Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: "cj.dotomi.com" - Malware in Chrome (Win7)

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 15.07.2014, 14:14   #1
Ruiner
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

"cj.dotomi.com" - Malware in Chrome (Win7)



Hallo liebes Retter-Team,

ich habe folgendes Problem in Chrome:
Seit ein paar Tagen werde ich beim Anklicken eines Links häufig zu Seiten geleitet, die immer mit "cj.dotomi.com" beginnen, statt die gewünschte Seite zu erreichen.

Beispiel:
hxxp://cj.dotomi.com/74102efon5/fmr/4445BC94/A366CBC/3/3/3?h=twtn%3Djvvr%255C%254H%254Hyyy.itggpocpicokpi.eqo%254Huswctg-gpkz-fgcnu%254H%255Hioit%255Fswnw0wiw%3C%3Cjvvr%3A%2F%2Fyyy.frdqnxy.pgv%3AA2%2Fenkem-9255BAB-3334AB83%3C%3CI%3Cjvvr%3A%2F%2Fyyy.grkedwpfng.eqo%2Ficog-fgcn-xqwejgt%3C

Die Seite hat dann jeweils einstellig einen Buchstaben oder eine Zahl als Titel mit dem Zusatz "(1x1)". Auf der Seite ist nichts zu sehen. (Evtl. ist ein weißer Pixel in der Mitte!?)

Dies ganze passiert lange nicht bei allen Links, vielleicht in 20-30% der Fälle. Meistens führen alle Links einer Seite zu cj.dotomi.com und alle Links einer anderen Seite funktionieren einwandfrei...

Ich habe daraufhin diese Anleitung zum manuellen Entfernen ausgeführt:
hxxp://blog.vilmatech.com/remove-cj-dotomi-browser-hijacker-latest-removal-guides/

Trotzdem ist das Problem weiterhin vorhanden. Ich finde allerdings nun keinen der dort erwähnten Dateien, Prozesse, Registryeinträge mehr.

Außerdem ändert sich die Einstellung in Chrome: "Beim Start Zuletzt angesehene Seiten öffnen" bei jedem Neustart des Computers in "Bestimmte Seite oder Seiten öffnen". Die dann eingestellte Seite ist aber lediglich "about:blank". (Ob dies vor dem manuellen Entfernen anders war, kann ich leider nicht sagen)

Aufgrund der Länge der LOGFILES kam ein Warnhinweis und ich musste die LOGFILES als Archiv anhängen.

Vielen dank für die Hilfe im Voraus!!

Viele Grüße,
Holger

Alt 15.07.2014, 14:22   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

"cj.dotomi.com" - Malware in Chrome (Win7)



Hi und

Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________

Alt 15.07.2014, 14:39   #3
Ruiner
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

logfiles - Teil 1



Alles klar! :-)

Dann hier nochmal die Logfiles in mehrere Posts aufgeteilt:

defogger_disable.log
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:05 on 15/07/2014 (Holger)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

FRST.txt

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by Holger (administrator) on HOLGER-PC on 15-07-2014 13:06:09
Running from C:\Users\Holger\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ZTE) C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Dropbox, Inc.) C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
() C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\iSafe\ipcdl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [apmwinapp] => C:\Program Files (x86)\Paragon Software\HFS+ for Windows  10.3\apmwinsrv.exe [66768 2014-02-17] ()
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [614400 2009-09-25] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [36X Raid Configurer] => C:\Windows\SysWOW64\xRaidSetup.exe [1966080 2007-11-19] (Gigabyte Technology Corp.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [723456 2013-12-03] ()
HKLM-x32\...\Run: [HFS Activator] => C:\Program Files (x86)\Paragon Software\HFS+ for Windows  10.3\activation\hfsactivator.exe [245456 2014-02-17] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-09] (Microsoft Corporation)
HKU\S-1-5-21-486211714-1698053076-470721747-1001\...\Run: [iPhone PC Suite] => C:\Program Files (x86)\Iphone PC-Suite\iPhone\iPhone PC Suite.exe /start
HKU\S-1-5-21-486211714-1698053076-470721747-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-486211714-1698053076-470721747-1001\...\Run: [GoogleChromeAutoLaunch_B33ACFFF58BD8F830B4B32B31CD43895] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-486211714-1698053076-470721747-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-486211714-1698053076-470721747-1001\...\MountPoints2: {b2197da5-de9f-11e3-bb94-001a4d4f4bc6} - M:\windows\Data\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe (ZTE)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} =>  No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} =>  No File

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA00C2A76C10BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} ->  No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} ->  No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\5e9x09cb.default
FF Homepage: about:blank
FF NewTab: about:blank
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Holger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\5e9x09cb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-18]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon [2014-05-18]

Chrome: 
=======
CHR HomePage: about:blank
CHR StartupUrls: "about:blank"
CHR DefaultSearchKeyword: g
CHR Extension: (Google Docs) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (Session Manager) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2014-02-15]
CHR Extension: (Kaspersky Protection) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-25]
CHR Extension: (YouTube) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Adblock Plus) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-15]
CHR Extension: (Google-Suche) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (WhatFont) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2014-02-15]
CHR Extension: (Project Naptha) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2014-04-28]
CHR Extension: (Google Wallet) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Google Mail) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR Extension: (Chrome YouTube Downloader) - C:\chrome addons-NEU-INSTALL\2.6.20_0 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp3\14.0.0.4651_0 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp4\14.0.0.4651_1 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp2\14.0.0.4651_1 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp5\14.0.0.4917_0 [2014-06-15]
CHR Extension: (__MSG_extName__) - C:\chrome addons-NEU-INSTALL\0.5.6_0 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp1\14.0.0.4651_1 [2014-06-15]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-06-15]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118048 2014-06-27] (Elex do Brasil Participações Ltda)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 postgresql-x64-9.2; C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w [X]

==================== Drivers (Whitelisted) ====================

R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [50896 2014-02-17] (Paragon Software Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [61136 2014-02-17] (Paragon Software Group)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [205520 2014-02-17] (Paragon Software Group)
R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [15568 2014-02-17] (Paragon Software Group)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
R1 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [246784 2014-06-27] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [44544 2014-06-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [73728 2014-06-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [64512 2014-06-27] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [48640 2014-06-03] (Elex do Brasil Participações Ltda)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-07] (Kaspersky Lab ZAO)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [42704 2014-02-17] (Paragon Software Group)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [238096 2012-05-21] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-12-29] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-07-15 13:06 - 2014-07-15 13:06 - 00027694 _____ () C:\Users\Holger\Downloads\FRST.txt
2014-07-15 13:06 - 2014-07-15 13:06 - 00000000 ____D () C:\FRST
2014-07-15 13:05 - 2014-07-15 13:05 - 02086912 _____ (Farbar) C:\Users\Holger\Downloads\FRST64.exe
2014-07-15 13:05 - 2014-07-15 13:05 - 00000474 _____ () C:\Users\Holger\Downloads\defogger_disable.log
2014-07-15 13:05 - 2014-07-15 13:05 - 00000000 _____ () C:\Users\Holger\defogger_reenable
2014-07-15 12:47 - 2014-07-15 12:47 - 00050477 _____ () C:\Users\Holger\Downloads\Defogger.exe
2014-07-15 08:14 - 2014-07-15 12:12 - 00000336 _____ () C:\Windows\setupact.log
2014-07-15 08:14 - 2014-07-15 08:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 15:32 - 2014-07-14 15:37 - 716177408 _____ () C:\Users\Holger\Downloads\lubuntu-14.04-desktop-i386.iso
2014-07-13 18:44 - 2014-07-13 18:44 - 05022859 _____ (LinuxLive USB Creator) C:\Users\Holger\Downloads\LinuxLive USB Creator 2.8.30.exe
2014-07-13 18:32 - 2014-07-13 18:37 - 1017118720 _____ () C:\Users\Holger\Downloads\ubuntu-14.04-desktop-i386.iso
2014-07-07 23:15 - 2014-07-07 23:16 - 11331702 _____ () C:\Users\Holger\Downloads\Anhänge_201477.zip
2014-07-07 22:57 - 2014-07-07 22:59 - 44234417 _____ () C:\Users\Holger\Downloads\The_Stanley_Parable_v1.4.zip
2014-07-07 21:57 - 2014-07-07 21:57 - 00000000 ____D () C:\Users\Holger\AppData\Local\Macromedia
2014-07-07 21:54 - 2014-07-07 21:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-07 21:54 - 2014-07-07 21:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-07 21:54 - 2014-07-07 21:54 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-04 17:12 - 2014-07-07 12:39 - 00000000 ____D () C:\Users\Holger\Desktop\Verkaufen
2014-07-04 15:28 - 2014-07-04 15:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-04 15:21 - 2014-07-04 15:21 - 00001790 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-07-04 15:21 - 2014-07-04 15:21 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\eCyber
2014-07-04 15:21 - 2014-07-04 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-07-04 15:20 - 2014-07-15 12:13 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\iSafe
2014-07-04 15:20 - 2014-07-15 12:11 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-07-04 15:20 - 2014-07-04 15:20 - 00000000 ____D () C:\Windows\system32\log
2014-07-04 15:20 - 2014-06-27 11:54 - 00044544 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-07-04 15:19 - 2014-07-04 15:19 - 12348480 _____ (Elex do Brasil Participações Ltda) C:\Users\Holger\Downloads\yet_another_cleaner_sk.exe
2014-07-01 11:00 - 2014-07-01 11:00 - 00003242 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-07-01 11:00 - 2014-07-01 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-06-26 09:41 - 2014-06-26 09:41 - 00000000 ____D () C:\Users\Holger\AppData\Local\ArcSoft
2014-06-26 09:39 - 2014-06-26 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2014-06-26 09:38 - 2014-06-28 10:40 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-06-26 09:38 - 2014-06-26 09:41 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\ArcSoft
2014-06-26 09:38 - 2014-06-26 09:38 - 00002011 _____ () C:\Users\Public\Desktop\TotalMedia 3.5.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-06-26 09:38 - 2006-09-18 08:50 - 00022784 _____ (Arcsoft, Inc.) C:\Windows\SysWOW64\Drivers\afc.sys
2014-06-26 09:38 - 2005-07-16 02:35 - 00245408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2014-06-26 09:38 - 2003-03-18 22:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-06-26 09:38 - 2003-02-21 04:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-06-26 09:35 - 2014-06-26 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK DTV USB DEVICE
2014-06-26 09:35 - 2012-08-22 14:49 - 05750868 _____ ( ) C:\Windows\SysWOW64\RTKISDBT.dll
2014-06-26 09:35 - 2012-06-22 18:01 - 00372812 _____ (Realtek) C:\Windows\SysWOW64\RTKFM.dll
2014-06-26 09:35 - 2012-06-18 19:06 - 05771358 _____ (Realtek) C:\Windows\SysWOW64\RTKDAB.dll
2014-06-26 09:35 - 2012-05-21 11:36 - 00238096 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UBDA.sys
2014-06-26 09:35 - 2012-05-21 11:36 - 00238096 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UBDA.sys
2014-06-26 09:35 - 2011-12-29 16:09 - 00039016 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys
2014-06-26 09:35 - 2011-12-29 16:09 - 00039016 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UUSB.sys
2014-06-26 09:35 - 2011-09-30 14:58 - 00143441 _____ (Realtek) C:\Windows\SysWOW64\RTKDABSOURCE.dll
2014-06-26 09:35 - 2011-06-17 14:45 - 00135271 _____ (Realtek) C:\Windows\SysWOW64\RTKISDBTSOURCE.dll
2014-06-26 09:35 - 2011-06-13 13:06 - 00048488 _____ (Realtek) C:\Windows\SysWOW64\Drivers\RTL2832U_IRHID.sys
2014-06-26 09:35 - 2011-06-13 13:06 - 00048488 _____ (Realtek) C:\Windows\system32\Drivers\RTL2832U_IRHID.sys
2014-06-26 09:35 - 2011-03-10 16:30 - 00090243 _____ (Realtek) C:\Windows\SysWOW64\SuperFrameSplitter.dll
2014-06-26 09:35 - 2010-01-28 19:41 - 00135277 _____ (Realtek) C:\Windows\SysWOW64\RTKFMSOURCE.dll
2014-06-26 09:35 - 2009-12-29 15:12 - 00069632 _____ (Realtek) C:\Windows\SysWOW64\RTKDABMWare.dll
2014-06-26 09:35 - 2009-09-11 14:15 - 00114688 _____ (Realtek) C:\Windows\SysWOW64\RTL283XACCESS.dll
2014-06-24 15:18 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-06-24 15:15 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-06-24 15:15 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-06-24 15:03 - 2014-06-24 15:03 - 00000000 ____D () C:\Users\Holger\AppData\Local\NVIDIA Corporation
2014-06-24 15:02 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-24 15:02 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-06-24 15:02 - 2014-05-30 01:07 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-06-24 15:02 - 2014-05-30 01:07 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-06-24 15:02 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-06-24 15:02 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-06-23 18:50 - 2014-06-23 18:58 - 00000000 ____D () C:\Users\Holger\Desktop\Fotos für Huy
2014-06-15 22:52 - 2014-06-15 22:52 - 00000000 ____D () C:\ProgramData\ovos
2014-06-15 22:52 - 2014-06-15 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ludwig
2014-06-15 22:49 - 2014-06-15 22:49 - 04891652 _____ (ovos) C:\Users\Holger\Downloads\LudwigSetup_1.11.exe
2014-06-15 22:49 - 2014-06-15 22:49 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\ovos
2014-06-15 18:18 - 2014-06-15 18:22 - 00000000 ____D () C:\chrome addons-NEU-INSTALL
2014-06-15 12:41 - 2014-06-15 12:41 - 00000000 ____D () C:\Users\Holger\AppData\Local\Unity
2014-06-15 12:38 - 2014-06-15 12:38 - 01080528 _____ (Unity Technologies ApS) C:\Users\Holger\Downloads\UnityWebPlayer.exe

