| |
| |||||||
Log-Analyse und Auswertung: "cj.dotomi.com" - Malware in Chrome (Win7)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML |
 |
15.07.2014, 13:14
| #1 |
 |  "cj.dotomi.com" - Malware in Chrome (Win7) Hallo liebes Retter-Team, ich habe folgendes Problem in Chrome: Seit ein paar Tagen werde ich beim Anklicken eines Links häufig zu Seiten geleitet, die immer mit "cj.dotomi.com" beginnen, statt die gewünschte Seite zu erreichen. Beispiel: hxxp://cj.dotomi.com/74102efon5/fmr/4445BC94/A366CBC/3/3/3?h=twtn%3Djvvr%255C%254H%254Hyyy.itggpocpicokpi.eqo%254Huswctg-gpkz-fgcnu%254H%255Hioit%255Fswnw0wiw%3C%3Cjvvr%3A%2F%2Fyyy.frdqnxy.pgv%3AA2%2Fenkem-9255BAB-3334AB83%3C%3CI%3Cjvvr%3A%2F%2Fyyy.grkedwpfng.eqo%2Ficog-fgcn-xqwejgt%3C Die Seite hat dann jeweils einstellig einen Buchstaben oder eine Zahl als Titel mit dem Zusatz "(1x1)". Auf der Seite ist nichts zu sehen. (Evtl. ist ein weißer Pixel in der Mitte!?) Dies ganze passiert lange nicht bei allen Links, vielleicht in 20-30% der Fälle. Meistens führen alle Links einer Seite zu cj.dotomi.com und alle Links einer anderen Seite funktionieren einwandfrei... Ich habe daraufhin diese Anleitung zum manuellen Entfernen ausgeführt: hxxp://blog.vilmatech.com/remove-cj-dotomi-browser-hijacker-latest-removal-guides/ Trotzdem ist das Problem weiterhin vorhanden. Ich finde allerdings nun keinen der dort erwähnten Dateien, Prozesse, Registryeinträge mehr. Außerdem ändert sich die Einstellung in Chrome: "Beim Start Zuletzt angesehene Seiten öffnen" bei jedem Neustart des Computers in "Bestimmte Seite oder Seiten öffnen". Die dann eingestellte Seite ist aber lediglich "about:blank". (Ob dies vor dem manuellen Entfernen anders war, kann ich leider nicht sagen) Aufgrund der Länge der LOGFILES kam ein Warnhinweis und ich musste die LOGFILES als Archiv anhängen. Vielen dank für die Hilfe im Voraus!! Viele Grüße, Holger |
|
15.07.2014, 13:22
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | "cj.dotomi.com" - Malware in Chrome (Win7) Hi und
__________________ Logs bitte nicht anhängen, notfalls splitten und über mehrere Postings verteilt posten  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
15.07.2014, 13:39
| #3 |
| | logfiles - Teil 1 Alles klar! :-)
__________________Dann hier nochmal die Logfiles in mehrere Posts aufgeteilt: defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:05 on 15/07/2014 (Holger)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
FRST.txt FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 14-07-2014 01
Ran by Holger (administrator) on HOLGER-PC on 15-07-2014 13:06:09
Running from C:\Users\Holger\Downloads
Platform: Windows 7 Professional Service Pack 1 (X64) OS Language: Deutsch (Deutschland)
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeSvc2.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(ZTE) C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe
(ArcSoft, Inc.) C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe
() C:\Windows\Samsung\PanelMgr\SSMMgr.exe
(Dropbox, Inc.) C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Elex do Brasil Participações Ltda) C:\Program Files (x86)\iSafe\iSafeTray.exe
() C:\Windows\Samsung\PanelMgr\caller64.exe
(Samsung Electronics.) C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
() C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Windows\SysWOW64\cmd.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe
() C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
(ArcSoft Inc.) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\Program Files (x86)\iSafe\ipcdl.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2352072 2014-05-30] (NVIDIA Corporation)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [IAAnotif] => C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [186904 2009-06-04] (Intel Corporation)
HKLM\...\Run: [apmwinapp] => C:\Program Files (x86)\Paragon Software\HFS+ for Windows 10.3\apmwinsrv.exe [66768 2014-02-17] ()
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap64.dll [1279480 2014-05-30] (NVIDIA Corporation)
HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AdobeCS5.5ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [1523360 2011-01-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Samsung PanelMgr] => C:\Windows\Samsung\PanelMgr\ssmmgr.exe [614400 2009-09-25] ()
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [36X Raid Configurer] => C:\Windows\SysWOW64\xRaidSetup.exe [1966080 2007-11-19] (Gigabyte Technology Corp.)
HKLM-x32\...\Run: [Syncios device service] => C:\Program Files (x86)\Syncios\SynciosDeviceService.exe [723456 2013-12-03] ()
HKLM-x32\...\Run: [HFS Activator] => C:\Program Files (x86)\Paragon Software\HFS+ for Windows 10.3\activation\hfsactivator.exe [245456 2014-02-17] ()
HKLM-x32\...\Run: [amd_dc_opt] => C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [77824 2008-07-22] (AMD)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [207424 2010-10-27] (ArcSoft Inc.)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [301568 2014-01-09] (Microsoft Corporation)
HKU\S-1-5-21-486211714-1698053076-470721747-1001\...\Run: [iPhone PC Suite] => C:\Program Files (x86)\Iphone PC-Suite\iPhone\iPhone PC Suite.exe /start
HKU\S-1-5-21-486211714-1698053076-470721747-1001\...\Run: [AdobeBridge] => [X]
HKU\S-1-5-21-486211714-1698053076-470721747-1001\...\Run: [GoogleChromeAutoLaunch_B33ACFFF58BD8F830B4B32B31CD43895] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [860488 2014-06-05] (Google Inc.)
HKU\S-1-5-21-486211714-1698053076-470721747-1001\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-486211714-1698053076-470721747-1001\...\MountPoints2: {b2197da5-de9f-11e3-bb94-001a4d4f4bc6} - M:\windows\Data\setup.exe
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\MCtlSvc.lnk
ShortcutTarget: MCtlSvc.lnk -> C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe (ZTE)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TMMonitor.lnk
ShortcutTarget: TMMonitor.lnk -> C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe (ArcSoft, Inc.)
Startup: C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
ShortcutTarget: Dropbox.lnk -> C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
Startup: C:\Users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung Magician.lnk
ShortcutTarget: Samsung Magician.lnk -> C:\Windows\System32\schtasks.exe (Microsoft Corporation)
ShellIconOverlayIdentifiers: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: DropboxExt4 -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt1 -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt2 -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers-x32: DropboxExt3 -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xA00C2A76C10BCF01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
SearchScopes: HKLM - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - DefaultScope {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKCU - {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin -> {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Virtual Keyboard Plugin -> {73455575-E40C-433C-9784-C78DC7761455} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO-x32: No Name -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> No File
BHO-x32: Safe Money Plugin -> {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin -> {E33CF602-D945-461A-83F0-819F76A199F8} -> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\5e9x09cb.default
FF Homepage: about:blank
FF NewTab: about:blank
FF DefaultSearchEngine: Google
FF SearchEngineOrder.1: Google
FF SelectedSearchEngine: Google
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_14_0_0_125.dll ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 - C:\Program Files\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_14_0_0_125.dll ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf - C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf - C:\Program Files (x86)\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.55.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF Plugin HKCU: @unity3d.com/UnityPlayer,version=1.0 - C:\Users\Holger\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF Plugin HKCU: ubisoft.com/uplaypc - C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: Adblock Plus - C:\Users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\5e9x09cb.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2014-02-18]
FF HKLM-x32\...\Firefox\Extensions: - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-01-07]
FF HKLM-x32\...\Firefox\Extensions: [ff-bmboc@bytemobile.com] - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon
FF Extension: Bytemobile Optimization Client - C:\Program Files (x86)\congstar\Internet-Manager\Bin\addon [2014-05-18]
Chrome:
=======
CHR HomePage: about:blank
CHR StartupUrls: "about:blank"
CHR DefaultSearchKeyword: g
CHR Extension: (Google Docs) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-01-07]
CHR Extension: (Google Drive) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-01-07]
CHR Extension: (Session Manager) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbcnbpafconjjigibnhbfmmgdbbkcjfi [2014-02-15]
CHR Extension: (Kaspersky Protection) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-03-25]
CHR Extension: (YouTube) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-01-07]
CHR Extension: (Adblock Plus) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-02-15]
CHR Extension: (Google-Suche) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-01-07]
CHR Extension: (WhatFont) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\jabopobgcpjmedljpbcaablpmlmfcogm [2014-02-15]
CHR Extension: (Project Naptha) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\molncoemjfmpgdkbdlbjmhlcgniigdnf [2014-04-28]
CHR Extension: (Google Wallet) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-01-07]
CHR Extension: (Google Mail) - C:\Users\Holger\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-01-07]
CHR Extension: (Chrome YouTube Downloader) - C:\chrome addons-NEU-INSTALL\2.6.20_0 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp3\14.0.0.4651_0 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp4\14.0.0.4651_1 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp2\14.0.0.4651_1 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp5\14.0.0.4917_0 [2014-06-15]
CHR Extension: (__MSG_extName__) - C:\chrome addons-NEU-INSTALL\0.5.6_0 [2014-06-15]
CHR Extension: (__MSG_ExtensionName__) - C:\chrome addons-NEU-INSTALL\kasp1\14.0.0.4651_1 [2014-06-15]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2014-06-15]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]
==================== Services (Whitelisted) =================
R2 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Reader\Foxit Cloud\FCUpdateService.exe [241704 2014-03-25] (Foxit Corporation)
R2 iSafeService; C:\Program Files (x86)\iSafe\iSafeSvc.exe [118048 2014-06-27] (Elex do Brasil Participações Ltda)
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1631008 2014-05-30] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [21055432 2014-05-30] (NVIDIA Corporation)
S3 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
R2 postgresql-x64-9.2; C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N "postgresql-x64-9.2" -D "C:/Program Files/PostgreSQL/9.2/data" -w [X]
==================== Drivers (Whitelisted) ====================
R0 apmwin; C:\Windows\System32\DRIVERS\apmwin.sys [50896 2014-02-17] (Paragon Software Group)
R0 BMLoad; C:\Windows\System32\drivers\BMLoad.sys [16512 2009-12-15] (Bytemobile, Inc.) [File not signed]
R0 gpt_loader; C:\Windows\System32\DRIVERS\gpt_loader.sys [61136 2014-02-17] (Paragon Software Group)
S3 Hfsplus; C:\Windows\System32\DRIVERS\hfsplus.sys [205520 2014-02-17] (Paragon Software Group)
R2 HfsplusRec; C:\Windows\System32\DRIVERS\hfsplusrec.sys [15568 2014-02-17] (Paragon Software Group)
S3 HSPADataCardusbmdm; C:\Windows\System32\DRIVERS\HSPADataCardusbmdm.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbnmea; C:\Windows\System32\DRIVERS\HSPADataCardusbnmea.sys [122752 2011-08-19] (HSPADataCard Incorporated)
S3 HSPADataCardusbser; C:\Windows\System32\DRIVERS\HSPADataCardusbser.sys [122752 2011-08-19] (HSPADataCard Incorporated)
R1 iSafeKrnl; C:\Program Files (x86)\iSafe\iSafeKrnl.sys [246784 2014-06-27] (Elex do Brasil Participações Ltda)
S3 iSafeKrnlBoot; C:\Windows\System32\DRIVERS\iSafeKrnlBoot.sys [44544 2014-06-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlKit; C:\Program Files (x86)\iSafe\iSafeKrnlKit.sys [73728 2014-06-27] (Elex do Brasil Participações Ltda)
R1 iSafeKrnlR3; C:\Program Files (x86)\iSafe\iSafeKrnlR3.sys [64512 2014-06-27] (Elex do Brasil Participações Ltda)
R1 iSafeNetFilter; C:\Program Files (x86)\iSafe\iSafeNetFilter.sys [48640 2014-06-03] (Elex do Brasil Participações Ltda)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-01-07] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-03-24] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-02-18] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-01-07] (Kaspersky Lab ZAO)
R0 mounthlp; C:\Windows\System32\DRIVERS\mounthlp.sys [42704 2014-02-17] (Paragon Software Group)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [20256 2014-05-30] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [40392 2014-03-31] (NVIDIA Corporation)
S3 RTL2832UBDA; C:\Windows\SysWOW64\drivers\RTL2832UBDA.sys [238096 2012-05-21] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [39016 2011-12-29] (REALTEK SEMICONDUCTOR Corp.)
