Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7: Kaspersky findet C:\$RECYCLEBIN Trojaner und E-Mail account gehackt? (https://www.trojaner-board.de/152165-windows-7-kaspersky-findet-c-recyclebin-trojaner-e-mail-account-gehackt.html)

MrStewart 07.04.2014 20:33
Windows 7: Kaspersky findet C:\$RECYCLEBIN Trojaner und E-Mail account gehackt?
 
Hallo, ich kam gerade von der Arbeit und ging an meinen PC als ich bei Kaspersky 2 Probleme gefunden habe, es wurden Trojaner mit dem namen C:\$RECYCLEBIN gefunden, der Name war länger aber ich habe Sie gleich bereinigt, weshalb ich jetzt den vollständigen Namen habe. Außerdem wurde mein web.de Konto eingefroren, weil laut BSI Datenklau betrieben wurde und ich eventuell betroffen bin. Ich habe wie bei web.de schon steht die Seite https://www.sicherheitstest.bsi.de/ geöffnet und einen Code zur Überprüfung erhalten, kann jedoch meine mails nicht checken und somit auch nicht sehen, ob ich denn nun eine E-Mail mit Code bekommen habe und betroffen bin. Jedenfalls geht es mir in erster Linie um die von Kaspersky gefundenen Trojaner. Logfiles folgen (als Archiv, weil zu viele Zeichen)


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by Thomas (administrator) on THOMAS-PC on 07-04-2014 21:11:43
Running from C:\Users\Thomas\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
() C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Akamai Technologies, Inc.) C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe
() C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
(Akamai Technologies, Inc.) C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPop3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Xfire Inc.) D:\Games\Xfire\Xfire.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Xfire Inc.) D:\Games\Xfire\Xfire.exe
() D:\Games\Xfire\xfire64.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
() C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
() C:\Program Files (x86)\Garena Plus\ggdllhost.exe
() C:\Program Files (x86)\Garena Plus\bbtalk\BBtalk.exe
() C:\Users\Thomas\Downloads\Defogger.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] - C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [NUSB3MON] - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-555805604-3510725378-1460008320-1000\...\Run: [KiesPreload] - C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKU\S-1-5-21-555805604-3510725378-1460008320-1000\...\Run: [KiesAirMessage] - C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup
HKU\S-1-5-21-555805604-3510725378-1460008320-1000\...\Run: [] - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [1106288 2013-05-23] (Samsung)
HKU\S-1-5-21-555805604-3510725378-1460008320-1000\...\Run: [KPeerNexonEU] - C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-06-01] (NEXON Inc.)
HKU\S-1-5-21-555805604-3510725378-1460008320-1000\...\Run: [AmazonMP3DownloaderHelper] - C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-555805604-3510725378-1460008320-1000\...\Run: [Akamai NetSession Interface] - C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe [4672920 2014-03-06] (Akamai Technologies, Inc.)
HKU\S-1-5-21-555805604-3510725378-1460008320-1000\...\Run: [GarenaPlus] - C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9899312 2014-02-26] ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x034290AEA204CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Expat Shield Class - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - C:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll No File
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\snvoem5g.default
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: GFACE Experience Plugin - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\snvoem5g.default\Extensions\cryenginebrowserplugin@crytek.com [2013-11-07]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\snvoem5g.default\Extensions\ich@maltegoetz.de [2013-12-12]
FF Extension: ProxTube - Unblock YouTube - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\snvoem5g.default\Extensions\{2541D29A-DB9E-4c1e-949A-31EFB4AEF4E7} [2013-12-07]
FF Extension: ReloadEvery - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\snvoem5g.default\Extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi [2013-02-06]
FF Extension: SoundCloud Downloader - Technowise - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\snvoem5g.default\Extensions\{c8d3bc80-0810-4d21-a2c2-be5f2b2832ac}.xpi [2013-08-12]
FF Extension: Gfire WebGame Detection Plugin - C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\snvoem5g.default\Extensions\{e1f9ea30-0906-11df-8a39-0800200c9a66}.xpi [2014-03-11]
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: Kaspersky URL Advisor - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-04-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: Virtual Keyboard - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-04-06]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: Dangerous Websites Blocker - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-04-06]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-04-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-04-06]

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-07]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-07]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-07]
CHR Extension: (Google-Suche) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-07]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-05-20]
CHR Extension: (Virtuelle Tastatur) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-05-20]
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Google Mail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-07]
CHR Extension: (Anti-Banner) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-05-20]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2013-05-20]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4788272 2013-11-19] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2013-11-27] ()

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-06] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-04-06] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-04-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-04-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-04-06] (Kaspersky Lab ZAO)
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-04-07 21:11 - 2014-04-07 21:12 - 00021174 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-04-07 21:11 - 2014-04-07 21:11 - 00000000 ____D () C:\FRST
2014-04-07 21:10 - 2014-04-07 21:11 - 00000474 _____ () C:\Users\Thomas\Downloads\defogger_disable.log
2014-04-07 21:10 - 2014-04-07 21:10 - 00000000 _____ () C:\Users\Thomas\defogger_reenable
2014-04-07 21:09 - 2014-04-07 21:09 - 00050477 _____ () C:\Users\Thomas\Downloads\Defogger.exe
2014-04-07 21:05 - 2014-04-07 21:05 - 02157056 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2014-04-07 21:05 - 2014-04-07 21:05 - 00380416 _____ () C:\Users\Thomas\Downloads\kmhuvc89.exe
2014-04-07 21:04 - 2014-04-07 21:04 - 00686048 _____ () C:\Users\Thomas\Downloads\ZipExtractorSetup.exe
2014-04-06 15:44 - 2014-04-06 16:00 - 00002330 _____ () C:\Users\Thomas\Desktop\Sicherer Zahlungsverkehr.lnk
2014-04-06 15:43 - 2014-04-06 15:43 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-04-06 15:43 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-04-06 15:42 - 2014-04-06 15:49 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-04-06 15:42 - 2014-04-06 15:49 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-04-06 15:42 - 2014-04-06 15:42 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-04-06 15:42 - 2014-04-06 15:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-06 15:38 - 2014-04-06 15:38 - 00000000 ___SD () C:\Users\Thomas\Documents\Passwords Database
2014-04-06 15:34 - 2014-04-06 15:35 - 257813336 _____ () C:\Users\Thomas\Downloads\kis14.0.0.4651de-de.exe
2014-04-05 02:12 - 2014-04-05 02:12 - 00000787 _____ () C:\Users\Public\Desktop\Dead Space.lnk
2014-03-29 05:58 - 2014-03-29 05:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-26 00:39 - 2014-03-26 00:39 - 00000045 _____ () C:\Users\Thomas\jagex_cl_oldschool_LIVE.dat
2014-03-21 12:54 - 2014-03-21 12:54 - 00003154 _____ () C:\Windows\System32\Tasks\{E6764E91-05D9-4792-AA37-D49962713AAD}
2014-03-19 01:45 - 2014-03-19 01:45 - 00000012 _____ () C:\Users\Thomas\Desktop\Teink.txt
2014-03-17 21:46 - 2014-03-18 00:43 - 00000000 ____D () C:\Users\Thomas\Documents\FIFA World
2014-03-16 13:14 - 2014-03-16 13:14 - 00000000 ____D () C:\ProgramData\Codemasters
2014-03-16 02:22 - 2014-03-16 02:22 - 02634152 _____ () C:\Users\Thomas\Downloads\mp3tagv258setup.exe
2014-03-12 16:15 - 2014-03-01 08:05 - 23133696 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-03-12 16:15 - 2014-03-01 07:17 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-03-12 16:15 - 2014-03-01 07:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-03-12 16:15 - 2014-03-01 06:58 - 02765824 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-03-12 16:15 - 2014-03-01 06:52 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-03-12 16:15 - 2014-03-01 06:51 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-03-12 16:15 - 2014-03-01 06:42 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-03-12 16:15 - 2014-03-01 06:40 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-03-12 16:15 - 2014-03-01 06:37 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-03-12 16:15 - 2014-03-01 06:33 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-03-12 16:15 - 2014-03-01 06:33 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-03-12 16:15 - 2014-03-01 06:32 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-03-12 16:15 - 2014-03-01 06:30 - 17074688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-03-12 16:15 - 2014-03-01 06:23 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-03-12 16:15 - 2014-03-01 06:17 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-03-12 16:15 - 2014-03-01 06:11 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-03-12 16:15 - 2014-03-01 06:02 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-03-12 16:15 - 2014-03-01 05:54 - 05768704 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-03-12 16:15 - 2014-03-01 05:52 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2014-03-12 16:15 - 2014-03-01 05:51 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2014-03-12 16:15 - 2014-03-01 05:47 - 02168320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2014-03-12 16:15 - 2014-03-01 05:43 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2014-03-12 16:15 - 2014-03-01 05:43 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2014-03-12 16:15 - 2014-03-01 05:42 - 00627200 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-03-12 16:15 - 2014-03-01 05:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2014-03-12 16:15 - 2014-03-01 05:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2014-03-12 16:15 - 2014-03-01 05:37 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2014-03-12 16:15 - 2014-03-01 05:35 - 02041856 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-03-12 16:15 - 2014-03-01 05:18 - 13051904 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-03-12 16:15 - 2014-03-01 05:16 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2014-03-12 16:15 - 2014-03-01 05:14 - 04244480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2014-03-12 16:15 - 2014-03-01 05:10 - 02334208 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-03-12 16:15 - 2014-03-01 05:03 - 00524288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2014-03-12 16:15 - 2014-03-01 05:00 - 01964032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2014-03-12 16:15 - 2014-03-01 04:57 - 11266048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2014-03-12 16:15 - 2014-03-01 04:38 - 01393664 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-03-12 16:15 - 2014-03-01 04:32 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2014-03-12 16:15 - 2014-03-01 04:27 - 01156096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2014-03-12 16:15 - 2014-03-01 04:25 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-03-12 16:15 - 2014-03-01 04:25 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2014-03-12 16:15 - 2014-02-07 03:23 - 03156480 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2014-03-12 16:15 - 2014-02-04 04:32 - 01424384 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2014-03-12 16:15 - 2014-02-04 04:32 - 00624128 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2014-03-12 16:15 - 2014-02-04 04:04 - 01230336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2014-03-12 16:15 - 2014-02-04 04:04 - 00509440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2014-03-12 16:15 - 2014-01-29 04:32 - 00484864 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2014-03-12 16:15 - 2014-01-29 04:06 - 00381440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2014-03-12 16:15 - 2014-01-28 04:32 - 00228864 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2014-03-09 14:35 - 2014-03-09 14:35 - 00000000 ____D () C:\Users\Thomas\Downloads\Gameforge Live