==================== One Month Modified Files and Folders =======

2014-07-15 13:06 - 2014-07-15 13:06 - 00027694 _____ () C:\Users\Holger\Downloads\FRST.txt
2014-07-15 13:06 - 2014-07-15 13:06 - 00000000 ____D () C:\FRST
2014-07-15 13:05 - 2014-07-15 13:05 - 02086912 _____ (Farbar) C:\Users\Holger\Downloads\FRST64.exe
2014-07-15 13:05 - 2014-07-15 13:05 - 00000474 _____ () C:\Users\Holger\Downloads\defogger_disable.log
2014-07-15 13:05 - 2014-07-15 13:05 - 00000000 _____ () C:\Users\Holger\defogger_reenable
2014-07-15 13:05 - 2014-01-07 17:57 - 00000000 ____D () C:\Users\Holger
2014-07-15 12:59 - 2014-02-15 12:34 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 12:47 - 2014-07-15 12:47 - 00050477 _____ () C:\Users\Holger\Downloads\Defogger.exe
2014-07-15 12:36 - 2014-01-07 22:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-15 12:19 - 2009-07-14 06:45 - 00030704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 12:19 - 2009-07-14 06:45 - 00030704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 12:17 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-15 12:17 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-15 12:17 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 12:15 - 2014-01-07 17:57 - 01557510 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 12:14 - 2014-01-11 15:48 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\DropboxMaster
2014-07-15 12:14 - 2014-01-11 15:47 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\Dropbox
2014-07-15 12:13 - 2014-07-04 15:20 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\iSafe
2014-07-15 12:12 - 2014-07-15 08:14 - 00000336 _____ () C:\Windows\setupact.log
2014-07-15 12:12 - 2014-02-15 12:34 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-15 12:11 - 2014-07-04 15:20 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-07-15 12:11 - 2014-01-07 18:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-15 12:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-15 08:14 - 2014-07-15 08:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 22:33 - 2014-01-07 23:24 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-14 16:19 - 2014-03-10 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-14 16:19 - 2014-02-20 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-07-14 16:19 - 2014-01-07 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-14 16:19 - 2014-01-07 17:47 - 00000000 ____D () C:\Windows\Panther
2014-07-14 15:37 - 2014-07-14 15:32 - 716177408 _____ () C:\Users\Holger\Downloads\lubuntu-14.04-desktop-i386.iso
2014-07-13 18:44 - 2014-07-13 18:44 - 05022859 _____ (LinuxLive USB Creator) C:\Users\Holger\Downloads\LinuxLive USB Creator 2.8.30.exe
2014-07-13 18:37 - 2014-07-13 18:32 - 1017118720 _____ () C:\Users\Holger\Downloads\ubuntu-14.04-desktop-i386.iso
2014-07-13 15:54 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-12 14:07 - 2014-01-07 23:01 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\vlc
2014-07-07 23:16 - 2014-07-07 23:15 - 11331702 _____ () C:\Users\Holger\Downloads\Anhänge_201477.zip
2014-07-07 22:59 - 2014-07-07 22:57 - 44234417 _____ () C:\Users\Holger\Downloads\The_Stanley_Parable_v1.4.zip
2014-07-07 21:57 - 2014-07-07 21:57 - 00000000 ____D () C:\Users\Holger\AppData\Local\Macromedia
2014-07-07 21:54 - 2014-07-07 21:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-07 21:54 - 2014-07-07 21:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-07 21:54 - 2014-07-07 21:54 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-07 12:39 - 2014-07-04 17:12 - 00000000 ____D () C:\Users\Holger\Desktop\Verkaufen
2014-07-07 08:52 - 2014-02-18 10:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-06 17:59 - 2014-05-14 14:59 - 00001578 _____ () C:\Users\Holger\AppData\Roaming\FoxitReaderUpdateInfo.txt
2014-07-04 15:29 - 2014-07-04 15:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-04 15:21 - 2014-07-04 15:21 - 00001790 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-07-04 15:21 - 2014-07-04 15:21 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\eCyber
2014-07-04 15:21 - 2014-07-04 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-07-04 15:20 - 2014-07-04 15:20 - 00000000 ____D () C:\Windows\system32\log
2014-07-04 15:19 - 2014-07-04 15:19 - 12348480 _____ (Elex do Brasil Participações Ltda) C:\Users\Holger\Downloads\yet_another_cleaner_sk.exe
2014-07-03 22:13 - 2013-01-31 12:42 - 00000000 ___HD () C:\Users\Holger\AppData\Local\O4oI5SrM
2014-07-01 11:00 - 2014-07-01 11:00 - 00003242 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-07-01 11:00 - 2014-07-01 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-07-01 11:00 - 2014-01-09 09:22 - 00000000 ____D () C:\Program Files (x86)\Samsung Magician
2014-06-29 11:39 - 2014-02-07 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
2014-06-29 11:39 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-29 10:27 - 2014-01-07 23:35 - 00000000 ____D () C:\Users\postgres
2014-06-28 10:40 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-06-28 10:40 - 2014-01-09 12:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-27 11:54 - 2014-07-04 15:20 - 00044544 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-06-26 09:41 - 2014-06-26 09:41 - 00000000 ____D () C:\Users\Holger\AppData\Local\ArcSoft
2014-06-26 09:41 - 2014-06-26 09:38 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\ArcSoft
2014-06-26 09:39 - 2014-06-26 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2014-06-26 09:38 - 2014-06-26 09:38 - 00002011 _____ () C:\Users\Public\Desktop\TotalMedia 3.5.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-06-26 09:35 - 2014-06-26 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK DTV USB DEVICE
2014-06-26 09:35 - 2014-01-09 12:41 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-25 17:23 - 2014-02-27 11:06 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\Skype
2014-06-25 12:01 - 2014-02-27 11:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-25 12:01 - 2014-02-27 11:06 - 00000000 ____D () C:\ProgramData\Skype
2014-06-24 15:18 - 2014-01-07 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-06-24 15:18 - 2014-01-07 18:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-24 15:03 - 2014-06-24 15:03 - 00000000 ____D () C:\Users\Holger\AppData\Local\NVIDIA Corporation
2014-06-24 15:03 - 2014-01-07 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-06-24 15:02 - 2014-01-07 18:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-23 18:58 - 2014-06-23 18:50 - 00000000 ____D () C:\Users\Holger\Desktop\Fotos für Huy
2014-06-22 19:54 - 2014-02-15 12:34 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-22 19:54 - 2014-02-15 12:34 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-15 22:52 - 2014-06-15 22:52 - 00000000 ____D () C:\ProgramData\ovos
2014-06-15 22:52 - 2014-06-15 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ludwig
2014-06-15 22:49 - 2014-06-15 22:49 - 04891652 _____ (ovos) C:\Users\Holger\Downloads\LudwigSetup_1.11.exe
2014-06-15 22:49 - 2014-06-15 22:49 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\ovos
2014-06-15 18:22 - 2014-06-15 18:18 - 00000000 ____D () C:\chrome addons-NEU-INSTALL
2014-06-15 12:41 - 2014-06-15 12:41 - 00000000 ____D () C:\Users\Holger\AppData\Local\Unity
2014-06-15 12:38 - 2014-06-15 12:38 - 01080528 _____ (Unity Technologies ApS) C:\Users\Holger\Downloads\UnityWebPlayer.exe

