFreeVirtualMemory 000000007792fb58 5 bytes JMP 00000001003c0804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007792fcb0 5 bytes JMP 00000001003c0c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077930038 5 bytes JMP 00000001003c0a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!LdrLoadDll 000000007794c4dd 5 bytes JMP 00000001003c01f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\ntdll.dll!LdrUnloadDll 0000000077951287 5 bytes JMP 00000001003c03fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\KERNEL32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity 0000000075765181 5 bytes JMP 00000001003d1014
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA 0000000075765254 5 bytes JMP 00000001003d0804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigW 00000000757653d5 5 bytes JMP 00000001003d0a08
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2A 00000000757654c2 5 bytes JMP 00000001003d0c0c
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W 00000000757655e2 5 bytes JMP 00000001003d0e10
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\sechost.dll!CreateServiceA 000000007576567c 5 bytes JMP 00000001003d01f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\sechost.dll!CreateServiceW 000000007576589f 5 bytes JMP 00000001003d03fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\SysWOW64\sechost.dll!DeleteService 0000000075765a22 5 bytes JMP 00000001003d0600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!SetWinEventHook 000000007730ee09 5 bytes JMP 00000001003e01f8
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!UnhookWinEvent 0000000077313982 5 bytes JMP 00000001003e03fc
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExW 0000000077317603 5 bytes JMP 00000001003e0804
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!SetWindowsHookExA 000000007731835c 5 bytes JMP 00000001003e0600
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe[4940] C:\Windows\syswow64\USER32.dll!UnhookWindowsHookEx 000000007732f52b 5 bytes JMP 00000001003e0a08
.text C:\Windows\system32\wbem\wmiprvse.exe[5112] C:\Windows\system32\kernel32.dll!GetBinaryTypeW + 189 000000007756ef8d 1 byte [62]
.text C:\Users\Samsung\Downloads\Gmer-19357.exe[4620] C:\Windows\syswow64\kernel32.dll!GetBinaryTypeW + 112 00000000753ca2fd 1 byte [62]
---- Devices - GMER 2.1 ----
Device \Driver\usbccgp \Device\00000088 fffff8801934e450
---- Processes - GMER 2.1 ----
Library C:\Users\Samsung\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe [3296](2014-01-03 01:09:26) 0000000003bc0000
Library c:\users\samsung\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0ivjmk.dll (*** suspicious ***) @ C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe [3296](2014-06-23 09:55:29) 0000000005090000
Library C:\Users\Samsung\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe [3296](2013-08-23 19:01:44) 000000006b0a0000
Library C:\Users\Samsung\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe [3296] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 00000000695d0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [3560] 000000006d3b0000
Library C:\Program Files\AVAST Software\Avast\setup\avast.setup (*** suspicious ***) @ C:\Program Files\AVAST Software\Avast\setup\avast.setup [4212] 0000000000030000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{E66D44C3-6123-4B2B-AA60-5257C62822F9}\Connection@Name isatap.{BF02455C-930E-44E3-9D57-26FC85F6E4DB}
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Bind \Device\{6F6D3CF0-9D91-47B9-BF7F-9C1F4F13BB17}?\Device\{E66D44C3-6123-4B2B-AA60-5257C62822F9}?\Device\{75284571-5E39-4C7E-9579-DA6E227A348A}?\Device\{B6DB24B6-2FD3-44F2-9B3B-353DB50EE3F0}?\Device\{FF6D2E4C-7802-4146-99EB-16A3CF06838A}?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Route "{6F6D3CF0-9D91-47B9-BF7F-9C1F4F13BB17}"?"{E66D44C3-6123-4B2B-AA60-5257C62822F9}"?"{75284571-5E39-4C7E-9579-DA6E227A348A}"?"{B6DB24B6-2FD3-44F2-9B3B-353DB50EE3F0}"?"{FF6D2E4C-7802-4146-99EB-16A3CF06838A}"?
Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage@Export \Device\TCPIP6TUNNEL_{6F6D3CF0-9D91-47B9-BF7F-9C1F4F13BB17}?\Device\TCPIP6TUNNEL_{E66D44C3-6123-4B2B-AA60-5257C62822F9}?\Device\TCPIP6TUNNEL_{75284571-5E39-4C7E-9579-DA6E227A348A}?\Device\TCPIP6TUNNEL_{B6DB24B6-2FD3-44F2-9B3B-353DB50EE3F0}?\Device\TCPIP6TUNNEL_{FF6D2E4C-7802-4146-99EB-16A3CF06838A}?
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{E66D44C3-6123-4B2B-AA60-5257C62822F9}@InterfaceName isatap.{BF02455C-930E-44E3-9D57-26FC85F6E4DB}
Reg HKLM\SYSTEM\CurrentControlSet\services\iphlpsvc\Parameters\Isatap\{E66D44C3-6123-4B2B-AA60-5257C62822F9}@ReusableType 0
---- EOF - GMER 2.1 ----
|
|
23.06.2014, 19:02
| #8 |
| /// the machine /// TB-Ausbilder | Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen) hi, Adware & Co. deinstallieren
Solltest Du ein Programm nicht finden oder nicht deinstallieren können, mache bitte mit dem nächsten Schritt weiter: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Scan mit Combofix
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
23.06.2014, 20:29
| #9 |
| | Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen)Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Samsung at 2014-06-23 20:27:16 Run:1
Running from C:\Users\Samsung\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
==== End of Fixlog ====
Code:
ATTFilter ComboFix 14-06-23.01 - Samsung 23.06.2014 20:32:57.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3990.886 [GMT 2:00]
ausgeführt von:: c:\users\Samsung\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\3b283e273a3c3e453930_c
c:\windows\MICROSOFT
c:\windows\MICROSOFT\SystemUpdatekb70007\Installer.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\InstallerLibrary.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\Newtonsoft.Json.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\SQLite.Interop.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\System.Data.SQLite.dll
c:\windows\MICROSOFT\SystemUpdatekb70007\win32.reg
c:\windows\MICROSOFT\SystemUpdatekb70007\WindowsUpdater.exe
c:\windows\TEMP\._msige61\GoogleEarth.exe
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGAttrs.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGGfx.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogl\IGSg.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\D3DCompiler_43.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\d3dx9_43.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGAttrs.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGGfx.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\IGSg.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libEGL.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\ogles20\libGLESv2.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemy\optimizations\IGOptExtension.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\alchemyext.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\earthflashsol.exe
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\earthps.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\ge_expat.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\googleearth.exe
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\googleearth_free.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\gpsbabel.exe
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\icudt.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGAttrs.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGCore.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGExportCommon.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGGfx.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGMath.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGOpt.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGSg.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\IGUtils.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\imageformats\qgif4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\imageformats\qjpeg4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\Leap.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\msvcp100.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\msvcr100.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\Plugins\npgeinprocessplugin.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\QtCore4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\QtGui4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\QtNetwork4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\QtWebKit4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\client\wavdest.ax
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGAttrs.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGGfx.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogl\IGSg.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\D3DCompiler_43.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\d3dx9_43.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGAttrs.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGGfx.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\IGSg.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libEGL.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\ogles20\libGLESv2.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemy\optimizations\IGOptExtension.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\alchemyext.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\earthps.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\ge_expat.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\geplugin.exe
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\googleearth_free.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\icudt.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGAttrs.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGCore.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGExportCommon.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGGfx.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGMath.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGOpt.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGSg.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\IGUtils.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\imageformats\qgif4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\imageformats\qjpeg4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\Leap.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\msvcp100.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\msvcr100.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\npgeplugin.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\plugin_ax.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\QtCore4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\QtGui4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\QtNetwork4.dll
c:\windows\TEMP\._msige61\program files\Google\Google Earth\plugin\QtWebKit4.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_SystemUpdatekb70007
-------\Service_SystemUpdatekb70007
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-05-23 bis 2014-06-23 ))))))))))))))))))))))))))))))
.
.
2014-06-23 19:06 . 2014-06-23 19:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-23 18:10 . 2014-06-23 18:10 -------- d-----w- c:\users\Samsung\AppData\Roaming\VSRevoGroup
2014-06-23 18:04 . 2014-06-23 18:04 -------- d-----w- c:\program files (x86)\VS Revo Group
2014-06-20 08:21 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{6709574E-39E8-4206-B5DC-FC2773C4FB85}\mpengine.dll
2014-06-18 21:47 . 2014-06-23 18:27 -------- d-----w- C:\FRST
2014-06-14 13:09 . 2014-06-14 13:25 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-06-14 13:08 . 2014-06-14 13:08 -------- d-----w- c:\program files (x86)\ Malwarebytes Anti-Malware
2014-06-14 13:08 . 2014-06-14 13:08 -------- d-----w- c:\programdata\Malwarebytes
2014-06-14 13:08 . 2014-05-12 05:26 63704 ----a-w- c:\windows\system32\drivers\mwac.sys
2014-06-14 13:08 . 2014-05-12 05:26 91352 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2014-06-14 13:08 . 2014-05-12 05:25 25816 ----a-w- c:\windows\system32\drivers\mbam.sys
2014-06-12 07:46 . 2014-04-05 02:47 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-06-12 07:46 . 2014-04-05 02:47 288192 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-12 07:46 . 2014-04-25 02:34 801280 ----a-w- c:\windows\system32\usp10.dll
2014-06-12 07:46 . 2014-04-25 02:06 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2014-06-12 07:46 . 2014-03-26 14:44 2002432 ----a-w- c:\windows\system32\msxml6.dll
2014-06-12 07:46 . 2014-03-26 14:44 1882112 ----a-w- c:\windows\system32\msxml3.dll
2014-06-12 07:46 . 2014-03-26 14:27 1389056 ----a-w- c:\windows\SysWow64\msxml6.dll
2014-06-12 07:46 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml6r.dll
2014-06-12 07:46 . 2014-03-26 14:27 1237504 ----a-w- c:\windows\SysWow64\msxml3.dll
2014-06-12 07:46 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2014-06-12 07:46 . 2014-03-26 14:25 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
2014-06-12 07:46 . 2014-03-26 14:41 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-06-10 10:54 . 2014-06-10 12:17 -------- d-----w- c:\users\Samsung\AppData\Roaming\MAXQDA11
2014-06-10 10:54 . 2014-06-10 10:54 -------- d-----w- c:\program files (x86)\MAXQDA11
2014-06-10 10:54 . 2014-06-10 10:54 -------- d-----w- c:\programdata\MAXQDA11
2014-05-29 15:27 . 2014-05-29 15:27 -------- d-----w- c:\program files (x86)\predm
2014-05-29 15:26 . 2014-05-29 15:26 -------- d-----w- C:\adobeTemp
2014-05-29 09:32 . 2014-05-29 09:32 -------- d-----w- c:\users\Samsung\AppData\Local\Genesis_05290932
2014-05-29 09:30 . 2014-05-29 09:30 -------- d-----w- c:\users\Samsung\AppData\Local\Genesis_05290930
2014-05-29 09:17 . 2014-05-29 09:18 -------- d-----w- c:\program files (x86)\MSR
2014-05-29 09:09 . 2014-05-29 09:09 -------- d-sh--w- c:\users\Samsung\AppData\Local\EmieUserList
2014-05-29 09:09 . 2014-05-29 09:09 -------- d-sh--w- c:\users\Samsung\AppData\Local\EmieSiteList
2014-05-29 09:07 . 2014-05-29 15:28 -------- d-----w- c:\program files (x86)\fst_de_18
2014-05-29 09:07 . 2014-05-29 09:07 -------- d-----w- c:\users\Samsung\AppData\Roaming\InetStat
2014-05-28 20:25 . 2014-05-28 20:25 -------- d-----w- c:\program files\Enigma Software Group
2014-05-28 20:24 . 2014-05-29 15:21 -------- d-----w- c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-28 20:24 . 2014-05-28 20:24 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-05-28 17:56 . 2014-05-28 17:56 -------- d-----w- c:\users\Samsung\AppData\Roaming\SupTab
2014-05-28 17:56 . 2014-06-15 05:36 -------- d-----w- c:\programdata\IePluginServices
2014-05-25 16:44 . 2014-05-25 16:44 -------- d-----w- c:\users\Samsung\AppData\Roaming\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-06-19 00:37 . 2013-06-21 08:31 588496 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2014-06-15 01:04 . 2013-01-10 21:29 95414520 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 07:11 . 2012-12-18 13:00 70832 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-05-14 07:11 . 2012-12-18 13:00 692400 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-05-09 06:14 . 2014-05-14 07:02 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-14 07:02 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-04-12 02:22 . 2014-05-14 07:00 155072 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2014-04-12 02:22 . 2014-05-14 07:00 95680 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2014-04-12 02:19 . 2014-05-14 07:00 136192 ----a-w- c:\windows\system32\sspicli.dll
2014-04-12 02:19 . 2014-05-14 07:00 29184 ----a-w- c:\windows\system32\sspisrv.dll
2014-04-12 02:19 . 2014-05-14 07:00 28160 ----a-w- c:\windows\system32\secur32.dll
2014-04-12 02:19 . 2014-05-14 07:00 1460736 ----a-w- c:\windows\system32\lsasrv.dll
2014-04-12 02:19 . 2014-05-14 07:00 31232 ----a-w- c:\windows\system32\lsass.exe
2014-04-12 02:12 . 2014-05-14 07:00 22016 ----a-w- c:\windows\SysWow64\secur32.dll
2014-04-12 02:10 . 2014-05-14 07:00 96768 ----a-w- c:\windows\SysWow64\sspicli.dll
2014-03-31 07:35 . 2012-12-18 13:14 270496 ------w- c:\windows\system32\MpSigStub.exe
2013-06-10 09:15 . 2012-01-24 08:22 2176512 ----a-w- c:\program files\gsv50w64.exe
2013-06-10 09:15 . 2012-01-24 08:22 2032640 ----a-w- c:\program files\gsv50w32.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-04 14:51 223432 ----a-w- c:\users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-04 14:51 223432 ----a-w- c:\users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-04 14:51 223432 ----a-w- c:\users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
.
c:\users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AMPPALP;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Protokoll;c:\windows\system32\DRIVERS\amppal.sys;c:\windows\SYSNATIVE\DRIVERS\amppal.sys [x]
R3 BrYNSvc;BrYNSvc;c:\program files (x86)\Browny02\BrYNSvc.exe;c:\program files (x86)\Browny02\BrYNSvc.exe [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
S0 excsd;ExpressCache Storage Filter Driver;c:\windows\system32\DRIVERS\excsd.sys;c:\windows\SYSNATIVE\DRIVERS\excsd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 ctxusbm;Citrix USB Monitor Driver;c:\windows\system32\DRIVERS\ctxusbm.sys;c:\windows\SYSNATIVE\DRIVERS\ctxusbm.sys [x]
S1 excfs;ExpressCache File System Filter Driver;c:\windows\system32\DRIVERS\excfs.sys;c:\windows\SYSNATIVE\DRIVERS\excfs.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys;c:\windows\SYSNATIVE\Drivers\SABI.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed Service;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe;c:\program files\Intel\BluetoothHS\BTHSAmpPalService.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) 3.0 + High Speed Security Service;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe;c:\program files\Intel\BluetoothHS\BTHSSecurityMgr.exe [x]
S2 ClickToRunSvc;Microsoft Office-Klick-und-Los-Dienst;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe;c:\program files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [x]
S2 ExpressCache;ExpressCache;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe;c:\program files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [x]
S2 irstrtsv;Intel(R) Rapid Start Technology Service;c:\windows\SysWOW64\irstrtsv.exe;c:\windows\SysWOW64\irstrtsv.exe [x]
S2 SamsungDeviceConfigurationWinService;SamsungDeviceConfiguration;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe;c:\program files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 AMPPAL;Intel® Centrino® Wireless Bluetooth® 3.0 + High Speed - Virtueller Adapter;c:\windows\system32\DRIVERS\AMPPAL.sys;c:\windows\SYSNATIVE\DRIVERS\AMPPAL.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys;c:\windows\SYSNATIVE\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys;c:\windows\SYSNATIVE\DRIVERS\asmtxhci.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x]
S3 irstrtdv;Intel(R) Rapid Start Technology Driver;c:\windows\system32\DRIVERS\irstrtdv.sys;c:\windows\SYSNATIVE\DRIVERS\irstrtdv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-12 18:00 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-06-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-18 07:11]
.
2014-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-18 13:05]
.
2014-06-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-18 13:05]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-04-04 14:51 262344 ----a-w- c:\users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-04-04 14:51 262344 ----a-w- c:\users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-04-04 14:51 262344 ----a-w- c:\users\Samsung\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2014-06-19 00:40 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2014-06-19 00:40 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2014-06-19 00:40 2335960 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\Samsung\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2014-02-27 558496]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://search.v9.com/web/?type=ds&ts=1401299731&from=cvs4&uid=SanDiskXSSDXi100X16GB_181000120312&i=psd&t=3433d5ec5&q={searchTerms}
uInternet Settings,ProxyOverride = <-loopback>
uInternet Settings,ProxyServer = http=127.0.0.1:8118;https=127.0.0.1:8118
uSearchAssistant = hxxp://www.google.com
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\program files\Microsoft Office 15\Root\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\program files\Microsoft Office 15\Root\Office15\ONBttnIE.dll/105
TCP: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{459A5E2F-6ED2-41B3-84B9-49B700994514}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FF - ProfilePath - c:\users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t6nayio3.default\
FF - prefs.js: network.proxy.ssl_port - 8118
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_13_0_0_214_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.13"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_13_0_0_214.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-06-23 21:15:05 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2014-06-23 19:15
.
Vor Suchlauf: 36 Verzeichnis(se), 250.905.325.568 Bytes frei
Nach Suchlauf: 42 Verzeichnis(se), 251.367.174.144 Bytes frei
.
