| |
| |||||||
Log-Analyse und Auswertung: SPR/RedCap (Cloud)-Programm, Ungültiges Bild - xxx.dll bei ProgrammstartWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
02.02.2015, 22:08
| #1 |
 |  weitere LOGs und hier noch FRST Audition LOG : Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by ******** User at 2015-02-02 20:30:40
Running from C:\Users\******** User\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2.0 (HKLM-x32\...\Free Video to GIF Converter_is1) (Version: 2.0 - www.video-gif-converter.com)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.4 64-bit (HKLM\...\{1D5CE83C-BFDD-4668-8BCB-E8614334A657}) (Version: 3.4.1 - Adobe)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Any Video Converter 5.6.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
AOMEI Backupper (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
CodeMeter Runtime Kit v5.10c (HKLM\...\{EBCC5C48-6D71-4587-A6CA-BE76056EFAFC}) (Version: 5.10.1241.503 - WIBU-SYSTEMS AG)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Creative Centrale (HKLM-x32\...\Creative Centrale) (Version: 1.17.01 - Creative Technology Ltd.)
Creative Centrale (x32 Version: 1.17.01 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0 - ITSG GmbH)
dakota.ag (x32 Version: 6.0 - ITSG GmbH) Hidden
DDBAC (HKLM-x32\...\{A62AD31F-C77C-4383-801C-2B5579E86F67}) (Version: 08.08.0000 - windata GmbH & Co.KG)
Dropbox (HKU\S-1-5-21-4053853362-2496096949-833470796-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.15910 - Landesfinanzdirektion Thüringen)
ffdshow v1.3.4531 [2014-06-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4531.0 - )
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.40.514 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.40.514 - DVDVideoSoft Ltd.)
Free Audio to Flash Converter version 5.0.39.430 (HKLM-x32\...\Free Audio to Flash Converter_is1) (Version: 5.0.39.430 - DVDVideoSoft Ltd.)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.4.604 - DVDVideoSoft Ltd.)
Free Video Converter (HKLM-x32\...\Free Video Converter) (Version: 1.0.1.4 - Extensoft)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hardlock Gerätetreiber (HKLM-x32\...\Hardlock Gerätetreiber) (Version: - )
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
INFORM (HKLM-x32\...\{6554815C-24E2-4B54-AE6D-E3BB0D824043}) (Version: - )
Inkscape 0.48 (HKLM-x32\...\Inkscape) (Version: 0.48 - Partha Bagchi)
InkscapeBatch (HKLM-x32\...\InkscapeBatch) (Version: - )
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lexware Elster (HKLM-x32\...\{3CDE9277-9569-4098-A07C-293B1D86E27D}) (Version: 15.02.00.0011 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (HKLM-x32\...\{938be26d-4ec5-43a6-b9c5-5ba06d26bf39}) (Version: 18.51.0.199 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.51.00.0199 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG)
Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
MAGIX Web Designer 9 Premium (HKLM\...\MX.{B497E1E1-E2E9-4B93-B242-86087EDEDF92}) (Version: 9.0.1.27343 - MAGIX AG)
MAGIX Web Designer 9 Premium (Version: 9.0.1.27343 - MAGIX AG) Hidden
MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version: - MEDION)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4053853362-2496096949-833470796-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mouse Driver (HKLM-x32\...\InstallShield_{24236089-DB6C-4DA6-9B33-7C802099B889}) (Version: 5.1 - Driver Builder)
Mouse Driver (x32 Version: 5.1 - Driver Builder) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\MPEG4E) (Version: - )
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Outlook on the Desktop version 3.1.0 (HKU\S-1-5-21-4053853362-2496096949-833470796-1001\...\{6D9785D9-FF53-4C06-9C2A-E4173D41A2FD}_is1) (Version: 3.1.0 - Michael Scrivo)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
PYTHA 21 (HKLM\...\{1AC02F3B-E9CD-47B0-A6E1-4CB643B0CE18}) (Version: 21.2014.0407.0852 - PYTHA Lab GmbH)
PYTHA Texturen 20.2012.0710.1715 (HKLM\...\{7CF669F5-9D35-4C8B-B556-B8FE7B53359D}) (Version: 20.2012.0710.1715 - PYTHA Lab GmbH)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.30.69 - Client Connect LTD) <==== ATTENTION
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.0.1) (Version: 2.0.1 - Sparkol)
Sparkol VideoScribe (x32 Version: 2.0.1 - Sparkol) Hidden
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH)
TuxGuitar (HKLM-x32\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
windata 8 (HKLM-x32\...\{34C6D00B-D2B8-40A9-ABB1-89EBC1E826D8}) (Version: 08.08.0000 - windata GmbH & Co.KG)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WoodWorks 1.5 (HKLM-x32\...\WoodWorks) (Version: 1.5 - Robert Denk)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-03-24 13:03 - 00000852 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
==================== Loaded Modules (whitelisted) =============