S3 RTL2832U_IRHID; C:\Windows\SysWOW64\DRIVERS\RTL2832U_IRHID.sys [48488 2011-06-13] (Realtek)
R1 tcpipBM; C:\Windows\system32\drivers\tcpipBM.sys [39552 2009-12-15] (Bytemobile, Inc.) [File not signed]
S2 DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys [X]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-07-15 13:06 - 2014-07-15 13:06 - 00027694 _____ () C:\Users\Holger\Downloads\FRST.txt
2014-07-15 13:06 - 2014-07-15 13:06 - 00000000 ____D () C:\FRST
2014-07-15 13:05 - 2014-07-15 13:05 - 02086912 _____ (Farbar) C:\Users\Holger\Downloads\FRST64.exe
2014-07-15 13:05 - 2014-07-15 13:05 - 00000474 _____ () C:\Users\Holger\Downloads\defogger_disable.log
2014-07-15 13:05 - 2014-07-15 13:05 - 00000000 _____ () C:\Users\Holger\defogger_reenable
2014-07-15 12:47 - 2014-07-15 12:47 - 00050477 _____ () C:\Users\Holger\Downloads\Defogger.exe
2014-07-15 08:14 - 2014-07-15 12:12 - 00000336 _____ () C:\Windows\setupact.log
2014-07-15 08:14 - 2014-07-15 08:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 15:32 - 2014-07-14 15:37 - 716177408 _____ () C:\Users\Holger\Downloads\lubuntu-14.04-desktop-i386.iso
2014-07-13 18:44 - 2014-07-13 18:44 - 05022859 _____ (LinuxLive USB Creator) C:\Users\Holger\Downloads\LinuxLive USB Creator 2.8.30.exe
2014-07-13 18:32 - 2014-07-13 18:37 - 1017118720 _____ () C:\Users\Holger\Downloads\ubuntu-14.04-desktop-i386.iso
2014-07-07 23:15 - 2014-07-07 23:16 - 11331702 _____ () C:\Users\Holger\Downloads\Anhänge_201477.zip
2014-07-07 22:57 - 2014-07-07 22:59 - 44234417 _____ () C:\Users\Holger\Downloads\The_Stanley_Parable_v1.4.zip
2014-07-07 21:57 - 2014-07-07 21:57 - 00000000 ____D () C:\Users\Holger\AppData\Local\Macromedia
2014-07-07 21:54 - 2014-07-07 21:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-07 21:54 - 2014-07-07 21:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-07 21:54 - 2014-07-07 21:54 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-04 17:12 - 2014-07-07 12:39 - 00000000 ____D () C:\Users\Holger\Desktop\Verkaufen
2014-07-04 15:28 - 2014-07-04 15:29 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-04 15:21 - 2014-07-04 15:21 - 00001790 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-07-04 15:21 - 2014-07-04 15:21 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\eCyber
2014-07-04 15:21 - 2014-07-04 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-07-04 15:20 - 2014-07-15 12:13 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\iSafe
2014-07-04 15:20 - 2014-07-15 12:11 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-07-04 15:20 - 2014-07-04 15:20 - 00000000 ____D () C:\Windows\system32\log
2014-07-04 15:20 - 2014-06-27 11:54 - 00044544 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-07-04 15:19 - 2014-07-04 15:19 - 12348480 _____ (Elex do Brasil Participações Ltda) C:\Users\Holger\Downloads\yet_another_cleaner_sk.exe
2014-07-01 11:00 - 2014-07-01 11:00 - 00003242 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-07-01 11:00 - 2014-07-01 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-06-26 09:41 - 2014-06-26 09:41 - 00000000 ____D () C:\Users\Holger\AppData\Local\ArcSoft
2014-06-26 09:39 - 2014-06-26 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2014-06-26 09:38 - 2014-06-28 10:40 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-06-26 09:38 - 2014-06-26 09:41 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\ArcSoft
2014-06-26 09:38 - 2014-06-26 09:38 - 00002011 _____ () C:\Users\Public\Desktop\TotalMedia 3.5.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-06-26 09:38 - 2006-09-18 08:50 - 00022784 _____ (Arcsoft, Inc.) C:\Windows\SysWOW64\Drivers\afc.sys
2014-06-26 09:38 - 2005-07-16 02:35 - 00245408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unicows.dll
2014-06-26 09:38 - 2003-03-18 22:14 - 00499712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcp71.dll
2014-06-26 09:38 - 2003-02-21 04:42 - 00348160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr71.dll
2014-06-26 09:35 - 2014-06-26 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK DTV USB DEVICE
2014-06-26 09:35 - 2012-08-22 14:49 - 05750868 _____ ( ) C:\Windows\SysWOW64\RTKISDBT.dll
2014-06-26 09:35 - 2012-06-22 18:01 - 00372812 _____ (Realtek) C:\Windows\SysWOW64\RTKFM.dll
2014-06-26 09:35 - 2012-06-18 19:06 - 05771358 _____ (Realtek) C:\Windows\SysWOW64\RTKDAB.dll
2014-06-26 09:35 - 2012-05-21 11:36 - 00238096 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UBDA.sys
2014-06-26 09:35 - 2012-05-21 11:36 - 00238096 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UBDA.sys
2014-06-26 09:35 - 2011-12-29 16:09 - 00039016 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys
2014-06-26 09:35 - 2011-12-29 16:09 - 00039016 _____ (REALTEK SEMICONDUCTOR Corp.) C:\Windows\system32\Drivers\RTL2832UUSB.sys
2014-06-26 09:35 - 2011-09-30 14:58 - 00143441 _____ (Realtek) C:\Windows\SysWOW64\RTKDABSOURCE.dll
2014-06-26 09:35 - 2011-06-17 14:45 - 00135271 _____ (Realtek) C:\Windows\SysWOW64\RTKISDBTSOURCE.dll
2014-06-26 09:35 - 2011-06-13 13:06 - 00048488 _____ (Realtek) C:\Windows\SysWOW64\Drivers\RTL2832U_IRHID.sys
2014-06-26 09:35 - 2011-06-13 13:06 - 00048488 _____ (Realtek) C:\Windows\system32\Drivers\RTL2832U_IRHID.sys
2014-06-26 09:35 - 2011-03-10 16:30 - 00090243 _____ (Realtek) C:\Windows\SysWOW64\SuperFrameSplitter.dll
2014-06-26 09:35 - 2010-01-28 19:41 - 00135277 _____ (Realtek) C:\Windows\SysWOW64\RTKFMSOURCE.dll
2014-06-26 09:35 - 2009-12-29 15:12 - 00069632 _____ (Realtek) C:\Windows\SysWOW64\RTKDABMWare.dll
2014-06-26 09:35 - 2009-09-11 14:15 - 00114688 _____ (Realtek) C:\Windows\SysWOW64\RTL283XACCESS.dll
2014-06-24 15:18 - 2014-05-20 01:10 - 00601432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvStreaming.exe
2014-06-24 15:15 - 2014-05-20 04:44 - 31387936 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 25256224 _____ (NVIDIA Corporation) C:\Windows\system32\nvcompiler.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 24025376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 17561544 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcompiler.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 17480432 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 16003912 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 12688328 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2014-06-24 15:15 - 2014-05-20 04:44 - 11644928 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 11599072 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 09735256 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 09697640 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 03141976 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 02953672 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 02785568 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvenc.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 02412376 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvenc.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 01889112 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6433788.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 01541576 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6433788.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00895776 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00892704 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00867784 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00861128 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00837056 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00354016 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00305600 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00166568 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2014-06-24 15:15 - 2014-05-20 04:44 - 00146480 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2014-06-24 15:03 - 2014-06-24 15:03 - 00000000 ____D () C:\Users\Holger\AppData\Local\NVIDIA Corporation
2014-06-24 15:02 - 2014-05-30 01:07 - 01715176 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2014-06-24 15:02 - 2014-05-30 01:07 - 01291232 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2014-06-24 15:02 - 2014-05-30 01:07 - 01279480 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2014-06-24 15:02 - 2014-05-30 01:07 - 01122312 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2014-06-24 15:02 - 2014-03-31 18:42 - 00040392 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2014-06-24 15:02 - 2014-03-31 18:42 - 00034760 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2014-06-23 18:50 - 2014-06-23 18:58 - 00000000 ____D () C:\Users\Holger\Desktop\Fotos für Huy
2014-06-15 22:52 - 2014-06-15 22:52 - 00000000 ____D () C:\ProgramData\ovos
2014-06-15 22:52 - 2014-06-15 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ludwig
2014-06-15 22:49 - 2014-06-15 22:49 - 04891652 _____ (ovos) C:\Users\Holger\Downloads\LudwigSetup_1.11.exe
2014-06-15 22:49 - 2014-06-15 22:49 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\ovos
2014-06-15 18:18 - 2014-06-15 18:22 - 00000000 ____D () C:\chrome addons-NEU-INSTALL
2014-06-15 12:41 - 2014-06-15 12:41 - 00000000 ____D () C:\Users\Holger\AppData\Local\Unity
2014-06-15 12:38 - 2014-06-15 12:38 - 01080528 _____ (Unity Technologies ApS) C:\Users\Holger\Downloads\UnityWebPlayer.exe
==================== One Month Modified Files and Folders =======
2014-07-15 13:06 - 2014-07-15 13:06 - 00027694 _____ () C:\Users\Holger\Downloads\FRST.txt
2014-07-15 13:06 - 2014-07-15 13:06 - 00000000 ____D () C:\FRST
2014-07-15 13:05 - 2014-07-15 13:05 - 02086912 _____ (Farbar) C:\Users\Holger\Downloads\FRST64.exe
2014-07-15 13:05 - 2014-07-15 13:05 - 00000474 _____ () C:\Users\Holger\Downloads\defogger_disable.log
2014-07-15 13:05 - 2014-07-15 13:05 - 00000000 _____ () C:\Users\Holger\defogger_reenable
2014-07-15 13:05 - 2014-01-07 17:57 - 00000000 ____D () C:\Users\Holger
2014-07-15 12:59 - 2014-02-15 12:34 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-07-15 12:47 - 2014-07-15 12:47 - 00050477 _____ () C:\Users\Holger\Downloads\Defogger.exe
2014-07-15 12:36 - 2014-01-07 22:06 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-07-15 12:19 - 2009-07-14 06:45 - 00030704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-07-15 12:19 - 2009-07-14 06:45 - 00030704 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-07-15 12:17 - 2009-07-14 19:58 - 00699416 _____ () C:\Windows\system32\perfh007.dat
2014-07-15 12:17 - 2009-07-14 19:58 - 00149556 _____ () C:\Windows\system32\perfc007.dat
2014-07-15 12:17 - 2009-07-14 07:13 - 01620612 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-07-15 12:15 - 2014-01-07 17:57 - 01557510 _____ () C:\Windows\WindowsUpdate.log
2014-07-15 12:14 - 2014-01-11 15:48 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\DropboxMaster
2014-07-15 12:14 - 2014-01-11 15:47 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\Dropbox
2014-07-15 12:13 - 2014-07-04 15:20 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\iSafe
2014-07-15 12:12 - 2014-07-15 08:14 - 00000336 _____ () C:\Windows\setupact.log
2014-07-15 12:12 - 2014-02-15 12:34 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-07-15 12:11 - 2014-07-04 15:20 - 00000000 ____D () C:\Program Files (x86)\iSafe
2014-07-15 12:11 - 2014-01-07 18:11 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-07-15 12:11 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-07-15 08:14 - 2014-07-15 08:14 - 00000000 _____ () C:\Windows\setuperr.log
2014-07-14 22:33 - 2014-01-07 23:24 - 00000000 ____D () C:\Program Files (x86)\Steam