Some content of TEMP:
====================
C:\Users\Holger\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7t_7c.dll


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2014-07-08 09:00

==================== End Of Log ============================
         
--- --- ---

--- --- ---



Addition.txt
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2014 01
Ran by Holger at 2014-07-15 13:07:04
Running from C:\Users\Holger\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

 (HKLM\...\UDK-0d9fc8aa-6419-410f-bc19-78f36be6a3ca) (Version:  - RuneStorm
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.388 - ArcSoft)
Astro Tripper (HKLM-x32\...\Steam App 110600) (Version:  - PomPom)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version:  - Dylan Fitterer)
Avid Codecs LE (HKLM-x32\...\{581194D0-BCF1-4329-8EA8-2AC19154D8A5}) (Version: 2.3.4 - Ihr Firmenname)
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version:  - Cold Beam Games)
BeatBlasters III (HKLM-x32\...\Steam App 246800) (Version:  - Chainsawesome Games)
Beatbuddy: Tale of the Guardians (HKLM-x32\...\Steam App 231040) (Version:  - Threaks)
Ben There, Dan That! (HKLM-x32\...\Steam App 37420) (Version:  - Zombie Cow Studios)
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version:  - Gaijin Games)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version:  - Gaijin Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Capsized (HKLM-x32\...\Steam App 95300) (Version:  - Alientrap Games Inc)
Chicken Shoot Gold (HKLM-x32\...\Steam App 259340) (Version:  - ToonTRAXX Studios)
Circuits (HKLM-x32\...\Steam App 282760) (Version:  - Digital Tentacle)
congstar Internet-Manager (HKLM-x32\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
Costume Quest (HKLM-x32\...\Steam App 115100) (Version:  - Double Fine Productions)
Crash Time III (HKLM-x32\...\Steam App 33620) (Version:  - Synetic)
Crazy Machines 2 (HKLM-x32\...\Steam App 18400) (Version:  - Fakt Software)
CreaVures (HKLM-x32\...\Steam App 49810) (Version:  - Muse Games)
C-RUSH (HKLM-x32\...\Steam App 262980) (Version:  - Artnumeris)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version:  - Crytek Studios)
DaVinci Resolve (HKLM\...\{50534180-B41F-4257-8300-921F068193AC}) (Version: 10.0.2001 - Blackmagic Design)
Day One: Garry's Incident (HKLM-x32\...\Steam App 242800) (Version:  - Wild Games Studio)
Dead Island (HKLM-x32\...\Steam App 91310) (Version:  - Techland)
Dead Space 2 (HKLM-x32\...\Steam App 47780) (Version:  - Visceral Games)
Dear Esther (HKLM-x32\...\Steam App 203810) (Version:  - thechineseroom & Robert Briscoe)
Deponia (HKLM-x32\...\Steam App 214340) (Version:  - Daedalic Entertainment)
Desura (HKLM-x32\...\Desura) (Version: 100.56 - Desura)
Desura: Absent (HKLM-x32\...\Desura_111995567210528) (Version: Full - fentonfilmgames)
Desura: Air Control (HKLM-x32\...\Desura_117591909597216) (Version: Full - killjoygames)
Desura: BANZAI PECAN: Last Hope for the Young Century (HKLM-x32\...\Desura_78945793867808) (Version: Full - SERIOUS*IMPACT WORKS)
Desura: BlindSide (HKLM-x32\...\Desura_77438260346912) (Version: Full - epicycle)
Desura: Collateral (HKLM-x32\...\Desura_73959336837152) (Version: Alpha - Dancing Dinosaur Games)
Desura: Frederic – Resurrection of Music (HKLM-x32\...\Desura_77107547865120) (Version: Full - Forever Entertainment S.A.)
Desura: Hippocampal (HKLM-x32\...\Desura_118764435669024) (Version: Full - freegamer)
Desura: MTBFreeride (HKLM-x32\...\Desura_101674760798240) (Version: Alpha - mtbfdeveloper)
Desura: ONE DAY for Ched (HKLM-x32\...\Desura_109311212650528) (Version: Full - BSL Team)
Desura: Orborun (HKLM-x32\...\Desura_114838835560480) (Version: Full release - Tiny Lab Productions)
Desura: Perdytacks (HKLM-x32\...\Desura_128187593916448) (Version: Full - AlexCrafter)
Desura: POP: Methodology Experiment One (HKLM-x32\...\Desura_75819057676320) (Version: Full - Rob Lach Games, LLC)
Desura: Project APT (HKLM-x32\...\Desura_120151710105632) (Version: Full - LittleDev_mac)
Desura: Space Slice (HKLM-x32\...\Desura_121191092191264) (Version: Full - codevikings entertainment)
Desura: The Lady (HKLM-x32\...\Desura_118571162140704) (Version: Full - MPR ART Hallucinations)
Desura: Tree Simulator 2013: Treeloaded (HKLM-x32\...\Desura_127212636340256) (Version: Full - Hero Games)
Desura: Whitewash (HKLM-x32\...\Desura_96477850370080) (Version: Full - OUSEGames)
DiRT 3 (HKLM-x32\...\Steam App 44320) (Version:  - Codemasters Racing Studio)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version:  - Codemasters Racing Studio)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Duty Calls (HKLM-x32\...\{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}) (Version: 1.00.0000 - Duty Calls)
Edna & Harvey: The Breakout (HKLM-x32\...\Steam App 255320) (Version:  - Daedalic Entertainment)
Electronic Super Joy (HKLM-x32\...\Steam App 244870) (Version:  - Michael Todd Games)
English Country Tune (HKLM-x32\...\Steam App 207570) (Version:  - increpare games)
ENSLAVED™: Odyssey to the West™ Premium Edition (HKLM-x32\...\Steam App 245280) (Version:  - Ninja Theory)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - )
FEZ (HKLM-x32\...\Steam App 224760) (Version:  - Polytron Corporation)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Finding Teddy (HKLM-x32\...\Steam App 259600) (Version:  - LookAtMyGames)
FLY'N (HKLM-x32\...\Steam App 223730) (Version:  - Ankama Play)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free to Play (HKLM-x32\...\Steam App 245550) (Version:  - Valve)
Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version:  - Black Forest Games)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - Gigabyte Technology Corp.)
Go! Go! Nippon! ~My First Trip to Japan~ (HKLM-x32\...\Steam App 251870) (Version:  - OVERDRIVE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version:  - DrinkBox Studios)
Gun Metal (HKLM-x32\...\Steam App 267920) (Version:  - Rage Software)
Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version:  - Size Five Games)
Half Minute Hero: Super Mega Neo Climax Ultimate Boy (HKLM-x32\...\Steam App 214830) (Version:  - Opus )
Hamlet or the last game without MMORPG features, shaders and product placement (HKLM-x32\...\Steam App 222160) (Version:  - mif2000)
Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version:  - Arkedo)
HFSExplorer 0.21 (HKLM-x32\...\HFSExplorer) (Version: 0.21 - Catacombae Software)
Home Sheep Home 2 (HKLM-x32\...\Steam App 259810) (Version:  - Aardman Animations)
How to Survive (HKLM-x32\...\Steam App 250400) (Version:  - )
Hydrophobia: Prophecy (HKLM-x32\...\Steam App 92000) (Version:  - Dark Energy Digital Ltd.)
I Have No Mouth, and I Must Scream (HKLM-x32\...\Steam App 245390) (Version:  - )
Ignite (HKLM-x32\...\Steam App 45410) (Version:  - Nemesys Games)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version:  - Intel Corporation)
Into the Dark (HKLM-x32\...\Steam App 266050) (Version:  - Homegrown Games)
Intrusion 2 (HKLM-x32\...\Steam App 214970) (Version:  - Aleksey Abramenko)
Ion Assault (HKLM-x32\...\Steam App 41730) (Version:  - Coreplay GmbH)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Journey of a Roach (HKLM-x32\...\Steam App 255300) (Version:  - Koboldgames)
KAMI (HKLM-x32\...\Steam App 272040) (Version:  - State of Play Games)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Krater (HKLM-x32\...\Steam App 42170) (Version:  - Fatshark)
LEGO MARVEL Super Heroes (HKLM-x32\...\Steam App 249130) (Version:  - Traveller's Tales)
LEVEL 22 (HKLM-x32\...\Steam App 293300) (Version:  - Noego)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Little Inferno (HKLM-x32\...\Steam App 221260) (Version:  - Tomorrow Corporation)
Little Racers STREET (HKLM-x32\...\Steam App 262690) (Version:  - Milkstone Studios)
LocoCycle (HKLM-x32\...\Steam App 224040) (Version:  - Twisted Pixel Games)