==================== One Month Modified Files and Folders =======

2014-04-07 21:12 - 2014-04-07 21:11 - 00021174 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-04-07 21:11 - 2014-04-07 21:11 - 00000000 ____D () C:\FRST
2014-04-07 21:11 - 2014-04-07 21:10 - 00000474 _____ () C:\Users\Thomas\Downloads\defogger_disable.log
2014-04-07 21:10 - 2014-04-07 21:10 - 00000000 _____ () C:\Users\Thomas\defogger_reenable
2014-04-07 21:10 - 2013-02-06 17:04 - 00000000 ____D () C:\Users\Thomas
2014-04-07 21:09 - 2014-04-07 21:09 - 00050477 _____ () C:\Users\Thomas\Downloads\Defogger.exe
2014-04-07 21:05 - 2014-04-07 21:05 - 02157056 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2014-04-07 21:05 - 2014-04-07 21:05 - 00380416 _____ () C:\Users\Thomas\Downloads\kmhuvc89.exe
2014-04-07 21:05 - 2013-02-07 02:11 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-04-07 21:04 - 2014-04-07 21:04 - 00686048 _____ () C:\Users\Thomas\Downloads\ZipExtractorSetup.exe
2014-04-07 21:03 - 2013-02-06 17:17 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-04-07 20:13 - 2013-02-06 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-04-07 20:05 - 2013-02-07 02:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-04-07 15:40 - 2014-01-01 02:21 - 00000045 _____ () C:\Users\Thomas\jagex_cl_runescape_LIVE.dat
2014-04-07 15:40 - 2014-01-01 02:21 - 00000024 _____ () C:\Users\Thomas\random.dat
2014-04-07 15:31 - 2014-02-07 00:08 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\GarenaPlus
2014-04-07 15:31 - 2014-02-07 00:04 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-04-07 15:23 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-04-07 15:23 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-04-07 15:20 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-04-07 15:20 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-04-07 15:20 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-04-07 15:19 - 2013-05-18 18:03 - 01601723 _____ () C:\Windows\WindowsUpdate.log
2014-04-07 15:16 - 2013-05-17 17:17 - 00165198 _____ () C:\Windows\setupact.log
2014-04-07 15:16 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-04-07 15:15 - 2010-11-21 05:47 - 00202632 _____ () C:\Windows\PFRO.log
2014-04-06 23:59 - 2013-11-03 21:54 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Xfire
2014-04-06 16:00 - 2014-04-06 15:44 - 00002330 _____ () C:\Users\Thomas\Desktop\Sicherer Zahlungsverkehr.lnk
2014-04-06 15:49 - 2014-04-06 15:42 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-04-06 15:49 - 2014-04-06 15:42 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-04-06 15:49 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-04-06 15:49 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-04-06 15:49 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-04-06 15:43 - 2014-04-06 15:43 - 00001124 _____ () C:\Users\Public\Desktop\Kaspersky Internet Security.lnk
2014-04-06 15:42 - 2014-04-06 15:42 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-04-06 15:42 - 2014-04-06 15:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-06 15:38 - 2014-04-06 15:38 - 00000000 ___SD () C:\Users\Thomas\Documents\Passwords Database
2014-04-06 15:35 - 2014-04-06 15:34 - 257813336 _____ () C:\Users\Thomas\Downloads\kis14.0.0.4651de-de.exe
2014-04-06 15:14 - 2013-11-10 16:13 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-04-05 03:50 - 2013-02-07 02:59 - 00000000 ____D () C:\ProgramData\Origin
2014-04-05 02:12 - 2014-04-05 02:12 - 00000787 _____ () C:\Users\Public\Desktop\Dead Space.lnk
2014-04-05 02:11 - 2013-02-07 03:31 - 00523915 _____ () C:\Windows\DirectX.log
2014-04-05 01:58 - 2013-02-07 03:15 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Last.fm
2014-04-05 01:48 - 2013-02-14 23:28 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\TS3Client
2014-04-05 01:34 - 2013-02-07 03:32 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-05 01:34 - 2013-02-07 03:32 - 00214392 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-04-04 15:45 - 2014-02-07 00:05 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-04-03 14:42 - 2014-02-01 16:08 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Akamai
2014-03-29 17:48 - 2013-02-06 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-29 15:49 - 2013-02-07 03:46 - 00000000 ____D () C:\Program Files (x86)\Battlelog Web Plugins
2014-03-29 05:58 - 2014-03-29 05:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-28 16:45 - 2009-07-14 07:08 - 00032632 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-03-27 21:00 - 2013-02-07 02:11 - 00004106 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-03-27 21:00 - 2013-02-07 02:11 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-03-26 16:14 - 2013-11-10 16:13 - 00003518 _____ () C:\Windows\System32\Tasks\FileAdvisorCheck
2014-03-26 00:39 - 2014-03-26 00:39 - 00000045 _____ () C:\Users\Thomas\jagex_cl_oldschool_LIVE.dat
2014-03-26 00:39 - 2014-01-01 02:21 - 00000000 ____D () C:\Users\Thomas\jagexcache
2014-03-22 02:23 - 2013-04-05 00:45 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\vlc
2014-03-21 12:54 - 2014-03-21 12:54 - 00003154 _____ () C:\Windows\System32\Tasks\{E6764E91-05D9-4792-AA37-D49962713AAD}
2014-03-19 02:07 - 2013-07-28 15:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-03-19 02:05 - 2013-04-13 18:42 - 90015360 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-03-19 01:45 - 2014-03-19 01:45 - 00000012 _____ () C:\Users\Thomas\Desktop\Teink.txt
2014-03-18 00:43 - 2014-03-17 21:46 - 00000000 ____D () C:\Users\Thomas\Documents\FIFA World
2014-03-17 00:58 - 2013-02-20 22:00 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Mp3tag
2014-03-16 13:14 - 2014-03-16 13:14 - 00000000 ____D () C:\ProgramData\Codemasters
2014-03-16 13:14 - 2013-12-26 04:15 - 00000000 ____D () C:\Users\Thomas\Documents\My Games
2014-03-16 02:22 - 2014-03-16 02:22 - 02634152 _____ () C:\Users\Thomas\Downloads\mp3tagv258setup.exe
2014-03-16 02:22 - 2013-02-20 21:32 - 00000000 ____D () C:\Program Files (x86)\Mp3tag
2014-03-15 19:02 - 2013-02-07 02:12 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-03-15 01:35 - 2014-02-21 01:25 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Battle.net
2014-03-13 16:37 - 2009-07-14 06:45 - 00294736 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-03-11 23:13 - 2013-02-06 22:18 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-03-11 23:13 - 2013-02-06 22:18 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-11 23:13 - 2013-02-06 22:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-03-09 14:35 - 2014-03-09 14:35 - 00000000 ____D () C:\Users\Thomas\Downloads\Gameforge Live
2014-03-09 14:35 - 2014-01-08 22:30 - 00000000 _____ () C:\dfu.log

Files to move or delete:
====================
C:\Users\Thomas\jagex_cl_oldschool_LIVE.dat
C:\Users\Thomas\jagex_cl_runescape_LIVE.dat
C:\Users\Thomas\jagex_cl_runescape_LIVE1.dat
C:\Users\Thomas\random.dat


Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\13ebcffd01fae3ba097e4599300c6e19.dll
C:\Users\Thomas\AppData\Local\Temp\AMDCleanupUtility.exe
C:\Users\Thomas\AppData\Local\Temp\AutoRun.exe
C:\Users\Thomas\AppData\Local\Temp\AutoRunGUI.dll
C:\Users\Thomas\AppData\Local\Temp\Cleanup.dll
C:\Users\Thomas\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Thomas\AppData\Local\Temp\CmdLineExt03.dll
C:\Users\Thomas\AppData\Local\Temp\Garena_FO3_patcher_20140122to20140211.exe
C:\Users\Thomas\AppData\Local\Temp\Garena_FO3_patcher_20140211to20140224.exe
C:\Users\Thomas\AppData\Local\Temp\Gw2.exe
C:\Users\Thomas\AppData\Local\Temp\jre-7u25-windows-i586-iftw.exe
C:\Users\Thomas\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Thomas\AppData\Local\Temp\jre-7u51-windows-i586-iftw.exe
C:\Users\Thomas\AppData\Local\Temp\NGMDll.dll
C:\Users\Thomas\AppData\Local\Temp\NGMResource.dll
C:\Users\Thomas\AppData\Local\Temp\NGMSetup.exe
C:\Users\Thomas\AppData\Local\Temp\raptrpatch.exe
C:\Users\Thomas\AppData\Local\Temp\raptr_stub.exe
C:\Users\Thomas\AppData\Local\Temp\SIntf16.dll
C:\Users\Thomas\AppData\Local\Temp\SIntf32.dll
C:\Users\Thomas\AppData\Local\Temp\SIntfNT.dll
C:\Users\Thomas\AppData\Local\Temp\sonarinst.exe
C:\Users\Thomas\AppData\Local\Temp\unicows.dll
C:\Users\Thomas\AppData\Local\Temp\vlc-2.1.3-win32.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-30 20:19

==================== End Of Log ============================
--- --- ---


Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-03-2014
Ran by Thomas at 2014-04-07 21:12:29
Running from C:\Users\Thomas\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AV: Kaspersky Internet Security (Enabled - Up to date) {179979E8-273D-D14E-0543-2861940E4886}
AS: Kaspersky Internet Security (Enabled - Up to date) {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security (Enabled) {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}