2014-07-14 16:19 - 2014-03-10 08:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
2014-07-14 16:19 - 2014-02-20 14:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YTD Video Downloader
2014-07-14 16:19 - 2014-01-07 22:31 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2014-07-14 16:19 - 2014-01-07 17:47 - 00000000 ____D () C:\Windows\Panther
2014-07-14 15:37 - 2014-07-14 15:32 - 716177408 _____ () C:\Users\Holger\Downloads\lubuntu-14.04-desktop-i386.iso
2014-07-13 18:44 - 2014-07-13 18:44 - 05022859 _____ (LinuxLive USB Creator) C:\Users\Holger\Downloads\LinuxLive USB Creator 2.8.30.exe
2014-07-13 18:37 - 2014-07-13 18:32 - 1017118720 _____ () C:\Users\Holger\Downloads\ubuntu-14.04-desktop-i386.iso
2014-07-13 15:54 - 2009-07-14 07:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-07-12 14:07 - 2014-01-07 23:01 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\vlc
2014-07-07 23:16 - 2014-07-07 23:15 - 11331702 _____ () C:\Users\Holger\Downloads\Anhänge_201477.zip
2014-07-07 22:59 - 2014-07-07 22:57 - 44234417 _____ () C:\Users\Holger\Downloads\The_Stanley_Parable_v1.4.zip
2014-07-07 21:57 - 2014-07-07 21:57 - 00000000 ____D () C:\Users\Holger\AppData\Local\Macromedia
2014-07-07 21:54 - 2014-07-07 21:54 - 00699056 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-07-07 21:54 - 2014-07-07 21:54 - 00071344 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-07-07 21:54 - 2014-07-07 21:54 - 00000000 ____D () C:\Windows\system32\Macromed
2014-07-07 12:39 - 2014-07-04 17:12 - 00000000 ____D () C:\Users\Holger\Desktop\Verkaufen
2014-07-07 08:52 - 2014-02-18 10:23 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-07-06 17:59 - 2014-05-14 14:59 - 00001578 _____ () C:\Users\Holger\AppData\Roaming\FoxitReaderUpdateInfo.txt
2014-07-04 15:29 - 2014-07-04 15:28 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-07-04 15:21 - 2014-07-04 15:21 - 00001790 _____ () C:\Users\Public\Desktop\YAC.lnk
2014-07-04 15:21 - 2014-07-04 15:21 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\eCyber
2014-07-04 15:21 - 2014-07-04 15:21 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\YAC
2014-07-04 15:20 - 2014-07-04 15:20 - 00000000 ____D () C:\Windows\system32\log
2014-07-04 15:19 - 2014-07-04 15:19 - 12348480 _____ (Elex do Brasil Participações Ltda) C:\Users\Holger\Downloads\yet_another_cleaner_sk.exe
2014-07-03 22:13 - 2013-01-31 12:42 - 00000000 ___HD () C:\Users\Holger\AppData\Local\O4oI5SrM
2014-07-01 11:00 - 2014-07-01 11:00 - 00003242 _____ () C:\Windows\System32\Tasks\SamsungMagician
2014-07-01 11:00 - 2014-07-01 11:00 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung Magician
2014-07-01 11:00 - 2014-01-09 09:22 - 00000000 ____D () C:\Program Files (x86)\Samsung Magician
2014-06-29 11:39 - 2014-02-07 11:57 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Desura
2014-06-29 11:39 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-06-29 10:27 - 2014-01-07 23:35 - 00000000 ____D () C:\Users\postgres
2014-06-28 10:40 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\ArcSoft
2014-06-28 10:40 - 2014-01-09 12:39 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-06-27 11:54 - 2014-07-04 15:20 - 00044544 _____ (Elex do Brasil Participações Ltda) C:\Windows\system32\Drivers\iSafeKrnlBoot.sys
2014-06-26 09:41 - 2014-06-26 09:41 - 00000000 ____D () C:\Users\Holger\AppData\Local\ArcSoft
2014-06-26 09:41 - 2014-06-26 09:38 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\ArcSoft
2014-06-26 09:39 - 2014-06-26 09:39 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2014-06-26 09:38 - 2014-06-26 09:38 - 00002011 _____ () C:\Users\Public\Desktop\TotalMedia 3.5.lnk
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
2014-06-26 09:38 - 2014-06-26 09:38 - 00000000 ____D () C:\Program Files (x86)\ArcSoft
2014-06-26 09:35 - 2014-06-26 09:35 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK DTV USB DEVICE
2014-06-26 09:35 - 2014-01-09 12:41 - 00000000 ____D () C:\Program Files (x86)\Realtek
2014-06-25 17:23 - 2014-02-27 11:06 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\Skype
2014-06-25 12:01 - 2014-02-27 11:06 - 00000000 ___RD () C:\Program Files (x86)\Skype
2014-06-25 12:01 - 2014-02-27 11:06 - 00000000 ____D () C:\ProgramData\Skype
2014-06-24 15:18 - 2014-01-07 18:11 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2014-06-24 15:18 - 2014-01-07 18:10 - 00000000 ____D () C:\Program Files (x86)\NVIDIA Corporation
2014-06-24 15:03 - 2014-06-24 15:03 - 00000000 ____D () C:\Users\Holger\AppData\Local\NVIDIA Corporation
2014-06-24 15:03 - 2014-01-07 18:10 - 00000000 ____D () C:\ProgramData\NVIDIA Corporation
2014-06-24 15:02 - 2014-01-07 18:05 - 00000000 ____D () C:\Program Files\NVIDIA Corporation
2014-06-23 18:58 - 2014-06-23 18:50 - 00000000 ____D () C:\Users\Holger\Desktop\Fotos für Huy
2014-06-22 19:54 - 2014-02-15 12:34 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-06-22 19:54 - 2014-02-15 12:34 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-06-15 22:52 - 2014-06-15 22:52 - 00000000 ____D () C:\ProgramData\ovos
2014-06-15 22:52 - 2014-06-15 22:52 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ludwig
2014-06-15 22:49 - 2014-06-15 22:49 - 04891652 _____ (ovos) C:\Users\Holger\Downloads\LudwigSetup_1.11.exe
2014-06-15 22:49 - 2014-06-15 22:49 - 00000000 ____D () C:\Users\Holger\AppData\Roaming\ovos
2014-06-15 18:22 - 2014-06-15 18:18 - 00000000 ____D () C:\chrome addons-NEU-INSTALL
2014-06-15 12:41 - 2014-06-15 12:41 - 00000000 ____D () C:\Users\Holger\AppData\Local\Unity
2014-06-15 12:38 - 2014-06-15 12:38 - 01080528 _____ (Unity Technologies ApS) C:\Users\Holger\Downloads\UnityWebPlayer.exe
Some content of TEMP:
====================
C:\Users\Holger\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7t_7c.dll
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2014-07-08 09:00
==================== End Of Log ============================
--- --- --- Addition.txt Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 14-07-2014 01
Ran by Holger at 2014-07-15 13:07:04
Running from C:\Users\Holger\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
==================== Installed Programs ======================
(HKLM\...\UDK-0d9fc8aa-6419-410f-bc19-78f36be6a3ca) (Version: - RuneStorm
@BIOS (HKLM-x32\...\{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}) (Version: 2.33 - GIGABYTE)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.5.1.17730 - Adobe Systems Inc.)
Adobe AIR (x32 Version: 2.5.1.17730 - Adobe Systems Inc.) Hidden
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.4.980 - Adobe Systems Incorporated.)
Adobe Community Help (x32 Version: 3.4.980 - Adobe Systems Incorporated.) Hidden
Adobe Content Viewer (HKLM-x32\...\com.adobe.dmp.contentviewer) (Version: 1.4.0 - Adobe Systems Incorporated)
Adobe Content Viewer (x32 Version: 1.4.0 - Adobe Systems Incorporated) Hidden
Adobe Creative Suite 5.5 Master Collection (HKLM-x32\...\{D57FC112-312E-4D70-860F-2DB8FB6858F0}) (Version: 5.5 - Adobe Systems Incorporated)
Adobe Flash Player 14 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 14.0.0.125 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 5.3 64-bit (HKLM\...\{2DD71ACB-552D-402C-9529-7906ACB95C30}) (Version: 5.3.1 - Adobe Systems Incorporated)
Adobe Story (HKLM-x32\...\com.adobe.AdobeStory.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 1.0.571 - Adobe Systems Incorporated)
Adobe Story (x32 Version: 1.0.571 - Adobe Systems Incorporated) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ArcSoft TotalMedia 3.5 (HKLM-x32\...\{74292F90-895A-4FC6-A692-9641532B1B63}) (Version: 3.5.28.388 - ArcSoft)
Astro Tripper (HKLM-x32\...\Steam App 110600) (Version: - PomPom)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
Avid Codecs LE (HKLM-x32\...\{581194D0-BCF1-4329-8EA8-2AC19154D8A5}) (Version: 2.3.4 - Ihr Firmenname)
Beat Hazard (HKLM-x32\...\Steam App 49600) (Version: - Cold Beam Games)
BeatBlasters III (HKLM-x32\...\Steam App 246800) (Version: - Chainsawesome Games)
Beatbuddy: Tale of the Guardians (HKLM-x32\...\Steam App 231040) (Version: - Threaks)
Ben There, Dan That! (HKLM-x32\...\Steam App 37420) (Version: - Zombie Cow Studios)
BIT.TRIP Presents... Runner2: Future Legend of Rhythm Alien (HKLM-x32\...\Steam App 218060) (Version: - Gaijin Games)
BIT.TRIP RUNNER (HKLM-x32\...\Steam App 63710) (Version: - Gaijin Games)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Capsized (HKLM-x32\...\Steam App 95300) (Version: - Alientrap Games Inc)
Chicken Shoot Gold (HKLM-x32\...\Steam App 259340) (Version: - ToonTRAXX Studios)
Circuits (HKLM-x32\...\Steam App 282760) (Version: - Digital Tentacle)
congstar Internet-Manager (HKLM-x32\...\{27D28586-BEF1-4E06-8787-3B1FC3A41489}) (Version: 1.0.0.3 - ZTE CORPORATION)
Costume Quest (HKLM-x32\...\Steam App 115100) (Version: - Double Fine Productions)
Crash Time III (HKLM-x32\...\Steam App 33620) (Version: - Synetic)
Crazy Machines 2 (HKLM-x32\...\Steam App 18400) (Version: - Fakt Software)
CreaVures (HKLM-x32\...\Steam App 49810) (Version: - Muse Games)
C-RUSH (HKLM-x32\...\Steam App 262980) (Version: - Artnumeris)
Crysis 2 Maximum Edition (HKLM-x32\...\Steam App 108800) (Version: - Crytek Studios)
DaVinci Resolve (HKLM\...\{50534180-B41F-4257-8300-921F068193AC}) (Version: 10.0.2001 - Blackmagic Design)
Day One: Garry's Incident (HKLM-x32\...\Steam App 242800) (Version: - Wild Games Studio)
Dead Island (HKLM-x32\...\Steam App 91310) (Version: - Techland)
Dead Space 2 (HKLM-x32\...\Steam App 47780) (Version: - Visceral Games)
Dear Esther (HKLM-x32\...\Steam App 203810) (Version: - thechineseroom & Robert Briscoe)
Deponia (HKLM-x32\...\Steam App 214340) (Version: - Daedalic Entertainment)
Desura (HKLM-x32\...\Desura) (Version: 100.56 - Desura)
Desura: Absent (HKLM-x32\...\Desura_111995567210528) (Version: Full - fentonfilmgames)
Desura: Air Control (HKLM-x32\...\Desura_117591909597216) (Version: Full - killjoygames)
Desura: BANZAI PECAN: Last Hope for the Young Century (HKLM-x32\...\Desura_78945793867808) (Version: Full - SERIOUS*IMPACT WORKS)
Desura: BlindSide (HKLM-x32\...\Desura_77438260346912) (Version: Full - epicycle)
Desura: Collateral (HKLM-x32\...\Desura_73959336837152) (Version: Alpha - Dancing Dinosaur Games)
Desura: Frederic – Resurrection of Music (HKLM-x32\...\Desura_77107547865120) (Version: Full - Forever Entertainment S.A.)
Desura: Hippocampal (HKLM-x32\...\Desura_118764435669024) (Version: Full - freegamer)
Desura: MTBFreeride (HKLM-x32\...\Desura_101674760798240) (Version: Alpha - mtbfdeveloper)
Desura: ONE DAY for Ched (HKLM-x32\...\Desura_109311212650528) (Version: Full - BSL Team)
Desura: Orborun (HKLM-x32\...\Desura_114838835560480) (Version: Full release - Tiny Lab Productions)
Desura: Perdytacks (HKLM-x32\...\Desura_128187593916448) (Version: Full - AlexCrafter)
Desura: POP: Methodology Experiment One (HKLM-x32\...\Desura_75819057676320) (Version: Full - Rob Lach Games, LLC)
Desura: Project APT (HKLM-x32\...\Desura_120151710105632) (Version: Full - LittleDev_mac)
Desura: Space Slice (HKLM-x32\...\Desura_121191092191264) (Version: Full - codevikings entertainment)
Desura: The Lady (HKLM-x32\...\Desura_118571162140704) (Version: Full - MPR ART Hallucinations)
Desura: Tree Simulator 2013: Treeloaded (HKLM-x32\...\Desura_127212636340256) (Version: Full - Hero Games)
Desura: Whitewash (HKLM-x32\...\Desura_96477850370080) (Version: Full - OUSEGames)
DiRT 3 (HKLM-x32\...\Steam App 44320) (Version: - Codemasters Racing Studio)
DiRT Showdown (HKLM-x32\...\Steam App 201700) (Version: - Codemasters Racing Studio)
Dropbox (HKCU\...\Dropbox) (Version: 2.8.2 - Dropbox, Inc.)