- - End Of File - - 3E873D883DAB2F3BE4B1631CB07CE5CD
5FB38429D5D77768867C76DCBDB35194
|
|
24.06.2014, 17:06
| #10 |
| /// the machine /// TB-Ausbilder | Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen) Downloade Dir bitte  Malwarebytes Anti-Malware
Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
und ein frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
24.06.2014, 20:42
| #11 |
| | Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen)Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlauf Datum: 24.06.2014 Suchlauf-Zeit: 20:30:02 Logdatei: mbam.txt Administrator: Ja Version: 2.00.2.1012 Malware Datenbank: v2014.03.04.09 Rootkit Datenbank: v2014.06.02.01 Lizenz: Kostenlos Malware Schutz: Deaktiviert Bösartiger Webseiten Schutz: Deaktiviert Self-protection: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: Samsung Suchlauf-Art: Bedrohungs-Suchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 264218 Verstrichene Zeit: 18 Min, 42 Sek Speicher: Aktiviert Autostart: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristics: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (No malicious items detected) Module: 0 (No malicious items detected) Registrierungsschlüssel: 0 (No malicious items detected) Registrierungswerte: 0 (No malicious items detected) Registrierungsdaten: 0 (No malicious items detected) Ordner: 0 (No malicious items detected) Dateien: 0 (No malicious items detected) Physische Sektoren: 0 (No malicious items detected) (end) Code:
ATTFilter # AdwCleaner v3.002 - Bericht erstellt am 03/09/2013 um 19:40:14
# Updated 01/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Samsung - SAMSUNG-PC
# Gestartet von : C:\Users\Samsung\Downloads\adwcleaner_3002.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
[x] Nicht Gelöscht : C:\ProgramData\Babylon
[x] Nicht Gelöscht : C:\ProgramData\DealPlyLive
[x] Nicht Gelöscht : C:\ProgramData\eSafe
[x] Nicht Gelöscht : C:\ProgramData\IBUpdaterService
[x] Nicht Gelöscht : C:\ProgramData\Tarma Installer
[x] Nicht Gelöscht : C:\Program Files (x86)\DealPly
[x] Nicht Gelöscht : C:\Program Files (x86)\DealPlyLive
[x] Nicht Gelöscht : C:\Program Files (x86)\Common Files\337
[x] Nicht Gelöscht : C:\Users\Samsung\AppData\Local\DealPlyLive
[x] Nicht Gelöscht : C:\Users\Samsung\AppData\Local\Temp\Desk365
[x] Nicht Gelöscht : C:\Users\Samsung\AppData\Roaming\Babylon
[x] Nicht Gelöscht : C:\Users\Samsung\AppData\Roaming\DealPly
[x] Nicht Gelöscht : C:\Users\Samsung\AppData\Roaming\eIntaller
[x] Nicht Gelöscht : C:\Users\Samsung\AppData\Roaming\PerformerSoft
[x] Nicht Gelöscht : C:\Windows\System32\roboot64.exe
[x] Nicht Gelöscht : C:\Windows\Tasks\Dealply.job
[x] Nicht Gelöscht : C:\Windows\System32\Tasks\Dealply
***** [ Verknüpfungen ] *****
[x] Nicht Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
Verknüpfung Desinfiziert : C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk
Verknüpfung Desinfiziert : C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[x] Nicht Desinfiziert : C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
***** [ Registrierungsdatenbank ] *****
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
[x] Nicht Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
[x] Nicht Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
[x] Nicht Gelöscht : HKLM\SOFTWARE\90db8bb63cee49
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
[x] Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
[x] Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x] Nicht Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[x] Nicht Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[x] Nicht Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
[x] Nicht Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
[x] Nicht Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
[x] Nicht Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
[x] Nicht Gelöscht : [x64] HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[x] Nicht Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
[x] Nicht Gelöscht : HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command [Default]
[x] Nicht Gelöscht : HKCU\Software\BabSolution
[x] Nicht Gelöscht : HKCU\Software\DataMngr
[#] Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\dealplylive
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\powerpack
Schlüssel Gelöscht : HKCU\Software\SmartBar
[x] Nicht Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\Software\dealplylive
Schlüssel Gelöscht : HKLM\Software\Desksvc
Schlüssel Gelöscht : HKLM\Software\qvo6Software
Schlüssel Gelöscht : HKLM\Software\V9
Schlüssel Gelöscht : [x64] HKCU\Software\BabSolution
Schlüssel Gelöscht : [x64] HKCU\Software\DataMngr
[x] Nicht Gelöscht : [x64] HKCU\Software\Softonic
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Tarma Installer
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16660
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]
Einstellung Wiederhergestellt : HKCU\Software\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Page_URL]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
-\\ Google Chrome v29.0.1547.62
[ Datei : C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8435 octets] - [03/09/2013 19:36:32]
AdwCleaner[S0].txt - [7008 octets] - [03/09/2013 19:40:14]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7068 octets] ##########
Code:
ATTFilter # AdwCleaner v3.002 - Bericht erstellt am 03/09/2013 um 19:45:37
# Updated 01/09/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Samsung - SAMSUNG-PC
# Gestartet von : C:\Users\Samsung\Downloads\adwcleaner_3002.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\DealPlyLive
Ordner Gelöscht : C:\ProgramData\eSafe
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Program Files (x86)\DealPly
Ordner Gelöscht : C:\Program Files (x86)\DealPlyLive
Ordner Gelöscht : C:\Program Files (x86)\Common Files\337
Ordner Gelöscht : C:\Users\Samsung\AppData\Local\DealPlyLive
Ordner Gelöscht : C:\Users\Samsung\AppData\Local\Temp\Desk365
Ordner Gelöscht : C:\Users\Samsung\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\Samsung\AppData\Roaming\DealPly
Ordner Gelöscht : C:\Users\Samsung\AppData\Roaming\eIntaller
Ordner Gelöscht : C:\Users\Samsung\AppData\Roaming\PerformerSoft
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Windows\Tasks\Dealply.job
Datei Gelöscht : C:\Windows\System32\Tasks\Dealply
***** [ Verknüpfungen ] *****
Verknüpfung Desinfiziert : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk
Verknüpfung Desinfiziert : C:\Users\Samsung\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk
***** [ Registrierungsdatenbank ] *****
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SnapDo_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WebCakeDesktop_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\dealplylive.exe
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\DeskSvc
Schlüssel Gelöscht : HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\WsysSvc
Schlüssel Gelöscht : HKLM\SOFTWARE\90db8bb63cee49
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0AFD55C8-ADF8-4A33-A6E1-DEDB7A36AEB4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2CE4D4CF-B278-4126-AD1E-B622DA2E8339}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DF84E609-C3A4-49CB-A160-61767DAF8899}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}
Schlüssel Gelöscht : HKCU\Software\Softonic
***** [ Browser ] *****
-\\ Internet Explorer v10.0.9200.16660
-\\ Google Chrome v29.0.1547.62
[ Datei : C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\preferences ]
*************************
AdwCleaner[R0].txt - [8435 octets] - [03/09/2013 19:36:32]
AdwCleaner[R1].txt - [5707 octets] - [03/09/2013 19:44:18]
AdwCleaner[S0].txt - [7188 octets] - [03/09/2013 19:40:14]
AdwCleaner[S1].txt - [4761 octets] - [03/09/2013 19:45:37]
########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [4821 octets] ##########
Code:
ATTFilter # AdwCleaner v3.213 - Bericht erstellt am 24/06/2014 um 21:14:56
# Aktualisiert 23/06/2014 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Samsung - SAMSUNG-PC
# Gestartet von : C:\Users\Samsung\Downloads\adwcleaner_3.213.exe
# Option : Löschen
***** [ Dienste ] *****
***** [ Dateien / Ordner ] *****
Ordner Gelöscht : C:\ProgramData\IePluginServices
Ordner Gelöscht : C:\Program Files (x86)\MSR
Ordner Gelöscht : C:\Program Files (x86)\predm
Ordner Gelöscht : C:\Users\Samsung\AppData\Local\MediaBA
Ordner Gelöscht : C:\Users\Samsung\AppData\Roaming\InetStat
Ordner Gelöscht : C:\Users\Samsung\AppData\Roaming\SupTab
Ordner Gelöscht : C:\Users\Samsung\AppData\Roaming\Windows Net Data
Ordner Gelöscht : C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t6nayio3.default\Extensions\quick_start@gmail.com
Datei Gelöscht : C:\END
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\v9.xml
Datei Gelöscht : C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
Datei Gelöscht : C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\System32\Tasks\Desk 365 RunAsStdUser
***** [ Verknüpfungen ] *****
***** [ Registrierungsdatenbank ] *****
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [quick_start@gmail.com]
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\cacclhdpfoingihegojhoipnihfnoaki
Schlüssel Gelöscht : HKCU\Software\Classes\pokki
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\speedupmypc
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamInternetEnhancer_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{AF175732-0D59-716D-F757-9F1492D808D9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{A75BE48D-BF58-4A8B-B96C-F9A09DFB9844}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\TutoTag
Schlüssel Gelöscht : HKLM\Software\hdcode
Schlüssel Gelöscht : HKLM\Software\SupDp
Schlüssel Gelöscht : HKLM\Software\SupTab
Schlüssel Gelöscht : HKLM\Software\Tutorials
Schlüssel Gelöscht : HKLM\Software\Uniblue
Schlüssel Gelöscht : HKLM\Software\V9Software
Schlüssel Gelöscht : HKLM\Software\Wpm
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Iminent
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\VIS
***** [ Browser ] *****
-\\ Internet Explorer v11.0.9600.17126
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Search Page]
Einstellung Wiederhergestellt : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchUrl [Default]
-\\ Mozilla Firefox v26.0 (de)
[ Datei : C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t6nayio3.default\prefs.js ]
-\\ Google Chrome v35.0.1916.153
[ Datei : C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Gelöscht [Search Provider] : hxxp://search.v9.com/web/?type=dspp&ts=1401354206&from=cvs4&uid=SanDiskXSSDXi100X16GB_181000120312&i=psd&t=34345aeb2&q={searchTerms}
Gelöscht [Extension] : cacclhdpfoingihegojhoipnihfnoaki
*************************
AdwCleaner[R0].txt - [8435 octets] - [03/09/2013 19:36:32]
AdwCleaner[R1].txt - [5707 octets] - [03/09/2013 19:44:18]
AdwCleaner[R2].txt - [12920 octets] - [24/06/2014 20:51:09]
AdwCleaner[S0].txt - [7188 octets] - [03/09/2013 19:40:14]
AdwCleaner[S1].txt - [4913 octets] - [03/09/2013 19:45:37]
AdwCleaner[S2].txt - [12270 octets] - [24/06/2014 21:14:56]
########## EOF - C:\AdwCleaner\AdwCleaner[S2].txt - [12331 octets] ##########
Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Home Premium x64
Ran by Samsung on 24.06.2014 at 21:19:38,81
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Default_Page_URL
~~~ Registry Keys
Successfully deleted: [Registry Key] HKEY_CLASSES_ROOT\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\AppDataLow\software\coollyrics
Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-3279623851-2464560472-1099086217-1000\Software\sweetim
~~~ Files
~~~ Folders
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 24.06.2014 at 21:36:58,25
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Samsung (administrator) on SAMSUNG-PC on 24-06-2014 21:37:22
Running from C:\Users\Samsung\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Samsung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Dropbox, Inc.) C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3279623851-2464560472-1099086217-1000\...\Run: [Spotify Web Helper] => C:\Users\Samsung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-23] (Spotify Ltd)
Startup: C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF63FEF6214DDCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{459A5E2F-6ED2-41B3-84B9-49B700994514}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t6nayio3.default
FF NetworkProxy: " type", 1);user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t6nayio3.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-18]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-02]
Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://google.de/"
CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-29]
CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-29]
CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-29]
CHR Extension: (Google-Suche) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-29]
CHR Extension: (AdBlock) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-29]
CHR Extension: (avast! WebRep) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-12-22]
CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-16]
CHR Extension: (Google Mail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-29]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-12-18]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation) [File not signed]
R2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-31] (AVAST Software)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-24 21:36 - 2014-06-24 21:36 - 00001148 _____ () C:\Users\Samsung\Desktop\JRT.txt
2014-06-24 21:19 - 2014-06-24 21:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 21:18 - 2014-06-24 21:19 - 01016261 _____ (Thisisu) C:\Users\Samsung\Downloads\JRT.exe
2014-06-24 20:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-24 20:49 - 2014-06-24 20:50 - 01342659 _____ () C:\Users\Samsung\Downloads\adwcleaner_3.213.exe
2014-06-24 20:49 - 2014-06-24 20:49 - 00001161 _____ () C:\Users\Samsung\Desktop\mbam.txt
2014-06-24 15:19 - 2014-06-24 15:20 - 00332160 _____ () C:\Windows\Minidump\062414-26800-01.dmp
2014-06-24 14:46 - 2014-06-24 14:46 - 01724416 _____ () C:\Users\Samsung\Downloads\Thema_3_Neue_Wirtschaftsgeographie.ppt
2014-06-24 10:19 - 2014-06-24 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-23 21:15 - 2014-06-23 21:15 - 00034227 _____ () C:\ComboFix.txt
2014-06-23 20:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-23 20:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-23 20:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-23 20:29 - 2014-06-23 21:15 - 00000000 ____D () C:\Qoobox
2014-06-23 20:29 - 2014-06-23 21:11 - 00000000 ____D () C:\Windows\erdnt
2014-06-23 20:28 - 2014-06-23 20:28 - 05210951 ____R (Swearware) C:\Users\Samsung\Downloads\ComboFix.exe
2014-06-23 20:20 - 2014-06-23 20:20 - 00000000 ____D () C:\Users\Samsung\Downloads\FRST-OlderVersion
2014-06-23 20:10 - 2014-06-23 20:10 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\VSRevoGroup
2014-06-23 20:04 - 2014-06-23 20:04 - 00001274 _____ () C:\Users\Samsung\Desktop\Revo Uninstaller.lnk
2014-06-23 20:04 - 2014-06-23 20:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-23 20:03 - 2014-06-23 20:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Samsung\Downloads\revosetup95.exe
2014-06-23 15:09 - 2014-06-23 15:10 - 00262144 _____ () C:\Windows\Minidump\062314-25927-01.dmp
2014-06-23 12:34 - 2014-06-23 12:34 - 00024539 _____ () C:\Users\Samsung\Downloads\TrojanerBoard_LogFiles_Anna1234.7z
2014-06-23 12:33 - 2014-06-23 12:33 - 00024539 _____ () C:\Users\Samsung\TrojanerBoard_LogFiles_Anna1234.7z
2014-06-23 12:12 - 2014-06-23 12:12 - 00422210 _____ () C:\Users\Samsung\Downloads\gmerlog.log
2014-06-23 11:53 - 2014-06-23 11:53 - 00262144 _____ () C:\Windows\Minidump\062314-27487-01.dmp
2014-06-23 11:45 - 2014-06-23 11:45 - 00380416 _____ () C:\Users\Samsung\Downloads\Gmer-19357.exe
2014-06-21 15:34 - 2014-06-21 15:35 - 00336728 _____ () C:\Windows\Minidump\062114-29421-01.dmp
2014-06-19 02:18 - 2014-06-19 02:18 - 00262144 _____ () C:\Windows\Minidump\061914-14929-01.dmp
2014-06-18 23:49 - 2014-06-18 23:50 - 00029116 _____ () C:\Users\Samsung\Downloads\Addition.txt
2014-06-18 23:47 - 2014-06-24 21:37 - 00026435 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-06-18 23:47 - 2014-06-24 21:37 - 00000000 ____D () C:\FRST
2014-06-18 23:46 - 2014-06-23 20:20 - 02082816 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2014-06-18 19:02 - 2014-06-18 19:03 - 00262144 _____ () C:\Windows\Minidump\061814-44179-01.dmp
2014-06-18 12:28 - 2014-06-18 12:28 - 00000476 _____ () C:\Users\Samsung\Downloads\defogger_disable.log
2014-06-18 12:28 - 2014-06-18 12:28 - 00000000 _____ () C:\Users\Samsung\defogger_reenable
2014-06-18 12:26 - 2014-06-18 12:26 - 00050477 _____ () C:\Users\Samsung\Downloads\Defogger.exe
2014-06-18 12:15 - 2014-06-18 12:16 - 00332160 _____ () C:\Windows\Minidump\061814-23992-01.dmp
2014-06-17 13:38 - 2014-06-17 13:38 - 00262144 _____ () C:\Windows\Minidump\061714-20451-01.dmp
2014-06-17 13:32 - 2014-06-17 13:32 - 00262144 _____ () C:\Windows\Minidump\061714-24554-01.dmp
2014-06-16 14:58 - 2014-06-16 15:21 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_F61
2014-06-16 14:47 - 2014-06-16 14:47 - 02602496 _____ () C:\Users\Samsung\Downloads\Thema_7_USA_Innovationssystem.ppt
2014-06-16 14:42 - 2014-06-16 14:42 - 00689152 _____ () C:\Users\Samsung\Downloads\Thema_6_China_als_aufstrebendes_Innovationssystem.ppt
2014-06-16 14:10 - 2014-06-16 14:10 - 00000000 ____D () C:\Users\Samsung\Documents\OneNote-Notizbücher
2014-06-16 11:52 - 2014-06-16 11:52 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13 (1).ppt
2014-06-16 11:45 - 2014-06-16 11:45 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13.ppt
2014-06-16 09:56 - 2014-06-24 21:18 - 00005152 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Samsung-PC-Samsung Samsung-PC
2014-06-15 21:40 - 2014-06-15 21:40 - 00262144 _____ () C:\Windows\Minidump\061514-23743-01.dmp
2014-06-15 17:04 - 2014-06-15 17:04 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_1AC0
2014-06-15 17:03 - 2014-06-15 17:03 - 00072704 _____ () C:\Users\Samsung\Downloads\302011041P1G217.XLS
2014-06-15 17:03 - 2014-06-15 17:03 - 00062464 _____ () C:\Users\Samsung\Downloads\302011041P1G218.XLS
2014-06-15 15:25 - 2014-06-15 15:26 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_2BE7
2014-06-15 14:55 - 2014-06-15 14:55 - 01331200 _____ () C:\Users\Samsung\Downloads\Thema_3_Einflussfaktoren_National.ppt
2014-06-15 14:53 - 2014-06-15 14:53 - 00249856 _____ () C:\Users\Samsung\Downloads\Thema_1_Konstitutive_Elemente.PPT
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (2).ppt
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (1).ppt
2014-06-15 14:43 - 2014-06-15 14:43 - 00283648 _____ () C:\Users\Samsung\Downloads\Thema_4_Einflussfaktoren_Sektoral.ppt
2014-06-15 09:43 - 2014-06-15 09:43 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme.ppt
2014-06-15 09:37 - 2014-06-15 09:37 - 00852480 _____ () C:\Users\Samsung\Downloads\Thema_6_Netzwerk_InnovSys.ppt
2014-06-15 09:23 - 2014-06-15 09:23 - 01349120 _____ () C:\Users\Samsung\Downloads\Thema_5_Lokalbasierte_RIS.ppt
2014-06-15 09:22 - 2014-06-15 14:56 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_376D
2014-06-15 09:21 - 2014-06-15 09:21 - 00448512 _____ () C:\Users\Samsung\Downloads\Thema_2_Grundlagen_RIS.ppt
2014-06-14 15:09 - 2014-06-24 20:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 15:08 - 2014-06-14 15:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-06-14 15:08 - 2014-06-14 15:08 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-14 15:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-14 15:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-14 15:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-14 15:07 - 2014-06-14 15:07 - 00719128 _____ ( ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-06-13 11:17 - 2014-06-13 11:18 - 00262144 _____ () C:\Windows\Minidump\061314-17503-01.dmp