==================== Installed Programs ======================

Adobe Flash Player 12 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.77 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.06) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.06 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.2.122 - Adobe Systems, Inc.)
Akamai NetSession Interface (HKCU\...\Akamai) (Version:  - Akamai Technologies, Inc)
Amazon MP3-Downloader 1.0.18 (HKCU\...\Amazon MP3-Downloader) (Version: 1.0.18 - Amazon Services LLC)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Steady Video Plug-In  (Version: 2.06.0000 - AMD) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}) (Version: 7.0.0.117 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
AVM FRITZ!Box Dokumentation (HKLM-x32\...\AVMFBox) (Version:  - AVM Berlin)
AVM FRITZ!Box Druckeranschluss (HKLM-x32\...\AVMFBoxPrinter) (Version:  - AVM Berlin)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Battlefield 3™ (HKLM-x32\...\{77033683-0816-4D7D-8BF1-3949B4E9823D}) (Version: 1.0.0.0 - Electronic Arts)
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.2.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.2 - EA Digital Illusions CE AB)
Blur(TM) (HKLM-x32\...\Blur(TM)_is1) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty(R) - World at War(TM) (HKLM-x32\...\InstallShield_{D80A6A73-E58A-4673-AFF5-F12D7110661F}) (Version: 1.7 - Activision)
Call of Duty(R) - World at War(TM) (x32 Version: 1.0 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.1 Patch (x32 Version: 1.1 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.2 Patch (x32 Version: 1.2 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.4 Patch (x32 Version: 1.4 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.5 Patch (x32 Version: 1.5 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.6 Patch (x32 Version: 1.6 - Activision) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version:  - ) Hidden
Call of Duty(R) - World at War(TM) 1.7 Patch (x32 Version: 1.7 - Activision) Hidden
Call of Duty: Black Ops II - Multiplayer (HKLM-x32\...\Steam App 202990) (Version:  - )
Call of Duty: Black Ops II - Zombies (HKLM-x32\...\Steam App 212910) (Version:  - )
Call of Duty: Black Ops II (HKLM-x32\...\Steam App 202970) (Version:  - )
Call of Duty: Ghosts - Multiplayer (HKLM-x32\...\Steam App 209170) (Version:  - )
Call of Duty: Ghosts (HKLM-x32\...\Steam App 209160) (Version:  - Infinity Ward)
Call of Duty: Modern Warfare 3 - Dedicated Server (HKLM-x32\...\Steam App 42750) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 - Multiplayer (HKLM-x32\...\Steam App 42690) (Version:  - Infinity Ward - Sledgehammer Games)
Call of Duty: Modern Warfare 3 (HKLM-x32\...\Steam App 42680) (Version:  - Infinity Ward - Sledgehammer Games)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1129.1142.20969 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Combat Arms EU (HKLM-x32\...\Combat Arms EU) (Version:  - )
Counter-Strike: Condition Zero (HKLM-x32\...\Steam App 80) (Version:  - Valve)
Counter-Strike: Condition Zero Deleted Scenes (HKLM-x32\...\Steam App 100) (Version:  - Valve)
Counter-Strike: Global Offensive - SDK (HKLM-x32\...\Steam App 745) (Version:  - )
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\{9580813D-94B1-4C28-9426-A441E2BB29A5}) (Version: 1.0.0.0 - Valve)
Dead Space (HKLM-x32\...\{025A585C-0C66-413D-80D2-4C05CB699771}) (Version: 1.0.0.222 - Electronic Arts)
Diablo III (HKLM-x32\...\Diablo III) (Version:  - Blizzard Entertainment)
Dota 2 (HKLM-x32\...\Steam App 570) (Version:  - Valve )
Drift City (HKLM-x32\...\DriftCity_US) (Version:  - )
Dropbox (HKCU\...\Dropbox) (Version: 2.0.22 - Dropbox, Inc.)
ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
Fifa Online 2 version v53 (HKLM-x32\...\{AD89A157-CFF9-4413-9CA6-C3B40A9A4EB5}_is1) (Version: v53 - IAHGames Pte.Ltd)
File Type Advisor 1.0 (HKLM-x32\...\File Type Advisor_is1) (Version:  - filetypeadvisor.com)
Fraps (remove only) (HKLM-x32\...\Fraps) (Version:  - )
Free M4a to MP3 Converter 8.0 (HKLM-x32\...\Free M4a to MP3 Converter_is1) (Version:  - ManiacTools.com)
Free YouTube to MP3 Converter version 3.12.9.725 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.9.725 - DVDVideoSoft Ltd.)
Fried Cookie Updater (HKLM-x32\...\Fried Cookie Updater) (Version: 1.0.0.0 - Fried Cookie)
Gameforge Live 1.10.1 "Legend" (HKLM-x32\...\{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1) (Version: 1.10.1 - Gameforge)
Garena - FIFA ONLINE 3(English) (HKLM-x32\...\FO3) (Version:  - Garena Online Pte Ltd.)
Garena Plus (HKLM-x32\...\im) (Version: 2011 - Garena Online Pte Ltd.)
GIMP 2.8.4 (HKLM\...\GIMP-2_is1) (Version: 2.8.4 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.154 - Google Inc.)
Google Update Helper (x32 Version: 1.3.23.9 - Google Inc.) Hidden
Grand Theft Auto Vice City (HKLM-x32\...\{4B35F00C-E63D-40DC-9839-DF15A33EAC46}) (Version: 1.00.000 - )
GTA San Andreas (HKLM-x32\...\{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}) (Version: 1.00.00001 - Rockstar Games)
Guild Wars 2 (HKLM-x32\...\Guild Wars 2) (Version:  - NCsoft Corporation, Ltd.)
iTunes (HKLM\...\{427174C0-096E-40D9-9684-9C109BEE2CBF}) (Version: 11.0.5.5 - Apple Inc.)
Java 7 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.510 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.8 - Sun Microsystems, Inc.) Hidden
Kaspersky Internet Security (HKLM-x32\...\InstallWIX_{6F6873E3-5C92-4049-B511-231A138DD090}) (Version: 14.0.0.4651 - Kaspersky Lab)
Kaspersky Internet Security (x32 Version: 14.0.0.4651 - Kaspersky Lab) Hidden
Last.fm Scrobbler 2.1.36 (HKLM-x32\...\LastFM_is1) (Version:  - Last.fm)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Logitech Gaming Software (Version: 8.40.83 - Logitech Inc.) Hidden
Logitech Gaming Software 8.40 (HKLM\...\Logitech Gaming Software) (Version: 8.40.83 - Logitech Inc.)
Malwarebytes Anti-Malware Version 1.75.0.1300 (HKLM-x32\...\Malwarebytes' Anti-Malware_is1) (Version: 1.75.0.1300 - Malwarebytes Corporation)
Medal of Honor™ Warfighter (HKLM-x32\...\{1040143F-FEFB-4B90-8E51-E47D40E14C4E}) (Version: 1.0.0.3 - Electronic Arts)
Metro 2033 (HKLM-x32\...\Steam App 43110) (Version:  - THQ)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Mozilla Firefox 28.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 28.0 (x86 de)) (Version: 28.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 28.0 - Mozilla)
Mp3tag v2.58 (HKLM-x32\...\Mp3tag) (Version: v2.58 - Florian Heidenreich)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MTA:SA v1.3.3 (HKLM-x32\...\MTA:SA 1.3) (Version: v1.3.3 - Multi Theft Auto)
MyFreeCodec (HKCU\...\MyFreeCodec) (Version:  - )
Need for Speed Underground 2 (HKLM-x32\...\{909F8EBC-EC7F-48FF-0085-475D818F0F31}) (Version:  - )
Need for Speed™ Most Wanted (HKLM-x32\...\{A48B9CD8-C2BA-4EC9-0081-7260D238C7CF}) (Version:  - )
Nero 12 (HKLM-x32\...\{622B6CB8-70B1-4D65-B672-093D19759BA1}) (Version: 12.5.01200 - Nero AG)
Nero Audio Pack 1 (x32 Version: 11.0.11500.110.0 - Nero AG) Hidden
Nero BackItUp (x32 Version: 12.5.1000 - Nero AG) Hidden
Nero BackItUp Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Blu-ray Player (x32 Version: 12.0.20012 - Nero AG) Hidden
Nero Blu-ray Player Help (CHM) (x32 Version: 12.0.9000 - Nero AG) Hidden
Nero Burning ROM (x32 Version: 12.5.5001 - Nero AG) Hidden
Nero Burning ROM Help (CHM) (x32 Version: 12.0.3000 - Nero AG) Hidden
Nero ControlCenter (x32 Version: 11.0.15600 - Nero AG) Hidden
Nero ControlCenter Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Core Components (x32 Version: 11.0.20200 - Nero AG) Hidden
Nero Disc Menus Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Express (x32 Version: 12.5.5002 - Nero AG) Hidden
Nero Express Help (CHM) (x32 Version: 12.0.13000 - Nero AG) Hidden
Nero Kwik Media (x32 Version: 1.18.20100 - Nero AG) Hidden
Nero Kwik Media Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero Kwik Themes Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero PiP Effects Basic (x32 Version: 12.0.11500 - Nero AG) Hidden
Nero Recode (x32 Version: 12.5.6000 - Nero AG) Hidden
Nero Recode Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
Nero RescueAgent (x32 Version: 12.0.10002 - Nero AG) Hidden
Nero RescueAgent Help (CHM) (x32 Version: 12.0.7000 - Nero AG) Hidden
Nero SharedVideoCodecs (x32 Version: 1.0.12100.2.0 - Nero AG) Hidden
Nero Update (x32 Version: 11.0.11800.31.0 - Nero AG) Hidden
Nero Video (x32 Version: 12.5.2001 - Nero AG) Hidden
Nero Video Help (CHM) (x32 Version: 12.0.12000 - Nero AG) Hidden
neroxml (x32 Version: 1.0.0 - Nero AG) Hidden
NFS Underground (HKLM-x32\...\{A99968BE-C155-474C-0089-33239DEE1CE2}) (Version:  - )
NVIDIA PhysX (HKLM-x32\...\{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}) (Version: 9.12.1031 - NVIDIA Corporation)
OpenOffice 4.0.1 (HKLM-x32\...\{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}) (Version: 4.01.9714 - Apache Software Foundation)
Opera 12.14 (HKLM-x32\...\Opera 12.14.1738) (Version: 12.14.1738 - Opera Software ASA)
Origin (HKLM-x32\...\Origin) (Version: 9.1.12.73 - Electronic Arts, Inc.)
Portal (HKLM-x32\...\Steam App 400) (Version:  - Valve)
Prerequisite installer (x32 Version: 12.0.0003 - Nero AG) Hidden
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Raptr (HKLM-x32\...\Raptr) (Version:  - )
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.30.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.30.0 - Renesas Electronics Corporation) Hidden
Ringtone Maker (HKLM-x32\...\Ringtone Maker) (Version: 1.0 - Fried Cookie)
S.K.I.L.L. - Special Force 2 (HKLM-x32\...\Special Force 2 Beta_is1) (Version:  - )
Saints Row 2 (HKLM-x32\...\Steam App 9480) (Version:  - Volition)
Saints Row: The Third (HKLM-x32\...\Steam App 55230) (Version:  - Volition)
Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.)
Samsung Kies (x32 Version: 2.5.2.13021_10 - Samsung Electronics Co., Ltd.) Hidden
Samsung Story Album Viewer (HKLM-x32\...\InstallShield_{698BBAD8-B116-495D-B879-0F07A533E57F}) (Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.)
Samsung Story Album Viewer (x32 Version: 1.0.0.13052_1 - Samsung Electronics Co., Ltd.) Hidden
SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.24.0 - SAMSUNG Electronics Co., Ltd.)
Skype™ 6.5 (HKLM-x32\...\{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}) (Version: 6.5.158 - Skype Technologies S.A.)
Sleeping Dogs™ (HKLM-x32\...\Steam App 202170) (Version:  - Square Enix)
Split Second - Velocity (HKLM-x32\...\{E4D2641A-E3A1-447A-AACA-A7493AAF87E5}_is1) (Version:  - )
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
Success (HKLM-x32\...\Success) (Version:  - )
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Tactical Intervention (HKLM-x32\...\Steam App 51100) (Version:  - FIX Korea)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.6 - TeamSpeak Systems GmbH)
The Elder Scrolls V: Skyrim (HKLM-x32\...\Steam App 72850) (Version:  - Bethesda Game Studios)
Ubisoft Game Launcher (HKLM-x32\...\{888F1505-C2B3-4FDE-835D-36353EBD4754}) (Version: 1.0.0.0 - UBISOFT)
VLC media player 2.1.3 (HKLM-x32\...\VLC media player) (Version: 2.1.3 - VideoLAN)
WarRock (HKLM-x32\...\Warrock EU) (Version:  - )
Welcome App (Start-up experience) (x32 Version: 12.0.15000 - Nero AG) Hidden
Winamp (HKLM-x32\...\Winamp) (Version: 5.63  - Nullsoft, Inc)
Winamp Erkennungs-Plug-in (HKCU\...\Winamp Detect) (Version: 1.0.0.1 - Nullsoft, Inc)
WinRAR 4.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
Xfire (HKLM-x32\...\Xfire) (Version:  - )
Yu-Gi-Oh! Power of Chaos JOEY THE PASSION (HKLM-x32\...\{336DD6B4-B100-4048-B2B7-FBA7059FD959}) (Version: 1.00.0000 - KONAMI)

==================== Restore Points  =========================

25-03-2014 13:57:46 Windows Update
28-03-2014 14:50:03 Windows Update
01-04-2014 18:37:15 Windows Update
05-04-2014 00:10:30 DirectX wurde installiert