Loksim3D (HKLM\...\Loksim3D_is1) (Version: 2.8.2 - Loksim3D)
Ludwig (HKLM-x32\...\{CB538252-5341-44EC-AF17-AC1BA8341633}) (Version: 1.11 - ovos)
Luxuria Superbia (HKLM-x32\...\Steam App 269150) (Version:  - Tale of Tales)
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{2B092722-5855-466F-B7A5-8C5E64C64C77}) (Version: 11.0 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.0 - Red Giant Software) Hidden
Major Mayhem (HKLM-x32\...\Steam App 264340) (Version:  - Rocket Jump)
MarkdownPad 2 (HKLM-x32\...\MarkdownPad 2 2.3.2.34663) (Version: 2.3.2.34663 - Apricity Software LLC)
MarkdownPad 2 (x32 Version: 2.3.2.34663 - Apricity Software LLC) Hidden
Master Reboot (HKLM-x32\...\Steam App 251850) (Version:  - Wales Interactive)
Mechanic Escape (HKLM-x32\...\Steam App 268240) (Version:  - Slak Games)
MediaInfo 0.7.65 (HKLM\...\MediaInfo) (Version: 0.7.65 - MediaArea.net)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Megabyte Punch (HKLM-x32\...\Steam App 248550) (Version:  - Reptile Games)
Miasmata (HKLM-x32\...\Steam App 223510) (Version:  - IonFx)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
MKVToolNix 6.6.0 (HKLM-x32\...\MKVToolNix) (Version: 6.6.0 - Moritz Bunkus)
Montas (HKLM-x32\...\Steam App 269350) (Version:  - Organic Humans)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
My Game Long Name (HKLM\...\DDG-b08f4bcd-aa9d-41f8-9a97-b52e97b6ca71) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-1a851536-4cab-4a16-95df-89b2a24922c3) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-42a55cca-ccb3-4469-8d0d-1f8ea656a389) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-729b0ed7-af66-47b0-a2f7-45a87d2a219b) (Version:  - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-cb553afa-42e7-4096-b859-8175ece99e9a) (Version:  - Epic Games, Inc.)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.8 (HKLM\...\{5D328A41-BFF8-4B78-B45E-5BEE1D133EF5}) (Version: 4.3.8 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version:  - )
Paragon HFS+ for Windows™ 10.3 (HKLM-x32\...\{456534C0-51E7-11DF-B336-005056C00008}) (Version: 1.00 - Paragon Software)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pid  (HKLM-x32\...\Steam App 218740) (Version:  - Might and Delight)
Portal 2 (HKLM-x32\...\Steam App 620) (Version:  - Valve)
PostgreSQL 9.2  (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
Pressure (HKLM-x32\...\Steam App 224220) (Version:  - Chasing Carrots)
Prince of Persia (HKLM-x32\...\Steam App 19980) (Version:  - Ubisoft Montreal)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Proteus (HKLM-x32\...\Steam App 219680) (Version:  - Ed Key and David Kanaga)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Quantum Conundrum (HKLM-x32\...\Steam App 200010) (Version:  - Airtight Games)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Race The Sun (HKLM-x32\...\Steam App 253030) (Version:  - Flippfly LLC)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version:  - Blue Ripple Sound)
REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
Retro/Grade (HKLM-x32\...\Steam App 222660) (Version:  - 24 Caret Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Saboteur™ (HKLM-x32\...\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}) (Version: 1.0.0.0 - Electronic Arts)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version:  - Deep Silver Volition)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Samsung ML-1630 Series (HKLM-x32\...\Samsung ML-1630 Series) (Version:  - Samsung Electronics CO.,LTD)
Savant - Ascent (HKLM-x32\...\Steam App 259530) (Version:  - DPad Studios)
ScummVM 1.6.0 (HKLM-x32\...\ScummVM_is1) (Version:  - The ScummVM Team)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version:  - Sega)
Sequence (HKLM-x32\...\Steam App 200910) (Version:  - Iridium Studios)
Shank 2 (HKLM-x32\...\Steam App 102840) (Version:  - Klei Entertainment)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Sideway (HKLM-x32\...\Steam App 200190) (Version:  - Playbrains)
Sine Mora (HKLM-x32\...\Steam App 207040) (Version:  - Digital Reality)
SIW 2013 Home Edition (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2013.05.14 - Topala Software Solutions)
SkyDrift (HKLM-x32\...\Steam App 91100) (Version:  - Digital Reality)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - United Front Games)
Slip (HKLM-x32\...\Steam App 291070) (Version:  - Handsome Games)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version:  - Sumo Digital)
Source SDK (HKLM-x32\...\Steam App 211) (Version:  - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version:  - Valve)
Spate (HKLM-x32\...\Steam App 269810) (Version:  - Eric Provan - Ayyo Games)
Spirits (HKLM-x32\...\Steam App 210170) (Version:  - Spaces of Play)
Stacking (HKLM-x32\...\Steam App 115110) (Version:  - Double Fine Productions)
Steam (HKLM-x32\...\Steam) (Version:  - Valve Corporation)
Steel Storm: Burning Retribution (HKLM-x32\...\Steam App 96200) (Version:  - Kot in Action Creative Artel)
Syder Arcade (HKLM-x32\...\Steam App 252310) (Version:  - Studio Evil)
Symphony (HKLM-x32\...\Steam App 207750) (Version:  - Empty Clip Studios)
Syncios Version 3.0.3 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 3.0.3 - Anvsoft, Inc.)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
T.E.C. 3001 (HKLM-x32\...\Steam App 280910) (Version:  - Phoenix Game Studio)
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version:  - KING Art)
The Dream Machine (HKLM-x32\...\Steam App 94300) (Version:  - The Sleeping Machine)
The Great Jitters: Pudding Panic (HKLM-x32\...\Steam App 296650) (Version:  - kunst-stoff GmbH)
The Journey Down: Chapter One (HKLM-x32\...\Steam App 220090) (Version:  - SkyGoblin)
The Maw (HKLM-x32\...\Steam App 26000) (Version:  - Twisted Pixel Games)
The Path (HKLM-x32\...\Steam App 27000) (Version:  - Tale of Tales)
The Plan (HKLM-x32\...\Steam App 250600) (Version:  - Krillbite Studio)
The Shivah (HKLM-x32\...\Steam App 252370) (Version:  - )
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version:  - Galactic Cafe)
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version:  - Galactic Cafe)
The Swapper (HKLM-x32\...\Steam App 231160) (Version:  - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
They Breathe (HKLM-x32\...\Steam App 294140) (Version:  - The Working Parts)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version:  - Mike Bithell)
Time Gentlemen, Please! (HKLM-x32\...\Steam App 37400) (Version:  - Size Five Games)
Tom Clancy's Splinter Cell: Conviction (HKLM-x32\...\Steam App 33220) (Version:  - Ubisoft Montreal)
Type:Rider (HKLM-x32\...\Steam App 258890) (Version:  - Ex Nihilo)
Ultratron (HKLM-x32\...\Steam App 219190) (Version:  - Puppygames)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Unmechanical (HKLM-x32\...\Steam App 211180) (Version:  - Talawa Games)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vanguard Princess (HKLM-x32\...\Steam App 262150) (Version:  - Tomoaki Sugeno)
Velvet Assassin (HKLM-x32\...\Steam App 16720) (Version:  - Replay Studios)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Viscera Cleanup Detail: Santas Rampage
Viscera Cleanup Detail: Santa's Rampage (HKLM-x32\...\Steam App 265210) (Version:  - RuneStorm)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Volt (HKLM-x32\...\Steam App 290280) (Version:  - Quantized Bit)
Waveform (HKLM-x32\...\Steam App 204180) (Version:  - Eden Industries)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinSCP 5.5.3 (HKLM-x32\...\winscp3_is1) (Version: 5.5.3 - Martin Prikryl)
X-Blades (HKLM-x32\...\Steam App 7510) (Version:  - Topware Interactive)
Yet Another Cleaner! (HKLM-x32\...\iSafe) (Version:  - ELEX DO BRASIL PARTICIPAÇÕES LTDA)
Zack Zero (HKLM-x32\...\Steam App 234290) (Version:  - Crocodile Entertainment)
Zero Gear (HKLM-x32\...\Steam App 18820) (Version:  - Brian Cronin)