2014-06-12 09:46 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 09:46 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 09:46 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 09:46 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 09:46 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 09:46 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 09:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 09:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 09:46 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 09:46 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 09:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 09:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 09:45 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 09:45 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 09:45 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 09:45 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 09:45 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 09:45 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 09:45 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 09:45 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 09:45 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 09:45 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 09:45 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 09:45 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 09:45 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 09:45 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 09:45 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 09:45 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 09:45 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 09:45 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 09:45 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 09:45 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 09:45 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 09:45 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 09:45 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 09:45 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 09:45 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 09:45 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 09:45 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 09:45 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 09:45 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 09:45 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 09:45 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 09:45 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 09:45 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 09:45 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 09:45 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 09:45 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 09:45 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 09:45 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 09:45 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 09:45 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 09:45 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 09:45 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 09:45 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 09:45 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 09:45 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 09:45 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 09:45 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 09:45 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 09:45 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 09:45 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 09:45 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 09:45 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 17:05 - 2014-06-11 17:05 - 00029170 _____ () C:\Users\Samsung\Desktop\Gesamt.xlsx
2014-06-11 16:51 - 2014-06-11 17:05 - 00029142 _____ () C:\Users\Samsung\Downloads\Gesamt.xlsx
2014-06-11 16:48 - 2014-06-11 16:48 - 00032256 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle2.xls
2014-06-11 16:00 - 2014-06-11 16:00 - 00033792 _____ () C:\Users\Samsung\Desktop\Inspiration,Hemmende_FaktorenSummary GP2014.xls
2014-06-11 15:56 - 2014-06-11 15:56 - 00030720 _____ () C:\Users\Samsung\Desktop\GPExcelSummary.xls
2014-06-11 15:55 - 2014-06-11 15:56 - 00030720 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle.xls
2014-06-11 15:43 - 2014-06-11 15:44 - 02478592 _____ () C:\Users\Samsung\Desktop\GP2014 (2).xls
2014-06-11 14:17 - 2014-06-12 09:35 - 04247552 _____ () C:\Users\Samsung\Downloads\GP2014 (2).mx5
2014-06-11 13:05 - 2014-06-11 14:17 - 00323584 _____ () C:\Users\Samsung\Downloads\GP2014 (1).mx5
2014-06-10 16:20 - 2014-06-11 14:16 - 00991232 _____ () C:\Users\Samsung\Downloads\GP2014.mx5
2014-06-10 12:54 - 2014-06-10 14:17 - 00000000 ____D () C:\Users\Samsung\Documents\MAXQDA11
2014-06-10 12:54 - 2014-06-10 14:17 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00001017 _____ () C:\Users\Samsung\Desktop\MAXQDA 11.lnk
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXQDA 11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Public\Documents\MAXQDA11_Examples
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\ProgramData\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Program Files (x86)\MAXQDA11
2014-06-10 12:52 - 2014-06-10 12:53 - 79687955 _____ () C:\Users\Samsung\Downloads\MAXQDA11_Demo.exe
2014-06-10 00:22 - 2014-06-10 00:22 - 00334176 _____ () C:\Windows\Minidump\061014-15678-01.dmp
2014-06-08 03:37 - 2014-06-08 03:38 - 00262144 _____ () C:\Windows\Minidump\060814-15880-01.dmp
2014-06-06 23:26 - 2014-06-06 23:26 - 00262144 _____ () C:\Windows\Minidump\060614-24304-01.dmp
2014-06-06 09:48 - 2014-06-06 09:48 - 00262144 _____ () C:\Windows\Minidump\060614-26192-01.dmp
2014-06-05 15:27 - 2014-06-05 15:28 - 00262144 _____ () C:\Windows\Minidump\060514-16442-01.dmp
2014-06-04 09:10 - 2014-06-04 09:12 - 00262144 _____ () C:\Windows\Minidump\060414-18735-01.dmp
2014-05-29 17:26 - 2014-05-29 17:26 - 00000000 ____D () C:\adobeTemp
2014-05-29 11:41 - 2014-05-29 11:42 - 02953520 _____ (AVAST Software) C:\Users\Samsung\Downloads\avast-browser-cleanup_9.0.0.224.exe
2014-05-29 11:32 - 2014-05-29 11:32 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290932
2014-05-29 11:30 - 2014-05-29 11:30 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290930
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieUserList
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieSiteList
2014-05-29 11:07 - 2014-05-29 17:28 - 00000000 ____D () C:\Program Files (x86)\fst_de_18
2014-05-29 11:04 - 2014-05-29 11:04 - 00332288 _____ () C:\Users\Samsung\Downloads\Adobe Universal Patcher is Here !!!__2957_il424.exe
2014-05-29 10:59 - 2014-05-29 10:59 - 05910989 _____ () C:\Users\Samsung\Downloads\Adobe_Creative_Cloud_Cleaner_Tool.zip
2014-05-29 10:50 - 2014-05-29 10:51 - 19654946 _____ () C:\Users\Samsung\Downloads\Adobe Illustrator CC Serial Number-Keygen-Crack 32-64 Bit WIN-MAC.rar
2014-05-28 22:27 - 2014-05-28 22:27 - 00000000 _____ () C:\autoexec.bat
2014-05-28 22:25 - 2014-05-28 22:25 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-28 22:24 - 2014-05-29 17:21 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-28 21:56 - 2014-05-28 21:56 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Samsung\Downloads\SpyHunter-Installer.exe
2014-05-28 19:52 - 2014-05-28 19:52 - 00467472 _____ () C:\Users\Samsung\Downloads\Adobe-Illustrator-CC---Serial-Key - BitLord.exe
2014-05-28 18:31 - 2013-06-21 11:29 - 00000000 ____D () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.Multilingual.Incl.Patch-PainteR
2014-05-28 09:18 - 2014-05-28 09:18 - 00336728 _____ () C:\Windows\Minidump\052814-23774-01.dmp
2014-05-28 00:06 - 2014-05-28 21:30 - 39945907 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part12.rar
2014-05-27 22:51 - 2014-05-27 23:33 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part11.rar
2014-05-27 22:08 - 2014-05-27 22:50 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part10.rar
2014-05-27 21:13 - 2014-05-27 22:07 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part08.rar
2014-05-27 20:30 - 2014-05-27 21:12 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part09.rar
2014-05-27 13:01 - 2014-05-28 18:31 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part07.rar
2014-05-27 12:39 - 2014-05-27 13:00 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part06.rar
2014-05-27 12:17 - 2014-05-27 12:38 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part05.rar
2014-05-26 21:21 - 2014-05-27 11:19 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part04.rar
2014-05-26 19:35 - 2014-05-26 21:20 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part03.rar
2014-05-26 18:44 - 2014-05-26 19:34 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part02.rar
2014-05-26 18:06 - 2014-05-26 18:43 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part01.rar
2014-05-26 09:20 - 2013-11-22 16:12 - 00000000 ____D () C:\Users\Samsung\Downloads\Adobe.Illustrator.CS6
2014-05-26 09:19 - 2014-05-26 09:19 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\WinRAR
2014-05-25 18:44 - 2014-05-25 18:44 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\TeamViewer
2014-05-25 18:42 - 2014-05-25 18:43 - 04099392 _____ (TeamViewer) C:\Users\Samsung\Downloads\TeamViewerQJ_de-idm37773159.exe
2014-05-25 17:38 - 2014-05-25 17:56 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part52.rar
2014-05-25 17:20 - 2014-05-25 17:38 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part51.rar
2014-05-25 16:57 - 2014-05-25 17:15 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part50.rar
2014-05-25 16:38 - 2014-05-25 16:55 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part45.rar
2014-05-25 16:19 - 2014-05-25 16:36 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part44.rar
2014-05-25 15:58 - 2014-05-25 16:16 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part42.rar
2014-05-25 15:38 - 2014-05-25 15:56 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part43.rar
2014-05-25 15:20 - 2014-05-25 15:37 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part41.rar
2014-05-25 14:45 - 2014-05-25 15:03 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part40.rar
2014-05-25 14:27 - 2014-05-25 14:44 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part39.rar
2014-05-25 13:46 - 2014-05-25 14:00 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part37.rar
2014-05-25 13:12 - 2014-05-25 13:17 - 34688623 _____ () C:\Users\Samsung\Downloads\ai.part55.rar
2014-05-25 12:57 - 2014-05-25 13:11 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part54.rar
2014-05-25 12:42 - 2014-05-25 12:56 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part53.rar
2014-05-25 12:20 - 2014-05-25 12:34 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part49.rar
2014-05-25 12:05 - 2014-05-25 12:19 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part48.rar
2014-05-25 11:54 - 2014-05-25 12:04 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part47.rar
2014-05-25 11:42 - 2014-05-25 11:53 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part36.rar
2014-05-25 11:30 - 2014-05-25 11:41 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part46.rar
2014-05-25 10:59 - 2014-05-25 11:07 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part35.rar
2014-05-25 10:49 - 2014-05-25 10:58 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part34.rar
2014-05-25 10:40 - 2014-05-25 10:48 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part33.rar
2014-05-25 10:30 - 2014-05-25 10:39 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part32.rar
2014-05-25 10:21 - 2014-05-25 10:29 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part31.rar
2014-05-25 10:11 - 2014-05-25 10:20 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part30.rar
2014-05-25 10:02 - 2014-05-25 10:10 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part29.rar
2014-05-25 09:43 - 2014-05-25 09:51 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part28.rar
2014-05-25 01:33 - 2014-05-25 10:01 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part27.rar
2014-05-25 01:24 - 2014-05-25 01:32 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part26.rar
2014-05-25 01:14 - 2014-05-25 01:23 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part25.rar
2014-05-25 01:05 - 2014-05-25 01:14 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part24.rar
2014-05-25 00:56 - 2014-05-25 01:04 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part23.rar
2014-05-25 00:46 - 2014-05-25 00:54 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part22.rar
2014-05-25 00:36 - 2014-05-25 00:45 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part21.rar
2014-05-25 00:27 - 2014-05-25 00:35 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part20.rar
2014-05-25 00:17 - 2014-05-25 00:26 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part19.rar
2014-05-25 00:08 - 2014-05-25 00:16 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part18.rar
==================== One Month Modified Files and Folders =======
2014-06-24 21:38 - 2014-06-18 23:47 - 00026435 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-06-24 21:37 - 2014-06-18 23:47 - 00000000 ____D () C:\FRST
2014-06-24 21:36 - 2014-06-24 21:36 - 00001148 _____ () C:\Users\Samsung\Desktop\JRT.txt
2014-06-24 21:23 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-24 21:23 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-24 21:22 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-24 21:22 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-24 21:22 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-24 21:19 - 2014-06-24 21:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 21:19 - 2014-06-24 21:18 - 01016261 _____ (Thisisu) C:\Users\Samsung\Downloads\JRT.exe
2014-06-24 21:18 - 2014-06-16 09:56 - 00005152 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Samsung-PC-Samsung Samsung-PC
2014-06-24 21:18 - 2012-12-18 15:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-24 21:17 - 2014-05-15 10:59 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\DropboxMaster
2014-06-24 21:17 - 2013-01-13 01:06 - 00000000 ___RD () C:\Users\Samsung\Dropbox
2014-06-24 21:17 - 2013-01-13 01:00 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Dropbox
2014-06-24 21:16 - 2014-04-18 18:43 - 00016276 _____ () C:\Windows\PFRO.log
2014-06-24 21:16 - 2014-04-16 17:50 - 00008728 _____ () C:\Windows\setupact.log
2014-06-24 21:16 - 2012-12-18 15:05 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-24 21:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 21:15 - 2013-09-10 12:51 - 01293311 _____ () C:\Windows\WindowsUpdate.log
2014-06-24 21:15 - 2013-09-03 19:36 - 00000000 ____D () C:\AdwCleaner
2014-06-24 21:11 - 2012-12-18 15:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-24 21:05 - 2012-12-18 15:05 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-24 20:50 - 2014-06-24 20:49 - 01342659 _____ () C:\Users\Samsung\Downloads\adwcleaner_3.213.exe
2014-06-24 20:49 - 2014-06-24 20:49 - 00001161 _____ () C:\Users\Samsung\Desktop\mbam.txt
2014-06-24 20:29 - 2014-06-14 15:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-24 15:20 - 2014-06-24 15:19 - 00332160 _____ () C:\Windows\Minidump\062414-26800-01.dmp
2014-06-24 15:19 - 2014-04-25 21:40 - 1572759226 _____ () C:\Windows\MEMORY.DMP
2014-06-24 15:19 - 2013-02-26 18:23 - 00000000 ____D () C:\Windows\Minidump
2014-06-24 15:19 - 2012-12-18 16:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-24 14:46 - 2014-06-24 14:46 - 01724416 _____ () C:\Users\Samsung\Downloads\Thema_3_Neue_Wirtschaftsgeographie.ppt
2014-06-24 14:07 - 2014-06-24 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-24 12:55 - 2013-12-16 13:55 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Spotify
2014-06-24 11:41 - 2013-12-16 13:55 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Spotify
2014-06-24 10:27 - 2012-12-23 15:57 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Adobe
2014-06-23 21:15 - 2014-06-23 21:15 - 00034227 _____ () C:\ComboFix.txt
2014-06-23 21:15 - 2014-06-23 20:29 - 00000000 ____D () C:\Qoobox
2014-06-23 21:15 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-23 21:11 - 2014-06-23 20:29 - 00000000 ____D () C:\Windows\erdnt
2014-06-23 21:09 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-23 21:08 - 2009-07-14 04:34 - 20185088 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-06-23 21:08 - 2009-07-14 04:34 - 118751232 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-06-23 21:08 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-06-23 21:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-06-23 21:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-06-23 20:28 - 2014-06-23 20:28 - 05210951 ____R (Swearware) C:\Users\Samsung\Downloads\ComboFix.exe
2014-06-23 20:20 - 2014-06-23 20:20 - 00000000 ____D () C:\Users\Samsung\Downloads\FRST-OlderVersion
2014-06-23 20:20 - 2014-06-18 23:46 - 02082816 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2014-06-23 20:10 - 2014-06-23 20:10 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\VSRevoGroup
2014-06-23 20:04 - 2014-06-23 20:04 - 00001274 _____ () C:\Users\Samsung\Desktop\Revo Uninstaller.lnk
2014-06-23 20:04 - 2014-06-23 20:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-23 20:04 - 2014-06-23 20:03 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Samsung\Downloads\revosetup95.exe
2014-06-23 15:49 - 2013-04-07 16:27 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\vlc
2014-06-23 15:10 - 2014-06-23 15:09 - 00262144 _____ () C:\Windows\Minidump\062314-25927-01.dmp
2014-06-23 15:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-23 13:22 - 2013-05-30 23:52 - 00475136 ___SH () C:\Users\Samsung\Documents\Thumbs.db
2014-06-23 12:34 - 2014-06-23 12:34 - 00024539 _____ () C:\Users\Samsung\Downloads\TrojanerBoard_LogFiles_Anna1234.7z
2014-06-23 12:33 - 2014-06-23 12:33 - 00024539 _____ () C:\Users\Samsung\TrojanerBoard_LogFiles_Anna1234.7z
2014-06-23 12:33 - 2012-12-12 11:06 - 00000000 ____D () C:\Users\Samsung
2014-06-23 12:12 - 2014-06-23 12:12 - 00422210 _____ () C:\Users\Samsung\Downloads\gmerlog.log
2014-06-23 11:53 - 2014-06-23 11:53 - 00262144 _____ () C:\Windows\Minidump\062314-27487-01.dmp
2014-06-23 11:45 - 2014-06-23 11:45 - 00380416 _____ () C:\Users\Samsung\Downloads\Gmer-19357.exe
2014-06-21 15:35 - 2014-06-21 15:34 - 00336728 _____ () C:\Windows\Minidump\062114-29421-01.dmp
2014-06-21 11:00 - 2012-12-18 15:05 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 11:00 - 2012-12-18 15:05 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 02:45 - 2013-06-21 10:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-19 02:18 - 2014-06-19 02:18 - 00262144 _____ () C:\Windows\Minidump\061914-14929-01.dmp
2014-06-18 23:50 - 2014-06-18 23:49 - 00029116 _____ () C:\Users\Samsung\Downloads\Addition.txt
2014-06-18 19:03 - 2014-06-18 19:02 - 00262144 _____ () C:\Windows\Minidump\061814-44179-01.dmp
2014-06-18 12:28 - 2014-06-18 12:28 - 00000476 _____ () C:\Users\Samsung\Downloads\defogger_disable.log
2014-06-18 12:28 - 2014-06-18 12:28 - 00000000 _____ () C:\Users\Samsung\defogger_reenable
2014-06-18 12:26 - 2014-06-18 12:26 - 00050477 _____ () C:\Users\Samsung\Downloads\Defogger.exe
2014-06-18 12:16 - 2014-06-18 12:15 - 00332160 _____ () C:\Windows\Minidump\061814-23992-01.dmp
2014-06-17 13:38 - 2014-06-17 13:38 - 00262144 _____ () C:\Windows\Minidump\061714-20451-01.dmp
2014-06-17 13:32 - 2014-06-17 13:32 - 00262144 _____ () C:\Windows\Minidump\061714-24554-01.dmp
2014-06-16 15:21 - 2014-06-16 14:58 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_F61
2014-06-16 14:47 - 2014-06-16 14:47 - 02602496 _____ () C:\Users\Samsung\Downloads\Thema_7_USA_Innovationssystem.ppt
2014-06-16 14:42 - 2014-06-16 14:42 - 00689152 _____ () C:\Users\Samsung\Downloads\Thema_6_China_als_aufstrebendes_Innovationssystem.ppt
2014-06-16 14:10 - 2014-06-16 14:10 - 00000000 ____D () C:\Users\Samsung\Documents\OneNote-Notizbücher
2014-06-16 11:52 - 2014-06-16 11:52 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13 (1).ppt
2014-06-16 11:45 - 2014-06-16 11:45 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13.ppt