Dual-Core Optimizer (HKLM-x32\...\{9FD6F1A8-5550-46AF-8509-271DF0E768B5}) (Version: 1.1.4.0169 - AMD)
Duty Calls (HKLM-x32\...\{0AEB967F-1D12-43C8-A59C-D93DA8EE4A4E}) (Version: 1.00.0000 - Duty Calls)
Edna & Harvey: The Breakout (HKLM-x32\...\Steam App 255320) (Version: - Daedalic Entertainment)
Electronic Super Joy (HKLM-x32\...\Steam App 244870) (Version: - Michael Todd Games)
English Country Tune (HKLM-x32\...\Steam App 207570) (Version: - increpare games)
ENSLAVED™: Odyssey to the West™ Premium Edition (HKLM-x32\...\Steam App 245280) (Version: - Ninja Theory)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version: - )
FEZ (HKLM-x32\...\Steam App 224760) (Version: - Polytron Corporation)
FileZilla Client 3.7.4.1 (HKLM-x32\...\FileZilla Client) (Version: 3.7.4.1 - Tim Kosse)
Finding Teddy (HKLM-x32\...\Steam App 259600) (Version: - LookAtMyGames)
FLY'N (HKLM-x32\...\Steam App 223730) (Version: - Ankama Play)
Foxit Cloud (HKLM-x32\...\{41914D8B-9D6E-4764-A1F9-BC43FB6782C1}_is1) (Version: 1.3.105.325 - Foxit Corporation)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.1.3.321 - Foxit Corporation)
Free to Play (HKLM-x32\...\Steam App 245550) (Version: - Valve)
Giana Sisters: Twisted Dreams (HKLM-x32\...\Steam App 223220) (Version: - Black Forest Games)
Gigabyte Raid Configurer (HKLM-x32\...\{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}) (Version: 1.00.0000 - Gigabyte Technology Corp.)
Go! Go! Nippon! ~My First Trip to Japan~ (HKLM-x32\...\Steam App 251870) (Version: - OVERDRIVE)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 35.0.1916.153 - Google Inc.)
Google Update Helper (x32 Version: 1.3.24.15 - Google Inc.) Hidden
Guacamelee! Gold Edition (HKLM-x32\...\Steam App 214770) (Version: - DrinkBox Studios)
Gun Metal (HKLM-x32\...\Steam App 267920) (Version: - Rage Software)
Gun Monkeys (HKLM-x32\...\Steam App 239450) (Version: - Size Five Games)
Half Minute Hero: Super Mega Neo Climax Ultimate Boy (HKLM-x32\...\Steam App 214830) (Version: - Opus )
Hamlet or the last game without MMORPG features, shaders and product placement (HKLM-x32\...\Steam App 222160) (Version: - mif2000)
Hell Yeah! (HKLM-x32\...\Steam App 205230) (Version: - Arkedo)
HFSExplorer 0.21 (HKLM-x32\...\HFSExplorer) (Version: 0.21 - Catacombae Software)
Home Sheep Home 2 (HKLM-x32\...\Steam App 259810) (Version: - Aardman Animations)
How to Survive (HKLM-x32\...\Steam App 250400) (Version: - )
Hydrophobia: Prophecy (HKLM-x32\...\Steam App 92000) (Version: - Dark Energy Digital Ltd.)
I Have No Mouth, and I Must Scream (HKLM-x32\...\Steam App 245390) (Version: - )
Ignite (HKLM-x32\...\Steam App 45410) (Version: - Nemesys Games)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel® Matrix Storage Manager (HKLM\...\{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}) (Version: - Intel Corporation)
Into the Dark (HKLM-x32\...\Steam App 266050) (Version: - Homegrown Games)
Intrusion 2 (HKLM-x32\...\Steam App 214970) (Version: - Aleksey Abramenko)
Ion Assault (HKLM-x32\...\Steam App 41730) (Version: - Coreplay GmbH)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}) (Version: 11.1.3.8 - Apple Inc.)
Java 7 Update 55 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217045FF}) (Version: 7.0.550 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
JDownloader 0.9 (HKLM-x32\...\5513-1208-7298-9440) (Version: 0.9 - AppWork GmbH)
Journey of a Roach (HKLM-x32\...\Steam App 255300) (Version: - Koboldgames)
KAMI (HKLM-x32\...\Steam App 272040) (Version: - State of Play Games)
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Krater (HKLM-x32\...\Steam App 42170) (Version: - Fatshark)
LEGO MARVEL Super Heroes (HKLM-x32\...\Steam App 249130) (Version: - Traveller's Tales)
LEVEL 22 (HKLM-x32\...\Steam App 293300) (Version: - Noego)
LinuxLive USB Creator (HKLM-x32\...\LinuxLive USB Creator) (Version: 2.8 - Thibaut Lauziere)
Little Inferno (HKLM-x32\...\Steam App 221260) (Version: - Tomorrow Corporation)
Little Racers STREET (HKLM-x32\...\Steam App 262690) (Version: - Milkstone Studios)
LocoCycle (HKLM-x32\...\Steam App 224040) (Version: - Twisted Pixel Games)
Loksim3D (HKLM\...\Loksim3D_is1) (Version: 2.8.2 - Loksim3D)
Ludwig (HKLM-x32\...\{CB538252-5341-44EC-AF17-AC1BA8341633}) (Version: 1.11 - ovos)
Luxuria Superbia (HKLM-x32\...\Steam App 269150) (Version: - Tale of Tales)
Magic Bullet Suite 64-bit (HKLM-x32\...\InstallShield_{2B092722-5855-466F-B7A5-8C5E64C64C77}) (Version: 11.0 - Red Giant Software)
Magic Bullet Suite 64-bit (Version: 11.0 - Red Giant Software) Hidden
Major Mayhem (HKLM-x32\...\Steam App 264340) (Version: - Rocket Jump)
MarkdownPad 2 (HKLM-x32\...\MarkdownPad 2 2.3.2.34663) (Version: 2.3.2.34663 - Apricity Software LLC)
MarkdownPad 2 (x32 Version: 2.3.2.34663 - Apricity Software LLC) Hidden
Master Reboot (HKLM-x32\...\Steam App 251850) (Version: - Wales Interactive)
Mechanic Escape (HKLM-x32\...\Steam App 268240) (Version: - Slak Games)
MediaInfo 0.7.65 (HKLM\...\MediaInfo) (Version: 0.7.65 - MediaArea.net)
Medieval CUE Splitter (HKLM-x32\...\{B96D2269-568B-4CBF-9332-12FAE8B158F7}) (Version: 1.2.0 - Medieval Software)
Megabyte Punch (HKLM-x32\...\Steam App 248550) (Version: - Reptile Games)
Miasmata (HKLM-x32\...\Steam App 223510) (Version: - IonFx)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{42AA4CA8-DCD8-4308-BCAB-0B6D75856A9D}) (Version: 3.5.95.0 - Microsoft Corporation)
Microsoft Games for Windows Marketplace (HKLM-x32\...\{67F42018-F647-4D3C-BE62-F8CB4FE2FCD5}) (Version: 3.5.67.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30214.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft XNA Framework Redistributable 3.1 (HKLM-x32\...\{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}) (Version: 3.1.10527.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Microsoft_VC80_ATL_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_ATL_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_CRT_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFC_x86_x64 (Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86 (x32 Version: 8.0.50727.4053 - Adobe) Hidden
Microsoft_VC80_MFCLOC_x86_x64 (Version: 80.50727.4053 - Adobe) Hidden
Microsoft_VC90_ATL_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_ATL_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_CRT_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86 (x32 Version: 1.00.0000 - Adobe) Hidden
Microsoft_VC90_MFCLOC_x86_x64 (Version: 1.00.0000 - Adobe) Hidden
Mirror's Edge™ (HKLM-x32\...\{AEDBD563-24BB-4EE3-8366-A654DAC2D988}) (Version: 1.0.1.0 - Electronic Arts)
MKVToolNix 6.6.0 (HKLM-x32\...\MKVToolNix) (Version: 6.6.0 - Moritz Bunkus)
Montas (HKLM-x32\...\Steam App 269350) (Version: - Organic Humans)
Mozilla Firefox 30.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 30.0 (x86 de)) (Version: 30.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MusicBrainz Picard (HKLM-x32\...\MusicBrainz Picard) (Version: 1.2 - MusicBrainz)
My Game Long Name (HKLM\...\DDG-b08f4bcd-aa9d-41f8-9a97-b52e97b6ca71) (Version: - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-1a851536-4cab-4a16-95df-89b2a24922c3) (Version: - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-42a55cca-ccb3-4469-8d0d-1f8ea656a389) (Version: - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-729b0ed7-af66-47b0-a2f7-45a87d2a219b) (Version: - Epic Games, Inc.)
My Game Long Name (HKLM\...\UDK-cb553afa-42e7-4096-b859-8175ece99e9a) (Version: - Epic Games, Inc.)
NVIDIA 3D Vision Controller-Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 337.88 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 337.88 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 337.88 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 337.88 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.157.1165 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (x32 Version: 9.13.1220 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA ShadowPlay 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (x32 Version: 7.17.12.6514 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 337.88 (Version: 337.88 - NVIDIA Corporation) Hidden
NVIDIA Update 14.6.22 (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 14.6.22 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.23 (Version: 1.2.23 - NVIDIA Corporation) Hidden
OpenAL (HKLM-x32\...\OpenAL) (Version: - )
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Oracle VM VirtualBox 4.3.8 (HKLM\...\{5D328A41-BFF8-4B78-B45E-5BEE1D133EF5}) (Version: 4.3.8 - Oracle Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.4.1.116 - Electronic Arts, Inc.)
PandoraRecovery (Remove Only) (HKLM-x32\...\PandoraRecovery) (Version: - )
Paragon HFS+ for Windows™ 10.3 (HKLM-x32\...\{456534C0-51E7-11DF-B336-005056C00008}) (Version: 1.00 - Paragon Software)
PDF Settings CS5 (x32 Version: 10.0 - Adobe Systems Incorporated) Hidden
Pid (HKLM-x32\...\Steam App 218740) (Version: - Might and Delight)
Portal 2 (HKLM-x32\...\Steam App 620) (Version: - Valve)
PostgreSQL 9.2 (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
Pressure (HKLM-x32\...\Steam App 224220) (Version: - Chasing Carrots)
Prince of Persia (HKLM-x32\...\Steam App 19980) (Version: - Ubisoft Montreal)
Project 64 version 2.1.0.1 (HKLM-x32\...\Project 64_is1) (Version: 2.1.0.1 - )
Proteus (HKLM-x32\...\Steam App 219680) (Version: - Ed Key and David Kanaga)
PxMergeModule (x32 Version: 1.00.0000 - Your Company Name) Hidden
Quantum Conundrum (HKLM-x32\...\Steam App 200010) (Version: - Airtight Games)
QuickTime (HKLM-x32\...\{B67BAFBA-4C9F-48FA-9496-933E3B255044}) (Version: 7.74.80.86 - Apple Inc.)
Race The Sun (HKLM-x32\...\Steam App 253030) (Version: - Flippfly LLC)
Rapture3D 2.4.11 Game (HKLM-x32\...\{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1) (Version: - Blue Ripple Sound)
REALTEK DTV USB DEVICE (HKLM-x32\...\{DDBB7C89-1A09-441E-AA0F-6AA465755C17}) (Version: 1.00.0000 - Realtek)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.49.927.2011 - Realtek)
Realtek Ethernet Diagnostic Utility (HKLM-x32\...\{DADC7AB0-E554-4705-9F6A-83EA82ED708E}) (Version: 1.006 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6662 - Realtek Semiconductor Corp.)