==================== Restore Points  =========================

24-06-2014 13:03:01 DirectX wurde installiert
26-06-2014 07:35:35 Installiert REALTEK DTV USB DEVICE
26-06-2014 07:36:02 Gerätetreiber-Paketinstallation: Realtek Semiconduct Corp. Eingabegeräte (Human Interface Devices)
26-06-2014 07:38:14 Installiert TotalMedia
27-06-2014 08:38:51 Installed Connect Service
28-06-2014 08:40:47 Installed Connect Service
04-07-2014 01:39:47 Windows Update
11-07-2014 07:14:38 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 04:34 - 2014-01-07 21:38 - 00001290 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 hl2rcv.adobe.com


==================== Scheduled Tasks (whitelisted) =============

Task: {0BEE99C6-A5CA-4869-977F-5CAC766231A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
Task: {149BED8B-9AF6-4CC5-9620-761A007241BF} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-22] ()
Task: {31ED3174-D2A1-44CB-83C4-5F7DE8530606} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
Task: {875759E8-CEE3-4DA6-B1DC-1ECAE506EC0D} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)
Task: {AEE27F6D-F0E6-4879-8ACF-27F8F2C74AC7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {C5D8D805-187C-456A-B7FE-6E27182A5DF2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {EE1D9BEC-72CC-47AE-BBC2-56BD5B7CC49C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2014-01-07 18:10 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-10-30 06:08 - 2009-10-30 06:08 - 00022016 _____ () C:\Windows\System32\ml163sl6.dll
2014-01-07 23:34 - 2013-04-02 05:41 - 00176128 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-07 23:34 - 2012-08-14 15:31 - 01328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2014-01-07 22:52 - 2009-09-25 07:00 - 00614400 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2014-01-07 22:52 - 2008-08-27 21:22 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2014-05-18 22:52 - 2011-11-07 10:52 - 00220944 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
2014-05-18 22:52 - 2011-11-07 10:52 - 00036624 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
2014-01-14 00:10 - 2013-12-03 09:34 - 00723456 _____ () C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
2014-07-04 15:20 - 2014-06-27 11:51 - 02228896 _____ () C:\Program Files (x86)\iSafe\ipcdl.exe
2014-07-04 15:20 - 2014-06-27 11:53 - 00065696 _____ () C:\Program Files (x86)\iSafe\zlib1.dll
2014-07-04 15:20 - 2014-06-27 11:52 - 00092320 _____ () C:\Program Files (x86)\iSafe\curlpp.dll
2014-07-04 15:20 - 2014-06-27 11:53 - 00162464 _____ () C:\Program Files (x86)\iSafe\isafeupbiz.dll
2014-07-04 15:20 - 2014-06-27 11:52 - 00427168 _____ () C:\Program Files (x86)\iSafe\ipcproxy.dll
2014-07-04 15:20 - 2014-06-03 05:50 - 00176976 _____ () C:\Program Files (x86)\iSafe\tws\unrar.dll
2014-07-04 15:20 - 2014-06-03 05:50 - 00068432 _____ () C:\Program Files (x86)\iSafe\tws\zlib1.dll
2014-07-04 15:20 - 2014-06-03 05:50 - 00087744 _____ () C:\Program Files (x86)\iSafe\tws\unacev2.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-02-11 21:29 - 2014-02-11 21:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-18 22:52 - 2011-05-06 05:03 - 00594944 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-1.dll
2014-05-18 22:52 - 2011-11-07 10:39 - 00099328 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\itapi.dll
2014-05-18 22:52 - 2011-11-07 10:38 - 00027136 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\log.dll
2014-05-18 22:52 - 2010-10-14 11:37 - 00971776 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libxml2.dll
2014-05-18 22:52 - 2010-10-14 11:37 - 00080688 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\zlib1.dll
2014-05-18 22:52 - 2011-11-07 10:38 - 00055296 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\coder.dll
2014-05-18 22:52 - 2011-11-07 10:39 - 00043008 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\audio.dll
2014-05-18 22:52 - 2011-11-07 10:38 - 00035840 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libConfig.dll
2014-05-18 22:52 - 2011-11-07 10:43 - 00020992 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libctlsvr.dll
2014-06-26 09:38 - 2007-04-19 09:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-06-26 09:38 - 2008-11-26 16:59 - 00131584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
2014-06-26 09:38 - 2008-10-22 16:01 - 00200704 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
2014-07-15 12:12 - 2014-07-15 12:12 - 00043008 _____ () c:\users\holger\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7t_7c.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Holger\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-04 15:20 - 2014-06-27 11:53 - 00184992 _____ () C:\Program Files (x86)\iSafe\libpng.dll
2014-01-09 09:22 - 2014-05-06 11:24 - 00013824 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-01-09 09:22 - 2014-05-19 20:20 - 00103424 _____ () C:\Program Files (x86)\Samsung Magician\PAL.dll
2014-01-09 09:22 - 2014-05-19 20:20 - 00039424 _____ () C:\Program Files (x86)\Samsung Magician\SATA.dll
2014-01-09 09:22 - 2014-05-19 20:19 - 00038400 _____ () C:\Program Files (x86)\Samsung Magician\SAT.dll
2014-01-09 09:22 - 2014-05-19 20:20 - 00031232 _____ () C:\Program Files (x86)\Samsung Magician\SMINI.dll
2014-01-09 09:22 - 2014-05-19 20:19 - 00029696 _____ () C:\Program Files (x86)\Samsung Magician\SAS.dll
2014-05-18 22:52 - 2007-09-09 17:07 - 00151552 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libexpat.dll
2014-05-18 22:52 - 2011-05-06 05:02 - 00341504 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\sqlite3.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-01-14 00:10 - 2013-12-19 18:09 - 00377344 _____ () C:\Program Files (x86)\Syncios\DuiLib.dll
2014-01-14 00:10 - 2013-10-27 00:02 - 00059904 _____ () C:\Program Files (x86)\Syncios\zlib.dll
2014-01-14 00:10 - 2013-10-27 00:00 - 00526848 _____ () C:\Program Files (x86)\Syncios\sqlite3.dll
2014-07-08 20:03 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Holger\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\Users\Holger\Lokale Einstellungen:Tng8MGfPjfuxyU9mV1Fgk1cU
AlternateDataStreams: C:\Users\Holger\AppData\Local:Tng8MGfPjfuxyU9mV1Fgk1cU
AlternateDataStreams: C:\Users\Holger\AppData\Local\Anwendungsdaten:Tng8MGfPjfuxyU9mV1Fgk1cU
AlternateDataStreams: C:\Users\Holger\AppData\Local\O4oI5SrM:dFMQEbRyKf4mO4sDXxZSDdM8KSZ

==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== MSCONFIG/TASK MANAGER disabled items =========


==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.

Name: GIGABYTE GBB36X Controller
Description: GIGABYTE GBB36X Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service: JRAID
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.


==================== Event log errors: =========================

Application errors:
==================
Error: (07/14/2014 06:19:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"1".
Die abhängige Assemblierung "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/12/2014 09:16:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"1".
Die abhängige Assemblierung "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/11/2014 09:08:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"1".
Die abhängige Assemblierung "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/09/2014 02:37:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"1".
Die abhängige Assemblierung "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/08/2014 09:01:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"1".
Die abhängige Assemblierung "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/07/2014 09:16:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"1".
Die abhängige Assemblierung "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (07/06/2014 00:04:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"1".
Die abhängige Assemblierung "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".

Error: (06/24/2014 03:01:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm setup.exe, Version 2.1002.157.1165 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 14fc

Startzeit: 01cf8fac08b7a943

Endzeit: 4

Anwendungspfad: C:\Users\Holger\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\14.6.22.1\setup.exe

Berichts-ID: aa18a4ba-fb9f-11e3-833b-001a4d4f4bc6

Error: (06/24/2014 02:57:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm setup.exe, Version 2.1002.157.1165 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 15c

Startzeit: 01cf8fabbac9ca26

Endzeit: 5

Anwendungspfad: C:\Users\Holger\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\14.6.22.1\setup.exe

Berichts-ID: 257f8690-fb9f-11e3-833b-001a4d4f4bc6

Error: (06/23/2014 06:07:40 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


System errors:
=============
Error: (07/15/2014 00:12:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/15/2014 08:14:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/14/2014 08:54:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (07/14/2014 08:54:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (07/14/2014 03:39:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.

Error: (07/14/2014 01:58:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/13/2014 06:28:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/13/2014 03:54:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/12/2014 08:14:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2

Error: (07/11/2014 08:46:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%2


Microsoft Office Sessions:
=========================
Error: (07/14/2014 06:19:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 35.0.1916.114,language="*",type="win32",version="35.0.1916.114"c:\program files (x86)\Google\Chrome\application\old_chrome.exe

Error: (07/12/2014 09:16:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: 35.0.1916.114,language="*",type="win32",version="35.0.1916.114"c:\program files (x86)\Google\Chrome\application\old_chrome.exe

Error: (07/11/2014 09:08:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: 35.0.1916.114,language="*",type="win32",version="35.0.1916.114"c:\program files (x86)\Google\Chrome\application\old_chrome.exe

Error: (07/09/2014 02:37:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 35.0.1916.114,language="*",type="win32",version="35.0.1916.114"c:\program files (x86)\Google\Chrome\application\old_chrome.exe

Error: (07/08/2014 09:01:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: 35.0.1916.114,language="*",type="win32",version="35.0.1916.114"c:\program files (x86)\Google\Chrome\application\old_chrome.exe

Error: (07/07/2014 09:16:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: 35.0.1916.114,language="*",type="win32",version="35.0.1916.114"c:\program files (x86)\Google\Chrome\application\old_chrome.exe

Error: (07/06/2014 00:04:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 35.0.1916.114,language="*",type="win32",version="35.0.1916.114"c:\program files (x86)\Google\Chrome\application\old_chrome.exe

Error: (06/24/2014 03:01:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: setup.exe2.1002.157.116514fc01cf8fac08b7a9434C:\Users\Holger\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\14.6.22.1\setup.exeaa18a4ba-fb9f-11e3-833b-001a4d4f4bc6

Error: (06/24/2014 02:57:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: setup.exe2.1002.157.116515c01cf8fabbac9ca265C:\Users\Holger\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\14.6.22.1\setup.exe257f8690-fb9f-11e3-833b-001a4d4f4bc6

Error: (06/23/2014 06:07:40 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]


CodeIntegrity Errors:
===================================
  Date: 2014-07-14 18:19:49.099
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-14 18:19:49.098
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-14 18:19:49.096
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-14 18:19:49.091
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-14 18:19:49.087
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-14 18:19:49.083
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-12 09:16:44.940
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-12 09:16:44.939
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-12 09:16:44.937
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-07-12 09:16:44.933
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Percentage of memory in use: 43%
Total physical RAM: 8190.49 MB
Available physical RAM: 4603.23 MB
Total Pagefile: 16379.16 MB
Available Pagefile: 11715.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB

==================== Drives ================================

Drive c: (System_SSD) (Fixed) (Total:232.79 GB) (Free:79.92 GB) NTFS
Drive e: (altes System) (Fixed) (Total:117.19 GB) (Free:17.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Video Daten) (Fixed) (Total:814.32 GB) (Free:179.56 GB) NTFS
Drive g: (2T - Systemplatzhalter) (Fixed) (Total:175.78 GB) (Free:99.76 GB) NTFS
Drive h: (2T - BackupPart) (Fixed) (Total:488.28 GB) (Free:46.53 GB) NTFS
Drive i: (2T- Arbeitsdaten) (Fixed) (Total:1198.95 GB) (Free:2.79 GB) NTFS
Drive j: (ARBEIT & Backup) (Fixed) (Total:2794.39 GB) (Free:12.44 GB) NTFS
Drive k: (ARBEIT & Backup 2) (Fixed) (Total:2794.39 GB) (Free:428.3 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 6E4D46BF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B5AECF3E)
Partition 1: (Not Active) - (Size=176 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-911659237376) - (Type=07 NTFS)

========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 29689BC5)
Partition 1: (Active) - (Size=117 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=814 GB) - (Type=OF Extended)

========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
__________________

Alt 15.07.2014, 14:42   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

"cj.dotomi.com" - Malware in Chrome (Win7)



Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden?

Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten!
Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht!





Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.07.2014, 14:44   #5
Ruiner
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

Logfiles - Teil 2



GMER - erster Teil!!!

Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-15 13:33:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_EVO_250GB rev.EXT0BB6Q 232,88GB
Running: mq628yop.exe; Driver: C:\Users\Holger\AppData\Local\Temp\kxlirpob.sys