2014-06-15 21:40 - 2014-06-15 21:40 - 00262144 _____ () C:\Windows\Minidump\061514-23743-01.dmp
2014-06-15 17:04 - 2014-06-15 17:04 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_1AC0
2014-06-15 17:03 - 2014-06-15 17:03 - 00072704 _____ () C:\Users\Samsung\Downloads\302011041P1G217.XLS
2014-06-15 17:03 - 2014-06-15 17:03 - 00062464 _____ () C:\Users\Samsung\Downloads\302011041P1G218.XLS
2014-06-15 15:26 - 2014-06-15 15:25 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_2BE7
2014-06-15 14:56 - 2014-06-15 09:22 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_376D
2014-06-15 14:55 - 2014-06-15 14:55 - 01331200 _____ () C:\Users\Samsung\Downloads\Thema_3_Einflussfaktoren_National.ppt
2014-06-15 14:53 - 2014-06-15 14:53 - 00249856 _____ () C:\Users\Samsung\Downloads\Thema_1_Konstitutive_Elemente.PPT
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (2).ppt
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (1).ppt
2014-06-15 14:43 - 2014-06-15 14:43 - 00283648 _____ () C:\Users\Samsung\Downloads\Thema_4_Einflussfaktoren_Sektoral.ppt
2014-06-15 09:43 - 2014-06-15 09:43 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme.ppt
2014-06-15 09:37 - 2014-06-15 09:37 - 00852480 _____ () C:\Users\Samsung\Downloads\Thema_6_Netzwerk_InnovSys.ppt
2014-06-15 09:23 - 2014-06-15 09:23 - 01349120 _____ () C:\Users\Samsung\Downloads\Thema_5_Lokalbasierte_RIS.ppt
2014-06-15 09:21 - 2014-06-15 09:21 - 00448512 _____ () C:\Users\Samsung\Downloads\Thema_2_Grundlagen_RIS.ppt
2014-06-15 07:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2014-06-15 03:09 - 2013-07-17 23:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-15 03:04 - 2013-01-10 23:29 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-14 15:08 - 2014-06-14 15:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-06-14 15:08 - 2014-06-14 15:08 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-14 15:07 - 2014-06-14 15:07 - 00719128 _____ ( ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-06-13 11:18 - 2014-06-13 11:17 - 00262144 _____ () C:\Windows\Minidump\061314-17503-01.dmp
2014-06-12 09:35 - 2014-06-11 14:17 - 04247552 _____ () C:\Users\Samsung\Downloads\GP2014 (2).mx5
2014-06-11 17:05 - 2014-06-11 17:05 - 00029170 _____ () C:\Users\Samsung\Desktop\Gesamt.xlsx
2014-06-11 17:05 - 2014-06-11 16:51 - 00029142 _____ () C:\Users\Samsung\Downloads\Gesamt.xlsx
2014-06-11 16:48 - 2014-06-11 16:48 - 00032256 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle2.xls
2014-06-11 16:00 - 2014-06-11 16:00 - 00033792 _____ () C:\Users\Samsung\Desktop\Inspiration,Hemmende_FaktorenSummary GP2014.xls
2014-06-11 15:56 - 2014-06-11 15:56 - 00030720 _____ () C:\Users\Samsung\Desktop\GPExcelSummary.xls
2014-06-11 15:56 - 2014-06-11 15:55 - 00030720 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle.xls
2014-06-11 15:44 - 2014-06-11 15:43 - 02478592 _____ () C:\Users\Samsung\Desktop\GP2014 (2).xls
2014-06-11 14:17 - 2014-06-11 13:05 - 00323584 _____ () C:\Users\Samsung\Downloads\GP2014 (1).mx5
2014-06-11 14:16 - 2014-06-10 16:20 - 00991232 _____ () C:\Users\Samsung\Downloads\GP2014.mx5
2014-06-10 14:17 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\Documents\MAXQDA11
2014-06-10 14:17 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00001017 _____ () C:\Users\Samsung\Desktop\MAXQDA 11.lnk
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXQDA 11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Public\Documents\MAXQDA11_Examples
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\ProgramData\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Program Files (x86)\MAXQDA11
2014-06-10 12:53 - 2014-06-10 12:52 - 79687955 _____ () C:\Users\Samsung\Downloads\MAXQDA11_Demo.exe
2014-06-10 00:22 - 2014-06-10 00:22 - 00334176 _____ () C:\Windows\Minidump\061014-15678-01.dmp
2014-06-08 03:38 - 2014-06-08 03:37 - 00262144 _____ () C:\Windows\Minidump\060814-15880-01.dmp
2014-06-06 23:26 - 2014-06-06 23:26 - 00262144 _____ () C:\Windows\Minidump\060614-24304-01.dmp
2014-06-06 09:48 - 2014-06-06 09:48 - 00262144 _____ () C:\Windows\Minidump\060614-26192-01.dmp
2014-06-05 15:28 - 2014-06-05 15:27 - 00262144 _____ () C:\Windows\Minidump\060514-16442-01.dmp
2014-06-05 13:03 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-04 09:12 - 2014-06-04 09:10 - 00262144 _____ () C:\Windows\Minidump\060414-18735-01.dmp
2014-06-01 09:32 - 2009-07-14 06:45 - 05185952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-30 12:21 - 2014-06-12 09:45 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 09:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 09:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 09:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 09:45 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 09:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 09:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 09:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 09:45 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 09:45 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 09:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-12 09:45 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-12 09:45 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 09:45 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 09:45 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 09:45 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 09:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 09:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 09:45 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 09:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 09:45 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 09:45 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 09:45 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 09:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 09:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 09:45 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 09:45 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 09:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 09:45 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 09:45 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 09:45 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 09:45 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 09:45 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 09:45 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 09:45 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 09:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 09:45 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 09:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 09:45 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 09:45 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 09:45 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 09:45 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 09:45 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 09:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 09:45 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 09:45 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 09:45 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 09:45 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 09:45 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 09:45 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 09:45 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 17:50 - 2012-12-18 15:05 - 00146400 _____ () C:\Users\Samsung\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-29 17:34 - 2014-04-21 00:46 - 00001653 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC.lnk
2014-05-29 17:31 - 2014-04-21 00:44 - 00001517 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC (64 Bit).lnk
2014-05-29 17:28 - 2014-05-29 11:07 - 00000000 ____D () C:\Program Files (x86)\fst_de_18
2014-05-29 17:26 - 2014-05-29 17:26 - 00000000 ____D () C:\adobeTemp
2014-05-29 17:25 - 2012-12-18 15:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-29 17:21 - 2014-05-28 22:24 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-29 11:43 - 2012-12-18 15:06 - 00002253 _____ () C:\Users\Samsung\Desktop\Google Chrome.lnk
2014-05-29 11:42 - 2014-05-29 11:41 - 02953520 _____ (AVAST Software) C:\Users\Samsung\Downloads\avast-browser-cleanup_9.0.0.224.exe
2014-05-29 11:42 - 2013-12-21 12:16 - 00001145 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-29 11:42 - 2013-12-21 12:16 - 00001145 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-29 11:37 - 2013-01-08 21:17 - 00001339 _____ () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-29 11:32 - 2014-05-29 11:32 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290932
2014-05-29 11:30 - 2014-05-29 11:30 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290930
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieUserList
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieSiteList
2014-05-29 11:04 - 2014-05-29 11:04 - 00332288 _____ () C:\Users\Samsung\Downloads\Adobe Universal Patcher is Here !!!__2957_il424.exe
2014-05-29 10:59 - 2014-05-29 10:59 - 05910989 _____ () C:\Users\Samsung\Downloads\Adobe_Creative_Cloud_Cleaner_Tool.zip
2014-05-29 10:51 - 2014-05-29 10:50 - 19654946 _____ () C:\Users\Samsung\Downloads\Adobe Illustrator CC Serial Number-Keygen-Crack 32-64 Bit WIN-MAC.rar
2014-05-28 22:27 - 2014-05-28 22:27 - 00000000 _____ () C:\autoexec.bat
2014-05-28 22:25 - 2014-05-28 22:25 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-28 21:56 - 2014-05-28 21:56 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Samsung\Downloads\SpyHunter-Installer.exe
2014-05-28 21:30 - 2014-05-28 00:06 - 39945907 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part12.rar
2014-05-28 19:52 - 2014-05-28 19:52 - 00467472 _____ () C:\Users\Samsung\Downloads\Adobe-Illustrator-CC---Serial-Key - BitLord.exe
2014-05-28 18:31 - 2014-05-27 13:01 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part07.rar
2014-05-28 09:18 - 2014-05-28 09:18 - 00336728 _____ () C:\Windows\Minidump\052814-23774-01.dmp
2014-05-27 23:33 - 2014-05-27 22:51 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part11.rar
2014-05-27 22:50 - 2014-05-27 22:08 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part10.rar
2014-05-27 22:07 - 2014-05-27 21:13 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part08.rar
2014-05-27 21:12 - 2014-05-27 20:30 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part09.rar
2014-05-27 13:00 - 2014-05-27 12:39 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part06.rar
2014-05-27 12:38 - 2014-05-27 12:17 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part05.rar
2014-05-27 11:19 - 2014-05-26 21:21 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part04.rar
2014-05-26 21:20 - 2014-05-26 19:35 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part03.rar
2014-05-26 19:34 - 2014-05-26 18:44 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part02.rar
2014-05-26 18:43 - 2014-05-26 18:06 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part01.rar
2014-05-26 09:19 - 2014-05-26 09:19 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\WinRAR
2014-05-25 18:44 - 2014-05-25 18:44 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\TeamViewer
2014-05-25 18:43 - 2014-05-25 18:42 - 04099392 _____ (TeamViewer) C:\Users\Samsung\Downloads\TeamViewerQJ_de-idm37773159.exe
2014-05-25 17:56 - 2014-05-25 17:38 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part52.rar
2014-05-25 17:38 - 2014-05-25 17:20 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part51.rar
2014-05-25 17:15 - 2014-05-25 16:57 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part50.rar
2014-05-25 16:55 - 2014-05-25 16:38 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part45.rar
2014-05-25 16:36 - 2014-05-25 16:19 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part44.rar
2014-05-25 16:16 - 2014-05-25 15:58 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part42.rar
2014-05-25 15:56 - 2014-05-25 15:38 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part43.rar
2014-05-25 15:37 - 2014-05-25 15:20 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part41.rar
2014-05-25 15:03 - 2014-05-25 14:45 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part40.rar
2014-05-25 14:44 - 2014-05-25 14:27 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part39.rar
2014-05-25 14:00 - 2014-05-25 13:46 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part37.rar
2014-05-25 13:17 - 2014-05-25 13:12 - 34688623 _____ () C:\Users\Samsung\Downloads\ai.part55.rar
2014-05-25 13:11 - 2014-05-25 12:57 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part54.rar
2014-05-25 12:56 - 2014-05-25 12:42 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part53.rar
2014-05-25 12:34 - 2014-05-25 12:20 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part49.rar
2014-05-25 12:19 - 2014-05-25 12:05 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part48.rar
2014-05-25 12:04 - 2014-05-25 11:54 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part47.rar
2014-05-25 11:53 - 2014-05-25 11:42 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part36.rar
2014-05-25 11:41 - 2014-05-25 11:30 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part46.rar
2014-05-25 11:07 - 2014-05-25 10:59 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part35.rar
2014-05-25 10:58 - 2014-05-25 10:49 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part34.rar
2014-05-25 10:48 - 2014-05-25 10:40 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part33.rar
2014-05-25 10:39 - 2014-05-25 10:30 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part32.rar
2014-05-25 10:29 - 2014-05-25 10:21 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part31.rar
2014-05-25 10:20 - 2014-05-25 10:11 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part30.rar
2014-05-25 10:10 - 2014-05-25 10:02 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part29.rar
2014-05-25 10:01 - 2014-05-25 01:33 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part27.rar
2014-05-25 09:51 - 2014-05-25 09:43 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part28.rar
2014-05-25 01:32 - 2014-05-25 01:24 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part26.rar
2014-05-25 01:23 - 2014-05-25 01:14 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part25.rar
2014-05-25 01:14 - 2014-05-25 01:05 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part24.rar
2014-05-25 01:04 - 2014-05-25 00:56 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part23.rar
2014-05-25 00:54 - 2014-05-25 00:46 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part22.rar
2014-05-25 00:45 - 2014-05-25 00:36 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part21.rar
2014-05-25 00:35 - 2014-05-25 00:27 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part20.rar
2014-05-25 00:26 - 2014-05-25 00:17 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part19.rar
2014-05-25 00:16 - 2014-05-25 00:08 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part18.rar
2014-05-25 00:07 - 2014-05-24 23:53 - 105906176 _____ () C:\Users\Samsung\Downloads\ai.part17.rar
Some content of TEMP:
====================
C:\Users\Samsung\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmp0pwu2w.dll
C:\Users\Samsung\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-05-23 14:08
==================== End Of Log ============================
|
|
25.06.2014, 18:16
| #12 |
| /// the machine /// TB-Ausbilder | Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen)ESET Online Scanner
Downloade Dir bitte  SecurityCheck und:
und ein frisches FRST log bitte. Noch Probleme? 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
26.06.2014, 14:10
| #13 |
| | Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen)Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7587
# api_version=3.0.2
# EOSSerial=46240cd1fdabde44a855cdc40975226a
# engine=18879
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2014-06-25 10:35:28
# local_time=2014-06-26 12:35:28 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=774 16777213 100 91 137192 180445600 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 98380 155365578 0 0
# scanned=228626
# found=21
# cleaned=0
# scan_time=17361
sh=E12820C3C449E8DF12132666647822B9FE266BA3 ft=1 fh=661cdf041cef5cb3 vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\Installer.dll.vir"
sh=E99D65BD24FAF328D7314F02B98EE8C3BD793B77 ft=1 fh=8661b13c20727ec0 vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\InstallerLibrary.dll.vir"
sh=B11B91F706EA1AFD3D4D625201192EAB850FD3CE ft=1 fh=04b2478a5da86198 vn="MSIL/Adware.Proxomoto.B Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\InstallFirefoxExtension.dll.vir"
sh=5BD97BEAE0E1E79B233B821DA6813A831B5075FB ft=1 fh=5310de0062903084 vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\NewVersionUploader.exe.vir"
sh=49DEEED4E6B0E6134D47A582E209511FCBFD2B72 ft=1 fh=14e2fb72d7f3d82c vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\WindowsUpdater.exe.vir"
sh=E99D65BD24FAF328D7314F02B98EE8C3BD793B77 ft=1 fh=8661b13c20727ec0 vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\backup\InstallerLibrary.dll.vir"
sh=2D6B1EC0EFA47C992C32AD9CECFB0EC4543ACA0A ft=1 fh=7076499debea4e9c vn="Variante von Win32/DealPly.F evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir"
sh=F70D4B55FEEF7C4ED7F913741829E047503FA820 ft=1 fh=a8486277f1be4bec vn="Variante von Win32/ELEX.S evtl. unerwünschte Anwendung" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Roaming\eIntaller\6BABA90B2BD14fdcB5A536F478F78AE4\eGdpSvc.exe.vir"
sh=E12820C3C449E8DF12132666647822B9FE266BA3 ft=1 fh=661cdf041cef5cb3 vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Microsoft\SystemUpdatekb70007\Installer.dll.vir"
sh=E99D65BD24FAF328D7314F02B98EE8C3BD793B77 ft=1 fh=8661b13c20727ec0 vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll.vir"
sh=49DEEED4E6B0E6134D47A582E209511FCBFD2B72 ft=1 fh=14e2fb72d7f3d82c vn="MSIL/Adware.Proxomoto.A Anwendung" ac=I fn="C:\Qoobox\Quarantine\C\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe.vir"
sh=A836A8346F791EC8A83B51BC78E84B2F6659E6DA ft=1 fh=0a2e45c370149901 vn="Win32/Wajam.F evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Samsung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\653OPV4A\wajam_validate[1].exe"
sh=AE6FD552C3FB0251CC430B56353305A37BF9EC6F ft=1 fh=455c65d5215653a3 vn="Win32/InstallCore.PE evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Samsung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0YOBK83\JDownloaderSetup_CH[1].exe"
sh=1097C243B6CA04C4EF81B5242CCCB8112844D77D ft=1 fh=2bce3bf09a57bc5a vn="Win32/SpeedUpMyPC evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Samsung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z0YT2KCI\SpeedUpMyPC-standalone-setup[1].exe"
sh=BA3BEFCE1C9D2CB478BDA6F87B3326881D98911B ft=1 fh=c71c00117f9c383b vn="Variante von Win32/Amonetize.AS evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Samsung\Downloads\Adobe Universal Patcher is Here !!!__2957_il424.exe"
sh=62865DCBA2C7B5E57A722E737DE1630E6AFBA46B ft=1 fh=4a0fc277f4149d87 vn="Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Samsung\Downloads\Adobe-Illustrator-CC---Serial-Key - BitLord.exe"
sh=64947EF0329325B7E8BB0652A39EA5952978E228 ft=1 fh=c71c0011674c3cee vn="Variante von Win32/InstallCore.OY evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe"
sh=D0357617961BF3D526BEFAAB0048CBB983EA4DF9 ft=1 fh=c604c933e8b9509f vn="Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung" ac=I fn="C:\Users\Samsung\Downloads\PDFCreator-1_7_0_setup.exe"
sh=ECE633D288A0E81CCB096BB7C019142FAAF45B80 ft=0 fh=0000000000000000 vn="MSIL/Adware.Proxomoto.D Anwendung" ac=I fn="C:\Windows\Installer\db609.msi"
sh=1D2BE53DF500BF444E02CBEE7552EB59E4AF4DA4 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\upgrade[1].cab"
sh=1D2BE53DF500BF444E02CBEE7552EB59E4AF4DA4 ft=0 fh=0000000000000000 vn="Mehrere Bedrohungen" ac=I fn="C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\upgrade[1].cab"
Code:
ATTFilter Results of screen317's Security Check version 0.99.83
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 45
Java version out of Date!