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () P:\Programme (x86)\FileZilla FTP Client\fzshellext_64.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-4053853362-2496096949-833470796-500 - Administrator - Disabled)
******** (S-1-5-21-4053853362-2496096949-833470796-1000 - Administrator - Enabled) => C:\Users\********
******** User (S-1-5-21-4053853362-2496096949-833470796-1001 - Limited - Enabled) => C:\Users\******** User
Gast (S-1-5-21-4053853362-2496096949-833470796-501 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/02/2015 08:02:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 07:58:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
Error: (02/02/2015 06:01:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 06:38:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2015 07:58:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
Error: (02/01/2015 07:13:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
Error: (02/01/2015 07:13:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
Error: (02/01/2015 07:13:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
Error: (02/01/2015 07:00:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
Error: (02/01/2015 07:00:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
System errors:
=============
Error: (02/02/2015 06:01:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NVIDIA Network Service erreicht.
Error: (02/02/2015 05:59:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Lexware Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/02/2015 05:59:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Lexware Update Service erreicht.
Error: (01/28/2015 06:40:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (01/22/2015 06:47:14 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (01/05/2015 04:38:18 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LUDI-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{313D1A27-FCE7-4C9A-B54E-B633E5C7BCFA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/03/2015 08:45:33 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LUDI-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{313D1A27-FCE7-4C9A-B54E-B633E5C7BCFA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/02/2015 09:18:31 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LUDI-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{313D1A27-FCE7-4C9A-B54E-B633E5C7BCFA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/02/2015 08:41:15 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LUDI-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{313D1A27-FCE7-4C9A-B54E-B633E5C7BCFA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/01/2015 09:33:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (02/02/2015 08:02:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 07:58:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable)
Error: (02/02/2015 06:01:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 06:38:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2015 07:58:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable)
Error: (02/01/2015 07:13:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable)
Error: (02/01/2015 07:13:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable)
Error: (02/01/2015 07:13:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable)
Error: (02/01/2015 07:00:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable)
Error: (02/01/2015 07:00:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable)
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8134.66 MB
Available physical RAM: 5475.31 MB
Total Pagefile: 16267.5 MB
Available Pagefile: 13249.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:119.35 GB) (Free:41.42 GB) NTFS
Drive f: (40117_23) (CDROM) (Total:0.48 GB) (Free:0 GB) CDFS
Drive i: (CODEMETER) (Fixed) (Total:0.04 GB) (Free:0 GB) FAT32
Drive p: (Programme) (Fixed) (Total:292.96 GB) (Free:274.83 GB) NTFS
Drive r: (Daten) (Fixed) (Total:390.62 GB) (Free:269.04 GB) NTFS
Drive s: (Sicherungen) (Fixed) (Total:128.23 GB) (Free:56.14 GB) NTFS
Drive z: () (Network) (Total:930.9 GB) (Free:499.2 GB)
==================== MBR & Partition Table ==================
==================== End Of Log ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-02 20:54:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_DT01ACA100 rev.MS2OA750 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\freisinn\AppData\Local\Temp\kgrcakod.sys
---- User code sections - GMER 2.1 ----
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a4f9e0 5 bytes JMP 00000001650cea93
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 0000000077a4fa28 5 bytes JMP 00000001650cf0f8
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 0000000077a4fa40 5 bytes JMP 00000001650cd830
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 0000000077a4fa90 5 bytes JMP 00000001650cd38c