---- Kernel code sections - GMER 2.1 ----

.text    C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                                                                                        fffff96000153f00 7 bytes [00, 98, F3, FF, 01, A6, F0]
.text    C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                                                                                    fffff96000153f08 3 bytes [C0, 06, 02]
.text    ...                                                                                                                                                                                                                    * 109
.text    C:\Windows\System32\win32k.sys!BRUSHOBJ_pvGetRbrush + 432                                                                                                                                                              fffff9600020ba18 8 bytes [58, 70, 2C, 04, 80, F8, FF, ...]
.text    C:\Windows\System32\win32k.sys!CLIPOBJ_bEnum + 740                                                                                                                                                                     fffff9600020bee8 8 bytes [14, 71, 2C, 04, 80, F8, FF, ...]
.text    C:\Windows\System32\win32k.sys!EngAcquireSemaphoreNoWait + 76                                                                                                                                                          fffff9600020c578 8 bytes [E0, 71, 2C, 04, 80, F8, FF, ...]
.text    C:\Windows\System32\win32k.sys!EngIsSemaphoreSharedByCurrentThread + 24                                                                                                                                                fffff9600020c658 8 bytes [F8, 73, 2C, 04, 80, F8, FF, ...]
.text    C:\Windows\System32\win32k.sys!EngDeleteSafeSemaphore + 53                                                                                                                                                             fffff9600020c729 7 bytes [7B, 2C, 04, 80, F8, FF, FF]
.text    C:\Windows\System32\win32k.sys!EngGetProcessHandle + 398                                                                                                                                                               fffff96000212a92 3 bytes [FF, 25, C0]
.text    C:\Windows\System32\win32k.sys!EngGetProcessHandle + 402                                                                                                                                                               fffff96000212a96 2 bytes [04, 00]
.text    C:\Windows\System32\win32k.sys!EngMarkBandingSurface + 60                                                                                                                                                              fffff96000214598 8 bytes [28, 81, 2C, 04, 80, F8, FF, ...]
.text    C:\Windows\System32\win32k.sys!EngUnlockSurface + 52                                                                                                                                                                   fffff96000214698 8 bytes [38, 83, 2C, 04, 80, F8, FF, ...]
.text    C:\Windows\System32\win32k.sys!EngCreateEvent + 88                                                                                                                                                                     fffff9600021cf78 8 bytes [E4, 74, 2C, 04, 80, F8, FF, ...]
.text    C:\Windows\System32\win32k.sys!EngGetRgnBox + 48                                                                                                                                                                       fffff9600021d5c8 8 bytes [C8, 6D, 2C, 04, 80, F8, FF, ...]
.text    C:\Windows\System32\win32k.sys!EngGetFileChangeTime + 304                                                                                                                                                              fffff9600021da48 8 bytes [C0, 79, 2C, 04, 80, F8, FF, ...]
.text    C:\Windows\System32\win32k.sys!EngFindResource + 840                                                                                                                                                                   fffff9600021dd98 8 bytes [A4, 7A, 2C, 04, 80, F8, FF, ...]
.text    C:\Windows\System32\win32k.sys!EngWideCharToMultiByte + 28                                                                                                                                                             fffff9600021ddf8 8 bytes [D0, 76, 2C, 04, 80, F8, FF, ...]
.text    C:\Windows\System32\win32k.sys!EngDitherColor + 416                                                                                                                                                                    fffff9600023e368 8 bytes [74, 77, 2C, 04, 80, F8, FF, ...]
.text    C:\Windows\System32\win32k.sys!EngFileWrite + 76                                                                                                                                                                       fffff9600023e418 8 bytes [D8, 77, 2C, 04, 80, F8, FF, ...]
.text    C:\Windows\System32\win32k.sys!EngFileIoControl + 312                                                                                                                                                                  fffff9600023e558 8 bytes [F0, 78, 2C, 04, 80, F8, FF, ...]
.text    C:\Windows\System32\win32k.sys!EngLoadModuleForWrite + 16                                                                                                                                                              fffff9600024e628 8 bytes {CALL QWORD [RAX+0x42c7f64]}

---- User code sections - GMER 2.1 ----

.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                         0000000076a51465 2 bytes [A5, 76]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                        0000000076a514bb 2 bytes [A5, 76]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                      0000000076a51465 2 bytes [A5, 76]
.text    C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                     0000000076a514bb 2 bytes [A5, 76]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                        0000000076a51465 2 bytes [A5, 76]
.text    C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                       0000000076a514bb 2 bytes [A5, 76]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe[1892] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69                                                                                                  0000000076a51465 2 bytes [A5, 76]
.text    C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe[1892] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155                                                                                                 0000000076a514bb 2 bytes [A5, 76]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\iSafe\iSafeTray.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                               0000000076a51465 2 bytes [A5, 76]
.text    C:\Program Files (x86)\iSafe\iSafeTray.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                              0000000076a514bb 2 bytes [A5, 76]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                                                                        00000000770b11f5 8 bytes {JMP 0xd}
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                                                                      00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                                             00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                                                                             00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                                     00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                                                                     00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                                                                    00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                                       00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                                                                       00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                                           00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                                                                          00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                                                                         00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                                                                 00000000770b1fd7 8 bytes {JMP 0xb}
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                                                                             00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                                                                             00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                                                                  00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                                         00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                                                       00000000770b27d2 8 bytes {JMP 0x10}
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                                                        00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                                                                       00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                                               00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                                                               00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 3
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                                                                       00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                                                           00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                                                                           00000000770b33c0 16 bytes {JMP 0x4e}
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                                                          00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                                                          00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                                              00000000770b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                                                              00000000770b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                                                       00000000770b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                                 0000000077101380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                               0000000077101500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                                     0000000077101530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                                   0000000077101650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                                       0000000077101700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                                       0000000077101d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                                     0000000077101f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                                     00000000771027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                                   0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                                   0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                                0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                                                                  0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                             0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                                             0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                                                                       0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                                                                         0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                                       0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                                                            0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                                        00000000770b11f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                                      00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                             00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                                             00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                     00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                                     00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                                    00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                       00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                                       00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                           00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                                          00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                                         00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                                 00000000770b1fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                                             00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                                             00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                                  00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                         00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                       00000000770b27d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                        00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                                       00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                               00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                               00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 3
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                                       00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                           00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                                           00000000770b33c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                          00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                          00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                              00000000770b3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                              00000000770b3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                       00000000770b4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                 0000000077101380 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                               0000000077101500 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                     0000000077101530 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                   0000000077101650 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                       0000000077101700 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                       0000000077101d30 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                     0000000077101f80 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                     00000000771027e0 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                   0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                   0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                                  0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                             0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                             0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                                       0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                                         0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                       0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                            0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                                        00000000770b11f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                                      00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                             00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                                             00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                     00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                                     00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                                    00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                       00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                                       00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                           00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                                          00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                                         00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                                 00000000770b1fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                                             00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                                             00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                                  00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                         00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                       00000000770b27d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                        00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                                       00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                               00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                               00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 3
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                                       00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                           00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                                           00000000770b33c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                          00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                          00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                              00000000770b3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                              00000000770b3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                       00000000770b4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                 0000000077101380 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                               0000000077101500 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                     0000000077101530 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                   0000000077101650 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                       0000000077101700 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                       0000000077101d30 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                     0000000077101f80 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                     00000000771027e0 8 bytes JMP 3f3f3f3f
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                   0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                   0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                                  0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                             0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                             0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                                       0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                                         0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                       0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                            0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                       00000000770b11f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                     00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                            00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                            00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                    00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                    00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                   00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                      00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                      00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                          00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                         00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                        00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                00000000770b1fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                            00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                            00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                 00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                        00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                      00000000770b27d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                       00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                      00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                              00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                              00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 3
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                      00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                          00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                          00000000770b33c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                         00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                         00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                             00000000770b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                             00000000770b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                      00000000770b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                0000000077101380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                              0000000077101500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                    0000000077101530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                  0000000077101650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                      0000000077101700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                      0000000077101d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                    0000000077101f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                    00000000771027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                  0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                  0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                               0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                 0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                            0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                            0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                      0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                        0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                      0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                           0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                                            00000000770b11f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                                          00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                 00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                                                 00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                         00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                                         00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                                        00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                           00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                                           00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                               00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                                              00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                                             00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                                     00000000770b1fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                                                 00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                                                 00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                                      00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                             00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                           00000000770b27d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                            00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                                           00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                   00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                                   00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 3
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                                           00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                               00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                                               00000000770b33c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                              00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                              00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                  00000000770b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                                  00000000770b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                           00000000770b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                     0000000077101380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                   0000000077101500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                         0000000077101530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                       0000000077101650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                           0000000077101700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                           0000000077101d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                         0000000077101f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                         00000000771027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                       0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                       0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                    0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                                      0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                 0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                 0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                                           0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                                             0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                           0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                                0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                  0000000076a51465 2 bytes [A5, 76]
.text    C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                 0000000076a514bb 2 bytes [A5, 76]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                    00000000770b11f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                  00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                         00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                         00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                 00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                 00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                   00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                   00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                       00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                      00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                     00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                             00000000770b1fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                         00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                         00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                              00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                     00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                   00000000770b27d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                    00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                   00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                           00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                           00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 3
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                   00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                       00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                       00000000770b33c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                      00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                      00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                          00000000770b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                          00000000770b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                   00000000770b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                             0000000077101380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                           0000000077101500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                 0000000077101530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                               0000000077101650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                   0000000077101700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                   0000000077101d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                 0000000077101f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                 00000000771027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                               0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                               0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                            0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                              0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                         0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                         0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                   0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                     0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                   0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                        0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                          0000000076a51465 2 bytes [A5, 76]
.text    C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                         0000000076a514bb 2 bytes [A5, 76]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                                                             00000000770b11f5 8 bytes {JMP 0xd}
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                                                           00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                                                  00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                                                                  00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                                          00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                                                          00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                                                         00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                                            00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                                                            00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                                                00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                                                               00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                                                              00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                                                      00000000770b1fd7 8 bytes {JMP 0xb}
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                                                                  00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                                                                  00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                                                       00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                                              00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                                            00000000770b27d2 8 bytes {JMP 0x10}
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                                             00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                                                            00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                                    00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                                                    00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 3
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                                                            00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                                                00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                                                                00000000770b33c0 16 bytes {JMP 0x4e}
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                                               00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                                               00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                                                   00000000770b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                                                   00000000770b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                                            00000000770b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                                      0000000077101380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                                    0000000077101500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                                          0000000077101530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                                        0000000077101650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                                            0000000077101700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                                            0000000077101d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                                          0000000077101f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                                          00000000771027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                                        0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                                        0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                                     0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                                                       0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                                                  0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                                                  0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                                                            0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                                                              0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                                            0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3
         


Alt 15.07.2014, 15:07   #6
Ruiner
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

logfiles - Teil 3



GMER - Zweiter Teil!!