Recuva (HKLM\...\Recuva) (Version: 1.49 - Piriform)
Retro/Grade (HKLM-x32\...\Steam App 222660) (Version: - 24 Caret Games)
Rockstar Games Social Club (HKLM-x32\...\Rockstar Games Social Club) (Version: 1.1.0.6 - Rockstar Games)
Saboteur™ (HKLM-x32\...\{5C9A7E65-5B71-4C7F-876A-8C6AF9E9E23D}) (Version: 1.0.0.0 - Electronic Arts)
Saints Row IV (HKLM-x32\...\Steam App 206420) (Version: - Deep Silver Volition)
Samsung Magician (HKLM-x32\...\{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1) (Version: 4.4.0 - Samsung Electronics)
Samsung ML-1630 Series (HKLM-x32\...\Samsung ML-1630 Series) (Version: - Samsung Electronics CO.,LTD)
Savant - Ascent (HKLM-x32\...\Steam App 259530) (Version: - DPad Studios)
ScummVM 1.6.0 (HKLM-x32\...\ScummVM_is1) (Version: - The ScummVM Team)
SEGA Genesis & Mega Drive Classics (HKLM-x32\...\Steam App 34270) (Version: - Sega)
Sequence (HKLM-x32\...\Steam App 200910) (Version: - Iridium Studios)
Shank 2 (HKLM-x32\...\Steam App 102840) (Version: - Klei Entertainment)
SHIELD Streaming (Version: 2.1.214 - NVIDIA Corporation) Hidden
Sideway (HKLM-x32\...\Steam App 200190) (Version: - Playbrains)
Sine Mora (HKLM-x32\...\Steam App 207040) (Version: - Digital Reality)
SIW 2013 Home Edition (HKLM-x32\...\{AB67580-257C-45FF-B8F4-C8C30682091A}_is1) (Version: 2013.05.14 - Topala Software Solutions)
SkyDrift (HKLM-x32\...\Steam App 91100) (Version: - Digital Reality)
Skype™ 6.16 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.16.105 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version: - United Front Games)
Slip (HKLM-x32\...\Steam App 291070) (Version: - Handsome Games)
Sonic & All-Stars Racing Transformed (HKLM-x32\...\Steam App 212480) (Version: - Sumo Digital)
Source SDK (HKLM-x32\...\Steam App 211) (Version: - Valve)
Source SDK Base 2007 (HKLM-x32\...\Steam App 218) (Version: - Valve)
Spate (HKLM-x32\...\Steam App 269810) (Version: - Eric Provan - Ayyo Games)
Spirits (HKLM-x32\...\Steam App 210170) (Version: - Spaces of Play)
Stacking (HKLM-x32\...\Steam App 115110) (Version: - Double Fine Productions)
Steam (HKLM-x32\...\Steam) (Version: - Valve Corporation)
Steel Storm: Burning Retribution (HKLM-x32\...\Steam App 96200) (Version: - Kot in Action Creative Artel)
Syder Arcade (HKLM-x32\...\Steam App 252310) (Version: - Studio Evil)
Symphony (HKLM-x32\...\Steam App 207750) (Version: - Empty Clip Studios)
Syncios Version 3.0.3 (HKLM-x32\...\{068A5D84-8419-4BDE-9689-FE65F412EFBB}_is1) (Version: 3.0.3 - Anvsoft, Inc.)
System Requirements Lab for Intel (HKLM-x32\...\{53C63F43-B827-42D9-8886-4698D91EA33B}) (Version: 4.5.15.0 - Husdawg, LLC)
T.E.C. 3001 (HKLM-x32\...\Steam App 280910) (Version: - Phoenix Game Studio)
The Book of Unwritten Tales (HKLM-x32\...\Steam App 215160) (Version: - KING Art)
The Dream Machine (HKLM-x32\...\Steam App 94300) (Version: - The Sleeping Machine)
The Great Jitters: Pudding Panic (HKLM-x32\...\Steam App 296650) (Version: - kunst-stoff GmbH)
The Journey Down: Chapter One (HKLM-x32\...\Steam App 220090) (Version: - SkyGoblin)
The Maw (HKLM-x32\...\Steam App 26000) (Version: - Twisted Pixel Games)
The Path (HKLM-x32\...\Steam App 27000) (Version: - Tale of Tales)
The Plan (HKLM-x32\...\Steam App 250600) (Version: - Krillbite Studio)
The Shivah (HKLM-x32\...\Steam App 252370) (Version: - )
The Stanley Parable (HKLM-x32\...\Steam App 221910) (Version: - Galactic Cafe)
The Stanley Parable Demo (HKLM-x32\...\Steam App 247750) (Version: - Galactic Cafe)
The Swapper (HKLM-x32\...\Steam App 231160) (Version: - Olli Harjola, Otto Hantula, Tom Jubert, Carlo Castellano)
They Breathe (HKLM-x32\...\Steam App 294140) (Version: - The Working Parts)
Thomas Was Alone (HKLM-x32\...\Steam App 220780) (Version: - Mike Bithell)
Time Gentlemen, Please! (HKLM-x32\...\Steam App 37400) (Version: - Size Five Games)
Tom Clancy's Splinter Cell: Conviction (HKLM-x32\...\Steam App 33220) (Version: - Ubisoft Montreal)
Type:Rider (HKLM-x32\...\Steam App 258890) (Version: - Ex Nihilo)
Ultratron (HKLM-x32\...\Steam App 219190) (Version: - Puppygames)
Unity Web Player (HKCU\...\UnityWebPlayer) (Version: 4.5.1f3 - Unity Technologies ApS)
Unmechanical (HKLM-x32\...\Steam App 211180) (Version: - Talawa Games)
Uplay (HKLM-x32\...\Uplay) (Version: 4.3 - Ubisoft)
Vanguard Princess (HKLM-x32\...\Steam App 262150) (Version: - Tomoaki Sugeno)
Velvet Assassin (HKLM-x32\...\Steam App 16720) (Version: - Replay Studios)
VirtualCloneDrive (HKLM-x32\...\VirtualCloneDrive) (Version: 5.4.7.0 - Elaborate Bytes)
Viscera Cleanup Detail: Santas Rampage
Viscera Cleanup Detail: Santa's Rampage (HKLM-x32\...\Steam App 265210) (Version: - RuneStorm)
VLC media player 2.1.2 (HKLM\...\VLC media player) (Version: 2.1.2 - VideoLAN)
Volt (HKLM-x32\...\Steam App 290280) (Version: - Quantized Bit)
Waveform (HKLM-x32\...\Steam App 204180) (Version: - Eden Industries)
Windows Live ID Sign-in Assistant (HKLM\...\{9B48B0AC-C813-4174-9042-476A887592C7}) (Version: 6.500.3165.0 - Microsoft Corporation)
WinSCP 5.5.3 (HKLM-x32\...\winscp3_is1) (Version: 5.5.3 - Martin Prikryl)
X-Blades (HKLM-x32\...\Steam App 7510) (Version: - Topware Interactive)
Yet Another Cleaner! (HKLM-x32\...\iSafe) (Version: - ELEX DO BRASIL PARTICIPAÇÕES LTDA)
Zack Zero (HKLM-x32\...\Steam App 234290) (Version: - Crocodile Entertainment)
Zero Gear (HKLM-x32\...\Steam App 18820) (Version: - Brian Cronin)
==================== Restore Points =========================
24-06-2014 13:03:01 DirectX wurde installiert
26-06-2014 07:35:35 Installiert REALTEK DTV USB DEVICE
26-06-2014 07:36:02 Gerätetreiber-Paketinstallation: Realtek Semiconduct Corp. Eingabegeräte (Human Interface Devices)
26-06-2014 07:38:14 Installiert TotalMedia
27-06-2014 08:38:51 Installed Connect Service
28-06-2014 08:40:47 Installed Connect Service
04-07-2014 01:39:47 Windows Update
11-07-2014 07:14:38 Geplanter Prüfpunkt
==================== Hosts content: ==========================
2009-07-14 04:34 - 2014-01-07 21:38 - 00001290 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
127.0.0.1 practivate.adobe.com
127.0.0.1 ereg.adobe.com
127.0.0.1 activate.wip3.adobe.com
127.0.0.1 wip3.adobe.com
127.0.0.1 3dns-3.adobe.com
127.0.0.1 3dns-2.adobe.com
127.0.0.1 adobe-dns.adobe.com
127.0.0.1 adobe-dns-2.adobe.com
127.0.0.1 adobe-dns-3.adobe.com
127.0.0.1 ereg.wip3.adobe.com
127.0.0.1 activate-sea.adobe.com
127.0.0.1 wwis-dubc1-vip60.adobe.com
127.0.0.1 activate-sjc0.adobe.com
127.0.0.1 hl2rcv.adobe.com
==================== Scheduled Tasks (whitelisted) =============
Task: {0BEE99C6-A5CA-4869-977F-5CAC766231A5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
Task: {149BED8B-9AF6-4CC5-9620-761A007241BF} - System32\Tasks\elbyExecuteWithUAC => C:\Program Files (x86)\VirtualCloneDrive\ExecuteWithUAC.exe [2013-03-22] ()
Task: {31ED3174-D2A1-44CB-83C4-5F7DE8530606} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15] (Google Inc.)
Task: {875759E8-CEE3-4DA6-B1DC-1ECAE506EC0D} - System32\Tasks\SamsungMagician => C:\Program Files (x86)\Samsung Magician\Samsung Magician.exe [2014-05-19] (Samsung Electronics.)