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077a4faa8 5 bytes JMP 00000001650cd67d
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 0000000077a4fb40 5 bytes JMP 00000001650cf338
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077a4fc38 5 bytes JMP 00000001650da713
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 0000000077a4fd4c 5 bytes JMP 00000001650cd1d4
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a4fd64 5 bytes JMP 00000001650d9d35
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 0000000077a4fd98 5 bytes JMP 00000001650da030
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077a4fe44 5 bytes JMP 00000001650ce668
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000077a4fe5c 5 bytes JMP 00000001650d9e5e
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077a500b4 5 bytes JMP 00000001650d9b7a
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077a501c4 5 bytes JMP 00000001650cd9d8
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted 0000000077a50754 5 bytes JMP 00000001650cf3da
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 0000000077a509e4 5 bytes JMP 00000001650d9d72
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 0000000077a509fc 5 bytes JMP 00000001650ccfa8
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077a50a44 5 bytes JMP 00000001650cdb8e
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077a50b80 5 bytes JMP 00000001650cd0be
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077a50f70 5 bytes JMP 00000001650ce01b
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a50f88 5 bytes JMP 00000001650ce1b7
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077a51018 5 bytes JMP 00000001650cf185
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted 0000000077a51030 5 bytes JMP 00000001650cf2a8
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx 0000000077a51048 5 bytes JMP 00000001650cf215
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000077a5133c 5 bytes JMP 00000001650d9f47
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 0000000077a5147c 5 bytes JMP 00000001650cde8e
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077a51528 5 bytes JMP 00000001650ce37b
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077a51718 5 bytes JMP 00000001650cdd06
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077a51a58 5 bytes JMP 00000001650cd535
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077a51b9c 5 bytes JMP 00000001650ce4fd
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007738103d 5 bytes JMP 00000001650b3904
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077381072 5 bytes JMP 00000001650b3d68
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077388791 5 bytes JMP 0000000160ea99c1
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 00000000773ac9b5 5 bytes JMP 00000001650b3a1e
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\kernel32.dll!WinExec 0000000077402ff1 5 bytes JMP 00000001650b3c62
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076b62642 5 bytes JMP 00000001650b3f75
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000076fe9ebd 5 bytes JMP 0000000160ec99ff
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000076ff0afa 5 bytes JMP 0000000160ece26c
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076ff1361 5 bytes JMP 0000000160edc8b4
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\USER32.dll!ValidateRect 0000000076ff7849 5 bytes JMP 0000000161051f12
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\SHELL32.dll!SHParseDisplayName 0000000075ea7ea3 5 bytes JMP 0000000160fa54dc
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076c16143 5 bytes JMP 000000016164debe
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 0000000076c1ea09 7 bytes JMP 00000001650ee370
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!OleRun 0000000076c207de 5 bytes JMP 00000001650ede9e
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 0000000076c221e1 5 bytes JMP 00000001650f1745
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!OleUninitialize 0000000076c2eba1 6 bytes JMP 00000001650ede15
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!OleInitialize 0000000076c2efd7 5 bytes JMP 00000001650eddcd
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000076c454ad 5 bytes JMP 00000001650efdbb
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoInitializeEx 0000000076c509ad 5 bytes JMP 00000001650edd6d
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoUninitialize 0000000076c586d3 5 bytes JMP 00000001650f07cf
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c59d0b 5 bytes JMP 00000001650f14ec
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076c59d4e 5 bytes JMP 00000001650ef3c7
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 0000000076c7bb09 7 bytes JMP 00000001650edee6