==================== Hosts content: ==========================

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {3509007E-9CF8-463A-BBC7-81CEBB5A2B54} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {392E0226-CFB8-4FB9-A010-3A6C5B7EC37F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: {44F5BD59-635A-4792-81B4-74ACE0AC5FB7} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-11] (Adobe Systems Incorporated)
Task: {BBD2E697-061A-4DAD-BA9A-C4C2B79B3966} - System32\Tasks\FileAdvisorCheck => C:\Program Files (x86)\File Type Advisor\file-type-advisor.exe [2013-07-13] (filetypeadvisor.com                                        )
Task: {E0083496-118F-4447-82BC-7ED49A19C1F9} - System32\Tasks\FileAdvisorUpdate => C:\Program Files (x86)\File Type Advisor\fileadvisor.exe [2013-07-13] (File Type Advisor)
Task: {E386015A-6F14-4251-B6C7-5CB8E88F7CD3} - System32\Tasks\Fried Cookie Update => C:\Program Files (x86)\Fried Cookie\Updater\Updater.exe [2012-06-03] (FriedCookie)
Task: {E716C091-C548-4C9F-A3D1-E2C5D0097A7E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07] (Google Inc.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-06 17:06 - 2013-12-06 17:06 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 00814592 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2013-07-26 06:59 - 2013-07-26 06:59 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2013-02-07 03:32 - 2013-11-27 14:39 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2013-05-22 20:50 - 2013-05-22 20:50 - 00400704 _____ () C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
2013-06-01 21:47 - 2013-06-01 21:47 - 01992328 _____ () C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
2013-12-06 17:06 - 2013-12-06 17:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-03-21 06:10 - 2013-03-21 06:10 - 00258944 _____ () D:\Games\Xfire\xfire64.exe
2014-01-20 10:50 - 2014-02-26 10:06 - 09899312 _____ () C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe
2014-01-20 10:50 - 2014-01-20 10:50 - 00049456 _____ () C:\Program Files (x86)\Garena Plus\ggdllhost.exe
2014-01-20 10:27 - 2014-04-03 09:48 - 06312752 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\BBtalk.exe
2014-04-07 21:09 - 2014-04-07 21:09 - 00050477 _____ () C:\Users\Thomas\Downloads\Defogger.exe
2012-11-28 15:13 - 2012-11-28 15:13 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2012-11-28 15:13 - 2012-11-28 15:13 - 01242512 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2013-06-17 12:35 - 2013-06-17 12:35 - 00478400 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\dblite.dll
2013-05-08 14:52 - 2013-05-08 14:52 - 01270464 _____ () C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\kpcengine.2.3.dll
2014-03-29 05:58 - 2014-03-29 05:58 - 03642480 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-20 10:27 - 2014-01-20 10:27 - 00066864 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\InputHook.dll
2014-01-20 10:28 - 2014-03-28 10:36 - 02427184 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\Overlay.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00063280 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PluginKernel.dll
2014-01-20 10:27 - 2014-01-20 10:27 - 00104240 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\CommonLib.dll
2013-07-02 15:22 - 2013-12-18 22:05 - 00016808 _____ () C:\Program Files (x86)\Java\jre7\bin\jp2native.dll
2014-03-11 23:13 - 2014-03-11 23:13 - 16276872 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00104752 _____ () C:\Program Files (x86)\Garena Plus\CommonLib.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00553776 _____ () C:\Program Files (x86)\Garena Plus\ggspawn.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00033584 _____ () C:\Program Files (x86)\Garena Plus\DibModule.dll
2014-01-20 10:50 - 2014-04-03 10:33 - 00027952 _____ () C:\Program Files (x86)\Garena Plus\VersionModule.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00051504 _____ () C:\Program Files (x86)\Garena Plus\FileLoader.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00087344 _____ () C:\Program Files (x86)\Garena Plus\PluginKernel.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00487216 _____ () C:\Program Files (x86)\Garena Plus\CxImage.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00025392 _____ () C:\Program Files (x86)\Garena Plus\PluginModule.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00170800 _____ () C:\Program Files (x86)\Garena Plus\lib\fs\YYFileSystem.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00374064 _____ () C:\Program Files (x86)\Garena Plus\lib\Http.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00184624 _____ () C:\Program Files (x86)\Garena Plus\lib\MP3Module.dll
2012-02-22 10:52 - 2012-02-22 10:52 - 00162304 _____ () C:\Program Files (x86)\Garena Plus\lame_enc.DLL
2014-01-20 10:50 - 2014-01-20 10:50 - 00219952 _____ () C:\Program Files (x86)\Garena Plus\lib\TaskManagerLib.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00106288 _____ () C:\Program Files (x86)\Garena Plus\lib\UILayout.dll
2014-01-20 10:50 - 2014-02-21 10:41 - 00958256 _____ () C:\Program Files (x86)\Garena Plus\lib\XLL.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00055088 _____ () C:\Program Files (x86)\Garena Plus\lib\XmlUIModule.dll
2012-02-22 10:52 - 2012-02-22 10:52 - 00573100 _____ () C:\Program Files (x86)\Garena Plus\sqlite3.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00224560 _____ () C:\Program Files (x86)\Garena Plus\Plugins\StatsPlugin.dll
2014-01-20 10:50 - 2014-03-31 09:13 - 00916272 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ggplugin.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00192816 _____ () C:\Program Files (x86)\Garena Plus\ImageModule.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00155440 _____ () C:\Program Files (x86)\Garena Plus\libmpg123.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 02941232 _____ () C:\Program Files (x86)\Garena Plus\ggdownloader.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00065840 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\AudioMixerLib.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00016688 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\ClientTcp.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 01545520 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\FileSender.dll
2013-02-01 07:42 - 2013-02-01 07:42 - 00153088 _____ () C:\Program Files (x86)\Garena Plus\libzmq.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00956208 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\GaFileTransfer.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00245040 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\MediaEngine.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00026416 _____ () C:\Program Files (x86)\Garena Plus\ServerMemAlloc.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00516912 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\RSALib.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00068400 _____ () C:\Program Files (x86)\Garena Plus\lib\delay_load\UdtLib.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00147248 _____ () C:\Program Files (x86)\Garena Plus\xIM.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00590128 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_msn.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00460592 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_xmpp.dll
2014-01-20 10:50 - 2014-03-17 06:57 - 00194864 _____ () C:\Program Files (x86)\Garena Plus\xim\plugin_yahoo.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00098608 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PlatformPlugin.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00236848 _____ () C:\Program Files (x86)\Garena Plus\Plugins\PluginNews.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00397104 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GarenaTalkPlugin.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00287024 _____ () C:\Program Files (x86)\Garena Plus\Plugins\DailyTaskPlugin.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00133936 _____ () C:\Program Files (x86)\Garena Plus\Plugins\ClanBoxPlugin.dll
2014-01-20 10:50 - 2014-01-20 10:50 - 00215856 _____ () C:\Program Files (x86)\Garena Plus\Plugins\GameSalePlugin.dll
2014-01-20 10:27 - 2014-01-20 10:27 - 00033072 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\DibModule.dll
2014-01-20 10:27 - 2014-01-20 10:27 - 00382256 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\ImageModule.dll
2014-01-20 10:27 - 2014-03-17 12:58 - 00817456 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\gagmhook.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00041264 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lollauncher.dll
2014-01-20 10:28 - 2014-04-03 09:49 - 00022832 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\VersionModule.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00448160 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\sqlite3.dll
2014-01-20 10:28 - 2014-03-17 12:58 - 00108848 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\AudioMixerLib.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00030000 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ChannelUrlDll.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00424752 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\exchndl.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00077104 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\FileManager.dll
2014-01-20 10:27 - 2014-01-20 10:27 - 00053040 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\FileSystem.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00374064 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\Http.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00046896 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\InputHookLib.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00041776 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\IPCLib.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00055600 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\LangLib.dll
2014-01-20 10:27 - 2014-01-20 10:27 - 00089904 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\audiohost.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00134960 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MessagePumpLib.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00030512 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\MP3Saver.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00238384 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\libmp3lame.DLL
2014-01-20 10:28 - 2014-04-03 09:49 - 01047856 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\RealTimeVideoEngine.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00056112 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\ResLib.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00099120 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\PngModule.dll
2014-01-20 10:28 - 2014-03-28 10:36 - 00127792 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\TcpClient.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00137520 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UdpClient.dll
2014-01-20 10:28 - 2014-02-26 09:48 - 00110896 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILayout.dll
2014-01-20 10:28 - 2014-03-17 12:58 - 00864048 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\UILib.dll
2014-01-20 10:28 - 2014-01-20 10:28 - 00055600 _____ () C:\Program Files (x86)\Garena Plus\bbtalk\lib\XmlUIModule.dll

==================== Alternate Data Streams (whitelisted) =========

AlternateDataStreams: C:\ProgramData:NT
AlternateDataStreams: C:\Users\All Users:NT
AlternateDataStreams: C:\ProgramData\Anwendungsdaten:NT
AlternateDataStreams: C:\ProgramData\Application Data:NT
AlternateDataStreams: C:\ProgramData\MTA San Andreas All:NT
AlternateDataStreams: C:\Users\Thomas\Anwendungsdaten:NT
AlternateDataStreams: C:\Users\Thomas\AppData\Roaming:NT

==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: WinampAgent => "C:\Program Files (x86)\Winamp\winampa.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (04/07/2014 03:17:42 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 03:54:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 03:42:14 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 02:57:17 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2014 02:13:18 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2014 03:34:06 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2014 02:42:02 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 09:36:35 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2014 08:34:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2014 08:31:56 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (04/06/2014 03:49:33 PM) (Source: Service Control Manager) (User: )
Description: Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden Fehlers fehlgeschlagen:
%%5

Error: (04/06/2014 02:55:40 PM) (Source: NetBT) (User: )
Description: Der Name "THOMAS-PC      :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23
registriert werden. Der Computer mit IP-Adresse 192.168.178.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/06/2014 02:55:40 PM) (Source: NetBT) (User: )
Description: Der Name "THOMAS-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23
registriert werden. Der Computer mit IP-Adresse 192.168.178.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/06/2014 02:55:40 PM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{9BA35977-FEC7-4E06-90D3-711A642C533A} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.

Error: (04/03/2014 07:02:04 PM) (Source: NetBT) (User: )
Description: Der Name "THOMAS-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23
registriert werden. Der Computer mit IP-Adresse 192.168.178.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/03/2014 04:57:58 PM) (Source: NetBT) (User: )
Description: Der Name "THOMAS-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23
registriert werden. Der Computer mit IP-Adresse 192.168.178.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/03/2014 04:57:58 PM) (Source: NetBT) (User: )
Description: Der Name "THOMAS-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23
registriert werden. Der Computer mit IP-Adresse 192.168.178.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/03/2014 02:40:24 PM) (Source: NetBT) (User: )
Description: Der Name "THOMAS-PC      :20" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23
registriert werden. Der Computer mit IP-Adresse 192.168.178.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/03/2014 02:40:24 PM) (Source: NetBT) (User: )
Description: Der Name "THOMAS-PC      :0" konnte nicht auf der Schnittstelle mit IP-Adresse 192.168.178.23
registriert werden. Der Computer mit IP-Adresse 192.168.178.22 hat nicht
zugelassen, dass dieser Computer diesen Namen verwendet.

Error: (04/03/2014 02:40:24 PM) (Source: Server) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{9BA35977-FEC7-4E06-90D3-711A642C533A} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.


Microsoft Office Sessions:
=========================
Error: (04/07/2014 03:17:42 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 03:54:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 03:42:14 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/06/2014 02:57:17 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/05/2014 02:13:18 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/04/2014 03:34:06 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/03/2014 02:42:02 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/02/2014 09:36:35 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (04/01/2014 08:34:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (03/31/2014 08:31:56 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


CodeIntegrity Errors:
===================================
  Date: 2014-04-06 18:04:12.163
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-06 18:04:12.162
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-06 18:04:12.161
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Windows\ELAMBKUP\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-06 17:52:07.430
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-06 17:52:07.428
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2014-04-06 17:52:07.427
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume3\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\KLELAMX64\klelam.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info ===========================

Percentage of memory in use: 23%
Total physical RAM: 16382.49 MB
Available physical RAM: 12570.04 MB
Total Pagefile: 32763.16 MB
Available Pagefile: 28608.27 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:931.41 GB) (Free:804.55 GB) NTFS
Drive d: () (Fixed) (Total:931.51 GB) (Free:588.35 GB) NTFS
Drive e: (Neu) (CDROM) (Total:4.37 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: A5807039)

Partition: GPT Partition Type.

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 4F47EC31)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================

MrStewart 07.04.2014 20:53
[CODE]GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-04-07 21:24:07
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-5 WDC_WD10EZEX-00RKKA0 rev.80.00A80 931,51GB
Running: kmhuvc89.exe; Driver: C:\Users\Thomas\AppData\Local\Temp\uwdiipoc.sys


---- User code sections - GMER 2.1 ----

.text C:\Windows\SysWOW64\PnkBstrA.exe[1724] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322 0000000073971a22 2 bytes [97, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1724] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496 0000000073971ad0 2 bytes [97, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1724] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552 0000000073971b08 2 bytes [97, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1724] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730 0000000073971bba 2 bytes [97, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1724] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762 0000000073971bda 2 bytes [97, 73]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754b1465 2 bytes [4B, 75]
.text C:\Windows\SysWOW64\PnkBstrA.exe[1724] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754b14bb 2 bytes [4B, 75]
.text ... * 2
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Nero\Update\NASvc.exe[1920] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\Kies.exe[3328] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 00000000778c000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3336] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007794f8ea 5 bytes JMP 00000001778fd5c1
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe[3380] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754b1465 2 bytes [4B, 75]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754b14bb 2 bytes [4B, 75]
.text ... * 2
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754b1465 2 bytes [4B, 75]
.text C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754b14bb 2 bytes [4B, 75]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe[3660] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ...