Task: {AEE27F6D-F0E6-4879-8ACF-27F8F2C74AC7} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {C5D8D805-187C-456A-B7FE-6E27182A5DF2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {EE1D9BEC-72CC-47AE-BBC2-56BD5B7CC49C} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Loaded Modules (whitelisted) =============
2014-01-07 18:10 - 2014-05-20 03:25 - 00116568 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2009-10-30 06:08 - 2009-10-30 06:08 - 00022016 _____ () C:\Windows\System32\ml163sl6.dll
2014-01-07 23:34 - 2013-04-02 05:41 - 00176128 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2010-01-02 16:42 - 2010-01-02 16:42 - 00098304 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext_64.dll
2014-01-07 23:34 - 2012-08-14 15:31 - 01328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2014-01-07 22:52 - 2009-09-25 07:00 - 00614400 _____ () C:\Windows\Samsung\PanelMgr\SSMMgr.exe
2014-01-07 22:52 - 2008-08-27 21:22 - 00306688 _____ () C:\Windows\Samsung\PanelMgr\caller64.exe
2014-05-18 22:52 - 2011-11-07 10:52 - 00220944 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-daemon.exe
2014-05-18 22:52 - 2011-11-07 10:52 - 00036624 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\db_daemon.exe
2014-01-14 00:10 - 2013-12-03 09:34 - 00723456 _____ () C:\Program Files (x86)\Syncios\SynciosDeviceService.exe
2014-07-04 15:20 - 2014-06-27 11:51 - 02228896 _____ () C:\Program Files (x86)\iSafe\ipcdl.exe
2014-07-04 15:20 - 2014-06-27 11:53 - 00065696 _____ () C:\Program Files (x86)\iSafe\zlib1.dll
2014-07-04 15:20 - 2014-06-27 11:52 - 00092320 _____ () C:\Program Files (x86)\iSafe\curlpp.dll
2014-07-04 15:20 - 2014-06-27 11:53 - 00162464 _____ () C:\Program Files (x86)\iSafe\isafeupbiz.dll
2014-07-04 15:20 - 2014-06-27 11:52 - 00427168 _____ () C:\Program Files (x86)\iSafe\ipcproxy.dll
2014-07-04 15:20 - 2014-06-03 05:50 - 00176976 _____ () C:\Program Files (x86)\iSafe\tws\unrar.dll
2014-07-04 15:20 - 2014-06-03 05:50 - 00068432 _____ () C:\Program Files (x86)\iSafe\tws\zlib1.dll
2014-07-04 15:20 - 2014-06-03 05:50 - 00087744 _____ () C:\Program Files (x86)\iSafe\tws\unacev2.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2013-09-13 20:51 - 2013-09-13 20:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 13:35 - 2013-06-17 13:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 15:52 - 2013-05-08 15:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-02-11 21:29 - 2014-02-11 21:29 - 00093696 _____ () C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll
2014-05-18 22:52 - 2011-05-06 05:03 - 00594944 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\dbus-1.dll
2014-05-18 22:52 - 2011-11-07 10:39 - 00099328 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\itapi.dll
2014-05-18 22:52 - 2011-11-07 10:38 - 00027136 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\log.dll
2014-05-18 22:52 - 2010-10-14 11:37 - 00971776 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libxml2.dll
2014-05-18 22:52 - 2010-10-14 11:37 - 00080688 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\zlib1.dll
2014-05-18 22:52 - 2011-11-07 10:38 - 00055296 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\coder.dll
2014-05-18 22:52 - 2011-11-07 10:39 - 00043008 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\audio.dll
2014-05-18 22:52 - 2011-11-07 10:38 - 00035840 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libConfig.dll
2014-05-18 22:52 - 2011-11-07 10:43 - 00020992 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libctlsvr.dll
2014-06-26 09:38 - 2007-04-19 09:33 - 00035584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\uPiApi.dll
2009-07-13 23:03 - 2009-07-14 03:15 - 00364544 _____ () C:\Windows\SysWOW64\msjetoledb40.dll
2014-06-26 09:38 - 2008-11-26 16:59 - 00131584 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\AbilisWinUsb.dll
2014-06-26 09:38 - 2008-10-22 16:01 - 00200704 _____ () C:\Program Files (x86)\ArcSoft\TotalMedia 3.5\VendorCmdRW.dll
2014-07-15 12:12 - 2014-07-15 12:12 - 00043008 _____ () c:\users\holger\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7t_7c.dll
2013-08-23 21:01 - 2013-08-23 21:01 - 25100288 _____ () C:\Users\Holger\AppData\Roaming\Dropbox\bin\libcef.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 00716616 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libglesv2.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 00126280 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\libegl.dll
2014-07-04 15:20 - 2014-06-27 11:53 - 00184992 _____ () C:\Program Files (x86)\iSafe\libpng.dll
2014-01-09 09:22 - 2014-05-06 11:24 - 00013824 _____ () C:\Program Files (x86)\Samsung Magician\SAMSUNG_SSD.dll
2014-01-09 09:22 - 2014-05-19 20:20 - 00103424 _____ () C:\Program Files (x86)\Samsung Magician\PAL.dll
2014-01-09 09:22 - 2014-05-19 20:20 - 00039424 _____ () C:\Program Files (x86)\Samsung Magician\SATA.dll
2014-01-09 09:22 - 2014-05-19 20:19 - 00038400 _____ () C:\Program Files (x86)\Samsung Magician\SAT.dll
2014-01-09 09:22 - 2014-05-19 20:20 - 00031232 _____ () C:\Program Files (x86)\Samsung Magician\SMINI.dll
2014-01-09 09:22 - 2014-05-19 20:19 - 00029696 _____ () C:\Program Files (x86)\Samsung Magician\SAS.dll
2014-05-18 22:52 - 2007-09-09 17:07 - 00151552 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\libexpat.dll
2014-05-18 22:52 - 2011-05-06 05:02 - 00341504 _____ () C:\Program Files (x86)\congstar\Internet-Manager\Bin\sqlite3.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 04217672 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\pdf.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 00414536 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ppGoogleNaClPluginChrome.dll
2014-06-11 09:53 - 2014-06-05 15:58 - 01732424 _____ () C:\Program Files (x86)\Google\Chrome\Application\35.0.1916.153\ffmpegsumo.dll
2014-01-14 00:10 - 2013-12-19 18:09 - 00377344 _____ () C:\Program Files (x86)\Syncios\DuiLib.dll
2014-01-14 00:10 - 2013-10-27 00:02 - 00059904 _____ () C:\Program Files (x86)\Syncios\zlib.dll
2014-01-14 00:10 - 2013-10-27 00:00 - 00526848 _____ () C:\Program Files (x86)\Syncios\sqlite3.dll
2014-07-08 20:03 - 2014-07-08 08:18 - 14663856 _____ () C:\Users\Holger\AppData\Local\Google\Chrome\User Data\PepperFlash\14.0.0.145\pepflashplayer.dll
==================== Alternate Data Streams (whitelisted) =========
AlternateDataStreams: C:\Users\Holger\Lokale Einstellungen:Tng8MGfPjfuxyU9mV1Fgk1cU
AlternateDataStreams: C:\Users\Holger\AppData\Local:Tng8MGfPjfuxyU9mV1Fgk1cU
AlternateDataStreams: C:\Users\Holger\AppData\Local\Anwendungsdaten:Tng8MGfPjfuxyU9mV1Fgk1cU
AlternateDataStreams: C:\Users\Holger\AppData\Local\O4oI5SrM:dFMQEbRyKf4mO4sDXxZSDdM8KSZ
==================== Safe Mode (whitelisted) ===================
==================== EXE Association (whitelisted) =============
==================== MSCONFIG/TASK MANAGER disabled items =========
==================== Faulty Device Manager Devices =============
Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft-Teredo-Tunneling-Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.
Name: GIGABYTE GBB36X Controller
Description: GIGABYTE GBB36X Controller
Class Guid: {4d36e97b-e325-11ce-bfc1-08002be10318}
Manufacturer: JMicron Technology Corp.
Service: JRAID
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
==================== Event log errors: =========================
Application errors:
==================
Error: (07/14/2014 06:19:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"1".
Die abhängige Assemblierung "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/12/2014 09:16:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"1".
Die abhängige Assemblierung "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/11/2014 09:08:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"1".
Die abhängige Assemblierung "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/09/2014 02:37:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"1".
Die abhängige Assemblierung "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/08/2014 09:01:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"1".
Die abhängige Assemblierung "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/07/2014 09:16:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"1".
Die abhängige Assemblierung "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (07/06/2014 00:04:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Fehler beim Generieren des Aktivierungskontextes für "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"1".
Die abhängige Assemblierung "35.0.1916.114,language="*",type="win32",version="35.0.1916.114"" konnte nicht gefunden werden.
Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe".
Error: (06/24/2014 03:01:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm setup.exe, Version 2.1002.157.1165 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 14fc
Startzeit: 01cf8fac08b7a943
Endzeit: 4
Anwendungspfad: C:\Users\Holger\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\14.6.22.1\setup.exe
Berichts-ID: aa18a4ba-fb9f-11e3-833b-001a4d4f4bc6
Error: (06/24/2014 02:57:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm setup.exe, Version 2.1002.157.1165 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.
Prozess-ID: 15c
Startzeit: 01cf8fabbac9ca26
Endzeit: 5
Anwendungspfad: C:\Users\Holger\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\14.6.22.1\setup.exe
Berichts-ID: 257f8690-fb9f-11e3-833b-001a4d4f4bc6
Error: (06/23/2014 06:07:40 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
System errors:
=============
Error: (07/15/2014 00:12:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/15/2014 08:14:31 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/14/2014 08:54:43 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (07/14/2014 08:54:43 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Error: (07/14/2014 03:39:10 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk5\DR6 gefunden.
Error: (07/14/2014 01:58:05 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/13/2014 06:28:00 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/13/2014 03:54:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/12/2014 08:14:09 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error: (07/11/2014 08:46:49 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Microsoft Office Sessions:
=========================
Error: (07/14/2014 06:19:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 35.0.1916.114,language="*",type="win32",version="35.0.1916.114"c:\program files (x86)\Google\Chrome\application\old_chrome.exe
Error: (07/12/2014 09:16:43 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: 35.0.1916.114,language="*",type="win32",version="35.0.1916.114"c:\program files (x86)\Google\Chrome\application\old_chrome.exe
Error: (07/11/2014 09:08:46 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: 35.0.1916.114,language="*",type="win32",version="35.0.1916.114"c:\program files (x86)\Google\Chrome\application\old_chrome.exe
Error: (07/09/2014 02:37:21 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 35.0.1916.114,language="*",type="win32",version="35.0.1916.114"c:\program files (x86)\Google\Chrome\application\old_chrome.exe
Error: (07/08/2014 09:01:15 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: 35.0.1916.114,language="*",type="win32",version="35.0.1916.114"c:\program files (x86)\Google\Chrome\application\old_chrome.exe
Error: (07/07/2014 09:16:44 AM) (Source: SideBySide) (EventID: 33) (User: )
Description: 35.0.1916.114,language="*",type="win32",version="35.0.1916.114"c:\program files (x86)\Google\Chrome\application\old_chrome.exe
Error: (07/06/2014 00:04:47 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: 35.0.1916.114,language="*",type="win32",version="35.0.1916.114"c:\program files (x86)\Google\Chrome\application\old_chrome.exe
Error: (06/24/2014 03:01:37 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: setup.exe2.1002.157.116514fc01cf8fac08b7a9434C:\Users\Holger\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\14.6.22.1\setup.exeaa18a4ba-fb9f-11e3-833b-001a4d4f4bc6
Error: (06/24/2014 02:57:55 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: setup.exe2.1002.157.116515c01cf8fabbac9ca265C:\Users\Holger\AppData\Local\Temp\NVIDIA\GeForceExperienceSelfUpdate\14.6.22.1\setup.exe257f8690-fb9f-11e3-833b-001a4d4f4bc6
Error: (06/23/2014 06:07:40 PM) (Source: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe) (EventID: 1) (User: )
Description: C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exeCan't get user token [1008]
CodeIntegrity Errors:
===================================
Date: 2014-07-14 18:19:49.099
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-14 18:19:49.098
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-14 18:19:49.096
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-14 18:19:49.091
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-14 18:19:49.087
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-14 18:19:49.083
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-12 09:16:44.940
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-12 09:16:44.939
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-12 09:16:44.937
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
Date: 2014-07-12 09:16:44.933
Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume2\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.
==================== Memory info ===========================
Percentage of memory in use: 43%
Total physical RAM: 8190.49 MB
Available physical RAM: 4603.23 MB
Total Pagefile: 16379.16 MB
Available Pagefile: 11715.7 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (System_SSD) (Fixed) (Total:232.79 GB) (Free:79.92 GB) NTFS
Drive e: (altes System) (Fixed) (Total:117.19 GB) (Free:17.15 GB) NTFS ==>[System with boot components (obtained from reading drive)]
Drive f: (Video Daten) (Fixed) (Total:814.32 GB) (Free:179.56 GB) NTFS
Drive g: (2T - Systemplatzhalter) (Fixed) (Total:175.78 GB) (Free:99.76 GB) NTFS
Drive h: (2T - BackupPart) (Fixed) (Total:488.28 GB) (Free:46.53 GB) NTFS
Drive i: (2T- Arbeitsdaten) (Fixed) (Total:1198.95 GB) (Free:2.79 GB) NTFS
Drive j: (ARBEIT & Backup) (Fixed) (Total:2794.39 GB) (Free:12.44 GB) NTFS
Drive k: (ARBEIT & Backup 2) (Fixed) (Total:2794.39 GB) (Free:428.3 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 6E4D46BF)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=233 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 1863 GB) (Disk ID: B5AECF3E)
Partition 1: (Not Active) - (Size=176 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=-911659237376) - (Type=07 NTFS)
========================================================
Disk: 3 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 29689BC5)
Partition 1: (Active) - (Size=117 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=814 GB) - (Type=OF Extended)
========================================================
Disk: 4 (MBR Code: Windows 7 or 8) (Size: 2795 GB) (Disk ID: 00000000)
Partition: GPT Partition Type.
==================== End Of Log ============================
|
|
15.07.2014, 13:42
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "cj.dotomi.com" - Malware in Chrome (Win7) Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die mal fündig geworden? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Relevant sind nur Logs der letzten 7 Tage bzw. seitdem das Problem besteht! Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit. Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
15.07.2014, 13:44
| #5 |
| | Logfiles - Teil 2 GMER - erster Teil!!! Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-07-15 13:33:14
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Samsung_SSD_840_EVO_250GB rev.EXT0BB6Q 232,88GB
Running: mq628yop.exe; Driver: C:\Users\Holger\AppData\Local\Temp\kxlirpob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000153f00 7 bytes [00, 98, F3, FF, 01, A6, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000153f08 3 bytes [C0, 06, 02]
.text ... * 109
.text C:\Windows\System32\win32k.sys!BRUSHOBJ_pvGetRbrush + 432 fffff9600020ba18 8 bytes [58, 70, 2C, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!CLIPOBJ_bEnum + 740 fffff9600020bee8 8 bytes [14, 71, 2C, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngAcquireSemaphoreNoWait + 76 fffff9600020c578 8 bytes [E0, 71, 2C, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngIsSemaphoreSharedByCurrentThread + 24 fffff9600020c658 8 bytes [F8, 73, 2C, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngDeleteSafeSemaphore + 53 fffff9600020c729 7 bytes [7B, 2C, 04, 80, F8, FF, FF]
.text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 398 fffff96000212a92 3 bytes [FF, 25, C0]
.text C:\Windows\System32\win32k.sys!EngGetProcessHandle + 402 fffff96000212a96 2 bytes [04, 00]
.text C:\Windows\System32\win32k.sys!EngMarkBandingSurface + 60 fffff96000214598 8 bytes [28, 81, 2C, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngUnlockSurface + 52 fffff96000214698 8 bytes [38, 83, 2C, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngCreateEvent + 88 fffff9600021cf78 8 bytes [E4, 74, 2C, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetRgnBox + 48 fffff9600021d5c8 8 bytes [C8, 6D, 2C, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngGetFileChangeTime + 304 fffff9600021da48 8 bytes [C0, 79, 2C, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngFindResource + 840 fffff9600021dd98 8 bytes [A4, 7A, 2C, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngWideCharToMultiByte + 28 fffff9600021ddf8 8 bytes [D0, 76, 2C, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngDitherColor + 416 fffff9600023e368 8 bytes [74, 77, 2C, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngFileWrite + 76 fffff9600023e418 8 bytes [D8, 77, 2C, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngFileIoControl + 312 fffff9600023e558 8 bytes [F0, 78, 2C, 04, 80, F8, FF, ...]