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 0000000076c9eacf 5 bytes JMP 00000001650efa7c
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 0000000076cd340b 5 bytes JMP 00000001650f08cf
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 0000000076d1cfd9 5 bytes JMP 00000001650ede56
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\oleaut32.dll!SysFreeString 00000000771f3e59 5 bytes JMP 0000000160f00b7f
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\oleaut32.dll!VariantClear 00000000771f3eae 5 bytes JMP 0000000160f1d70c
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\oleaut32.dll!SysAllocStringByteLen 00000000771f4731 5 bytes JMP 0000000160f68714
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\oleaut32.dll!VariantChangeType 00000000771f5dee 5 bytes JMP 0000000160f9a6a0
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\oleaut32.dll!RegisterActiveObject 00000000772227ce 5 bytes JMP 00000001650f03db
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\oleaut32.dll!RevokeActiveObject 00000000772232c4 5 bytes JMP 00000001650edd25
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\oleaut32.dll!GetActiveObject 0000000077238f80 5 bytes JMP 00000001650f056f
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
? C:\Windows\system32\mssprxy.dll [5704] entry point in ".rdata" section 0000000051d471e6
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Program Files\Microsoft Office 15\Root\Office15\outlrpc.dll!MAPIRevokeMoniker@4 + 657 00000000671a287c 4 bytes [C3, BF, 8A, D4]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [2604:3660] 000007fef3c59688
Thread C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe [4824:5720] 0000000064cb784b
Thread C:\Windows\SysWOW64\ntdll.dll [6296:3032] 0000000000dd58be
Thread C:\Windows\SysWOW64\ntdll.dll [6296:2348] 0000000072f732fb
---- Processes - GMER 2.1 ----
Library c:\users\freisinn\appdata\local\temp\7zs54b7\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [620] (HP Network Devices Support/Hewlett-Packard Co.)(2014-04-07 16:59:51) 0000000180000000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 0000000073230000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000064400000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832](2014-10-22 00:22:50) 0000000073170000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000063c00000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (ICU I18N DLL/The ICU Project)(2014-10-22 00:22:50) 000000004a900000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (ICU Common DLL/The ICU Project)(2014-10-22 00:22:50) 0000000004560000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (ICU Data DLL/The ICU Project)(2014-10-22 00:22:50) 000000004ad00000
Library c:\users\freisi~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqiqjzl.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832](2015-02-02 19:07:32) 00000000040e0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 00000000641d0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000005f9b0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000005efe0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000005e7e0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 00000000641a0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832](2014-10-22 00:22:50) 0000000064f50000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 0000000064170000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000064130000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 00000000640e0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832](2014-10-22 00:22:48) 00000000633f0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832](2014-10-22 00:22:46) 00000000582c0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE [5704] 0000000060ea0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE [5704] 00000000598d0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE [5704] 0000000051670000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\MSLID.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE [5704] 00000000546d0000
---- EOF - GMER 2.1 ----
|
|
02.02.2015, 22:33
| #2 |
| | Admin-Rechte Guten Abend Cosinus,
__________________ich habe Admin-Rechte. Wir haben damit mal was ausprobiert, haben es aber dann letztlich von einer Werbeagentur machen lassen, gehört eigentlich gelöscht, da für uns zu kompliziert. Soll ich es gleich löschen und die Logs nochmal machen ? Hallo Cosinus, die Adobe-Software wird gerade deinstalliert. |
|
| Themen zu SPR/RedCap (Cloud)-Programm, Ungültiges Bild - xxx.dll bei Programmstart |
| avira, desktop, download, explorer.exe, fehlermeldung, google, infizierte, log, lsass.exe, microsoft, modul, namen, neustart, programm, programme, programmstart, prozesse, registry, services.exe, software, svchost.exe, system32, tracker, vc32loader.dll, warnung, winlogon.exe, wmp |
Hybrid-Darstellung