Adobe Reader XI
Mozilla Firefox (26.0)
Mozilla Thunderbird (24.6.0)
Google Chrome 35.0.1916.114
Google Chrome 35.0.1916.153
````````Process Check: objlist.exe by Laurent````````
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
FRST Logfile: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Samsung (administrator) on SAMSUNG-PC on 26-06-2014 00:42:48
Running from C:\Users\Samsung\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Samsung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Games\Mahjong\Mahjong.exe
() C:\Users\Samsung\Desktop\SecurityCheck.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3279623851-2464560472-1099086217-1000\...\Run: [Spotify Web Helper] => C:\Users\Samsung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-23] (Spotify Ltd)
Startup: C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF63FEF6214DDCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{459A5E2F-6ED2-41B3-84B9-49B700994514}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t6nayio3.default
FF NetworkProxy: " type", 1);user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t6nayio3.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-18]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-02]
Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://google.de/"
CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-29]
CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-29]
CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-29]
CHR Extension: (Google-Suche) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-29]
CHR Extension: (AdBlock) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-29]
CHR Extension: (avast! WebRep) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-12-22]
CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-16]
CHR Extension: (Google Mail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-29]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-12-18]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-31] (AVAST Software)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-26 00:39 - 2014-06-26 00:40 - 00854367 _____ () C:\Users\Samsung\Desktop\SecurityCheck.exe
2014-06-26 00:36 - 2014-06-26 00:36 - 00002920 _____ () C:\Users\Samsung\Desktop\eset.txt
2014-06-25 19:38 - 2014-06-25 19:38 - 02347384 _____ (ESET) C:\Users\Samsung\Desktop\esetsmartinstaller_deu.exe
2014-06-25 14:53 - 2014-06-25 14:53 - 00008290 _____ () C:\Users\Samsung\Desktop\Essen.xlsx
2014-06-24 22:25 - 2014-06-24 22:25 - 00262144 _____ () C:\Windows\Minidump\062414-24445-01.dmp
2014-06-24 22:11 - 2014-06-24 22:12 - 00336728 _____ () C:\Windows\Minidump\062414-24897-01.dmp
2014-06-24 21:36 - 2014-06-24 21:36 - 00001148 _____ () C:\Users\Samsung\Desktop\JRT.txt
2014-06-24 21:19 - 2014-06-24 21:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 21:18 - 2014-06-24 21:19 - 01016261 _____ (Thisisu) C:\Users\Samsung\Downloads\JRT.exe
2014-06-24 20:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-24 20:49 - 2014-06-24 20:50 - 01342659 _____ () C:\Users\Samsung\Downloads\adwcleaner_3.213.exe
2014-06-24 20:49 - 2014-06-24 20:49 - 00001161 _____ () C:\Users\Samsung\Desktop\mbam.txt
2014-06-24 15:19 - 2014-06-24 15:20 - 00332160 _____ () C:\Windows\Minidump\062414-26800-01.dmp
2014-06-24 14:46 - 2014-06-24 14:46 - 01724416 _____ () C:\Users\Samsung\Downloads\Thema_3_Neue_Wirtschaftsgeographie.ppt
2014-06-24 10:19 - 2014-06-24 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-23 21:15 - 2014-06-23 21:15 - 00034227 _____ () C:\ComboFix.txt
2014-06-23 20:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-23 20:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-23 20:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-23 20:29 - 2014-06-23 21:15 - 00000000 ____D () C:\Qoobox
2014-06-23 20:29 - 2014-06-23 21:11 - 00000000 ____D () C:\Windows\erdnt
2014-06-23 20:28 - 2014-06-23 20:28 - 05210951 ____R (Swearware) C:\Users\Samsung\Downloads\ComboFix.exe
2014-06-23 20:20 - 2014-06-23 20:20 - 00000000 ____D () C:\Users\Samsung\Downloads\FRST-OlderVersion
2014-06-23 20:10 - 2014-06-23 20:10 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\VSRevoGroup
2014-06-23 20:04 - 2014-06-23 20:04 - 00001274 _____ () C:\Users\Samsung\Desktop\Revo Uninstaller.lnk
2014-06-23 20:04 - 2014-06-23 20:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-23 20:03 - 2014-06-23 20:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Samsung\Downloads\revosetup95.exe
2014-06-23 15:09 - 2014-06-23 15:10 - 00262144 _____ () C:\Windows\Minidump\062314-25927-01.dmp
2014-06-23 12:34 - 2014-06-23 12:34 - 00024539 _____ () C:\Users\Samsung\Downloads\TrojanerBoard_LogFiles_Anna1234.7z
2014-06-23 12:33 - 2014-06-23 12:33 - 00024539 _____ () C:\Users\Samsung\TrojanerBoard_LogFiles_Anna1234.7z
2014-06-23 12:12 - 2014-06-23 12:12 - 00422210 _____ () C:\Users\Samsung\Downloads\gmerlog.log
2014-06-23 11:53 - 2014-06-23 11:53 - 00262144 _____ () C:\Windows\Minidump\062314-27487-01.dmp
2014-06-23 11:45 - 2014-06-23 11:45 - 00380416 _____ () C:\Users\Samsung\Downloads\Gmer-19357.exe
2014-06-21 15:34 - 2014-06-21 15:35 - 00336728 _____ () C:\Windows\Minidump\062114-29421-01.dmp
2014-06-19 02:18 - 2014-06-19 02:18 - 00262144 _____ () C:\Windows\Minidump\061914-14929-01.dmp
2014-06-18 23:49 - 2014-06-18 23:50 - 00029116 _____ () C:\Users\Samsung\Downloads\Addition.txt
2014-06-18 23:47 - 2014-06-26 00:42 - 00027383 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-06-18 23:47 - 2014-06-26 00:42 - 00000000 ____D () C:\FRST
2014-06-18 23:46 - 2014-06-23 20:20 - 02082816 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2014-06-18 19:02 - 2014-06-18 19:03 - 00262144 _____ () C:\Windows\Minidump\061814-44179-01.dmp
2014-06-18 12:28 - 2014-06-18 12:28 - 00000476 _____ () C:\Users\Samsung\Downloads\defogger_disable.log
2014-06-18 12:28 - 2014-06-18 12:28 - 00000000 _____ () C:\Users\Samsung\defogger_reenable
2014-06-18 12:26 - 2014-06-18 12:26 - 00050477 _____ () C:\Users\Samsung\Downloads\Defogger.exe
2014-06-18 12:15 - 2014-06-18 12:16 - 00332160 _____ () C:\Windows\Minidump\061814-23992-01.dmp
2014-06-17 13:38 - 2014-06-17 13:38 - 00262144 _____ () C:\Windows\Minidump\061714-20451-01.dmp
2014-06-17 13:32 - 2014-06-17 13:32 - 00262144 _____ () C:\Windows\Minidump\061714-24554-01.dmp
2014-06-16 14:58 - 2014-06-16 15:21 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_F61
2014-06-16 14:47 - 2014-06-16 14:47 - 02602496 _____ () C:\Users\Samsung\Downloads\Thema_7_USA_Innovationssystem.ppt
2014-06-16 14:42 - 2014-06-16 14:42 - 00689152 _____ () C:\Users\Samsung\Downloads\Thema_6_China_als_aufstrebendes_Innovationssystem.ppt
2014-06-16 14:10 - 2014-06-16 14:10 - 00000000 ____D () C:\Users\Samsung\Documents\OneNote-Notizbücher
2014-06-16 11:52 - 2014-06-16 11:52 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13 (1).ppt
2014-06-16 11:45 - 2014-06-16 11:45 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13.ppt
2014-06-16 09:56 - 2014-06-24 21:18 - 00005152 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Samsung-PC-Samsung Samsung-PC
2014-06-15 21:40 - 2014-06-15 21:40 - 00262144 _____ () C:\Windows\Minidump\061514-23743-01.dmp
2014-06-15 17:04 - 2014-06-15 17:04 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_1AC0
2014-06-15 17:03 - 2014-06-15 17:03 - 00072704 _____ () C:\Users\Samsung\Downloads\302011041P1G217.XLS
2014-06-15 17:03 - 2014-06-15 17:03 - 00062464 _____ () C:\Users\Samsung\Downloads\302011041P1G218.XLS
2014-06-15 15:25 - 2014-06-15 15:26 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_2BE7
2014-06-15 14:55 - 2014-06-15 14:55 - 01331200 _____ () C:\Users\Samsung\Downloads\Thema_3_Einflussfaktoren_National.ppt
2014-06-15 14:53 - 2014-06-15 14:53 - 00249856 _____ () C:\Users\Samsung\Downloads\Thema_1_Konstitutive_Elemente.PPT
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (2).ppt
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (1).ppt
2014-06-15 14:43 - 2014-06-15 14:43 - 00283648 _____ () C:\Users\Samsung\Downloads\Thema_4_Einflussfaktoren_Sektoral.ppt
2014-06-15 09:43 - 2014-06-15 09:43 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme.ppt
2014-06-15 09:37 - 2014-06-15 09:37 - 00852480 _____ () C:\Users\Samsung\Downloads\Thema_6_Netzwerk_InnovSys.ppt
2014-06-15 09:23 - 2014-06-15 09:23 - 01349120 _____ () C:\Users\Samsung\Downloads\Thema_5_Lokalbasierte_RIS.ppt
2014-06-15 09:22 - 2014-06-15 14:56 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_376D
2014-06-15 09:21 - 2014-06-15 09:21 - 00448512 _____ () C:\Users\Samsung\Downloads\Thema_2_Grundlagen_RIS.ppt
2014-06-14 15:09 - 2014-06-24 20:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 15:08 - 2014-06-14 15:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-06-14 15:08 - 2014-06-14 15:08 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-14 15:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-14 15:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-14 15:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-14 15:07 - 2014-06-14 15:07 - 00719128 _____ ( ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-06-13 11:17 - 2014-06-13 11:18 - 00262144 _____ () C:\Windows\Minidump\061314-17503-01.dmp
2014-06-12 09:46 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 09:46 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 09:46 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 09:46 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 09:46 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 09:46 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 09:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 09:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 09:46 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 09:46 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 09:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 09:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 09:45 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 09:45 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 09:45 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 09:45 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 09:45 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 09:45 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 09:45 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 09:45 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 09:45 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 09:45 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 09:45 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 09:45 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 09:45 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 09:45 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 09:45 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 09:45 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 09:45 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 09:45 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 09:45 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 09:45 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 09:45 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 09:45 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 09:45 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 09:45 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 09:45 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 09:45 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 09:45 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 09:45 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 09:45 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 09:45 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 09:45 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 09:45 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 09:45 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 09:45 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 09:45 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 09:45 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 09:45 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 09:45 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 09:45 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 09:45 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 09:45 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 09:45 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 09:45 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 09:45 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 09:45 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 09:45 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 09:45 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 09:45 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 09:45 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 09:45 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 09:45 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 09:45 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 17:05 - 2014-06-11 17:05 - 00029170 _____ () C:\Users\Samsung\Desktop\Gesamt.xlsx
2014-06-11 16:51 - 2014-06-11 17:05 - 00029142 _____ () C:\Users\Samsung\Downloads\Gesamt.xlsx
2014-06-11 16:48 - 2014-06-11 16:48 - 00032256 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle2.xls
2014-06-11 16:00 - 2014-06-11 16:00 - 00033792 _____ () C:\Users\Samsung\Desktop\Inspiration,Hemmende_FaktorenSummary GP2014.xls
2014-06-11 15:56 - 2014-06-11 15:56 - 00030720 _____ () C:\Users\Samsung\Desktop\GPExcelSummary.xls
2014-06-11 15:55 - 2014-06-11 15:56 - 00030720 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle.xls
2014-06-11 15:43 - 2014-06-11 15:44 - 02478592 _____ () C:\Users\Samsung\Desktop\GP2014 (2).xls
2014-06-11 14:17 - 2014-06-12 09:35 - 04247552 _____ () C:\Users\Samsung\Downloads\GP2014 (2).mx5
2014-06-11 13:05 - 2014-06-11 14:17 - 00323584 _____ () C:\Users\Samsung\Downloads\GP2014 (1).mx5
2014-06-10 16:20 - 2014-06-11 14:16 - 00991232 _____ () C:\Users\Samsung\Downloads\GP2014.mx5
2014-06-10 12:54 - 2014-06-10 14:17 - 00000000 ____D () C:\Users\Samsung\Documents\MAXQDA11
2014-06-10 12:54 - 2014-06-10 14:17 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00001017 _____ () C:\Users\Samsung\Desktop\MAXQDA 11.lnk
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXQDA 11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Public\Documents\MAXQDA11_Examples
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\ProgramData\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Program Files (x86)\MAXQDA11
2014-06-10 12:52 - 2014-06-10 12:53 - 79687955 _____ () C:\Users\Samsung\Downloads\MAXQDA11_Demo.exe
2014-06-10 00:22 - 2014-06-10 00:22 - 00334176 _____ () C:\Windows\Minidump\061014-15678-01.dmp
2014-06-08 03:37 - 2014-06-08 03:38 - 00262144 _____ () C:\Windows\Minidump\060814-15880-01.dmp
2014-06-06 23:26 - 2014-06-06 23:26 - 00262144 _____ () C:\Windows\Minidump\060614-24304-01.dmp
2014-06-06 09:48 - 2014-06-06 09:48 - 00262144 _____ () C:\Windows\Minidump\060614-26192-01.dmp
2014-06-05 15:27 - 2014-06-05 15:28 - 00262144 _____ () C:\Windows\Minidump\060514-16442-01.dmp
2014-06-04 09:10 - 2014-06-04 09:12 - 00262144 _____ () C:\Windows\Minidump\060414-18735-01.dmp
2014-05-29 17:26 - 2014-05-29 17:26 - 00000000 ____D () C:\adobeTemp
2014-05-29 11:41 - 2014-05-29 11:42 - 02953520 _____ (AVAST Software) C:\Users\Samsung\Downloads\avast-browser-cleanup_9.0.0.224.exe
2014-05-29 11:32 - 2014-05-29 11:32 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290932
2014-05-29 11:30 - 2014-05-29 11:30 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290930
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieUserList
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieSiteList
2014-05-29 11:07 - 2014-05-29 17:28 - 00000000 ____D () C:\Program Files (x86)\fst_de_18
2014-05-29 11:04 - 2014-05-29 11:04 - 00332288 _____ () C:\Users\Samsung\Downloads\Adobe Universal Patcher is Here !!!__2957_il424.exe
2014-05-29 10:59 - 2014-05-29 10:59 - 05910989 _____ () C:\Users\Samsung\Downloads\Adobe_Creative_Cloud_Cleaner_Tool.zip
2014-05-29 10:50 - 2014-05-29 10:51 - 19654946 _____ () C:\Users\Samsung\Downloads\Adobe Illustrator CC Serial Number-Keygen-Crack 32-64 Bit WIN-MAC.rar
2014-05-28 22:27 - 2014-05-28 22:27 - 00000000 _____ () C:\autoexec.bat
2014-05-28 22:25 - 2014-05-28 22:25 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-28 22:24 - 2014-05-29 17:21 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-28 21:56 - 2014-05-28 21:56 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Samsung\Downloads\SpyHunter-Installer.exe
2014-05-28 19:52 - 2014-05-28 19:52 - 00467472 _____ () C:\Users\Samsung\Downloads\Adobe-Illustrator-CC---Serial-Key - BitLord.exe
2014-05-28 18:31 - 2013-06-21 11:29 - 00000000 ____D () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.Multilingual.Incl.Patch-PainteR
2014-05-28 09:18 - 2014-05-28 09:18 - 00336728 _____ () C:\Windows\Minidump\052814-23774-01.dmp
2014-05-28 00:06 - 2014-05-28 21:30 - 39945907 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part12.rar
2014-05-27 22:51 - 2014-05-27 23:33 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part11.rar
2014-05-27 22:08 - 2014-05-27 22:50 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part10.rar
2014-05-27 21:13 - 2014-05-27 22:07 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part08.rar
2014-05-27 20:30 - 2014-05-27 21:12 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part09.rar
2014-05-27 13:01 - 2014-05-28 18:31 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part07.rar
2014-05-27 12:39 - 2014-05-27 13:00 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part06.rar
2014-05-27 12:17 - 2014-05-27 12:38 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part05.rar
==================== One Month Modified Files and Folders =======
2014-06-26 00:43 - 2014-06-18 23:47 - 00027383 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-06-26 00:42 - 2014-06-18 23:47 - 00000000 ____D () C:\FRST
2014-06-26 00:40 - 2014-06-26 00:39 - 00854367 _____ () C:\Users\Samsung\Desktop\SecurityCheck.exe
2014-06-26 00:36 - 2014-06-26 00:36 - 00002920 _____ () C:\Users\Samsung\Desktop\eset.txt
2014-06-26 00:13 - 2013-09-10 12:51 - 01327218 _____ () C:\Windows\WindowsUpdate.log
2014-06-26 00:11 - 2012-12-18 15:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-26 00:06 - 2012-12-18 15:05 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-25 20:07 - 2013-04-07 16:27 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\vlc
2014-06-25 19:47 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-25 19:47 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-25 19:47 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-25 19:38 - 2014-06-25 19:38 - 02347384 _____ (ESET) C:\Users\Samsung\Desktop\esetsmartinstaller_deu.exe
2014-06-25 18:21 - 2014-05-15 10:59 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\DropboxMaster
2014-06-25 18:21 - 2013-01-13 01:06 - 00000000 ___RD () C:\Users\Samsung\Dropbox
2014-06-25 18:21 - 2013-01-13 01:00 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Dropbox
2014-06-25 18:15 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-25 18:15 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-25 14:53 - 2014-06-25 14:53 - 00008290 _____ () C:\Users\Samsung\Desktop\Essen.xlsx
2014-06-25 14:49 - 2012-12-23 15:57 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Adobe
2014-06-25 14:48 - 2012-12-18 15:05 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-25 14:47 - 2014-04-16 17:50 - 00008896 _____ () C:\Windows\setupact.log
2014-06-25 14:47 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-24 22:25 - 2014-06-24 22:25 - 00262144 _____ () C:\Windows\Minidump\062414-24445-01.dmp
2014-06-24 22:25 - 2014-04-25 21:40 - 1605572576 _____ () C:\Windows\MEMORY.DMP
2014-06-24 22:25 - 2013-02-26 18:23 - 00000000 ____D () C:\Windows\Minidump
2014-06-24 22:21 - 2013-12-16 13:55 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Spotify
2014-06-24 22:16 - 2012-12-18 15:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-24 22:12 - 2014-06-24 22:11 - 00336728 _____ () C:\Windows\Minidump\062414-24897-01.dmp
2014-06-24 21:36 - 2014-06-24 21:36 - 00001148 _____ () C:\Users\Samsung\Desktop\JRT.txt
2014-06-24 21:19 - 2014-06-24 21:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 21:19 - 2014-06-24 21:18 - 01016261 _____ (Thisisu) C:\Users\Samsung\Downloads\JRT.exe
2014-06-24 21:18 - 2014-06-16 09:56 - 00005152 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Samsung-PC-Samsung Samsung-PC
2014-06-24 21:16 - 2014-04-18 18:43 - 00016276 _____ () C:\Windows\PFRO.log
2014-06-24 21:15 - 2013-09-03 19:36 - 00000000 ____D () C:\AdwCleaner
2014-06-24 20:50 - 2014-06-24 20:49 - 01342659 _____ () C:\Users\Samsung\Downloads\adwcleaner_3.213.exe
2014-06-24 20:49 - 2014-06-24 20:49 - 00001161 _____ () C:\Users\Samsung\Desktop\mbam.txt
2014-06-24 20:29 - 2014-06-14 15:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-24 15:20 - 2014-06-24 15:19 - 00332160 _____ () C:\Windows\Minidump\062414-26800-01.dmp
2014-06-24 15:19 - 2012-12-18 16:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-24 14:46 - 2014-06-24 14:46 - 01724416 _____ () C:\Users\Samsung\Downloads\Thema_3_Neue_Wirtschaftsgeographie.ppt
2014-06-24 14:07 - 2014-06-24 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-24 11:41 - 2013-12-16 13:55 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Spotify
2014-06-23 21:15 - 2014-06-23 21:15 - 00034227 _____ () C:\ComboFix.txt
2014-06-23 21:15 - 2014-06-23 20:29 - 00000000 ____D () C:\Qoobox
2014-06-23 21:15 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-23 21:11 - 2014-06-23 20:29 - 00000000 ____D () C:\Windows\erdnt