.text C:\Windows\System32\win32k.sys!EngLoadModuleForWrite + 16 fffff9600024e628 8 bytes {CALL QWORD [RAX+0x42c7f64]}
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a51465 2 bytes [A5, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe[1400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a514bb 2 bytes [A5, 76]
.text ... * 2
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a51465 2 bytes [A5, 76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3792] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a514bb 2 bytes [A5, 76]
.text ... * 2
.text C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a51465 2 bytes [A5, 76]
.text C:\Program Files (x86)\congstar\Internet-Manager\Bin\mcserver.exe[3964] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a514bb 2 bytes [A5, 76]
.text ... * 2
.text C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe[1892] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076a51465 2 bytes [A5, 76]
.text C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe[1892] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076a514bb 2 bytes [A5, 76]
.text ... * 2
.text C:\Program Files (x86)\iSafe\iSafeTray.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a51465 2 bytes [A5, 76]
.text C:\Program Files (x86)\iSafe\iSafeTray.exe[3864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a514bb 2 bytes [A5, 76]
.text ... * 2
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770b11f5 8 bytes {JMP 0xd}
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770b1fd7 8 bytes {JMP 0xb}
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770b27d2 8 bytes {JMP 0x10}
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770b33c0 16 bytes {JMP 0x4e}
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077101380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077101500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077101530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077101700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077101f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Windows\SysWOW64\cmd.exe[5252] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770b11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770b1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770b27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770b33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770b3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770b3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770b4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077101380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077101500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077101530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077101700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077101f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5436] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770b11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770b1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770b27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770b33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770b3b85 8 bytes [10, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770b3d23 8 bytes [00, 6A, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770b4190 8 bytes [A0, 69, F8, FF, 00, 00, 00, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077101380 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077101500 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077101530 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077101700 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077101f80 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 8 bytes JMP 3f3f3f3f
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5528] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770b11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770b1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770b27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770b33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077101380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077101500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077101530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077101700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077101f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\plugin-nm-server.exe[5612] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770b11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770b1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770b27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770b33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077101380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077101500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077101530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077101700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077101f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a51465 2 bytes [A5, 76]
.text C:\Program Files (x86)\Syncios\SynciosDeviceService.exe[5712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a514bb 2 bytes [A5, 76]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770b11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770b1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770b27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770b33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077101380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077101500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077101530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077101700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077101f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076a51465 2 bytes [A5, 76]
.text C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe[5864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 0000000076a514bb 2 bytes [A5, 76]
.text ... * 2
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770b11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770b1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770b27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770b33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077101380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077101500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077101530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077101700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077101f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iSafe\ipcdl.exe[1444] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3
|
|
15.07.2014, 14:07
| #6 |
| | logfiles - Teil 3 GMER - Zweiter Teil!! Code:
ATTFilter 0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000770b11f5 8 bytes {JMP 0xd}
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000770b1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000770b143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000770b158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000770b191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000770b1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000770b1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000770b1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000770b1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000770b1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000770b1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000770b1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000770b1fd7 8 bytes {JMP 0xb}
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000770b2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000770b2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000770b2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000770b27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000770b27d2 8 bytes {JMP 0x10}
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000770b282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000770b2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000770b2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000770b2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000770b3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000770b323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000770b33c0 16 bytes {JMP 0x4e}
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000770b3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000770b3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000770b3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000770b3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000770b4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077101380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077101500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077101530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077101650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077101700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077101d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077101f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000771027e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 0000000074b913cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 0000000074b9146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 0000000074b916d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 0000000074b916e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 0000000074b919db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 0000000074b919fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 0000000074b91a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 0000000074b91a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 0000000074b91a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Holger\Desktop\Virus-Problem 07-2014\mq628yop.exe[9104] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 0000000074b91a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
---- Processes - GMER 2.1 ----
Library C:\Users\Holger\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll (*** suspicious ***) @ C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe [1892](2014-01-03 01:09:26) 0000000004030000
Library c:\users\holger\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmph7t_7c.dll (*** suspicious ***) @ C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe [1892](2014-07-15 10:12:14) 0000000003d80000
Library C:\Users\Holger\AppData\Roaming\Dropbox\bin\libcef.dll (*** suspicious ***) @ C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe [1892](2013-08-23 19:01:44) 000000005f510000
Library C:\Users\Holger\AppData\Roaming\Dropbox\bin\icudt.dll (*** suspicious ***) @ C:\Users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe [1892] (ICU Data DLL/The ICU Project)(2013-08-23 19:01:42) 000000005eb80000
---- EOF - GMER 2.1 ----
nein, ich habe leider keine anderen Logs. Kaspersky hat nicht Alarm geschlagen, aber ich hab auch bisher keinen Scan ausgeführt. Weil ich so schnell eine "Lösung" im Netz gefunden hatte, habe ich dann keine Scans ausgeführt... :-( |
|
15.07.2014, 14:07
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "cj.dotomi.com" - Malware in Chrome (Win7) Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.07.2014, 14:08
| #8 |
| | neues Symptom? Ich kann jetzt nicht sicher sagen, ob es mit dem ganzen in Zusammenhang steht, aber etwas seltsames ist passiert: Plötzlich sind von zwei Programmen die Verknüpfungen im Startmenü und in der Schnellstartleiste ungültig: "Das Element kann nicht geöffnet werden". Die Verknüpfung verweist auf folgenden Pfad: C:\Users\Holger\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu  |
|
15.07.2014, 14:10
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "cj.dotomi.com" - Malware in Chrome (Win7) Mach bitte mit combofix weiter
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.07.2014, 14:32
| #10 |
| | "cj.dotomi.com" - Malware in Chrome (Win7) hier der Combofix-log: Code:
ATTFilter ComboFix 14-07-15.03 - Holger 15.07.2014 15:13:23.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.8190.6367 [GMT 2:00]
ausgeführt von:: c:\users\Holger\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Holger\AppData\Roaming\FoxitReaderUpdateInfo.txt
I:\install.exe
K:\install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2014-06-15 bis 2014-07-15 ))))))))))))))))))))))))))))))
.
.
2014-07-15 11:06 . 2014-07-15 11:09 -------- d-----w- C:\FRST
2014-07-07 19:57 . 2014-07-07 19:57 -------- d-----w- c:\users\Holger\AppData\Local\Macromedia
2014-07-07 19:54 . 2014-07-07 19:54 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-07 19:54 . 2014-07-07 19:54 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-07-07 19:54 . 2014-07-07 19:54 -------- d-----w- c:\windows\system32\Macromed
2014-07-04 13:21 . 2014-07-04 13:21 -------- d-----w- c:\users\Holger\AppData\Roaming\eCyber
2014-07-04 13:20 . 2014-07-04 13:20 -------- d-----w- c:\windows\system32\log
2014-07-04 13:20 . 2014-06-27 09:54 44544 ----a-w- c:\windows\system32\drivers\iSafeKrnlBoot.sys
2014-07-04 13:20 . 2014-07-15 13:19 -------- d-----w- c:\program files (x86)\iSafe
2014-07-04 13:20 . 2014-07-15 11:36 -------- d-----w- c:\users\Holger\AppData\Roaming\iSafe
2014-07-04 01:40 . 2014-06-05 10:54 10779000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{04AACC40-0D67-4F31-90C2-92F6C5625D5D}\mpengine.dll
2014-06-27 08:38 . 2014-06-27 08:38 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Startmenü
2014-06-27 08:38 . 2014-06-27 08:38 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Lokale Einstellungen
2014-06-27 08:38 . 2014-06-27 08:38 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Anwendungsdaten
2014-06-26 07:41 . 2014-06-26 07:41 -------- d-----w- c:\users\Holger\AppData\Local\ArcSoft
2014-06-26 07:38 . 2014-06-26 07:41 -------- d-----w- c:\users\Holger\AppData\Roaming\ArcSoft
2014-06-26 07:38 . 2014-06-28 08:40 -------- d-----w- c:\programdata\ArcSoft
2014-06-26 07:38 . 2006-09-18 06:50 22784 ----a-w- c:\windows\SysWow64\drivers\afc.sys
2014-06-26 07:38 . 2014-06-26 07:38 -------- d-----w- c:\program files (x86)\ArcSoft
2014-06-26 07:38 . 2005-07-16 00:35 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2014-06-26 07:38 . 2003-03-18 20:14 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2014-06-26 07:38 . 2003-02-21 02:42 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2014-06-26 07:38 . 2014-06-26 07:38 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2014-06-26 07:36 . 2001-09-05 02:18 77824 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\ctor.dll
2014-06-26 07:36 . 2001-09-05 02:18 225280 ----a-w- c:\program files (x86)\Common Files\InstallShield\IScript\iscript.dll
2014-06-26 07:36 . 2001-09-05 02:14 176128 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\iuser.dll
2014-06-26 07:36 . 2001-09-05 02:13 32768 ----a-w- c:\program files (x86)\Common Files\InstallShield\Engine\6\Intel 32\objectps.dll
2014-06-25 10:01 . 2014-06-25 10:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-06-24 13:18 . 2014-05-19 23:10 601432 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2014-06-24 13:03 . 2014-06-24 13:03 -------- d-----w- c:\users\Holger\AppData\Local\NVIDIA Corporation
2014-06-24 13:02 . 2014-05-29 23:07 1291232 ----a-w- c:\windows\SysWow64\nvspbridge.dll
2014-06-24 13:02 . 2014-05-29 23:07 1122312 ----a-w- c:\windows\SysWow64\nvspcap.dll
2014-06-24 13:02 . 2014-05-29 23:07 1715176 ----a-w- c:\windows\system32\nvspbridge64.dll
2014-06-24 13:02 . 2014-05-29 23:07 1279480 ----a-w- c:\windows\system32\nvspcap64.dll
2014-06-24 13:02 . 2014-03-31 16:42 40392 ----a-w- c:\windows\system32\drivers\nvvad64v.sys
2014-06-24 13:02 . 2014-03-31 16:42 34760 ----a-w- c:\windows\SysWow64\nvaudcap32v.dll
2014-06-15 20:52 . 2014-06-15 20:52 -------- d-----w- c:\programdata\ovos
2014-06-15 20:49 . 2014-06-15 20:49 -------- d-----w- c:\users\Holger\AppData\Roaming\ovos
2014-06-15 16:18 . 2014-06-15 16:22 -------- d-----w- C:\chrome addons-NEU-INSTALL
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-20 02:44 . 2014-01-07 16:10 61216 ----a-w- c:\windows\system32\OpenCL.dll
2014-05-20 02:44 . 2014-01-07 16:10 52056 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-05-20 02:44 . 2014-01-07 16:08 18531568 ----a-w- c:\windows\system32\nvwgf2umx.dll
2014-05-20 02:44 . 2014-01-07 16:08 952952 ----a-w- c:\windows\system32\nvumdshimx.dll
2014-05-20 02:44 . 2014-01-07 16:08 3109248 ----a-w- c:\windows\system32\nvapi64.dll
2014-05-20 02:44 . 2014-01-07 16:08 2730208 ----a-w- c:\windows\SysWow64\nvapi.dll
2014-05-20 02:44 . 2014-01-07 16:08 14434704 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2014-05-20 01:25 . 2014-01-07 16:10 6769096 ----a-w- c:\windows\system32\nvcpl.dll
2014-05-20 01:25 . 2014-01-07 16:10 3514144 ----a-w- c:\windows\system32\nvsvc64.dll
2014-05-20 01:25 . 2014-01-07 16:10 927520 ----a-w- c:\windows\system32\nvvsvc.exe
2014-05-20 01:25 . 2014-01-07 16:10 62808 ----a-w- c:\windows\system32\nvshext.dll
2014-05-20 01:25 . 2014-01-07 16:10 387528 ----a-w- c:\windows\system32\nvmctray.dll
2014-05-20 01:25 . 2014-01-07 16:10 2560968 ----a-w- c:\windows\system32\nvsvcr.dll
2014-05-16 07:00 . 2014-01-07 16:25 93223848 ----a-w- c:\windows\system32\MRT.exe
2014-05-14 23:49 . 2014-01-07 16:10 3774821 ----a-w- c:\windows\system32\nvcoproc.bin
2014-05-09 06:14 . 2014-05-16 06:59 477184 ----a-w- c:\windows\system32\aepdu.dll
2014-05-09 06:11 . 2014-05-16 06:59 424448 ----a-w- c:\windows\system32\aeinv.dll
2014-05-08 07:14 . 2014-05-16 07:02 23134208 ----a-w- c:\windows\system32\mshtml.dll
2014-05-08 06:37 . 2014-05-16 07:02 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-05-08 05:27 . 2014-05-16 07:02 2724864 ----a-w- c:\windows\SysWow64\mshtml.tlb
2014-05-08 04:57 . 2014-05-16 07:02 84992 ----a-w- c:\windows\system32\mshtmled.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Holger\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Holger\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\Holger\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleChromeAutoLaunch_B33ACFFF58BD8F830B4B32B31CD43895"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2014-06-05 860488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\ssmmgr.exe" [2009-09-25 614400]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-09-13 59720]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"36X Raid Configurer"="c:\windows\SysWOW64\xRaidSetup.exe" [2007-11-19 1966080]
"Syncios device service"="c:\program files (x86)\Syncios\SynciosDeviceService.exe" [2013-12-03 723456]
"HFS Activator"="c:\program files (x86)\Paragon Software\HFS+ for Windows 10.3\activation\hfsactivator.exe" [2014-02-17 245456]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
.