Code:
ATTFilter
                                                                                                                0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5                                                                                                         00000000770b11f5 8 bytes {JMP 0xd}
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416                                                                                                       00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159                                                                                              00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492                                                                                              00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126                                                                                                      00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636                                                                                                      00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204                                                                                                     00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373                                                                                        00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691                                                                                        00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31                                                                                                            00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84                                                                                                           00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81                                                                                                          00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7                                                                                                  00000000770b1fd7 8 bytes {JMP 0xb}
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658                                                                                              00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801                                                                                              00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578                                                                                   00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16                                                                                          00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18                                                                                        00000000770b27d2 8 bytes {JMP 0x10}
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79                                                                         00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176                                                                        00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 2
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299                                                                                00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367                                                                                00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    ...                                                                                                                                                                                                                    * 3
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483                                                                                        00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523                                                                                            00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912                                                                                            00000000770b33c0 16 bytes {JMP 0x4e}
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318                                                                                                           00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403                                                                                                           00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197                                                                               00000000770b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611                                                                               00000000770b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80                                                                                        00000000770b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread                                                                                                  0000000077101380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread                                                                                                0000000077101500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection                                                                                                      0000000077101530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory                                                                                                    0000000077101650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread                                                                                                        0000000077101700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx                                                                                                        0000000077101d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread                                                                                                      0000000077101f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread                                                                                                      00000000771027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312                                                                                    0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471                                                                                    0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611                                                                                                 0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3                                                                                                   0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23                                                                                              0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23                                                                                              0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23                                                                                        0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3                                                                                          0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23                                                                                        0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text    C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3                                                                                             0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Processes - GMER 2.1 ----

Library  C:\Users\Holger\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe [1892](2014-01-03 01:09:26)                                                0000000004030000
Library  c:\users\holger\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7t_7c.dll (*** suspicious ***) @ C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe [1892](2014-07-15 10:12:14)  0000000003d80000
Library  C:\Users\Holger\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe [1892](2013-08-23 19:01:44)                                                      000000005f510000
Library  C:\Users\Holger\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe [1892] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42)                        000000005eb80000

---- EOF - GMER 2.1 ----
         
hallo cosinus,

nein, ich habe leider keine anderen Logs.
Kaspersky hat nicht Alarm geschlagen, aber ich hab auch bisher keinen Scan ausgeführt.

Weil ich so schnell eine "Lösung" im Netz gefunden hatte, habe ich dann keine Scans ausgeführt... :-(

Alt 15.07.2014, 15:07   #7
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

"cj.dotomi.com" - Malware in Chrome (Win7)



Dann bitte jetzt Combofix ausführen:

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.07.2014, 15:08   #8
Ruiner
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

neues Symptom?



Ich kann jetzt nicht sicher sagen, ob es mit dem ganzen in Zusammenhang steht, aber etwas seltsames ist passiert:

Plötzlich sind von zwei Programmen die Verknüpfungen im Startmenü und in der Schnellstartleiste ungültig: "Das Element kann nicht geöffnet werden".

Die Verknüpfung verweist auf folgenden Pfad:
C:\Users\Holger\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu


Alt 15.07.2014, 15:10   #9
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

"cj.dotomi.com" - Malware in Chrome (Win7)



Mach bitte mit combofix weiter
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.07.2014, 15:32   #10
Ruiner
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

"cj.dotomi.com" - Malware in Chrome (Win7)



hier der Combofix-log:
Code:
ATTFilter
ComboFix 14-07-15.03 - Holger 15.07.2014  15:13:23.1.4 - x64
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.8190.6367 [GMT 2:00]
ausgeführt von:: c:\users\Holger\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Holger\AppData\Roaming\FoxitReaderUpdateInfo.txt
I:\install.exe
K:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-06-15 bis 2014-07-15  ))))))))))))))))))))))))))))))
.
.
2014-07-15 11:06 . 2014-07-15 11:09	--------	d-----w-	C:\FRST
2014-07-07 19:57 . 2014-07-07 19:57	--------	d-----w-	c:\users\Holger\AppData\Local\Macromedia
2014-07-07 19:54 . 2014-07-07 19:54	71344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-07 19:54 . 2014-07-07 19:54	699056	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-07 19:54 . 2014-07-07 19:54	--------	d-----w-	c:\windows\system32\Macromed
2014-07-04 13:21 . 2014-07-04 13:21	--------	d-----w-	c:\users\Holger\AppData\Roaming\eCyber
2014-07-04 13:20 . 2014-07-04 13:20	--------	d-----w-	c:\windows\system32\log
2014-07-04 13:20 . 2014-06-27 09:54	44544	----a-w-	c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-07-04 13:20 . 2014-07-15 13:19	--------	d-----w-	c:\program files (x86)\iSafe
2014-07-04 13:20 . 2014-07-15 11:36	--------	d-----w-	c:\users\Holger\AppData\Roaming\iSafe
2014-07-04 01:40 . 2014-06-05 10:54	10779000	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{04AACC40-0D67-4F31-90C2-92F6C5625D5D}\mpengine.dll
2014-06-27 08:38 . 2014-06-27 08:38	--------	d-sh--we	c:\windows\SysWow64\config\systemprofile\Startmenü
2014-06-27 08:38 . 2014-06-27 08:38	--------	d-sh--we	c:\windows\SysWow64\config\systemprofile\Lokale Einstellungen
2014-06-27 08:38 . 2014-06-27 08:38	--------	d-sh--we	c:\windows\SysWow64\config\systemprofile\Anwendungsdaten
2014-06-26 07:41 . 2014-06-26 07:41	--------	d-----w-	c:\users\Holger\AppData\Local\ArcSoft
2014-06-26 07:38 . 2014-06-26 07:41	--------	d-----w-	c:\users\Holger\AppData\Roaming\ArcSoft
2014-06-26 07:38 . 2014-06-28 08:40	--------	d-----w-	c:\programdata\ArcSoft
2014-06-26 07:38 . 2006-09-18 06:50	22784	----a-w-	c:\windows\SysWow64\drivers\afc.sys
2014-06-26 07:38 . 2014-06-26 07:38	--------	d-----w-	c:\program files (x86)\ArcSoft
2014-06-26 07:38 . 2005-07-16 00:35	245408	----a-w-	c:\windows\SysWow64\unicows.dll
2014-06-26 07:38 . 2003-03-18 20:14	499712	----a-w-	c:\windows\SysWow64\msvcp71.dll
2014-06-26 07:38 . 2003-02-21 02:42	348160	----a-w-	c:\windows\SysWow64\msvcr71.dll
2014-06-26 07:38 . 2014-06-26 07:38	--------	d-----w-	c:\program files (x86)\Common Files\ArcSoft
2014-06-26 07:36 . 2001-09-05 02:18	77824	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-06-26 07:36 . 2001-09-05 02:18	225280	----a-w-	c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-06-26 07:36 . 2001-09-05 02:14	176128	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-06-26 07:36 . 2001-09-05 02:13	32768	----a-w-	c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-06-25 10:01 . 2014-06-25 10:01	--------	d-----w-	c:\program files (x86)\Common Files\Skype
2014-06-24 13:18 . 2014-05-19 23:10	601432	----a-w-	c:\windows\SysWow64\nvStreaming.exe
2014-06-24 13:03 . 2014-06-24 13:03	--------	d-----w-	c:\users\Holger\AppData\Local\NVIDIA Corporation
2014-06-24 13:02 . 2014-05-29 23:07	1291232	----a-w-	c:\windows\SysWow64\nvspbridge.dll
2014-06-24 13:02 . 2014-05-29 23:07	1122312	----a-w-	c:\windows\SysWow64\nvspcap.dll
2014-06-24 13:02 . 2014-05-29 23:07	1715176	----a-w-	c:\windows\system32\nvspbridge64.dll
2014-06-24 13:02 . 2014-05-29 23:07	1279480	----a-w-	c:\windows\system32\nvspcap64.dll
2014-06-24 13:02 . 2014-03-31 16:42	40392	----a-w-	c:\windows\system32\drivers\nvvad64v.sys
2014-06-24 13:02 . 2014-03-31 16:42	34760	----a-w-	c:\windows\SysWow64\nvaudcap32v.dll
2014-06-15 20:52 . 2014-06-15 20:52	--------	d-----w-	c:\programdata\ovos
2014-06-15 20:49 . 2014-06-15 20:49	--------	d-----w-	c:\users\Holger\AppData\Roaming\ovos
2014-06-15 16:18 . 2014-06-15 16:22	--------	d-----w-	C:\chrome addons-NEU-INSTALL
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-20 02:44 . 2014-01-07 16:10	61216	----a-w-	c:\windows\system32\OpenCL.dll
2014-05-20 02:44 . 2014-01-07 16:10	52056	----a-w-	c:\windows\SysWow64\OpenCL.dll
2014-05-20 02:44 . 2014-01-07 16:08	18531568	----a-w-	c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2014-01-07 16:08	952952	----a-w-	c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2014-01-07 16:08	3109248	----a-w-	c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2014-01-07 16:08	2730208	----a-w-	c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2014-01-07 16:08	14434704	----a-w-	c:\windows\SysWow64\nvd3dum.dll
2014-05-20 01:25 . 2014-01-07 16:10	6769096	----a-w-	c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2014-01-07 16:10	3514144	----a-w-	c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2014-01-07 16:10	927520	----a-w-	c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2014-01-07 16:10	62808	----a-w-	c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2014-01-07 16:10	387528	----a-w-	c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2014-01-07 16:10	2560968	----a-w-	c:\windows\system32\nvsvcr.dll
2014-05-16 07:00 . 2014-01-07 16:25	93223848	----a-w-	c:\windows\system32\MRT.exe
2014-05-14 23:49 . 2014-01-07 16:10	3774821	----a-w-	c:\windows\system32\nvcoproc.bin
2014-05-09 06:14 . 2014-05-16 06:59	477184	----a-w-	c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-16 06:59	424448	----a-w-	c:\windows\system32\aeinv.dll
2014-05-08 07:14 . 2014-05-16 07:02	23134208	----a-w-	c:\windows\system32\mshtml.dll
2014-05-08 06:37 . 2014-05-16 07:02	2724864	----a-w-	c:\windows\system32\mshtml.tlb
2014-05-08 05:27 . 2014-05-16 07:02	2724864	----a-w-	c:\windows\SysWow64\mshtml.tlb
2014-05-08 04:57 . 2014-05-16 07:02	84992	----a-w-	c:\windows\system32\mshtmled.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Holger\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Holger\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	131248	----a-w-	c:\users\Holger\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_B33ACFFF58BD8F830B4B32B31CD43895"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-06-05 860488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-09-25 614400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"36X Raid Configurer"="c:\windows\SysWOW64\xRaidSetup.exe" [2007-11-19 1966080]
"Syncios device service"="c:\program files (x86)\Syncios\SynciosDeviceService.exe" [2013-12-03 723456]
"HFS Activator"="c:\program files (x86)\Paragon Software\HFS+ for Windows  10.3\activation\hfsactivator.exe" [2014-02-17 245456]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
c:\users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
Samsung Magician.lnk - c:\windows\system32\schtasks.exe  /run /tn SamsungMagician [2014-1-8 285696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MCtlSvc.lnk - c:\program files (x86)\congstar\Internet-Manager\Bin\mcserver.exe [2014-5-18 60688]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2014-6-26 268864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 Hfsplus;Hfsplus;c:\windows\system32\DRIVERS\hfsplus.sys;c:\windows\SYSNATIVE\DRIVERS\hfsplus.sys [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbser.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 netr7364;RT73-Drahtlostreiber für Vista von Conceptronic;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S0 apmwin;apmwin;c:\windows\system32\DRIVERS\apmwin.sys;c:\windows\SYSNATIVE\DRIVERS\apmwin.sys [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys;c:\windows\SYSNATIVE\drivers\BMLoad.sys [x]
S0 gpt_loader;GUID Partition table support driver;c:\windows\system32\DRIVERS\gpt_loader.sys;c:\windows\SYSNATIVE\DRIVERS\gpt_loader.sys [x]
S0 mounthlp;Mounter helper driver for HFS+ volumes;c:\windows\system32\DRIVERS\mounthlp.sys;c:\windows\SYSNATIVE\DRIVERS\mounthlp.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 iSafeKrnl;iSafeKrnl;c:\program files (x86)\iSafe\iSafeKrnl.sys;c:\program files (x86)\iSafe\iSafeKrnl.sys [x]
S1 iSafeKrnlKit;iSafeKrnl Kit Driver;c:\program files (x86)\iSafe\iSafeKrnlKit.sys;c:\program files (x86)\iSafe\iSafeKrnlKit.sys [x]
S1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;c:\program files (x86)\iSafe\iSafeKrnlR3.sys;c:\program files (x86)\iSafe\iSafeKrnlR3.sys [x]
S1 iSafeNetFilter;iSafeNetFilter;c:\program files (x86)\iSafe\iSafeNetFilter.sys;c:\program files (x86)\iSafe\iSafeNetFilter.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 HfsplusRec;HfsplusRec;c:\windows\system32\DRIVERS\hfsplusrec.sys;c:\windows\SYSNATIVE\DRIVERS\hfsplusrec.sys [x]
S2 iSafeService;iSafeService;c:\program files (x86)\iSafe\iSafeSvc.exe;c:\program files (x86)\iSafe\iSafeSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-11 07:53	1091912	----a-w-	c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15 10:34]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15 10:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Holger\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Holger\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Holger\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54	164016	----a-w-	c:\users\Holger\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"apmwinapp"="c:\program files (x86)\Paragon Software\HFS+ for Windows  10.3\apmwinsrv.exe" [2014-02-17 66768]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\5e9x09cb.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: browser.search.selectedEngine - Google
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-iPhone PC Suite - c:\program files (x86)\Iphone PC-Suite\iPhone\iPhone PC Suite.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-486211714-1698053076-470721747-1001\Software\SecuROM\License information*]
"datasecu"=hex:9f,24,f2,74,b9,49,4b,6c,5c,17,aa,04,c3,06,22,6a,c7,d4,3d,26,15,
   1e,37,73,2e,dc,7d,c4,74,94,79,d9,ed,3c,7f,8b,bd,f4,43,4f,97,f7,1b,07,66,38,\
"rkeysecu"=hex:5e,52,d0,78,89,ed,ea,a5,ca,09,33,36,1d,48,15,f7
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-07-15  15:23:46
ComboFix-quarantined-files.txt  2014-07-15 13:23
.
Vor Suchlauf: 18 Verzeichnis(se), 89.131.597.824 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 91.953.926.144 Bytes frei
.
- - End Of File - - 90EEB14B3E5C2CF60CA3AF49FA618BC1
A36C5E4F47E84449FF07ED3517B43A31
         