MrStewart 07.04.2014 20:54
* 3
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe[3668] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\iTunes\iTunesHelper.exe[3684] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3692] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754b1465 2 bytes [4B, 75]
.text C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe[3296] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754b14bb 2 bytes [4B, 75]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe[4100] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SysWOW64\ntdll.dll!DbgUserBreakPoint 00000000778c0008 1 byte [C3]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 00000000778c000c 1 byte [C3]
.text C:\Program Files (x86)\Garena Plus\ggdllhost.exe[4324] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007794f8ea 5 bytes JMP 00000001778fd5c1
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000754b1465 2 bytes [4B, 75]
.text C:\Users\Thomas\Downloads\Defogger.exe[4712] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000754b14bb 2 bytes [4B, 75]
.text ... * 2
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 5 00000000776d11f5 8 bytes {JMP 0xd}
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlWalkHeap + 416 00000000776d1390 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 159 00000000776d143f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlpEnsureBufferSize + 492 00000000776d158c 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 126 00000000776d191e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlDeleteAce + 636 00000000776d1b1c 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!_vsnwprintf_s + 204 00000000776d1bf0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 373 00000000776d1d75 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlCreateActivationContext + 691 00000000776d1eb3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!isalpha + 31 00000000776d1edf 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!_ui64toa + 84 00000000776d1f64 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!_strnicmp + 81 00000000776d1fbd 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelf + 7 00000000776d1fd7 8 bytes {JMP 0xb}
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 658 00000000776d2272 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlImpersonateSelfEx + 801 00000000776d2301 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlInstallFunctionTableCallback + 578 00000000776d2792 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlIsGenericTableEmptyAvl + 16 00000000776d27b0 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableAvl + 18 00000000776d27d2 8 bytes {JMP 0x10}
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 79 00000000776d282f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlEnumerateGenericTableWithoutSplayingAvl + 176 00000000776d2890 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 2
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 299 00000000776d2d1b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlValidRelativeSecurityDescriptor + 367 00000000776d2d5f 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text ... * 3
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlCutoverTimeToSystemTime + 483 00000000776d3023 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 523 00000000776d323b 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlQueryRegistryValues + 912 00000000776d33c0 16 bytes {JMP 0x4e}
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 318 00000000776d3a5e 16 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!_itow_s + 403 00000000776d3ab3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 197 00000000776d3b85 8 bytes [10, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlpCheckDynamicTimeZoneInformation + 611 00000000776d3d23 8 bytes [00, 6A, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!RtlpGetLCIDFromLangInfoNode + 80 00000000776d4190 8 bytes [A0, 69, F8, 7E, 00, 00, 00, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 0000000077721380 8 bytes {JMP QWORD [RIP-0x4d4cf]}
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtQueryInformationThread 0000000077721500 8 bytes {JMP QWORD [RIP-0x4d498]}
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 0000000077721530 8 bytes {JMP QWORD [RIP-0x4d9b1]}
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077721650 8 bytes {JMP QWORD [RIP-0x4d7a7]}
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThread 0000000077721700 8 bytes {JMP QWORD [RIP-0x4d9e3]}
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077721d30 8 bytes {JMP QWORD [RIP-0x4dba6]}
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtGetContextThread 0000000077721f80 8 bytes {JMP QWORD [RIP-0x4de55]}
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 00000000777227e0 8 bytes {JMP QWORD [RIP-0x4e770]}
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 312 00000000752a13cc 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuInitializeStartupContext + 471 00000000752a146b 8 bytes {JMP 0xffffffffffffffb0}
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessInit + 611 00000000752a16d7 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessTerm + 3 00000000752a16e3 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuGetStackPointer + 23 00000000752a19db 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetStackPointer + 23 00000000752a19fb 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuSetInstructionPointer + 23 00000000752a1a1b 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuNotifyAffinityChange + 3 00000000752a1a27 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuFlushInstructionCache + 23 00000000752a1a63 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]
.text C:\Users\Thomas\Downloads\kmhuvc89.exe[3428] C:\Windows\SYSTEM32\wow64cpu.dll!CpuProcessDebugEvent + 3 00000000752a1a6f 8 bytes [0D, F0, AD, BA, DE, C0, AD, ...]

---- EOF - GMER 2.1 ----
[/CODE]

schrauber 10.04.2014 20:23
HI,

bitte noch das Log von Kaspersky posten.

MrStewart 10.04.2014 20:35
Der hat keinen Logfile erstellt, mir nur die Bedrohungen im Bericht angezeigt. Wenn ich diesen jedoch öffnen will (6 Bedrohungen neutralisiert) steht nur noch "keine Treffer" dort. Kann dir aber diesen Screenshot der Quarantäne anbieten :)

http://s14.directupload.net/images/140410/vsrxangd.jpg

schrauber 13.04.2014 13:42
passt :)

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307





Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

MrStewart 18.04.2014 00:25
Hier ist die Combofix-Logdatei :)

Code:
ComboFix 14-04-12.01 - Thomas 18.04.2014  1:19.1.4 - x64
Microsoft Windows 7 Ultimate  6.1.7601.1.1252.49.1031.18.16382.14269 [GMT 2:00]
ausgeführt von:: c:\users\Thomas\Downloads\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {179979E8-273D-D14E-0543-2861940E4886}
FW: Kaspersky Internet Security *Disabled* {2FA2F8CD-6D52-D016-2E1C-81546ADD0FFD}
SP: Kaspersky Internet Security *Disabled/Updated* {ACF8980C-0107-DEC0-3FF3-1313EF89023B}
SP: Spybot - Search and Destroy *Enabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
- REDUZIERTER FUNKTIONALITÄTSMODUS -
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\ST6UNST.000
.
.
(((((((((((((((((((((((  Dateien erstellt von 2014-03-17 bis 2014-04-17  ))))))))))))))))))))))))))))))
.
.
2014-04-17 23:20 . 2014-04-17 23:20        --------        d-----w-        c:\users\Default\AppData\Local\temp
2014-04-15 16:03 . 2010-09-16 07:13        2601752        ----a-w-        c:\windows\SysWow64\pbsvc_moh.exe
2014-04-15 11:02 . 2014-03-07 04:43        10521840        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{8F72651A-DAA6-4643-B8A7-2856544355D5}\mpengine.dll
2014-04-14 10:17 . 2014-04-14 10:17        --------        d-----w-        c:\programdata\McAfee
2014-04-11 00:07 . 2014-04-11 00:07        --------        d-----w-        c:\users\Thomas\AppData\Local\Electronic Arts
2014-04-07 20:45 . 2013-09-20 08:49        21040        ----a-w-        c:\windows\system32\sdnclean64.exe
2014-04-07 20:45 . 2014-04-08 22:53        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2014-04-07 20:45 . 2014-04-07 20:47        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2
2014-04-07 19:11 . 2014-04-07 19:12        --------        d-----w-        C:\FRST
2014-04-06 13:43 . 2013-05-06 07:13        110176        ----a-w-        c:\windows\system32\klfphc.dll
2014-04-06 13:42 . 2014-04-06 13:42        --------        d-----w-        c:\windows\ELAMBKUP
2014-04-06 13:42 . 2014-04-06 13:42        --------        d-----w-        c:\program files (x86)\Kaspersky Lab
2014-04-06 13:42 . 2014-04-06 13:49        625248        ----a-w-        c:\windows\system32\drivers\klif.sys
2014-04-06 13:42 . 2014-04-06 13:49        115296        ----a-w-        c:\windows\system32\drivers\klflt.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-16 19:55 . 2013-02-07 01:32        103736        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2014-04-16 18:14 . 2013-02-07 01:32        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2014-04-16 18:14 . 2013-02-07 13:45        281152        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2014-04-16 18:14 . 2013-02-07 01:32        281152        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2014-04-14 10:17 . 2013-02-06 20:18        70832        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-04-14 10:17 . 2013-02-06 20:18        692400        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2014-04-09 23:18 . 2013-04-13 16:42        90655440        ----a-w-        c:\windows\system32\MRT.exe
2014-04-06 13:49 . 2013-06-06 15:38        178272        ----a-w-        c:\windows\system32\drivers\kneps.sys
2014-04-06 13:49 . 2013-10-17 13:47        29280        ----a-w-        c:\windows\system32\drivers\klkbdflt.sys
2014-04-06 13:49 . 2013-10-17 13:47        458336        ----a-w-        c:\windows\system32\drivers\kl1.sys
2014-03-04 09:17 . 2014-04-09 13:19        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2014-03-01 05:16 . 2014-03-12 14:15        4096        ----a-w-        c:\windows\system32\ieetwcollectorres.dll
2014-03-01 04:58 . 2014-03-12 14:15        2765824        ----a-w-        c:\windows\system32\iertutil.dll
2014-03-01 04:52 . 2014-03-12 14:15        66048        ----a-w-        c:\windows\system32\iesetup.dll
2014-03-01 04:51 . 2014-03-12 14:15        48640        ----a-w-        c:\windows\system32\ieetwproxystub.dll
2014-03-01 04:42 . 2014-03-12 14:15        53760        ----a-w-        c:\windows\system32\jsproxy.dll
2014-03-01 04:40 . 2014-03-12 14:15        33792        ----a-w-        c:\windows\system32\iernonce.dll
2014-03-01 04:37 . 2014-03-12 14:15        574976        ----a-w-        c:\windows\system32\ieui.dll
2014-03-01 04:33 . 2014-03-12 14:15        139264        ----a-w-        c:\windows\system32\ieUnatt.exe
2014-03-01 04:33 . 2014-03-12 14:15        111616        ----a-w-        c:\windows\system32\ieetwcollector.exe
2014-03-01 04:32 . 2014-03-12 14:15        708608        ----a-w-        c:\windows\system32\jscript9diag.dll
2014-03-01 04:23 . 2014-03-12 14:15        940032        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2014-03-01 04:17 . 2014-03-12 14:15        218624        ----a-w-        c:\windows\system32\ie4uinit.exe
2014-03-01 04:02 . 2014-03-12 14:15        195584        ----a-w-        c:\windows\system32\msrating.dll
2014-03-01 03:54 . 2014-03-12 14:15        5768704        ----a-w-        c:\windows\system32\jscript9.dll
2014-03-01 03:52 . 2014-03-12 14:15        61952        ----a-w-        c:\windows\SysWow64\iesetup.dll
2014-03-01 03:51 . 2014-03-12 14:15        51200        ----a-w-        c:\windows\SysWow64\ieetwproxystub.dll
2014-03-01 03:42 . 2014-03-12 14:15        627200        ----a-w-        c:\windows\system32\msfeeds.dll
2014-03-01 03:38 . 2014-03-12 14:15        112128        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2014-03-01 03:37 . 2014-03-12 14:15        553472        ----a-w-        c:\windows\SysWow64\jscript9diag.dll
2014-03-01 03:35 . 2014-03-12 14:15        2041856        ----a-w-        c:\windows\system32\inetcpl.cpl
2014-03-01 03:18 . 2014-03-12 14:15        13051904        ----a-w-        c:\windows\system32\ieframe.dll
2014-03-01 03:14 . 2014-03-12 14:15        4244480        ----a-w-        c:\windows\SysWow64\jscript9.dll
2014-03-01 03:10 . 2014-03-12 14:15        2334208        ----a-w-        c:\windows\system32\wininet.dll
2014-03-01 03:00 . 2014-03-12 14:15        1964032        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2014-03-01 02:38 . 2014-03-12 14:15        1393664        ----a-w-        c:\windows\system32\urlmon.dll
2014-03-01 02:32 . 2014-03-12 14:15        1820160        ----a-w-        c:\windows\SysWow64\wininet.dll
2014-03-01 02:25 . 2014-03-12 14:15        817664        ----a-w-        c:\windows\system32\ieapfltr.dll
2014-02-07 01:23 . 2014-03-12 14:15        3156480        ----a-w-        c:\windows\system32\win32k.sys
2014-02-04 02:32 . 2014-03-12 14:15        1424384        ----a-w-        c:\windows\system32\WindowsCodecs.dll
2014-02-04 02:32 . 2014-03-12 14:15        624128        ----a-w-        c:\windows\system32\qedit.dll
2014-02-04 02:04 . 2014-03-12 14:15        1230336        ----a-w-        c:\windows\SysWow64\WindowsCodecs.dll
2014-02-04 02:04 . 2014-03-12 14:15        509440        ----a-w-        c:\windows\SysWow64\qedit.dll
2014-01-29 02:32 . 2014-03-12 14:15        484864        ----a-w-        c:\windows\system32\wer.dll
2014-01-29 02:06 . 2014-03-12 14:15        381440        ----a-w-        c:\windows\SysWow64\wer.dll
2014-01-28 02:32 . 2014-03-12 14:15        228864        ----a-w-        c:\windows\system32\wwansvc.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        130736        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2013-05-23 1561968]
"KPeerNexonEU"="c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe" [2013-06-01 438272]
"AmazonMP3DownloaderHelper"="c:\users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe" [2013-05-22 400704]
"Akamai NetSession Interface"="c:\users\Thomas\AppData\Local\Akamai\netsession_win.exe" [2014-03-06 4672920]
"GarenaPlus"="c:\program files (x86)\Garena Plus\GarenaMessenger.exe" [2014-02-26 9899312]
"Spybot-S&D Cleaning"="c:\program files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe" [2013-09-20 3666224]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2013-05-23 311152]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 59720]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2013-08-16 152392]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
"SDTray"="c:\program files (x86)\Spybot - Search & Destroy 2\SDTray.exe" [2013-07-25 5624784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 FairplayKD;FairplayKD;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys;c:\programdata\MTA San Andreas All\Common\temp\FairplayKD.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Plus\Room\safedrv.sys;c:\program files (x86)\Garena Plus\Room\safedrv.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des;c:\windows\SYSNATIVE\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 xhunter1;xhunter1;c:\windows\xhunter1.sys;c:\windows\xhunter1.sys [x]
R4 klflt;klflt;c:\windows\system32\DRIVERS\klflt.sys;c:\windows\SYSNATIVE\DRIVERS\klflt.sys [x]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys;c:\windows\SYSNATIVE\DRIVERS\klim6.sys [x]
S1 klpd;klpd;c:\windows\system32\DRIVERS\klpd.sys;c:\windows\SYSNATIVE\DRIVERS\klpd.sys [x]
S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys;c:\windows\SYSNATIVE\DRIVERS\kltdi.sys [x]
S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys;c:\windows\SYSNATIVE\DRIVERS\kneps.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 SDScannerService;Spybot-S&D 2 Scanner Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [x]
S2 SDUpdateService;Spybot-S&D 2 Updating Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [x]
S2 SDWSCService;Spybot-S&D 2 Security Center Service;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe;c:\program files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys;c:\windows\SYSNATIVE\DRIVERS\klkbdflt.sys [x]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys;c:\windows\SYSNATIVE\DRIVERS\klmouflt.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79888442-706d-11e2-ab1d-806e6f6e6963}]
\shell\AutoRun\command - e:\setup\rsrc\Autorun.exe
\shell\dinstall\command - e:\directx\dxsetup.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-08 20:05        1077576        ----a-w-        c:\program files (x86)\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-04-17 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-06 10:17]
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07 00:11]
.
2014-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-02-07 00:11]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36        164016        ----a-w-        c:\users\Thomas\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\snvoem5g.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-KiesAirMessage - c:\program files (x86)\Samsung\Kies\KiesAirMessage.exe
Notify-SDWinLogon - SDWinLogon.dll
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
BHO-{3706EE7C-3CAD-445D-8A43-03EBC3B75908} - c:\program files (x86)\Expat Shield\HssIE\ExpatIE_64.dll
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_moh.exe
AddRemove-Success - c:\windows\system32\SuccessUninstaller.exe
AddRemove-{AD89A157-CFF9-4413-9CA6-C3B40A9A4EB5}_is1 - d:\games\Fifa Online 2\unins000.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-555805604-3510725378-1460008320-1000\Software\SecuROM\License information*]
"datasecu"=hex:3a,cb,73,99,59,67,7d,a8,dc,f8,0e,55,76,11,fb,a3,e4,08,08,b2,38,
  20,58,33,af,4d,88,64,4f,85,68,f7,55,e4,f4,34,e1,47,c3,67,9b,90,02,12,8f,d4,\
"rkeysecu"=hex:64,0e,34,87,af,7f,24,2a,a8,2e,8c,d4,46,c2,c5,88
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_12_0_0_77_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.12"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_12_0_0_77.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2014-04-18  01:21:54
ComboFix-quarantined-files.txt  2014-04-17 23:21
.
Vor Suchlauf: 13 Verzeichnis(se), 869.567.631.360 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 869.776.715.776 Bytes frei
.
- - End Of File - - FF7AF17519BBE64630F18B5F650BA1FE
A36C5E4F47E84449FF07ED3517B43A31