2014-06-23 21:09 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-23 21:08 - 2009-07-14 04:34 - 20185088 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-06-23 21:08 - 2009-07-14 04:34 - 118751232 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-06-23 21:08 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-06-23 21:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-06-23 21:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-06-23 20:28 - 2014-06-23 20:28 - 05210951 ____R (Swearware) C:\Users\Samsung\Downloads\ComboFix.exe
2014-06-23 20:20 - 2014-06-23 20:20 - 00000000 ____D () C:\Users\Samsung\Downloads\FRST-OlderVersion
2014-06-23 20:20 - 2014-06-18 23:46 - 02082816 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2014-06-23 20:10 - 2014-06-23 20:10 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\VSRevoGroup
2014-06-23 20:04 - 2014-06-23 20:04 - 00001274 _____ () C:\Users\Samsung\Desktop\Revo Uninstaller.lnk
2014-06-23 20:04 - 2014-06-23 20:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-23 20:04 - 2014-06-23 20:03 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Samsung\Downloads\revosetup95.exe
2014-06-23 15:10 - 2014-06-23 15:09 - 00262144 _____ () C:\Windows\Minidump\062314-25927-01.dmp
2014-06-23 15:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-23 13:22 - 2013-05-30 23:52 - 00475136 ___SH () C:\Users\Samsung\Documents\Thumbs.db
2014-06-23 12:34 - 2014-06-23 12:34 - 00024539 _____ () C:\Users\Samsung\Downloads\TrojanerBoard_LogFiles_Anna1234.7z
2014-06-23 12:33 - 2014-06-23 12:33 - 00024539 _____ () C:\Users\Samsung\TrojanerBoard_LogFiles_Anna1234.7z
2014-06-23 12:33 - 2012-12-12 11:06 - 00000000 ____D () C:\Users\Samsung
2014-06-23 12:12 - 2014-06-23 12:12 - 00422210 _____ () C:\Users\Samsung\Downloads\gmerlog.log
2014-06-23 11:53 - 2014-06-23 11:53 - 00262144 _____ () C:\Windows\Minidump\062314-27487-01.dmp
2014-06-23 11:45 - 2014-06-23 11:45 - 00380416 _____ () C:\Users\Samsung\Downloads\Gmer-19357.exe
2014-06-21 15:35 - 2014-06-21 15:34 - 00336728 _____ () C:\Windows\Minidump\062114-29421-01.dmp
2014-06-21 11:00 - 2012-12-18 15:05 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 11:00 - 2012-12-18 15:05 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 02:45 - 2013-06-21 10:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-19 02:18 - 2014-06-19 02:18 - 00262144 _____ () C:\Windows\Minidump\061914-14929-01.dmp
2014-06-18 23:50 - 2014-06-18 23:49 - 00029116 _____ () C:\Users\Samsung\Downloads\Addition.txt
2014-06-18 19:03 - 2014-06-18 19:02 - 00262144 _____ () C:\Windows\Minidump\061814-44179-01.dmp
2014-06-18 12:28 - 2014-06-18 12:28 - 00000476 _____ () C:\Users\Samsung\Downloads\defogger_disable.log
2014-06-18 12:28 - 2014-06-18 12:28 - 00000000 _____ () C:\Users\Samsung\defogger_reenable
2014-06-18 12:26 - 2014-06-18 12:26 - 00050477 _____ () C:\Users\Samsung\Downloads\Defogger.exe
2014-06-18 12:16 - 2014-06-18 12:15 - 00332160 _____ () C:\Windows\Minidump\061814-23992-01.dmp
2014-06-17 13:38 - 2014-06-17 13:38 - 00262144 _____ () C:\Windows\Minidump\061714-20451-01.dmp
2014-06-17 13:32 - 2014-06-17 13:32 - 00262144 _____ () C:\Windows\Minidump\061714-24554-01.dmp
2014-06-16 15:21 - 2014-06-16 14:58 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_F61
2014-06-16 14:47 - 2014-06-16 14:47 - 02602496 _____ () C:\Users\Samsung\Downloads\Thema_7_USA_Innovationssystem.ppt
2014-06-16 14:42 - 2014-06-16 14:42 - 00689152 _____ () C:\Users\Samsung\Downloads\Thema_6_China_als_aufstrebendes_Innovationssystem.ppt
2014-06-16 14:10 - 2014-06-16 14:10 - 00000000 ____D () C:\Users\Samsung\Documents\OneNote-Notizbücher
2014-06-16 11:52 - 2014-06-16 11:52 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13 (1).ppt
2014-06-16 11:45 - 2014-06-16 11:45 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13.ppt
2014-06-15 21:40 - 2014-06-15 21:40 - 00262144 _____ () C:\Windows\Minidump\061514-23743-01.dmp
2014-06-15 17:04 - 2014-06-15 17:04 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_1AC0
2014-06-15 17:03 - 2014-06-15 17:03 - 00072704 _____ () C:\Users\Samsung\Downloads\302011041P1G217.XLS
2014-06-15 17:03 - 2014-06-15 17:03 - 00062464 _____ () C:\Users\Samsung\Downloads\302011041P1G218.XLS
2014-06-15 15:26 - 2014-06-15 15:25 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_2BE7
2014-06-15 14:56 - 2014-06-15 09:22 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_376D
2014-06-15 14:55 - 2014-06-15 14:55 - 01331200 _____ () C:\Users\Samsung\Downloads\Thema_3_Einflussfaktoren_National.ppt
2014-06-15 14:53 - 2014-06-15 14:53 - 00249856 _____ () C:\Users\Samsung\Downloads\Thema_1_Konstitutive_Elemente.PPT
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (2).ppt
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (1).ppt
2014-06-15 14:43 - 2014-06-15 14:43 - 00283648 _____ () C:\Users\Samsung\Downloads\Thema_4_Einflussfaktoren_Sektoral.ppt
2014-06-15 09:43 - 2014-06-15 09:43 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme.ppt
2014-06-15 09:37 - 2014-06-15 09:37 - 00852480 _____ () C:\Users\Samsung\Downloads\Thema_6_Netzwerk_InnovSys.ppt
2014-06-15 09:23 - 2014-06-15 09:23 - 01349120 _____ () C:\Users\Samsung\Downloads\Thema_5_Lokalbasierte_RIS.ppt
2014-06-15 09:21 - 2014-06-15 09:21 - 00448512 _____ () C:\Users\Samsung\Downloads\Thema_2_Grundlagen_RIS.ppt
2014-06-15 07:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2014-06-15 03:09 - 2013-07-17 23:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-15 03:04 - 2013-01-10 23:29 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-14 15:08 - 2014-06-14 15:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-06-14 15:08 - 2014-06-14 15:08 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-14 15:07 - 2014-06-14 15:07 - 00719128 _____ ( ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-06-13 11:18 - 2014-06-13 11:17 - 00262144 _____ () C:\Windows\Minidump\061314-17503-01.dmp
2014-06-12 09:35 - 2014-06-11 14:17 - 04247552 _____ () C:\Users\Samsung\Downloads\GP2014 (2).mx5
2014-06-11 17:05 - 2014-06-11 17:05 - 00029170 _____ () C:\Users\Samsung\Desktop\Gesamt.xlsx
2014-06-11 17:05 - 2014-06-11 16:51 - 00029142 _____ () C:\Users\Samsung\Downloads\Gesamt.xlsx
2014-06-11 16:48 - 2014-06-11 16:48 - 00032256 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle2.xls
2014-06-11 16:00 - 2014-06-11 16:00 - 00033792 _____ () C:\Users\Samsung\Desktop\Inspiration,Hemmende_FaktorenSummary GP2014.xls
2014-06-11 15:56 - 2014-06-11 15:56 - 00030720 _____ () C:\Users\Samsung\Desktop\GPExcelSummary.xls
2014-06-11 15:56 - 2014-06-11 15:55 - 00030720 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle.xls
2014-06-11 15:44 - 2014-06-11 15:43 - 02478592 _____ () C:\Users\Samsung\Desktop\GP2014 (2).xls
2014-06-11 14:17 - 2014-06-11 13:05 - 00323584 _____ () C:\Users\Samsung\Downloads\GP2014 (1).mx5
2014-06-11 14:16 - 2014-06-10 16:20 - 00991232 _____ () C:\Users\Samsung\Downloads\GP2014.mx5
2014-06-10 14:17 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\Documents\MAXQDA11
2014-06-10 14:17 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00001017 _____ () C:\Users\Samsung\Desktop\MAXQDA 11.lnk
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXQDA 11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Public\Documents\MAXQDA11_Examples
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\ProgramData\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Program Files (x86)\MAXQDA11
2014-06-10 12:53 - 2014-06-10 12:52 - 79687955 _____ () C:\Users\Samsung\Downloads\MAXQDA11_Demo.exe
2014-06-10 00:22 - 2014-06-10 00:22 - 00334176 _____ () C:\Windows\Minidump\061014-15678-01.dmp
2014-06-08 03:38 - 2014-06-08 03:37 - 00262144 _____ () C:\Windows\Minidump\060814-15880-01.dmp
2014-06-06 23:26 - 2014-06-06 23:26 - 00262144 _____ () C:\Windows\Minidump\060614-24304-01.dmp
2014-06-06 09:48 - 2014-06-06 09:48 - 00262144 _____ () C:\Windows\Minidump\060614-26192-01.dmp
2014-06-05 15:28 - 2014-06-05 15:27 - 00262144 _____ () C:\Windows\Minidump\060514-16442-01.dmp
2014-06-05 13:03 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-04 09:12 - 2014-06-04 09:10 - 00262144 _____ () C:\Windows\Minidump\060414-18735-01.dmp
2014-06-01 09:32 - 2009-07-14 06:45 - 05185952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-30 12:21 - 2014-06-12 09:45 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 09:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 09:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 09:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 09:45 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 09:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 09:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 09:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 09:45 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 09:45 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 09:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-12 09:45 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-12 09:45 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 09:45 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 09:45 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 09:45 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 09:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 09:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 09:45 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 09:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 09:45 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 09:45 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 09:45 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 09:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 09:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 09:45 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 09:45 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 09:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 09:45 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 09:45 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 09:45 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 09:45 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 09:45 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 09:45 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 09:45 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 09:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 09:45 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 09:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 09:45 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 09:45 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 09:45 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 09:45 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 09:45 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 09:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 09:45 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 09:45 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 09:45 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 09:45 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 09:45 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 09:45 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 09:45 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 17:50 - 2012-12-18 15:05 - 00146400 _____ () C:\Users\Samsung\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-29 17:34 - 2014-04-21 00:46 - 00001653 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC.lnk
2014-05-29 17:31 - 2014-04-21 00:44 - 00001517 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC (64 Bit).lnk
2014-05-29 17:28 - 2014-05-29 11:07 - 00000000 ____D () C:\Program Files (x86)\fst_de_18
2014-05-29 17:26 - 2014-05-29 17:26 - 00000000 ____D () C:\adobeTemp
2014-05-29 17:25 - 2012-12-18 15:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-29 17:21 - 2014-05-28 22:24 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-29 11:43 - 2012-12-18 15:06 - 00002253 _____ () C:\Users\Samsung\Desktop\Google Chrome.lnk
2014-05-29 11:42 - 2014-05-29 11:41 - 02953520 _____ (AVAST Software) C:\Users\Samsung\Downloads\avast-browser-cleanup_9.0.0.224.exe
2014-05-29 11:42 - 2013-12-21 12:16 - 00001145 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-29 11:42 - 2013-12-21 12:16 - 00001145 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-29 11:37 - 2013-01-08 21:17 - 00001339 _____ () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-29 11:32 - 2014-05-29 11:32 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290932
2014-05-29 11:30 - 2014-05-29 11:30 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290930
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieUserList
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieSiteList
2014-05-29 11:04 - 2014-05-29 11:04 - 00332288 _____ () C:\Users\Samsung\Downloads\Adobe Universal Patcher is Here !!!__2957_il424.exe
2014-05-29 10:59 - 2014-05-29 10:59 - 05910989 _____ () C:\Users\Samsung\Downloads\Adobe_Creative_Cloud_Cleaner_Tool.zip
2014-05-29 10:51 - 2014-05-29 10:50 - 19654946 _____ () C:\Users\Samsung\Downloads\Adobe Illustrator CC Serial Number-Keygen-Crack 32-64 Bit WIN-MAC.rar
2014-05-28 22:27 - 2014-05-28 22:27 - 00000000 _____ () C:\autoexec.bat
2014-05-28 22:25 - 2014-05-28 22:25 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-28 21:56 - 2014-05-28 21:56 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Samsung\Downloads\SpyHunter-Installer.exe
2014-05-28 21:30 - 2014-05-28 00:06 - 39945907 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part12.rar
2014-05-28 19:52 - 2014-05-28 19:52 - 00467472 _____ () C:\Users\Samsung\Downloads\Adobe-Illustrator-CC---Serial-Key - BitLord.exe
2014-05-28 18:31 - 2014-05-27 13:01 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part07.rar
2014-05-28 09:18 - 2014-05-28 09:18 - 00336728 _____ () C:\Windows\Minidump\052814-23774-01.dmp
2014-05-27 23:33 - 2014-05-27 22:51 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part11.rar
2014-05-27 22:50 - 2014-05-27 22:08 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part10.rar
2014-05-27 22:07 - 2014-05-27 21:13 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part08.rar
2014-05-27 21:12 - 2014-05-27 20:30 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part09.rar
2014-05-27 13:00 - 2014-05-27 12:39 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part06.rar
2014-05-27 12:38 - 2014-05-27 12:17 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part05.rar
2014-05-27 11:19 - 2014-05-26 21:21 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part04.rar
Some content of TEMP:
====================
C:\Users\Samsung\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpwukfgq.dll
C:\Users\Samsung\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-05-23 14:08
==================== End Of Log ============================
--- --- --- --- --- --- --- --- --- Gestern ist es noch einmal sehr oft abgestürzt und der Sound kam auch immer noch, wenn ich den Bildschirm bewegt habe oder aber auch einfach so. Code:
ATTFilter C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\Installer.dll.vir MSIL/Adware.Proxomoto.A Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\InstallerLibrary.dll.vir MSIL/Adware.Proxomoto.A Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\InstallFirefoxExtension.dll.vir MSIL/Adware.Proxomoto.B Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\NewVersionUploader.exe.vir MSIL/Adware.Proxomoto.A Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\WindowsUpdater.exe.vir MSIL/Adware.Proxomoto.A Anwendung
C:\AdwCleaner\Quarantine\C\Program Files (x86)\MSR\backup\System Update kb70007\backup\InstallerLibrary.dll.vir MSIL/Adware.Proxomoto.A Anwendung
C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe.vir Variante von Win32/DealPly.F evtl. unerwünschte Anwendung
C:\AdwCleaner\Quarantine\C\Users\Samsung\AppData\Roaming\eIntaller\6BABA90B2BD14fdcB5A536F478F78AE4\eGdpSvc.exe.vir Variante von Win32/ELEX.S evtl. unerwünschte Anwendung
C:\Qoobox\Quarantine\C\Windows\Microsoft\SystemUpdatekb70007\Installer.dll.vir MSIL/Adware.Proxomoto.A Anwendung
C:\Qoobox\Quarantine\C\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll.vir MSIL/Adware.Proxomoto.A Anwendung
C:\Qoobox\Quarantine\C\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe.vir MSIL/Adware.Proxomoto.A Anwendung
C:\Users\Samsung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\653OPV4A\wajam_validate[1].exe Win32/Wajam.F evtl. unerwünschte Anwendung
C:\Users\Samsung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\E0YOBK83\JDownloaderSetup_CH[1].exe Win32/InstallCore.PE evtl. unerwünschte Anwendung
C:\Users\Samsung\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\Z0YT2KCI\SpeedUpMyPC-standalone-setup[1].exe Win32/SpeedUpMyPC evtl. unerwünschte Anwendung
C:\Users\Samsung\Downloads\Adobe Universal Patcher is Here !!!__2957_il424.exe Variante von Win32/Amonetize.AS evtl. unerwünschte Anwendung
C:\Users\Samsung\Downloads\Adobe-Illustrator-CC---Serial-Key - BitLord.exe Variante von Win32/DownloadGuide.A evtl. unerwünschte Anwendung
C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe Variante von Win32/InstallCore.OY evtl. unerwünschte Anwendung
C:\Users\Samsung\Downloads\PDFCreator-1_7_0_setup.exe Win32/InstallMonetizer.AQ evtl. unerwünschte Anwendung
C:\Windows\Installer\db609.msi MSIL/Adware.Proxomoto.D Anwendung
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\upgrade[1].cab Mehrere Bedrohungen
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\upgrade[1].cab Mehrere Bedrohungen
 |
|
27.06.2014, 07:25
| #14 |
| /// the machine /// TB-Ausbilder | Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen) java updaten. Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
frisches FRST log bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.06.2014, 08:19
| #15 |
| | Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen)Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 22-06-2014
Ran by Samsung at 2014-06-27 09:17:50 Run:2
Running from C:\Users\Samsung\Downloads
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
*****************
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value deleted successfully.
==== End of Fixlog ====
FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 22-06-2014
Ran by Samsung (administrator) on SAMSUNG-PC on 27-06-2014 09:19:01
Running from C:\Users\Samsung\Downloads
Platform: Windows 7 Home Premium Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Diskeeper Corporation) C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Windows\SysWOW64\irstrtsv.exe
() C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\dmhkcore.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\MovieColorEnhancer.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Easy Settings\SmartSetting.exe
(Samsung Electronics) C:\Program Files (x86)\Samsung\Easy Settings\EasySpeedUpManager.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Spotify Ltd) C:\Users\Samsung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Dropbox, Inc.) C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\WINWORD.EXE
(Intel Corporation) C:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
(Intel(R) Corporation) C:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [558496 2014-02-27] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [avast] => C:\Program Files\AVAST Software\Avast\avastUI.exe [4297136 2012-10-31] (AVAST Software)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-3279623851-2464560472-1099086217-1000\...\Run: [Spotify Web Helper] => C:\Users\Samsung\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1176632 2014-05-23] (Spotify Ltd)
Startup: C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Samsung\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
ShellIconOverlayIdentifiers: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers: SkyDrivePro1 (ErrorConflict) -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro2 (SyncInProgress) -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: SkyDrivePro3 (InSync) -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
ShellIconOverlayIdentifiers: 00avast -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll (AVAST Software)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive1 -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive2 -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => No File
ShellIconOverlayIdentifiers-x32: SkyDrive3 -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF63FEF6214DDCD01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=AV01
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKLM-x32 - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKCU - {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Lync Browser Helper - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
DPF: HKLM-x32 {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL (Microsoft Corporation)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - No File
Filter-x32: application/x-ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica; charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=euc-jp - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=ISO-8859-1 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS936 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS949 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=MS950 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF-8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: application/x-ica;charset=UTF8 - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Filter-x32: ica - {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files (x86)\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.)