Kaspersky war deaktiviert, aber leider lief noch YAC (yet another cleaner) und meldete sich wegen einer registry-Änderung. Ich habe ihn daraufhin sofort deaktiviert (während combofix lief). War das ok? Oder lieber nochmal Combofix laufen lassen?

Alt 15.07.2014, 15:48   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

"cj.dotomi.com" - Malware in Chrome (Win7)



Zitat:
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 hl2rcv.adobe.com
Warum hast du gecrackte Adobe Software auf dem Rechner?
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 15.07.2014, 20:31   #12
Ruiner
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

"cj.dotomi.com" - Malware in Chrome (Win7)



Oh... das hatte mir ein Freund installiert, ich selber verwende das gar nicht. Brauch ich für nix, also jetzt weg damit...

für deine Hilfe! Ich habe gerade den Rechner wieder gestartet, es scheint alles wieder normal zu funktionieren, keine der beschriebenen Symptome mehr vorhanden.

Kann das sein, das ComboFix alle Reste der Malware entfernt hat? Oder sollte ich nochmal irgendeine Software zum Checken durchlaufen lassen?

ohh, nein, leider doch noch da. :-(

Komisch... ein paar Minuten lang kamen immer die korrekten Links. Jetzt kommt bei den gleichen Links wieder cj.dotomi.com...

Und Chrome hat die Einstellung "Beim Start zuletzt angesehene Seiten öffnen" beibehalten...



Tatsächlich ist es mit den Links eher mehr als weniger geworden...

Teilweise erfolgt jetzt auch eine Umleitung zu
hxxp://action.metaffiliation.com/trk.php?mclic=P49C8F5271C91513&argsite=at102799_a134304_m4_p3439_t33&redir=http%3A%2F%2Fwww.yac.mx%2Fen%2Fguides%2Fbrowser-hijacker-removal%2F20140421-how-to-remove-cj.dotomi.com-from-Chrome.html

Alt 16.07.2014, 00:40   #13
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

"cj.dotomi.com" - Malware in Chrome (Win7)



Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html

Es geht weiter wenn du alles Illegale entfernt hast.

Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Alt 16.07.2014, 11:42   #14
Ruiner
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

"cj.dotomi.com" - Malware in Chrome (Win7)



hallo cosinus.
also, alle Adobe-Programme sind deinstalliert (außer Freeware: Reader, Flash Player, AIR).
Und ansonsten befindet sich keine illegale Software auf meinem Rechner.

Alt 16.07.2014, 11:44   #15
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
"cj.dotomi.com" - Malware in Chrome (Win7) - Standard

"cj.dotomi.com" - Malware in Chrome (Win7)



Adware/Junkware/Toolbars entfernen


1. Schritt: adwCleaner

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).




2. Schritt: JRT - Junkware Removal Tool

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.




3. Schritt: Frisches Log mit FRST

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
"Die Wahrheit ist normalerweise nur eine Entschuldigung für einen Mangel an Fantasie." (Elim Garak)

Das Trojaner-Board unterstützen
Warum Linux besser als Windows ist!

Antwort

Themen zu "cj.dotomi.com" - Malware in Chrome (Win7)
about:blank, android/mobserv.a, android/trojansms.bosm.a, anleitung, dateien, entfernen, folge, hängen, meldung, mobogenie, mobogenie entfernen, problem, sweet-page, sweet-page entfernen, warnhinweis, win32/adware.lollipop.d, win32/bundled.toolbar.google.d, win32/cnetinstaller.b, win32/downloadadmin.g, win32/elex.y, win32/hacktool.winactivator.i, win32/installcore.io, win32/mobogenie.a, win32/nextlive.a, win32/toolbar.conduit.h, öffnen



Ähnliche Themen: "cj.dotomi.com" - Malware in Chrome (Win7)


  1. ESET hat Diverses gefunden, Laptop extrem langsam, andauernde Fehlermeldungen Chrome"Ups Google Chrome ...."
    Plagegeister aller Art und deren Bekämpfung - 19.07.2015 (165)
  2. Win7: LAN ok, Netzwerktreiber ok, aber "Netzwerk" -> "Adaptereinstellungen ändern" ist leer
    Log-Analyse und Auswertung - 22.01.2015 (15)
  3. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  4. Windows 8.1: Avira findet "TR/Swrort.A.10259" in "C:\Program Files (x86)\Google\Chrome\Application\old_chrome.exe"
    Plagegeister aller Art und deren Bekämpfung - 23.07.2014 (3)
  5. Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (77)
  6. Win7 nach AntiVir Funden "TR/Crypt.zpack.Gen7" und "Adspy.Gen2" stark verlangsamt
    Log-Analyse und Auswertung - 13.04.2014 (28)
  7. Win7 64bit Festplatte "rödelt" oft im Hintergrund während des Surfens! Virus? Malware?
    Plagegeister aller Art und deren Bekämpfung - 04.04.2014 (5)
  8. Windows XP Nach Installation von HP Player immer zwei Startseiten beim Öffnen von Google chrome "start.iminent.com" und "Search gol"
    Log-Analyse und Auswertung - 08.10.2013 (5)
  9. WIN 7: Malwarebytes Anti-Malware meldet "PUM.UserWLoad" & "Trojan.Ransom"
    Log-Analyse und Auswertung - 04.09.2013 (21)
  10. SPAM-Vorwurf durch Internet-Anbieter / "Malwarebytes Anti-Malware"-Abstürze / Nachfrage zu "Secunia PSI"
    Log-Analyse und Auswertung - 30.08.2013 (17)
  11. Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (32)
  12. "Malware Protection" entfernt und nun "Windows Vista Restore" und diverse Festplattenwarnungen
    Plagegeister aller Art und deren Bekämpfung - 17.06.2011 (28)
  13. "Recovery"- und"Bundeskriminalamt"-Malware; Rkill und Malwarebytes öffnen sich nicht
    Plagegeister aller Art und deren Bekämpfung - 29.05.2011 (9)
  14. "Recovery"- und"Bundeskriminalamt"-Malware; Rkill und Malwarebytes öffnen sich nicht
    Antiviren-, Firewall- und andere Schutzprogramme - 29.05.2011 (2)
  15. Es wird "äääääääää" und "$" eingefügt. Antvir, Malware finden nichts!
    Plagegeister aller Art und deren Bekämpfung - 07.07.2009 (0)
  16. "error cleaner" "privacy protector" "spyware&malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (7)
  17. "error cleaner" "privacy protector" "spyware und malware protection"
    Plagegeister aller Art und deren Bekämpfung - 28.06.2008 (2)

Zum Thema "cj.dotomi.com" - Malware in Chrome (Win7) - Hallo liebes Retter-Team, ich habe folgendes Problem in Chrome: Seit ein paar Tagen werde ich beim Anklicken eines Links häufig zu Seiten geleitet, die immer mit "cj.dotomi.com" beginnen, statt die - "cj.dotomi.com" - Malware in Chrome (Win7)...
Archiv
Du betrachtest: "cj.dotomi.com" - Malware in Chrome (Win7) auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.