schrauber 18.04.2014 17:03
Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.

MrStewart 18.04.2014 20:45
Hallo, hab mir das Malwarebytes runtergeladen (falls das ne neuere Version ist als meine es war) aber da finde ich leider kein "Erkennung und Schutz", Suche nach Rootkits oder das Armaturenbrett. Ich kann nur nen Scan machen usw. Komisch.

schrauber 19.04.2014 12:30
Dann mach nen Scan :)

MrStewart 01.05.2014 17:56
Hi, ich war in letzter Zeit etwas beschäftigt mit der Arbeit. Werde dir aber alles was du angefragt hattest jetzt posten :)

Mbam File:

Code:
Malwarebytes Anti-Malware
www.malwarebytes.org

Suchlauf Datum: 01.05.2014
Suchlauf-Zeit: 16:09:54
Logdatei: mbam0105.txt
Administrator: Ja

Version: 2.00.1.1004
Malware Datenbank: v2014.05.01.07
Rootkit Datenbank: v2014.03.27.01
Lizenz: Kostenlos
Malware Schutz: Deaktiviert
Bösartiger Webseiten Schutz: Deaktiviert
Chameleon: Deaktiviert

Betriebssystem: Windows 7 Service Pack 1
CPU: x64
Dateisystem: NTFS
Benutzer: Thomas

Suchlauf-Art: Bedrohungs-Suchlauf
Ergebnis: Abgeschlossen
Durchsuchte Objekte: 268036
Verstrichene Zeit: 8 Min, 16 Sek

Speicher: Aktiviert
Autostart: Aktiviert
Dateisystem: Aktiviert
Archive: Aktiviert
Rootkits: Aktiviert
Shuriken: Aktiviert
PUP: Warnen
PUM: Aktiviert

Prozesse: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registrierungsschlüssel: 0
(No malicious items detected)

Registrierungswerte: 0
(No malicious items detected)

Registrierungsdaten: 0
(No malicious items detected)

Ordner: 0
(No malicious items detected)

Dateien: 0
(No malicious items detected)

Physische Sektoren: 0
(No malicious items detected)


(end)
AdW:

Code:
# AdwCleaner v3.205 - Bericht erstellt am 01/05/2014 um 18:39:18
# Aktualisiert 28/04/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : Thomas - THOMAS-PC
# Gestartet von : C:\Users\Thomas\Downloads\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\secman.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{F5A29F21-B121-48A0-A317-737AF8BB106A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\CLSID\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3706EE7C-3CAD-445D-8A43-03EBC3B75908}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\IM

***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16521


-\\ Mozilla Firefox v29.0 (de)

[ Datei : C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\Profiles\snvoem5g.default\prefs.js ]


-\\ Google Chrome v34.0.1847.131

[ Datei : C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2478 octets] - [01/05/2014 16:37:30]
AdwCleaner[S0].txt - [2332 octets] - [01/05/2014 18:39:18]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2392 octets] ##########
JRT:

Code:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.4 (04.06.2014:1)
OS: Windows 7 Ultimate x64
Ran by Thomas on 01.05.2014 at 18:43:22,70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Myfree Codec
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Myfree Codec