Tcpip\Parameters: [DhcpNameServer] 129.206.100.126 129.206.210.127
Tcpip\..\Interfaces\{459A5E2F-6ED2-41B3-84B9-49B700994514}: [NameServer]8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
FireFox:
========
FF ProfilePath: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t6nayio3.default
FF NetworkProxy: " type", 1);user_pref("network.proxy.http", "127.0.0.1");user_pref("network.proxy.http_port", 8118);user_pref("network.proxy.ssl", "127.0.0.1");user_pref("network.proxy.ssl_port", 8118
FF Plugin: @java.com/DTPlugin,version=10.45.2 - C:\Windows\system32\npdeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @Citrix.com/npican - C:\Program Files (x86)\Citrix\ICA Client\npicaN.dll (Citrix Systems, Inc.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 - C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.45.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.5 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Samsung\AppData\Roaming\Mozilla\Firefox\Profiles\t6nayio3.default\searchplugins\bing-avast.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-02]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-12-18]
FF HKCU\...\Firefox\Extensions: [smartwebprinting@hp.com] - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: HP Smart Web Printing - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2013-07-02]
Chrome:
=======
CHR HomePage:
CHR StartupUrls: "hxxp://google.de/"
CHR Extension: (Google Docs) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-05-29]
CHR Extension: (Google Drive) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-05-29]
CHR Extension: (YouTube) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-05-29]
CHR Extension: (Google-Suche) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-05-29]
CHR Extension: (AdBlock) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-05-29]
CHR Extension: (avast! WebRep) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda [2012-12-22]
CHR Extension: (Google Wallet) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-04-16]
CHR Extension: (Google Mail) - C:\Users\Samsung\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-05-29]
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2012-12-18]
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-10-31] (AVAST Software)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [245760 2010-01-25] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2279608 2014-05-21] (Microsoft Corporation)
R2 ExpressCache; C:\Program Files\Diskeeper Corporation\ExpressCache\ExpressCache.exe [79664 2012-03-30] (Diskeeper Corporation)
R3 hpqcxs08; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll [249344 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 hpqddsvc; C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll [133120 2009-09-20] (Hewlett-Packard Co.) [File not signed]
R2 irstrtsv; C:\Windows\SysWOW64\irstrtsv.exe [184320 2011-07-06] (Intel Corporation) [File not signed]
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2008-12-03] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2008-12-03] (Hewlett-Packard) [File not signed]
R2 SamsungDeviceConfigurationWinService; C:\Program Files (x86)\Samsung\Easy Settings\SamsungDeviceConfiguration.exe [31624 2012-02-13] () [File not signed]
==================== Drivers (Whitelisted) ====================
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-10-31] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-10-31] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-10-15] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [984144 2012-10-31] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [370288 2012-10-31] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-10-31] (AVAST Software)
R1 excfs; C:\Windows\System32\DRIVERS\excfs.sys [23344 2012-03-30] (Diskeeper Corporation)
R0 excsd; C:\Windows\System32\DRIVERS\excsd.sys [95024 2012-03-30] (Diskeeper Corporation)
R3 irstrtdv; C:\Windows\System32\DRIVERS\irstrtdv.sys [26504 2011-06-16] (Intel Corporation)
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [27520 2007-05-14] (Research In Motion Limited)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-06-27 00:01 - 2014-06-27 00:01 - 00000000 ___SH () C:\DkHyperbootSync
2014-06-26 15:03 - 2014-06-26 15:03 - 00262144 _____ () C:\Windows\Minidump\062614-15241-01.dmp
2014-06-26 13:21 - 2014-06-26 13:21 - 00000165 ____H () C:\Users\Samsung\Desktop\~$Gesamt.xlsx
2014-06-26 00:39 - 2014-06-26 00:40 - 00854367 _____ () C:\Users\Samsung\Desktop\SecurityCheck.exe
2014-06-26 00:36 - 2014-06-26 00:36 - 00002920 _____ () C:\Users\Samsung\Desktop\eset.txt
2014-06-25 14:53 - 2014-06-26 23:58 - 00008520 _____ () C:\Users\Samsung\Desktop\Essen.xlsx
2014-06-24 22:25 - 2014-06-24 22:25 - 00262144 _____ () C:\Windows\Minidump\062414-24445-01.dmp
2014-06-24 22:11 - 2014-06-24 22:12 - 00336728 _____ () C:\Windows\Minidump\062414-24897-01.dmp
2014-06-24 21:36 - 2014-06-24 21:36 - 00001148 _____ () C:\Users\Samsung\Desktop\JRT.txt
2014-06-24 21:19 - 2014-06-24 21:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 21:18 - 2014-06-24 21:19 - 01016261 _____ (Thisisu) C:\Users\Samsung\Downloads\JRT.exe
2014-06-24 20:52 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-06-24 20:49 - 2014-06-24 20:50 - 01342659 _____ () C:\Users\Samsung\Downloads\adwcleaner_3.213.exe
2014-06-24 20:49 - 2014-06-24 20:49 - 00001161 _____ () C:\Users\Samsung\Desktop\mbam.txt
2014-06-24 15:19 - 2014-06-24 15:20 - 00332160 _____ () C:\Windows\Minidump\062414-26800-01.dmp
2014-06-24 14:46 - 2014-06-24 14:46 - 01724416 _____ () C:\Users\Samsung\Downloads\Thema_3_Neue_Wirtschaftsgeographie.ppt
2014-06-24 10:19 - 2014-06-24 14:07 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-23 21:15 - 2014-06-23 21:15 - 00034227 _____ () C:\ComboFix.txt
2014-06-23 20:30 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-06-23 20:30 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-06-23 20:30 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-06-23 20:30 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-06-23 20:29 - 2014-06-23 21:15 - 00000000 ____D () C:\Qoobox
2014-06-23 20:29 - 2014-06-23 21:11 - 00000000 ____D () C:\Windows\erdnt
2014-06-23 20:28 - 2014-06-23 20:28 - 05210951 ____R (Swearware) C:\Users\Samsung\Downloads\ComboFix.exe
2014-06-23 20:20 - 2014-06-23 20:20 - 00000000 ____D () C:\Users\Samsung\Downloads\FRST-OlderVersion
2014-06-23 20:10 - 2014-06-23 20:10 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\VSRevoGroup
2014-06-23 20:04 - 2014-06-23 20:04 - 00001274 _____ () C:\Users\Samsung\Desktop\Revo Uninstaller.lnk
2014-06-23 20:04 - 2014-06-23 20:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-23 20:03 - 2014-06-23 20:04 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Samsung\Downloads\revosetup95.exe
2014-06-23 15:09 - 2014-06-23 15:10 - 00262144 _____ () C:\Windows\Minidump\062314-25927-01.dmp
2014-06-23 12:34 - 2014-06-23 12:34 - 00024539 _____ () C:\Users\Samsung\Downloads\TrojanerBoard_LogFiles_Anna1234.7z
2014-06-23 12:33 - 2014-06-23 12:33 - 00024539 _____ () C:\Users\Samsung\TrojanerBoard_LogFiles_Anna1234.7z
2014-06-23 12:12 - 2014-06-23 12:12 - 00422210 _____ () C:\Users\Samsung\Downloads\gmerlog.log
2014-06-23 11:53 - 2014-06-23 11:53 - 00262144 _____ () C:\Windows\Minidump\062314-27487-01.dmp
2014-06-23 11:45 - 2014-06-23 11:45 - 00380416 _____ () C:\Users\Samsung\Downloads\Gmer-19357.exe
2014-06-21 15:34 - 2014-06-21 15:35 - 00336728 _____ () C:\Windows\Minidump\062114-29421-01.dmp
2014-06-19 02:18 - 2014-06-19 02:18 - 00262144 _____ () C:\Windows\Minidump\061914-14929-01.dmp
2014-06-18 23:49 - 2014-06-18 23:50 - 00029116 _____ () C:\Users\Samsung\Downloads\Addition.txt
2014-06-18 23:47 - 2014-06-27 09:19 - 00027208 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-06-18 23:47 - 2014-06-27 09:19 - 00000000 ____D () C:\FRST
2014-06-18 23:46 - 2014-06-23 20:20 - 02082816 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2014-06-18 19:02 - 2014-06-18 19:03 - 00262144 _____ () C:\Windows\Minidump\061814-44179-01.dmp
2014-06-18 12:28 - 2014-06-18 12:28 - 00000476 _____ () C:\Users\Samsung\Downloads\defogger_disable.log
2014-06-18 12:28 - 2014-06-18 12:28 - 00000000 _____ () C:\Users\Samsung\defogger_reenable
2014-06-18 12:26 - 2014-06-18 12:26 - 00050477 _____ () C:\Users\Samsung\Downloads\Defogger.exe
2014-06-18 12:15 - 2014-06-18 12:16 - 00332160 _____ () C:\Windows\Minidump\061814-23992-01.dmp
2014-06-17 13:38 - 2014-06-17 13:38 - 00262144 _____ () C:\Windows\Minidump\061714-20451-01.dmp
2014-06-17 13:32 - 2014-06-17 13:32 - 00262144 _____ () C:\Windows\Minidump\061714-24554-01.dmp
2014-06-16 14:58 - 2014-06-16 15:21 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_F61
2014-06-16 14:47 - 2014-06-16 14:47 - 02602496 _____ () C:\Users\Samsung\Downloads\Thema_7_USA_Innovationssystem.ppt
2014-06-16 14:42 - 2014-06-16 14:42 - 00689152 _____ () C:\Users\Samsung\Downloads\Thema_6_China_als_aufstrebendes_Innovationssystem.ppt
2014-06-16 14:10 - 2014-06-16 14:10 - 00000000 ____D () C:\Users\Samsung\Documents\OneNote-Notizbücher
2014-06-16 11:52 - 2014-06-16 11:52 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13 (1).ppt
2014-06-16 11:45 - 2014-06-16 11:45 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13.ppt
2014-06-16 09:56 - 2014-06-26 15:27 - 00005150 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Samsung-PC-Samsung Samsung-PC
2014-06-15 21:40 - 2014-06-15 21:40 - 00262144 _____ () C:\Windows\Minidump\061514-23743-01.dmp
2014-06-15 17:04 - 2014-06-15 17:04 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_1AC0
2014-06-15 17:03 - 2014-06-15 17:03 - 00072704 _____ () C:\Users\Samsung\Downloads\302011041P1G217.XLS
2014-06-15 17:03 - 2014-06-15 17:03 - 00062464 _____ () C:\Users\Samsung\Downloads\302011041P1G218.XLS
2014-06-15 15:25 - 2014-06-15 15:26 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_2BE7
2014-06-15 14:55 - 2014-06-15 14:55 - 01331200 _____ () C:\Users\Samsung\Downloads\Thema_3_Einflussfaktoren_National.ppt
2014-06-15 14:53 - 2014-06-15 14:53 - 00249856 _____ () C:\Users\Samsung\Downloads\Thema_1_Konstitutive_Elemente.PPT
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (2).ppt
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (1).ppt
2014-06-15 14:43 - 2014-06-15 14:43 - 00283648 _____ () C:\Users\Samsung\Downloads\Thema_4_Einflussfaktoren_Sektoral.ppt
2014-06-15 09:43 - 2014-06-15 09:43 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme.ppt
2014-06-15 09:37 - 2014-06-15 09:37 - 00852480 _____ () C:\Users\Samsung\Downloads\Thema_6_Netzwerk_InnovSys.ppt
2014-06-15 09:23 - 2014-06-15 09:23 - 01349120 _____ () C:\Users\Samsung\Downloads\Thema_5_Lokalbasierte_RIS.ppt
2014-06-15 09:22 - 2014-06-15 14:56 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_376D
2014-06-15 09:21 - 2014-06-15 09:21 - 00448512 _____ () C:\Users\Samsung\Downloads\Thema_2_Grundlagen_RIS.ppt
2014-06-14 15:09 - 2014-06-24 20:29 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-14 15:08 - 2014-06-14 15:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-06-14 15:08 - 2014-06-14 15:08 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-14 15:08 - 2014-05-12 07:26 - 00091352 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-06-14 15:08 - 2014-05-12 07:26 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-06-14 15:08 - 2014-05-12 07:25 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-06-14 15:07 - 2014-06-14 15:07 - 00719128 _____ ( ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-06-13 11:17 - 2014-06-13 11:18 - 00262144 _____ () C:\Windows\Minidump\061314-17503-01.dmp
2014-06-12 09:46 - 2014-04-25 04:34 - 00801280 _____ (Microsoft Corporation) C:\Windows\system32\usp10.dll
2014-06-12 09:46 - 2014-04-25 04:06 - 00626688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usp10.dll
2014-06-12 09:46 - 2014-04-05 04:47 - 01903552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2014-06-12 09:46 - 2014-04-05 04:47 - 00288192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2014-06-12 09:46 - 2014-03-26 16:44 - 02002432 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2014-06-12 09:46 - 2014-03-26 16:44 - 01882112 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-06-12 09:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml6r.dll
2014-06-12 09:46 - 2014-03-26 16:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-06-12 09:46 - 2014-03-26 16:27 - 01389056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2014-06-12 09:46 - 2014-03-26 16:27 - 01237504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2014-06-12 09:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6r.dll
2014-06-12 09:46 - 2014-03-26 16:25 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2014-06-12 09:45 - 2014-05-30 12:21 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-06-12 09:45 - 2014-05-30 12:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-06-12 09:45 - 2014-05-30 12:02 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-06-12 09:45 - 2014-05-30 11:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-06-12 09:45 - 2014-05-30 11:39 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-06-12 09:45 - 2014-05-30 11:39 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-06-12 09:45 - 2014-05-30 11:38 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-06-12 09:45 - 2014-05-30 11:28 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-06-12 09:45 - 2014-05-30 11:27 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-06-12 09:45 - 2014-05-30 11:24 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-06-12 09:45 - 2014-05-30 11:21 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-06-12 09:45 - 2014-05-30 11:21 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-06-12 09:45 - 2014-05-30 11:20 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-06-12 09:45 - 2014-05-30 11:18 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-06-12 09:45 - 2014-05-30 11:11 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-06-12 09:45 - 2014-05-30 11:08 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-06-12 09:45 - 2014-05-30 11:06 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-06-12 09:45 - 2014-05-30 11:02 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-06-12 09:45 - 2014-05-30 10:55 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-06-12 09:45 - 2014-05-30 10:49 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-06-12 09:45 - 2014-05-30 10:46 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-06-12 09:45 - 2014-05-30 10:44 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-06-12 09:45 - 2014-05-30 10:44 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-06-12 09:45 - 2014-05-30 10:43 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-06-12 09:45 - 2014-05-30 10:42 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-06-12 09:45 - 2014-05-30 10:38 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-06-12 09:45 - 2014-05-30 10:35 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-06-12 09:45 - 2014-05-30 10:34 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-06-12 09:45 - 2014-05-30 10:33 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-06-12 09:45 - 2014-05-30 10:30 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-06-12 09:45 - 2014-05-30 10:29 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-06-12 09:45 - 2014-05-30 10:28 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-06-12 09:45 - 2014-05-30 10:27 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-06-12 09:45 - 2014-05-30 10:24 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-06-12 09:45 - 2014-05-30 10:23 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-06-12 09:45 - 2014-05-30 10:16 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-06-12 09:45 - 2014-05-30 10:10 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-06-12 09:45 - 2014-05-30 10:06 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-06-12 09:45 - 2014-05-30 10:04 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-06-12 09:45 - 2014-05-30 10:02 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-06-12 09:45 - 2014-05-30 09:56 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-06-12 09:45 - 2014-05-30 09:56 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-06-12 09:45 - 2014-05-30 09:54 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-06-12 09:45 - 2014-05-30 09:50 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-06-12 09:45 - 2014-05-30 09:49 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-06-12 09:45 - 2014-05-30 09:43 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-06-12 09:45 - 2014-05-30 09:40 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-06-12 09:45 - 2014-05-30 09:30 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-06-12 09:45 - 2014-05-30 09:21 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-06-12 09:45 - 2014-05-30 09:15 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-06-12 09:45 - 2014-05-30 09:13 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-06-12 09:45 - 2014-05-30 09:13 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-06-11 17:05 - 2014-06-11 17:05 - 00029170 _____ () C:\Users\Samsung\Desktop\Gesamt.xlsx
2014-06-11 16:51 - 2014-06-11 17:05 - 00029142 _____ () C:\Users\Samsung\Downloads\Gesamt.xlsx
2014-06-11 16:48 - 2014-06-11 16:48 - 00032256 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle2.xls
2014-06-11 16:00 - 2014-06-11 16:00 - 00033792 _____ () C:\Users\Samsung\Desktop\Inspiration,Hemmende_FaktorenSummary GP2014.xls
2014-06-11 15:56 - 2014-06-11 15:56 - 00030720 _____ () C:\Users\Samsung\Desktop\GPExcelSummary.xls
2014-06-11 15:55 - 2014-06-11 15:56 - 00030720 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle.xls
2014-06-11 15:43 - 2014-06-11 15:44 - 02478592 _____ () C:\Users\Samsung\Desktop\GP2014 (2).xls
2014-06-11 14:17 - 2014-06-12 09:35 - 04247552 _____ () C:\Users\Samsung\Downloads\GP2014 (2).mx5
2014-06-11 13:05 - 2014-06-11 14:17 - 00323584 _____ () C:\Users\Samsung\Downloads\GP2014 (1).mx5
2014-06-10 16:20 - 2014-06-11 14:16 - 00991232 _____ () C:\Users\Samsung\Downloads\GP2014.mx5
2014-06-10 12:54 - 2014-06-10 14:17 - 00000000 ____D () C:\Users\Samsung\Documents\MAXQDA11
2014-06-10 12:54 - 2014-06-10 14:17 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00001017 _____ () C:\Users\Samsung\Desktop\MAXQDA 11.lnk
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXQDA 11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Public\Documents\MAXQDA11_Examples
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\ProgramData\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Program Files (x86)\MAXQDA11
2014-06-10 12:52 - 2014-06-10 12:53 - 79687955 _____ () C:\Users\Samsung\Downloads\MAXQDA11_Demo.exe
2014-06-10 00:22 - 2014-06-10 00:22 - 00334176 _____ () C:\Windows\Minidump\061014-15678-01.dmp
2014-06-08 03:37 - 2014-06-08 03:38 - 00262144 _____ () C:\Windows\Minidump\060814-15880-01.dmp
2014-06-06 23:26 - 2014-06-06 23:26 - 00262144 _____ () C:\Windows\Minidump\060614-24304-01.dmp
2014-06-06 09:48 - 2014-06-06 09:48 - 00262144 _____ () C:\Windows\Minidump\060614-26192-01.dmp
2014-06-05 15:27 - 2014-06-05 15:28 - 00262144 _____ () C:\Windows\Minidump\060514-16442-01.dmp
2014-06-04 09:10 - 2014-06-04 09:12 - 00262144 _____ () C:\Windows\Minidump\060414-18735-01.dmp
2014-05-29 17:26 - 2014-05-29 17:26 - 00000000 ____D () C:\adobeTemp
2014-05-29 11:41 - 2014-05-29 11:42 - 02953520 _____ (AVAST Software) C:\Users\Samsung\Downloads\avast-browser-cleanup_9.0.0.224.exe
2014-05-29 11:32 - 2014-05-29 11:32 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290932
2014-05-29 11:30 - 2014-05-29 11:30 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290930
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieUserList
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieSiteList
2014-05-29 11:07 - 2014-05-29 17:28 - 00000000 ____D () C:\Program Files (x86)\fst_de_18
2014-05-29 11:04 - 2014-05-29 11:04 - 00332288 _____ () C:\Users\Samsung\Downloads\Adobe Universal Patcher is Here !!!__2957_il424.exe
2014-05-29 10:59 - 2014-05-29 10:59 - 05910989 _____ () C:\Users\Samsung\Downloads\Adobe_Creative_Cloud_Cleaner_Tool.zip
2014-05-29 10:50 - 2014-05-29 10:51 - 19654946 _____ () C:\Users\Samsung\Downloads\Adobe Illustrator CC Serial Number-Keygen-Crack 32-64 Bit WIN-MAC.rar
2014-05-28 22:27 - 2014-05-28 22:27 - 00000000 _____ () C:\autoexec.bat
2014-05-28 22:25 - 2014-05-28 22:25 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-28 22:24 - 2014-05-29 17:21 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-28 21:56 - 2014-05-28 21:56 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Samsung\Downloads\SpyHunter-Installer.exe
2014-05-28 19:52 - 2014-05-28 19:52 - 00467472 _____ () C:\Users\Samsung\Downloads\Adobe-Illustrator-CC---Serial-Key - BitLord.exe
2014-05-28 18:31 - 2013-06-21 11:29 - 00000000 ____D () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.Multilingual.Incl.Patch-PainteR
2014-05-28 09:18 - 2014-05-28 09:18 - 00336728 _____ () C:\Windows\Minidump\052814-23774-01.dmp
2014-05-28 00:06 - 2014-05-28 21:30 - 39945907 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part12.rar
==================== One Month Modified Files and Folders =======