c:\users\Holger\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Holger\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
Samsung Magician.lnk - c:\windows\system32\schtasks.exe /run /tn SamsungMagician [2014-1-8 285696]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MCtlSvc.lnk - c:\program files (x86)\congstar\Internet-Manager\Bin\mcserver.exe [2014-5-18 60688]
TMMonitor.lnk - c:\program files (x86)\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2014-6-26 268864]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 Desura Install Service;Desura Install Service;c:\program files (x86)\Common Files\Desura\desura_service.exe;c:\program files (x86)\Common Files\Desura\desura_service.exe [x]
R3 Hfsplus;Hfsplus;c:\windows\system32\DRIVERS\hfsplus.sys;c:\windows\SYSNATIVE\DRIVERS\hfsplus.sys [x]
R3 HSPADataCardusbmdm;HSPADataCard Proprietary USB Driver;c:\windows\system32\DRIVERS\HSPADataCardusbmdm.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbmdm.sys [x]
R3 HSPADataCardusbnmea;HSPADataCard NMEA Port;c:\windows\system32\DRIVERS\HSPADataCardusbnmea.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbnmea.sys [x]
R3 HSPADataCardusbser;HSPADataCard Diagnostic Port;c:\windows\system32\DRIVERS\HSPADataCardusbser.sys;c:\windows\SYSNATIVE\DRIVERS\HSPADataCardusbser.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 iSafeKrnlBoot;iSafeKrnl Boot Driver;c:\windows\system32\DRIVERS\iSafeKrnlBoot.sys;c:\windows\SYSNATIVE\DRIVERS\iSafeKrnlBoot.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys;c:\windows\SYSNATIVE\drivers\massfilter.sys [x]
R3 netr7364;RT73-Drahtlostreiber für Vista von Conceptronic;c:\windows\system32\DRIVERS\netr7364.sys;c:\windows\SYSNATIVE\DRIVERS\netr7364.sys [x]
R3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys;c:\windows\SYSNATIVE\DRIVERS\point64.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 RTL2832U_IRHID;HID Infrared Remote Receiver;c:\windows\system32\DRIVERS\RTL2832U_IRHID.sys;c:\windows\SYSNATIVE\DRIVERS\RTL2832U_IRHID.sys [x]
R3 RTL2832UBDA;REALTEK 2832U BDA Driver;c:\windows\system32\drivers\RTL2832UBDA.sys;c:\windows\SYSNATIVE\drivers\RTL2832UBDA.sys [x]
R3 RTL2832UUSB;REALTEK 2832U USB Driver;c:\windows\system32\Drivers\RTL2832UUSB.sys;c:\windows\SYSNATIVE\Drivers\RTL2832UUSB.sys [x]
R3 RTTEAMPT;Realtek Teaming Protocol Driver (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 RTVLANPT;Realtek Vlan Protocol Driver (NDIS 6.2);c:\windows\system32\DRIVERS\RtVlan620.sys;c:\windows\SYSNATIVE\DRIVERS\RtVlan620.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TEAM;Realtek Virtual Miniport Driver for Teaming (NDIS 6.0);c:\windows\system32\DRIVERS\RtTeam60.sys;c:\windows\SYSNATIVE\DRIVERS\RtTeam60.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S0 apmwin;apmwin;c:\windows\system32\DRIVERS\apmwin.sys;c:\windows\SYSNATIVE\DRIVERS\apmwin.sys [x]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys;c:\windows\SYSNATIVE\drivers\BMLoad.sys [x]
S0 gpt_loader;GUID Partition table support driver;c:\windows\system32\DRIVERS\gpt_loader.sys;c:\windows\SYSNATIVE\DRIVERS\gpt_loader.sys [x]
S0 mounthlp;Mounter helper driver for HFS+ volumes;c:\windows\system32\DRIVERS\mounthlp.sys;c:\windows\SYSNATIVE\DRIVERS\mounthlp.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys;c:\windows\SYSNATIVE\Drivers\PxHlpa64.sys [x]
S1 iSafeKrnl;iSafeKrnl;c:\program files (x86)\iSafe\iSafeKrnl.sys;c:\program files (x86)\iSafe\iSafeKrnl.sys [x]
S1 iSafeKrnlKit;iSafeKrnl Kit Driver;c:\program files (x86)\iSafe\iSafeKrnlKit.sys;c:\program files (x86)\iSafe\iSafeKrnlKit.sys [x]
S1 iSafeKrnlR3;iSafeKrnl Ring3 Driver;c:\program files (x86)\iSafe\iSafeKrnlR3.sys;c:\program files (x86)\iSafe\iSafeKrnlR3.sys [x]
S1 iSafeNetFilter;iSafeNetFilter;c:\program files (x86)\iSafe\iSafeNetFilter.sys;c:\program files (x86)\iSafe\iSafeNetFilter.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxUSBMon.sys [x]
S2 FoxitCloudUpdateService;Foxit Cloud Safe Update Service;c:\program files (x86)\Foxit Reader\Foxit Cloud\FCUpdateService.exe;c:\program files (x86)\Foxit Reader\Foxit Cloud\FCUpdateService.exe [x]
S2 HfsplusRec;HfsplusRec;c:\windows\system32\DRIVERS\hfsplusrec.sys;c:\windows\SYSNATIVE\DRIVERS\hfsplusrec.sys [x]
S2 iSafeService;iSafeService;c:\program files (x86)\iSafe\iSafeSvc.exe;c:\program files (x86)\iSafe\iSafeSvc.exe [x]
S2 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
S2 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
S2 postgresql-x64-9.2;postgresql-x64-9.2 - PostgreSQL Server 9.2;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w;C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N postgresql-x64-9.2 -D C:/Program Files/PostgreSQL/9.2/data -w [x]
S2 RtNdPt60;Realtek NDIS Protocol Driver;c:\windows\system32\DRIVERS\RtNdPt60.sys;c:\windows\SYSNATIVE\DRIVERS\RtNdPt60.sys [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-06-11 07:53 1091912 ----a-w- c:\program files (x86)\Google\Chrome\Application\35.0.1916.153\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15 10:34]
.
2014-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-02-15 10:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Holger\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Holger\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Holger\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 164016 ----a-w- c:\users\Holger\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvBackend"="c:\program files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe" [2014-05-29 2352072]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 12503184]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"apmwinapp"="c:\program files (x86)\Paragon Software\HFS+ for Windows 10.3\apmwinsrv.exe" [2014-02-17 66768]
"ShadowPlay"="c:\windows\system32\nvspcap64.dll" [2014-05-29 1279480]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
uDefault_Page_URL = about:blank
mDefault_Search_URL = hxxp://www.google.com
mDefault_Page_URL = about:blank
mStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\users\Holger\AppData\Roaming\Mozilla\Firefox\Profiles\5e9x09cb.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: browser.search.selectedEngine - Google
.
.
------- Dateityp-Verknüpfung -------
.
JSEFile=%SystemRoot%\SysWow64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-iPhone PC Suite - c:\program files (x86)\Iphone PC-Suite\iPhone\iPhone PC Suite.exe
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\postgresql-x64-9.2]
"ImagePath"="C:/Program Files/PostgreSQL/9.2/bin/pg_ctl.exe runservice -N \"postgresql-x64-9.2\" -D \"C:/Program Files/PostgreSQL/9.2/data\" -w"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-486211714-1698053076-470721747-1001\Software\SecuROM\License information*]
"datasecu"=hex:9f,24,f2,74,b9,49,4b,6c,5c,17,aa,04,c3,06,22,6a,c7,d4,3d,26,15,
1e,37,73,2e,dc,7d,c4,74,94,79,d9,ed,3c,7f,8b,bd,f4,43,4f,97,f7,1b,07,66,38,\
"rkeysecu"=hex:5e,52,d0,78,89,ed,ea,a5,ca,09,33,36,1d,48,15,f7
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-07-15 15:23:46
ComboFix-quarantined-files.txt 2014-07-15 13:23
.
Vor Suchlauf: 18 Verzeichnis(se), 89.131.597.824 Bytes frei
Nach Suchlauf: 21 Verzeichnis(se), 91.953.926.144 Bytes frei
.
- - End Of File - - 90EEB14B3E5C2CF60CA3AF49FA618BC1
A36C5E4F47E84449FF07ED3517B43A31
Kaspersky war deaktiviert, aber leider lief noch YAC (yet another cleaner) und meldete sich wegen einer registry-Änderung. Ich habe ihn daraufhin sofort deaktiviert (während combofix lief). War das ok? Oder lieber nochmal Combofix laufen lassen? |
|
15.07.2014, 14:48
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "cj.dotomi.com" - Malware in Chrome (Win7)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.07.2014, 19:31
| #12 |
| | "cj.dotomi.com" - Malware in Chrome (Win7) Oh...  das hatte mir ein Freund installiert, ich selber verwende das gar nicht. Brauch ich für nix, also jetzt weg damit... für deine Hilfe! Ich habe gerade den Rechner wieder gestartet, es scheint alles wieder normal zu funktionieren, keine der beschriebenen Symptome mehr vorhanden. Kann das sein, das ComboFix alle Reste der Malware entfernt hat? Oder sollte ich nochmal irgendeine Software zum Checken durchlaufen lassen? ohh, nein, leider doch noch da. :-( Komisch... ein paar Minuten lang kamen immer die korrekten Links. Jetzt kommt bei den gleichen Links wieder cj.dotomi.com... Und Chrome hat die Einstellung "Beim Start zuletzt angesehene Seiten öffnen" beibehalten...  Tatsächlich ist es mit den Links eher mehr als weniger geworden... Teilweise erfolgt jetzt auch eine Umleitung zu hxxp://action.metaffiliation.com/trk.php?mclic=P49C8F5271C91513&argsite=at102799_a134304_m4_p3439_t33&redir=http%3A%2F%2Fwww.yac.mx%2Fen%2Fguides%2Fbrowser-hijacker-removal%2F20140421-how-to-remove-cj.dotomi.com-from-Chrome.html |
|
15.07.2014, 23:40
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "cj.dotomi.com" - Malware in Chrome (Win7) Bitte lesen => http://www.trojaner-board.de/95393-c...-software.html Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.07.2014, 10:42
| #14 |
| | "cj.dotomi.com" - Malware in Chrome (Win7) hallo cosinus. also, alle Adobe-Programme sind deinstalliert (außer Freeware: Reader, Flash Player, AIR). Und ansonsten befindet sich keine illegale Software auf meinem Rechner. |
|
16.07.2014, 10:44
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | "cj.dotomi.com" - Malware in Chrome (Win7) Adware/Junkware/Toolbars entfernen 1. Schritt: adwCleaner Downloade Dir bitte  AdwCleaner auf deinen Desktop.
2. Schritt: JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
3. Schritt: Frisches Log mit FRST Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
Linear-Darstellung