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Program Files (x86)\myfree codec"



~~~ FireFox

Emptied folder: C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\snvoem5g.default\minidumps [111 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 01.05.2014 at 18:48:45,73
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
FRST:


FRST Logfile:
Code:
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 01-05-2014 01
Ran by Thomas (administrator) on THOMAS-PC on 01-05-2014 18:52:45
Running from C:\Users\Thomas\Downloads
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
() C:\Windows\SysWOW64\PnkBstrA.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\LCore.exe
(Samsung) C:\Program Files (x86)\Samsung\Kies\Kies.exe
() C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe
(Akamai Technologies, Inc.) C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe
(Akamai Technologies, Inc.) C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe
() C:\Nexon\NEXON_EU_Downloader\NEXON_EU_Downloader_Engine.exe
(Samsung Electronics Co., Ltd.) C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDRSS.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDClock.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDMedia.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDPOP3.exe
(Logitech Inc.) C:\Program Files\Logitech Gaming Software\Applets\LCDCountdown.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\klwtblfs.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_13_0_0_206.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avpui.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe
(Kaspersky Lab ZAO) C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\wmi64.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Launch LCore] => C:\Program Files\Logitech Gaming Software\LCore.exe [7406392 2012-11-29] (Logitech Inc.)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [311152 2013-05-23] (Samsung Electronics Co., Ltd.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2013-08-16] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [5624784 2013-07-25] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-555805604-3510725378-1460008320-1000\...\Run: [KiesPreload] => C:\Program Files (x86)\Samsung\Kies\Kies.exe [1561968 2013-05-23] (Samsung)
HKU\S-1-5-21-555805604-3510725378-1460008320-1000\...\Run: [KPeerNexonEU] => C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe [438272 2013-06-01] (NEXON Inc.)
HKU\S-1-5-21-555805604-3510725378-1460008320-1000\...\Run: [AmazonMP3DownloaderHelper] => C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\AmazonMP3DownloaderHelper.exe [400704 2013-05-22] ()
HKU\S-1-5-21-555805604-3510725378-1460008320-1000\...\Run: [Akamai NetSession Interface] => C:\Users\Thomas\AppData\Local\Akamai\netsession_win.exe [4672920 2014-04-17] (Akamai Technologies, Inc.)
HKU\S-1-5-21-555805604-3510725378-1460008320-1000\...\Run: [GarenaPlus] => C:\Program Files (x86)\Garena Plus\GarenaMessenger.exe [9936176 2014-04-29] ()
HKU\S-1-5-21-555805604-3510725378-1460008320-1000\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [3666224 2013-09-20] (Safer-Networking Ltd.)
HKU\S-1-5-21-555805604-3510725378-1460008320-1000\...\MountPoints2: {79888442-706d-11e2-ab1d-806e6f6e6963} - E:\setup\rsrc\Autorun.exe

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x034290AEA204CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
BHO: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
BHO-x32: Content Blocker Plugin - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Virtual Keyboard Plugin - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Safe Money Plugin - {9E6D0D23-3D72-4A94-AE1F-2D167624E3D9} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\OnlineBanking\online_banking_bho.dll (Kaspersky Lab ZAO)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: URL Advisor Plugin - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)
Handler-x32: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Thomas\AppData\Roaming\Mozilla\Firefox\C:\ProgramData\Kaspersky Lab\SafeBrowser\S-1-5-21-555805604-3510725378-1460008320-1000\FireFox
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_13_0_0_206.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.3.0 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @esn/npbattlelog,version=2.3.2 - C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @Nero.com/KM - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin-x32: @ngm.nexoneu.com/NxGame - C:\ProgramData\NexonEU\NGM\npNxGameEU.dll (Nexon)
FF Plugin-x32: @t.garena.com/garenatalk - C:\Program Files (x86)\Garena Plus\bbtalk\plugins\npPlugin\npGarenaTalkPlugin.dll ( Garena)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF Plugin HKCU: amazon.com/AmazonMP3DownloaderPlugin - C:\Users\Thomas\AppData\Local\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10181.dll (Amazon.com, Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKLM-x32\...\Firefox\Extensions:  - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com
FF Extension: 卡巴斯基網址顧問 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\url_advisor@kaspersky.com [2014-04-06]
FF HKLM-x32\...\Firefox\Extensions: [virtual_keyboard@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com
FF Extension: 虛擬鍵盤 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\virtual_keyboard@kaspersky.com [2014-04-06]
FF HKLM-x32\...\Firefox\Extensions: [content_blocker@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com
FF Extension: 惡意網站攔截器 - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\content_blocker@kaspersky.com [2014-04-06]
FF HKLM-x32\...\Firefox\Extensions: [anti_banner@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com
FF Extension: Chặn quảng cáo - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\anti_banner@kaspersky.com [2014-04-06]
FF HKLM-x32\...\Firefox\Extensions: [online_banking@kaspersky.com] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com
FF Extension: Safe Money - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\FFExt\online_banking@kaspersky.com [2014-04-06]

Chrome:
=======
CHR HomePage:
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Nero Kwik Media Helper) - C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR Plugin: (ESN Launch Mozilla Plugin) - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll No File
CHR Plugin: (ESN Sonar API) - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (iTunes Application Detector) - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll No File
CHR Plugin: (Shockwave Flash) - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\SysWOW64\npDeployJava1.dll No File
CHR Extension: (Google Docs) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-07]
CHR Extension: (Google Drive) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-07]
CHR Extension: (YouTube) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-07]
CHR Extension: (Google-Suche) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-07]
CHR Extension: (Modul zur Link-Untersuchung) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\dchlnpcodkpfdpacogkljefecpegganj [2013-05-20]
CHR Extension: (Virtuelle Tastatur) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\jagncdcchgajhfhijbbhecadmaiegcmh [2013-05-20]
CHR Extension: (Google Wallet) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-19]
CHR Extension: (Google Mail) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-07]
CHR Extension: (Anti-Banner) - C:\Users\Thomas\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjldcfjmnllhmgjclecdnfampinooman [2013-05-20]
CHR HKLM-x32\...\Chrome\Extension: [blbkdnmdcafmfhinpmnlhhddbepgkeaa] - https://chrome.google.com/webstore/detail/blbkdnmdcafmfhinpmnlhhddbepgkeaa [2013-05-20]
CHR HKLM-x32\...\Chrome\Extension: [dchlnpcodkpfdpacogkljefecpegganj] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\urladvisor.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hakdifolhalapjijoafobooafbilfakh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\online_banking_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [hghkgaeecgjhjkannahfamoehjmkjail] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\content_blocker_chrome.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [jagncdcchgajhfhijbbhecadmaiegcmh] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\virtkbd.crx [2013-10-17]
CHR HKLM-x32\...\Chrome\Extension: [pjldcfjmnllhmgjclecdnfampinooman] - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\ChromeExt\ab.crx [2013-10-17]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
R2 AVP; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 14.0.0\avp.exe [214512 2013-10-17] (Kaspersky Lab ZAO)
S3 npggsvc; C:\Windows\SysWOW64\GameMon.des [4788272 2013-11-19] (INCA Internet Co., Ltd.)
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2014-04-16] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [3921880 2013-10-15] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [1042272 2013-09-20] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171416 2013-09-13] (Safer-Networking Ltd.)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-20] (Advanced Micro Devices)
R0 kl1; C:\Windows\System32\DRIVERS\kl1.sys [458336 2014-04-06] (Kaspersky Lab ZAO)
S4 klflt; C:\Windows\System32\DRIVERS\klflt.sys [115296 2014-04-06] (Kaspersky Lab ZAO)
R1 KLIF; C:\Windows\System32\DRIVERS\klif.sys [625248 2014-04-06] (Kaspersky Lab ZAO)
R1 KLIM6; C:\Windows\System32\DRIVERS\klim6.sys [29792 2013-10-17] (Kaspersky Lab ZAO)
R3 klkbdflt; C:\Windows\System32\DRIVERS\klkbdflt.sys [29280 2014-04-06] (Kaspersky Lab ZAO)
R3 klmouflt; C:\Windows\System32\DRIVERS\klmouflt.sys [29280 2013-10-17] (Kaspersky Lab ZAO)
R1 klpd; C:\Windows\System32\DRIVERS\klpd.sys [15456 2013-04-12] (Kaspersky Lab ZAO)
R1 kltdi; C:\Windows\System32\DRIVERS\kltdi.sys [55904 2013-05-14] (Kaspersky Lab ZAO)
R1 kneps; C:\Windows\System32\DRIVERS\kneps.sys [178272 2014-04-06] (Kaspersky Lab ZAO)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys [X]
S3 FairplayKD; \??\C:\ProgramData\MTA San Andreas All\Common\temp\FairplayKD.sys [X]
S3 GGSAFERDriver; \??\C:\Program Files (x86)\Garena Plus\Room\safedrv.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
S3 xhunter1; \??\C:\Windows\xhunter1.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-01 18:52 - 2014-05-01 18:52 - 00020977 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-05-01 18:51 - 2014-05-01 18:51 - 02061824 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2014-05-01 18:48 - 2014-05-01 18:48 - 00000987 _____ () C:\Users\Thomas\Desktop\JRT.txt
2014-05-01 18:43 - 2014-05-01 18:43 - 00000000 ____D () C:\Windows\ERUNT
2014-05-01 18:41 - 2014-05-01 18:41 - 00002488 _____ () C:\Users\Thomas\Desktop\AdwCleaner[S0].txt
2014-05-01 16:37 - 2014-05-01 18:39 - 00000000 ____D () C:\AdwCleaner
2014-05-01 16:37 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\SysWOW64\sqlite3.dll
2014-05-01 16:29 - 2014-05-01 16:29 - 00001150 _____ () C:\Users\Thomas\Desktop\mbam0105.txt
2014-05-01 16:00 - 2014-05-01 16:30 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 15:59 - 2014-05-01 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-01 15:59 - 2014-05-01 15:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-01 15:59 - 2014-04-03 09:51 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-01 15:59 - 2014-04-03 09:51 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-18 01:21 - 2014-04-18 01:21 - 00024087 _____ () C:\ComboFix.txt
2014-04-18 01:17 - 2011-06-26 08:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-04-18 01:17 - 2010-11-07 19:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-04-18 01:17 - 2009-04-20 06:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-04-18 01:17 - 2000-08-31 02:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-04-18 01:17 - 2000-08-31 02:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-04-18 01:17 - 2000-08-31 02:00 - 00098816 _____ () C:\Windows\sed.exe
2014-04-18 01:17 - 2000-08-31 02:00 - 00080412 _____ () C:\Windows\grep.exe
2014-04-18 01:17 - 2000-08-31 02:00 - 00068096 _____ () C:\Windows\zip.exe
2014-04-18 01:15 - 2014-04-18 01:21 - 00000000 ____D () C:\Qoobox
2014-04-18 01:14 - 2014-04-18 01:20 - 00000000 ____D () C:\Windows\erdnt
2014-04-15 20:33 - 2014-04-15 20:33 - 00000807 _____ () C:\Users\Public\Desktop\Call of Duty 4.lnk
2014-04-15 20:33 - 2014-04-15 20:33 - 00000807 _____ () C:\Users\Public\Desktop\Call of Duty 4 Multiplayer.lnk
2014-04-15 20:32 - 2014-04-15 20:32 - 00000317 _____ () C:\Windows\game.ini
2014-04-15 20:32 - 2014-04-15 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2014-04-15 19:46 - 2014-04-16 19:43 - 00000000 ____D () C:\Users\Thomas\Documents\Battlefield 2142
2014-04-15 19:33 - 2014-04-15 19:33 - 00000968 _____ () C:\Users\Public\Desktop\Battlefield 2142.lnk
2014-04-15 19:32 - 2014-04-15 19:32 - 00000810 _____ () C:\Windows\DXError.log
2014-04-15 19:28 - 2014-04-15 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2014-04-15 19:13 - 2014-04-15 19:13 - 00000985 _____ () C:\Users\Public\Desktop\Battlefield 2 Special Forces.lnk
2014-04-15 19:07 - 2014-04-15 21:24 - 00000000 ____D () C:\Users\Thomas\Documents\Battlefield 2
2014-04-15 19:06 - 2014-04-15 19:06 - 00000879 _____ () C:\Users\Public\Desktop\Battlefield 2.lnk
2014-04-15 18:07 - 2014-04-15 18:07 - 00001371 _____ () C:\Users\Thomas\Desktop\Medal of Honor.lnk
2014-04-15 18:04 - 2014-04-15 18:04 - 00000000 ____D () C:\Users\Thomas\Documents\EA Games
2014-04-15 18:03 - 2010-09-16 09:13 - 02601752 _____ () C:\Windows\SysWOW64\pbsvc_moh.exe
2014-04-14 12:17 - 2014-04-14 12:17 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-11 02:07 - 2014-04-11 02:07 - 00000000 ____D () C:\Users\Thomas\Documents\Electronic Arts
2014-04-11 02:07 - 2014-04-11 02:07 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Electronic Arts
2014-04-11 02:05 - 2014-04-11 02:05 - 00013724 _____ () C:\Users\Thomas\Documents\Lebenslauf.odt