2014-06-27 09:19 - 2014-06-18 23:47 - 00027208 _____ () C:\Users\Samsung\Downloads\FRST.txt
2014-06-27 09:19 - 2014-06-18 23:47 - 00000000 ____D () C:\FRST
2014-06-27 09:15 - 2014-04-16 17:50 - 00009176 _____ () C:\Windows\setupact.log
2014-06-27 09:15 - 2012-12-23 15:57 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Adobe
2014-06-27 09:15 - 2012-12-18 15:31 - 00004182 _____ () C:\Windows\System32\Tasks\avast! Emergency Update
2014-06-27 09:15 - 2012-12-18 15:05 - 00001112 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-06-27 09:15 - 2012-12-18 15:00 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-06-27 00:01 - 2014-06-27 00:01 - 00000000 ___SH () C:\DkHyperbootSync
2014-06-26 23:58 - 2014-06-25 14:53 - 00008520 _____ () C:\Users\Samsung\Desktop\Essen.xlsx
2014-06-26 23:57 - 2013-09-10 12:51 - 01365030 _____ () C:\Windows\WindowsUpdate.log
2014-06-26 15:27 - 2014-06-16 09:56 - 00005150 _____ () C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Samsung-PC-Samsung Samsung-PC
2014-06-26 15:12 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-06-26 15:12 - 2009-07-14 06:45 - 00014208 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-06-26 15:06 - 2014-05-15 10:59 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\DropboxMaster
2014-06-26 15:06 - 2013-01-13 01:06 - 00000000 ___RD () C:\Users\Samsung\Dropbox
2014-06-26 15:06 - 2013-01-13 01:00 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Dropbox
2014-06-26 15:05 - 2012-12-18 15:05 - 00001108 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-06-26 15:04 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-06-26 15:03 - 2014-06-26 15:03 - 00262144 _____ () C:\Windows\Minidump\062614-15241-01.dmp
2014-06-26 15:03 - 2014-04-25 21:40 - 1417545588 _____ () C:\Windows\MEMORY.DMP
2014-06-26 15:03 - 2013-02-26 18:23 - 00000000 ____D () C:\Windows\Minidump
2014-06-26 14:04 - 2013-12-16 13:55 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Spotify
2014-06-26 13:21 - 2014-06-26 13:21 - 00000165 ____H () C:\Users\Samsung\Desktop\~$Gesamt.xlsx
2014-06-26 11:57 - 2013-05-30 23:52 - 00475136 ___SH () C:\Users\Samsung\Documents\Thumbs.db
2014-06-26 09:49 - 2014-04-18 18:43 - 00017648 _____ () C:\Windows\PFRO.log
2014-06-26 00:40 - 2014-06-26 00:39 - 00854367 _____ () C:\Users\Samsung\Desktop\SecurityCheck.exe
2014-06-26 00:36 - 2014-06-26 00:36 - 00002920 _____ () C:\Users\Samsung\Desktop\eset.txt
2014-06-25 20:07 - 2013-04-07 16:27 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\vlc
2014-06-25 19:47 - 2009-07-14 19:58 - 00699682 _____ () C:\Windows\system32\perfh007.dat
2014-06-25 19:47 - 2009-07-14 19:58 - 00149790 _____ () C:\Windows\system32\perfc007.dat
2014-06-25 19:47 - 2009-07-14 07:13 - 01620684 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-06-24 22:25 - 2014-06-24 22:25 - 00262144 _____ () C:\Windows\Minidump\062414-24445-01.dmp
2014-06-24 22:12 - 2014-06-24 22:11 - 00336728 _____ () C:\Windows\Minidump\062414-24897-01.dmp
2014-06-24 21:36 - 2014-06-24 21:36 - 00001148 _____ () C:\Users\Samsung\Desktop\JRT.txt
2014-06-24 21:19 - 2014-06-24 21:19 - 00000000 ____D () C:\Windows\ERUNT
2014-06-24 21:19 - 2014-06-24 21:18 - 01016261 _____ (Thisisu) C:\Users\Samsung\Downloads\JRT.exe
2014-06-24 21:15 - 2013-09-03 19:36 - 00000000 ____D () C:\AdwCleaner
2014-06-24 20:50 - 2014-06-24 20:49 - 01342659 _____ () C:\Users\Samsung\Downloads\adwcleaner_3.213.exe
2014-06-24 20:49 - 2014-06-24 20:49 - 00001161 _____ () C:\Users\Samsung\Desktop\mbam.txt
2014-06-24 20:29 - 2014-06-14 15:09 - 00122584 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-06-24 15:20 - 2014-06-24 15:19 - 00332160 _____ () C:\Windows\Minidump\062414-26800-01.dmp
2014-06-24 15:19 - 2012-12-18 16:26 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-06-24 14:46 - 2014-06-24 14:46 - 01724416 _____ () C:\Users\Samsung\Downloads\Thema_3_Neue_Wirtschaftsgeographie.ppt
2014-06-24 14:07 - 2014-06-24 10:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Thunderbird
2014-06-24 11:41 - 2013-12-16 13:55 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Spotify
2014-06-23 21:15 - 2014-06-23 21:15 - 00034227 _____ () C:\ComboFix.txt
2014-06-23 21:15 - 2014-06-23 20:29 - 00000000 ____D () C:\Qoobox
2014-06-23 21:15 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-06-23 21:11 - 2014-06-23 20:29 - 00000000 ____D () C:\Windows\erdnt
2014-06-23 21:09 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-06-23 21:08 - 2009-07-14 04:34 - 20185088 _____ () C:\Windows\system32\config\SYSTEM.bak
2014-06-23 21:08 - 2009-07-14 04:34 - 118751232 _____ () C:\Windows\system32\config\SOFTWARE.bak
2014-06-23 21:08 - 2009-07-14 04:34 - 00524288 _____ () C:\Windows\system32\config\DEFAULT.bak
2014-06-23 21:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SECURITY.bak
2014-06-23 21:08 - 2009-07-14 04:34 - 00262144 _____ () C:\Windows\system32\config\SAM.bak
2014-06-23 20:28 - 2014-06-23 20:28 - 05210951 ____R (Swearware) C:\Users\Samsung\Downloads\ComboFix.exe
2014-06-23 20:20 - 2014-06-23 20:20 - 00000000 ____D () C:\Users\Samsung\Downloads\FRST-OlderVersion
2014-06-23 20:20 - 2014-06-18 23:46 - 02082816 _____ (Farbar) C:\Users\Samsung\Downloads\FRST64.exe
2014-06-23 20:10 - 2014-06-23 20:10 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\VSRevoGroup
2014-06-23 20:04 - 2014-06-23 20:04 - 00001274 _____ () C:\Users\Samsung\Desktop\Revo Uninstaller.lnk
2014-06-23 20:04 - 2014-06-23 20:04 - 00000000 ____D () C:\Program Files (x86)\VS Revo Group
2014-06-23 20:04 - 2014-06-23 20:03 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Samsung\Downloads\revosetup95.exe
2014-06-23 15:10 - 2014-06-23 15:09 - 00262144 _____ () C:\Windows\Minidump\062314-25927-01.dmp
2014-06-23 15:06 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-06-23 12:34 - 2014-06-23 12:34 - 00024539 _____ () C:\Users\Samsung\Downloads\TrojanerBoard_LogFiles_Anna1234.7z
2014-06-23 12:33 - 2014-06-23 12:33 - 00024539 _____ () C:\Users\Samsung\TrojanerBoard_LogFiles_Anna1234.7z
2014-06-23 12:33 - 2012-12-12 11:06 - 00000000 ____D () C:\Users\Samsung
2014-06-23 12:12 - 2014-06-23 12:12 - 00422210 _____ () C:\Users\Samsung\Downloads\gmerlog.log
2014-06-23 11:53 - 2014-06-23 11:53 - 00262144 _____ () C:\Windows\Minidump\062314-27487-01.dmp
2014-06-23 11:45 - 2014-06-23 11:45 - 00380416 _____ () C:\Users\Samsung\Downloads\Gmer-19357.exe
2014-06-21 15:35 - 2014-06-21 15:34 - 00336728 _____ () C:\Windows\Minidump\062114-29421-01.dmp
2014-06-21 11:00 - 2012-12-18 15:05 - 00004108 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-21 11:00 - 2012-12-18 15:05 - 00003856 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-19 02:45 - 2013-06-21 10:23 - 00000000 ____D () C:\Program Files\Microsoft Office 15
2014-06-19 02:18 - 2014-06-19 02:18 - 00262144 _____ () C:\Windows\Minidump\061914-14929-01.dmp
2014-06-18 23:50 - 2014-06-18 23:49 - 00029116 _____ () C:\Users\Samsung\Downloads\Addition.txt
2014-06-18 19:03 - 2014-06-18 19:02 - 00262144 _____ () C:\Windows\Minidump\061814-44179-01.dmp
2014-06-18 12:28 - 2014-06-18 12:28 - 00000476 _____ () C:\Users\Samsung\Downloads\defogger_disable.log
2014-06-18 12:28 - 2014-06-18 12:28 - 00000000 _____ () C:\Users\Samsung\defogger_reenable
2014-06-18 12:26 - 2014-06-18 12:26 - 00050477 _____ () C:\Users\Samsung\Downloads\Defogger.exe
2014-06-18 12:16 - 2014-06-18 12:15 - 00332160 _____ () C:\Windows\Minidump\061814-23992-01.dmp
2014-06-17 13:38 - 2014-06-17 13:38 - 00262144 _____ () C:\Windows\Minidump\061714-20451-01.dmp
2014-06-17 13:32 - 2014-06-17 13:32 - 00262144 _____ () C:\Windows\Minidump\061714-24554-01.dmp
2014-06-16 15:21 - 2014-06-16 14:58 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_F61
2014-06-16 14:47 - 2014-06-16 14:47 - 02602496 _____ () C:\Users\Samsung\Downloads\Thema_7_USA_Innovationssystem.ppt
2014-06-16 14:42 - 2014-06-16 14:42 - 00689152 _____ () C:\Users\Samsung\Downloads\Thema_6_China_als_aufstrebendes_Innovationssystem.ppt
2014-06-16 14:10 - 2014-06-16 14:10 - 00000000 ____D () C:\Users\Samsung\Documents\OneNote-Notizbücher
2014-06-16 11:52 - 2014-06-16 11:52 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13 (1).ppt
2014-06-16 11:45 - 2014-06-16 11:45 - 02050048 _____ () C:\Users\Samsung\Downloads\Weinberger_03_01_13.ppt
2014-06-15 21:40 - 2014-06-15 21:40 - 00262144 _____ () C:\Windows\Minidump\061514-23743-01.dmp
2014-06-15 17:04 - 2014-06-15 17:04 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_1AC0
2014-06-15 17:03 - 2014-06-15 17:03 - 00072704 _____ () C:\Users\Samsung\Downloads\302011041P1G217.XLS
2014-06-15 17:03 - 2014-06-15 17:03 - 00062464 _____ () C:\Users\Samsung\Downloads\302011041P1G218.XLS
2014-06-15 15:26 - 2014-06-15 15:25 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_2BE7
2014-06-15 14:56 - 2014-06-15 09:22 - 00000000 ____D () C:\Users\Samsung\AppData\OICE_15_974FA576_32C1D314_376D
2014-06-15 14:55 - 2014-06-15 14:55 - 01331200 _____ () C:\Users\Samsung\Downloads\Thema_3_Einflussfaktoren_National.ppt
2014-06-15 14:53 - 2014-06-15 14:53 - 00249856 _____ () C:\Users\Samsung\Downloads\Thema_1_Konstitutive_Elemente.PPT
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (2).ppt
2014-06-15 14:48 - 2014-06-15 14:48 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme (1).ppt
2014-06-15 14:43 - 2014-06-15 14:43 - 00283648 _____ () C:\Users\Samsung\Downloads\Thema_4_Einflussfaktoren_Sektoral.ppt
2014-06-15 09:43 - 2014-06-15 09:43 - 00689664 _____ () C:\Users\Samsung\Downloads\Thema_7_Zentralbasierte_Innovationssysteme.ppt
2014-06-15 09:37 - 2014-06-15 09:37 - 00852480 _____ () C:\Users\Samsung\Downloads\Thema_6_Netzwerk_InnovSys.ppt
2014-06-15 09:23 - 2014-06-15 09:23 - 01349120 _____ () C:\Users\Samsung\Downloads\Thema_5_Lokalbasierte_RIS.ppt
2014-06-15 09:21 - 2014-06-15 09:21 - 00448512 _____ () C:\Users\Samsung\Downloads\Thema_2_Grundlagen_RIS.ppt
2014-06-15 07:36 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\Branding
2014-06-15 03:09 - 2013-07-17 23:50 - 00000000 ____D () C:\Windows\system32\MRT
2014-06-15 03:04 - 2013-01-10 23:29 - 95414520 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-06-14 15:08 - 2014-06-14 15:08 - 17292760 _____ (Malwarebytes Corporation ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager [1].exe
2014-06-14 15:08 - 2014-06-14 15:08 - 00001112 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-06-14 15:08 - 2014-06-14 15:08 - 00000000 ____D () C:\Program Files (x86)\ Malwarebytes Anti-Malware
2014-06-14 15:07 - 2014-06-14 15:07 - 00719128 _____ ( ) C:\Users\Samsung\Downloads\mbam-setup-2.0.2.1012_CB-DL-Manager.exe
2014-06-13 11:18 - 2014-06-13 11:17 - 00262144 _____ () C:\Windows\Minidump\061314-17503-01.dmp
2014-06-12 09:35 - 2014-06-11 14:17 - 04247552 _____ () C:\Users\Samsung\Downloads\GP2014 (2).mx5
2014-06-11 17:05 - 2014-06-11 17:05 - 00029170 _____ () C:\Users\Samsung\Desktop\Gesamt.xlsx
2014-06-11 17:05 - 2014-06-11 16:51 - 00029142 _____ () C:\Users\Samsung\Downloads\Gesamt.xlsx
2014-06-11 16:48 - 2014-06-11 16:48 - 00032256 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle2.xls
2014-06-11 16:00 - 2014-06-11 16:00 - 00033792 _____ () C:\Users\Samsung\Desktop\Inspiration,Hemmende_FaktorenSummary GP2014.xls
2014-06-11 15:56 - 2014-06-11 15:56 - 00030720 _____ () C:\Users\Samsung\Desktop\GPExcelSummary.xls
2014-06-11 15:56 - 2014-06-11 15:55 - 00030720 _____ () C:\Users\Samsung\Desktop\Neue_Grid-Tabelle.xls
2014-06-11 15:44 - 2014-06-11 15:43 - 02478592 _____ () C:\Users\Samsung\Desktop\GP2014 (2).xls
2014-06-11 14:17 - 2014-06-11 13:05 - 00323584 _____ () C:\Users\Samsung\Downloads\GP2014 (1).mx5
2014-06-11 14:16 - 2014-06-10 16:20 - 00991232 _____ () C:\Users\Samsung\Downloads\GP2014.mx5
2014-06-10 14:17 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\Documents\MAXQDA11
2014-06-10 14:17 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00001017 _____ () C:\Users\Samsung\Desktop\MAXQDA 11.lnk
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MAXQDA 11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Users\Public\Documents\MAXQDA11_Examples
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\ProgramData\MAXQDA11
2014-06-10 12:54 - 2014-06-10 12:54 - 00000000 ____D () C:\Program Files (x86)\MAXQDA11
2014-06-10 12:53 - 2014-06-10 12:52 - 79687955 _____ () C:\Users\Samsung\Downloads\MAXQDA11_Demo.exe
2014-06-10 00:22 - 2014-06-10 00:22 - 00334176 _____ () C:\Windows\Minidump\061014-15678-01.dmp
2014-06-08 03:38 - 2014-06-08 03:37 - 00262144 _____ () C:\Windows\Minidump\060814-15880-01.dmp
2014-06-06 23:26 - 2014-06-06 23:26 - 00262144 _____ () C:\Windows\Minidump\060614-24304-01.dmp
2014-06-06 09:48 - 2014-06-06 09:48 - 00262144 _____ () C:\Windows\Minidump\060614-26192-01.dmp
2014-06-05 15:28 - 2014-06-05 15:27 - 00262144 _____ () C:\Windows\Minidump\060514-16442-01.dmp
2014-06-05 13:03 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-06-04 09:12 - 2014-06-04 09:10 - 00262144 _____ () C:\Windows\Minidump\060414-18735-01.dmp
2014-06-01 09:32 - 2009-07-14 06:45 - 05185952 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-05-30 12:21 - 2014-06-12 09:45 - 23414784 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-30 12:02 - 2014-06-12 09:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-30 12:02 - 2014-06-12 09:45 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-05-30 11:45 - 2014-06-12 09:45 - 02768384 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-05-30 11:39 - 2014-06-12 09:45 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-05-30 11:39 - 2014-06-12 09:45 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-05-30 11:38 - 2014-06-12 09:45 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-05-30 11:28 - 2014-06-12 09:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-05-30 11:27 - 2014-06-12 09:45 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-05-30 11:24 - 2014-06-12 09:45 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-05-30 11:21 - 2014-06-12 09:45 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-05-30 11:21 - 2014-06-12 09:45 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-05-30 11:20 - 2014-06-12 09:45 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-05-30 11:18 - 2014-06-12 09:45 - 17271296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-05-30 11:11 - 2014-06-12 09:45 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-05-30 11:08 - 2014-06-12 09:45 - 05782528 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-05-30 11:06 - 2014-06-12 09:45 - 00452096 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-05-30 11:02 - 2014-06-12 09:45 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-05-30 10:55 - 2014-06-12 09:45 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-05-30 10:49 - 2014-06-12 09:45 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-05-30 10:46 - 2014-06-12 09:45 - 00085504 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-30 10:44 - 2014-06-12 09:45 - 00455168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2014-05-30 10:44 - 2014-06-12 09:45 - 00295424 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-05-30 10:43 - 2014-06-12 09:45 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-05-30 10:42 - 2014-06-12 09:45 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-05-30 10:38 - 2014-06-12 09:45 - 02179072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-05-30 10:35 - 2014-06-12 09:45 - 00608768 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-05-30 10:34 - 2014-06-12 09:45 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-05-30 10:33 - 2014-06-12 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-05-30 10:30 - 2014-06-12 09:45 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-05-30 10:29 - 2014-06-12 09:45 - 00631808 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-05-30 10:28 - 2014-06-12 09:45 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-05-30 10:27 - 2014-06-12 09:45 - 00592896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-05-30 10:24 - 2014-06-12 09:45 - 01249280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2014-05-30 10:23 - 2014-06-12 09:45 - 02040832 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-05-30 10:16 - 2014-06-12 09:45 - 00368128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2014-05-30 10:10 - 2014-06-12 09:45 - 00032256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2014-05-30 10:06 - 2014-06-12 09:45 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-05-30 10:04 - 2014-06-12 09:45 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2014-05-30 10:02 - 2014-06-12 09:45 - 00242688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2014-05-30 09:56 - 2014-06-12 09:45 - 04244992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-05-30 09:56 - 2014-06-12 09:45 - 02266112 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-05-30 09:54 - 2014-06-12 09:45 - 00526336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-05-30 09:50 - 2014-06-12 09:45 - 01068032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2014-05-30 09:49 - 2014-06-12 09:45 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-05-30 09:43 - 2014-06-12 09:45 - 13522944 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-05-30 09:40 - 2014-06-12 09:45 - 11725312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-05-30 09:30 - 2014-06-12 09:45 - 01398272 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-05-30 09:21 - 2014-06-12 09:45 - 01790976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-05-30 09:15 - 2014-06-12 09:45 - 01143296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-05-30 09:13 - 2014-06-12 09:45 - 00846336 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-05-30 09:13 - 2014-06-12 09:45 - 00704512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-05-29 17:50 - 2012-12-18 15:05 - 00146400 _____ () C:\Users\Samsung\AppData\Local\GDIPFONTCACHEV1.DAT
2014-05-29 17:34 - 2014-04-21 00:46 - 00001653 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC.lnk
2014-05-29 17:31 - 2014-04-21 00:44 - 00001517 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Illustrator CC (64 Bit).lnk
2014-05-29 17:28 - 2014-05-29 11:07 - 00000000 ____D () C:\Program Files (x86)\fst_de_18
2014-05-29 17:26 - 2014-05-29 17:26 - 00000000 ____D () C:\adobeTemp
2014-05-29 17:25 - 2012-12-18 15:39 - 00000000 ____D () C:\Program Files (x86)\Adobe
2014-05-29 17:21 - 2014-05-28 22:24 - 00000000 ____D () C:\Windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-05-29 11:43 - 2012-12-18 15:06 - 00002253 _____ () C:\Users\Samsung\Desktop\Google Chrome.lnk
2014-05-29 11:42 - 2014-05-29 11:41 - 02953520 _____ (AVAST Software) C:\Users\Samsung\Downloads\avast-browser-cleanup_9.0.0.224.exe
2014-05-29 11:42 - 2013-12-21 12:16 - 00001145 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-29 11:42 - 2013-12-21 12:16 - 00001145 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-29 11:37 - 2013-01-08 21:17 - 00001339 _____ () C:\Users\Samsung\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-29 11:32 - 2014-05-29 11:32 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290932
2014-05-29 11:30 - 2014-05-29 11:30 - 00000000 ____D () C:\Users\Samsung\AppData\Local\Genesis_05290930
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieUserList
2014-05-29 11:09 - 2014-05-29 11:09 - 00000000 __SHD () C:\Users\Samsung\AppData\Local\EmieSiteList
2014-05-29 11:04 - 2014-05-29 11:04 - 00332288 _____ () C:\Users\Samsung\Downloads\Adobe Universal Patcher is Here !!!__2957_il424.exe
2014-05-29 10:59 - 2014-05-29 10:59 - 05910989 _____ () C:\Users\Samsung\Downloads\Adobe_Creative_Cloud_Cleaner_Tool.zip
2014-05-29 10:51 - 2014-05-29 10:50 - 19654946 _____ () C:\Users\Samsung\Downloads\Adobe Illustrator CC Serial Number-Keygen-Crack 32-64 Bit WIN-MAC.rar
2014-05-28 22:27 - 2014-05-28 22:27 - 00000000 _____ () C:\autoexec.bat
2014-05-28 22:25 - 2014-05-28 22:25 - 00000000 ____D () C:\Program Files\Enigma Software Group
2014-05-28 21:56 - 2014-05-28 21:56 - 00728960 _____ (Enigma Software Group USA, LLC.) C:\Users\Samsung\Downloads\SpyHunter-Installer.exe
2014-05-28 21:30 - 2014-05-28 00:06 - 39945907 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part12.rar
2014-05-28 19:52 - 2014-05-28 19:52 - 00467472 _____ () C:\Users\Samsung\Downloads\Adobe-Illustrator-CC---Serial-Key - BitLord.exe
2014-05-28 18:31 - 2014-05-27 13:01 - 314572800 _____ () C:\Users\Samsung\Downloads\Adobe.Illustrator.CC.v17.0.0.part07.rar
2014-05-28 09:18 - 2014-05-28 09:18 - 00336728 _____ () C:\Windows\Minidump\052814-23774-01.dmp
Some content of TEMP:
====================
C:\Users\Samsung\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpabwgid.dll
C:\Users\Samsung\AppData\Local\Temp\Quarantine.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-05-23 14:08
==================== End Of Log ============================
|
|
| Themen zu Mein privates Ultrabook (Samsung) stürzt sporadisch ab (Windows Blue Screen) |
| betriebssystem windows 7, msil/adware.proxomoto.a, msil/adware.proxomoto.b, msil/adware.proxomoto.d, spyhunter, spyhunter entfernen, stürzt sporadisch ab, win32/amonetize.as, win32/dealply.f, win32/downloadguide.a, win32/elex.s, win32/installcore.oy, win32/installcore.pe, win32/installmonetizer.aq, win32/wajam.f |
Revo Uninstaller herunter.
dann auf 
und dann auf 
.
Linear-Darstellung