2014-04-09 15:19 - 2014-03-31 03:16 - 23134208 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-04-09 15:19 - 2014-03-31 03:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-04-09 15:19 - 2014-03-31 02:13 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2014-04-09 15:19 - 2014-03-31 01:57 - 17073152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2014-04-09 15:19 - 2014-03-04 11:44 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2014-04-09 15:19 - 2014-03-04 11:44 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2014-04-09 15:19 - 2014-03-04 11:44 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2014-04-09 15:19 - 2014-03-04 11:44 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2014-04-09 15:19 - 2014-03-04 11:44 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2014-04-09 15:19 - 2014-03-04 11:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2014-04-09 15:19 - 2014-03-04 11:16 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2014-04-09 15:19 - 2014-03-04 11:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2014-04-09 15:19 - 2014-03-04 11:16 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2014-04-09 15:19 - 2014-03-04 10:09 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2014-04-09 15:19 - 2014-03-04 10:09 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2014-04-09 15:19 - 2014-02-04 04:35 - 00274880 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\msiscsi.sys
2014-04-09 15:19 - 2014-02-04 04:35 - 00190912 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2014-04-09 15:19 - 2014-02-04 04:35 - 00027584 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Diskdump.sys
2014-04-09 15:19 - 2014-02-04 04:28 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\iologmsg.dll
2014-04-09 15:19 - 2014-02-04 04:00 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iologmsg.dll
2014-04-09 15:19 - 2014-01-24 04:37 - 01684928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2014-04-07 22:46 - 2014-04-07 22:46 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-07 22:45 - 2014-04-09 00:53 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-07 22:45 - 2014-04-07 22:47 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-07 22:45 - 2014-04-07 22:45 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-07 22:45 - 2014-04-07 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-07 22:45 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\Windows\system32\sdnclean64.exe
2014-04-07 21:11 - 2014-05-01 18:52 - 00000000 ____D () C:\FRST
2014-04-07 21:10 - 2014-04-07 21:10 - 00000000 _____ () C:\Users\Thomas\defogger_reenable
2014-04-06 15:44 - 2014-04-06 16:00 - 00002330 _____ () C:\Users\Thomas\Desktop\Sicherer Zahlungsverkehr.lnk
2014-04-06 15:43 - 2014-04-06 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-04-06 15:43 - 2013-05-06 09:13 - 00110176 _____ (Kaspersky Lab ZAO) C:\Windows\system32\klfphc.dll
2014-04-06 15:42 - 2014-04-06 15:49 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-04-06 15:42 - 2014-04-06 15:49 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-04-06 15:42 - 2014-04-06 15:42 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-04-06 15:42 - 2014-04-06 15:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-06 15:38 - 2014-04-06 15:38 - 00000000 ___SD () C:\Users\Thomas\Documents\Passwords Database
2014-04-05 02:12 - 2014-04-05 02:12 - 00000787 _____ () C:\Users\Public\Desktop\Dead Space.lnk
2014-04-05 02:12 - 2014-04-05 02:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space

==================== One Month Modified Files and Folders =======

2014-05-01 18:52 - 2014-05-01 18:52 - 00020977 _____ () C:\Users\Thomas\Downloads\FRST.txt
2014-05-01 18:52 - 2014-04-07 21:11 - 00000000 ____D () C:\FRST
2014-05-01 18:52 - 2013-02-06 17:17 - 00000000 ____D () C:\ProgramData\Kaspersky Lab
2014-05-01 18:51 - 2014-05-01 18:51 - 02061824 _____ (Farbar) C:\Users\Thomas\Downloads\FRST64.exe
2014-05-01 18:48 - 2014-05-01 18:48 - 00000987 _____ () C:\Users\Thomas\Desktop\JRT.txt
2014-05-01 18:47 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-01 18:47 - 2009-07-14 06:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-01 18:46 - 2011-04-12 09:43 - 00699092 _____ () C:\Windows\system32\perfh007.dat
2014-05-01 18:46 - 2011-04-12 09:43 - 00149232 _____ () C:\Windows\system32\perfc007.dat
2014-05-01 18:46 - 2009-07-14 07:13 - 01619284 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-01 18:43 - 2014-05-01 18:43 - 00000000 ____D () C:\Windows\ERUNT
2014-05-01 18:41 - 2014-05-01 18:41 - 00002488 _____ () C:\Users\Thomas\Desktop\AdwCleaner[S0].txt
2014-05-01 18:40 - 2013-05-17 17:17 - 00167662 _____ () C:\Windows\setupact.log
2014-05-01 18:40 - 2013-02-07 02:11 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-05-01 18:40 - 2010-11-21 05:47 - 00233604 _____ () C:\Windows\PFRO.log
2014-05-01 18:40 - 2009-07-14 07:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-01 18:39 - 2014-05-01 16:37 - 00000000 ____D () C:\AdwCleaner
2014-05-01 18:39 - 2013-05-18 18:03 - 01092969 _____ () C:\Windows\WindowsUpdate.log
2014-05-01 18:13 - 2013-02-06 22:18 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-01 18:05 - 2013-02-07 02:11 - 00001110 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-05-01 16:30 - 2014-05-01 16:00 - 00119512 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-01 16:29 - 2014-05-01 16:29 - 00001150 _____ () C:\Users\Thomas\Desktop\mbam0105.txt
2014-05-01 15:59 - 2014-05-01 15:59 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2014-05-01 15:59 - 2014-05-01 15:59 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes Anti-Malware
2014-05-01 15:59 - 2013-08-27 18:57 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-01 15:14 - 2013-11-10 16:13 - 00000000 ____D () C:\Program Files (x86)\File Type Advisor
2014-05-01 13:55 - 2014-02-07 00:08 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\GarenaPlus
2014-05-01 13:55 - 2014-02-07 00:04 - 00000000 ____D () C:\ProgramData\GarenaMessenger
2014-04-30 17:52 - 2014-02-07 00:05 - 00000000 ____D () C:\Program Files (x86)\Garena Plus
2014-04-30 15:15 - 2014-03-29 05:58 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-04-30 15:15 - 2013-02-06 21:48 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-04-29 01:13 - 2013-02-06 22:18 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-04-29 01:13 - 2013-02-06 22:18 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-04-29 01:13 - 2013-02-06 22:18 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-04-26 02:33 - 2013-11-03 21:54 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Xfire
2014-04-26 02:07 - 2013-02-07 02:12 - 00002175 _____ () C:\Users\Public\Desktop\Google Chrome.lnk
2014-04-25 01:16 - 2013-02-14 23:28 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\TS3Client
2014-04-24 15:24 - 2014-02-01 16:08 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Akamai
2014-04-24 15:14 - 2013-11-10 16:13 - 00003518 _____ () C:\Windows\System32\Tasks\FileAdvisorCheck
2014-04-24 15:14 - 2013-11-10 16:13 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Type Advisor
2014-04-18 01:44 - 2013-02-07 02:59 - 00000000 ____D () C:\ProgramData\Origin
2014-04-18 01:21 - 2014-04-18 01:21 - 00024087 _____ () C:\ComboFix.txt
2014-04-18 01:21 - 2014-04-18 01:15 - 00000000 ____D () C:\Qoobox
2014-04-18 01:21 - 2009-07-14 05:20 - 00000000 __RHD () C:\Users\Default
2014-04-18 01:20 - 2014-04-18 01:14 - 00000000 ____D () C:\Windows\erdnt
2014-04-18 01:20 - 2009-07-14 04:34 - 00000215 _____ () C:\Windows\system.ini
2014-04-16 21:55 - 2013-02-07 15:45 - 00000000 ____D () C:\Users\Thomas\AppData\Local\PunkBuster
2014-04-16 21:55 - 2013-02-07 03:32 - 00103736 _____ () C:\Windows\SysWOW64\PnkBstrB.exe
2014-04-16 20:14 - 2013-02-07 15:45 - 00281152 _____ () C:\Windows\SysWOW64\PnkBstrB.xtr
2014-04-16 20:14 - 2013-02-07 03:32 - 00281152 _____ () C:\Windows\SysWOW64\PnkBstrB.ex0
2014-04-16 20:14 - 2013-02-07 03:32 - 00076888 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2014-04-16 19:43 - 2014-04-15 19:46 - 00000000 ____D () C:\Users\Thomas\Documents\Battlefield 2142
2014-04-15 21:24 - 2014-04-15 19:07 - 00000000 ____D () C:\Users\Thomas\Documents\Battlefield 2
2014-04-15 20:34 - 2013-02-07 03:31 - 00449863 _____ () C:\Windows\DirectX.log
2014-04-15 20:33 - 2014-04-15 20:33 - 00000807 _____ () C:\Users\Public\Desktop\Call of Duty 4.lnk
2014-04-15 20:33 - 2014-04-15 20:33 - 00000807 _____ () C:\Users\Public\Desktop\Call of Duty 4 Multiplayer.lnk
2014-04-15 20:32 - 2014-04-15 20:32 - 00000317 _____ () C:\Windows\game.ini
2014-04-15 20:32 - 2014-04-15 20:32 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
2014-04-15 20:31 - 2013-02-22 00:03 - 00000000 ___HD () C:\Program Files (x86)\InstallShield Installation Information
2014-04-15 20:20 - 2013-02-06 17:04 - 00000000 ____D () C:\Users\Thomas\AppData\Local\VirtualStore
2014-04-15 19:46 - 2013-03-18 19:37 - 00000000 ____D () C:\Users\Thomas\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-04-15 19:33 - 2014-04-15 19:33 - 00000968 _____ () C:\Users\Public\Desktop\Battlefield 2142.lnk
2014-04-15 19:32 - 2014-04-15 19:32 - 00000810 _____ () C:\Windows\DXError.log
2014-04-15 19:28 - 2014-04-15 19:28 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts
2014-04-15 19:13 - 2014-04-15 19:13 - 00000985 _____ () C:\Users\Public\Desktop\Battlefield 2 Special Forces.lnk
2014-04-15 19:10 - 2013-03-19 23:50 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA GAMES
2014-04-15 19:06 - 2014-04-15 19:06 - 00000879 _____ () C:\Users\Public\Desktop\Battlefield 2.lnk
2014-04-15 18:07 - 2014-04-15 18:07 - 00001371 _____ () C:\Users\Thomas\Desktop\Medal of Honor.lnk
2014-04-15 18:04 - 2014-04-15 18:04 - 00000000 ____D () C:\Users\Thomas\Documents\EA Games
2014-04-15 18:03 - 2009-07-14 07:32 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2014-04-14 12:17 - 2014-04-14 12:17 - 00000000 ____D () C:\ProgramData\McAfee
2014-04-14 12:17 - 2013-02-19 17:41 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Adobe
2014-04-14 12:17 - 2009-07-14 05:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
2014-04-11 02:07 - 2014-04-11 02:07 - 00000000 ____D () C:\Users\Thomas\Documents\Electronic Arts
2014-04-11 02:07 - 2014-04-11 02:07 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Electronic Arts
2014-04-11 02:05 - 2014-04-11 02:05 - 00013724 _____ () C:\Users\Thomas\Documents\Lebenslauf.odt
2014-04-11 02:00 - 2013-02-07 00:15 - 00000000 ____D () C:\Users\Thomas\Documents\Bewerbungsunterlagen
2014-04-11 01:32 - 2009-07-14 05:20 - 00000000 ____D () C:\Windows\rescache
2014-04-10 01:20 - 2013-07-28 15:03 - 00000000 ____D () C:\Windows\system32\MRT
2014-04-10 01:18 - 2013-04-13 18:42 - 90655440 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2014-04-09 01:22 - 2013-02-07 03:15 - 00000000 ____D () C:\Users\Thomas\AppData\Local\Last.fm
2014-04-09 00:53 - 2014-04-07 22:45 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-04-07 22:47 - 2014-04-07 22:45 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-04-07 22:46 - 2014-04-07 22:46 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-04-07 22:45 - 2014-04-07 22:45 - 00001391 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2014-04-07 22:45 - 2014-04-07 22:45 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2014-04-07 21:10 - 2014-04-07 21:10 - 00000000 _____ () C:\Users\Thomas\defogger_reenable
2014-04-07 21:10 - 2013-02-06 17:04 - 00000000 ____D () C:\Users\Thomas
2014-04-07 15:40 - 2014-01-01 02:21 - 00000045 _____ () C:\Users\Thomas\jagex_cl_runescape_LIVE.dat
2014-04-07 15:40 - 2014-01-01 02:21 - 00000024 _____ () C:\Users\Thomas\random.dat
2014-04-06 16:00 - 2014-04-06 15:44 - 00002330 _____ () C:\Users\Thomas\Desktop\Sicherer Zahlungsverkehr.lnk
2014-04-06 15:49 - 2014-04-06 15:42 - 00625248 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klif.sys
2014-04-06 15:49 - 2014-04-06 15:42 - 00115296 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klflt.sys
2014-04-06 15:49 - 2013-10-17 15:47 - 00458336 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kl1.sys
2014-04-06 15:49 - 2013-10-17 15:47 - 00029280 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\klkbdflt.sys
2014-04-06 15:49 - 2013-06-06 17:38 - 00178272 _____ (Kaspersky Lab ZAO) C:\Windows\system32\Drivers\kneps.sys
2014-04-06 15:43 - 2014-04-06 15:43 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Internet Security
2014-04-06 15:42 - 2014-04-06 15:42 - 00000000 ____D () C:\Windows\ELAMBKUP
2014-04-06 15:42 - 2014-04-06 15:42 - 00000000 ____D () C:\Program Files (x86)\Kaspersky Lab
2014-04-06 15:38 - 2014-04-06 15:38 - 00000000 ___SD () C:\Users\Thomas\Documents\Passwords Database
2014-04-05 02:12 - 2014-04-05 02:12 - 00000787 _____ () C:\Users\Public\Desktop\Dead Space.lnk
2014-04-05 02:12 - 2014-04-05 02:12 - 00000000 ____D () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dead Space
2014-04-03 09:51 - 2014-05-01 15:59 - 00088280 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-04-03 09:51 - 2014-05-01 15:59 - 00063192 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-04-03 09:50 - 2013-08-27 18:57 - 00025816 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys

Files to move or delete:
====================
C:\Users\Thomas\jagex_cl_oldschool_LIVE.dat
C:\Users\Thomas\jagex_cl_runescape_LIVE.dat
C:\Users\Thomas\jagex_cl_runescape_LIVE1.dat
C:\Users\Thomas\random.dat


Some content of TEMP:
====================
C:\Users\Thomas\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-04-29 16:34

==================== End Of Log ============================
--- --- ---

schrauber 02.05.2014 16:40

ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme? :)

MrStewart 14.07.2014 13:30
Hab jetzt ein neues Problem... Kaspersky hat 9 Bedrohungen, alles Dateien von RadioRage_4j erkannt, den Order im Zielpfad also diesen Programfiles(x86) RadioRage4j kann ich auch nicht löschen, weil der Ordner oder eine Datei darin angeblich geöffnet ist. Wie soll ich den Mist denn jetzt löschen? :(

schrauber 14.07.2014 18:01
Mach doch einfach was oben steht....


Alle Zeitangaben in WEZ +1. Es ist jetzt 10:29 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131