und hier noch FRST Audition LOG :
Code:
Alles auswählen Aufklappen ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-02-2015
Ran by ******** User at 2015-02-02 20:30:40
Running from C:\Users\******** User\Desktop
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Avira Desktop (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Desktop (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
2.0 (HKLM-x32\...\Free Video to GIF Converter_is1) (Version: 2.0 - www.video-gif-converter.com)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Anchor Service x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CMaps x64 CS4 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe CSI CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Drive CS4 x64 (Version: 1 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 11 Plugin 64-bit (HKLM\...\Adobe Flash Player Plugin) (Version: 11.1.102.63 - Adobe Systems Incorporated)
Adobe Flash Player ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 9.0.124.0 - Adobe Systems Incorporated)
Adobe Fonts All x64 (Version: 2.0 - Adobe Systems Incorporated) Hidden
Adobe Linguistics CS4 x64 (Version: 4.0.0 - Adobe Systems Incorporated) Hidden
Adobe PDF Library Files x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (64 Bit) (Version: 11.0 - Adobe Systems Incorporated) Hidden
Adobe Photoshop CS4 (HKLM-x32\...\Adobe_faf656ef605427ee2f42989c3ad31b8) (Version: 11.0 - Adobe Systems Incorporated)
Adobe Photoshop Elements 7.0 (HKLM-x32\...\Adobe Photoshop Elements 7) (Version: 7.0 - Adobe Systems Incorporated)
Adobe Photoshop Lightroom 3.4 64-bit (HKLM\...\{1D5CE83C-BFDD-4668-8BCB-E8614334A657}) (Version: 3.4.1 - Adobe)
Adobe Type Support x64 CS4 (Version: 9.0 - Adobe Systems Incorporated) Hidden
Adobe WinSoft Linguistics Plugin x64 (Version: 1.1 - Adobe Systems Incorporated) Hidden
Any Video Converter 5.6.6 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
AOMEI Backupper (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536C09D}_is1) (Version: - AOMEI Technology Co., Ltd.)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
Avira (HKLM-x32\...\{2c18809c-4097-4b51-a4d0-3deade730ef3}) (Version: 1.1.29.22350 - Avira Operations & Co. KG)
Avira (x32 Version: 1.1.29.22350 - Avira Operations & Co. KG) Hidden
Avira Free Antivirus (HKLM-x32\...\Avira AntiVir Desktop) (Version: 14.0.7.468 - Avira)
CCleaner (HKLM\...\CCleaner) (Version: 4.11 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.3.4643 - CDBurnerXP)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5000 - CDBurnerXP)
Cobian Backup 11 Gravity (HKLM-x32\...\CobBackup11) (Version: - )
CodeMeter Runtime Kit v5.10c (HKLM\...\{EBCC5C48-6D71-4587-A6CA-BE76056EFAFC}) (Version: 5.10.1241.503 - WIBU-SYSTEMS AG)
Connect (x32 Version: 1.0.0.1 - Adobe Systems Incorporated) Hidden
Creative Centrale (HKLM-x32\...\Creative Centrale) (Version: 1.17.01 - Creative Technology Ltd.)
Creative Centrale (x32 Version: 1.17.01 - Creative Technology Ltd.) Hidden
Creative Software Update (x32 Version: 1.03.01 - Creative Technology Ltd.) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
dakota.ag (HKLM-x32\...\dakota.ag) (Version: 6.0 - ITSG GmbH)
dakota.ag (x32 Version: 6.0 - ITSG GmbH) Hidden
DDBAC (HKLM-x32\...\{A62AD31F-C77C-4383-801C-2B5579E86F67}) (Version: 08.08.0000 - windata GmbH & Co.KG)
Dropbox (HKU\S-1-5-21-4053853362-2496096949-833470796-1001\...\Dropbox) (Version: 3.0.3 - Dropbox, Inc.)
ElsterFormular (HKLM-x32\...\ElsterFormular) (Version: 16.0.15910 - Landesfinanzdirektion Thüringen)
ffdshow v1.3.4531 [2014-06-28] (HKLM-x32\...\ffdshow_is1) (Version: 1.3.4531.0 - )
FileZilla Client 3.9.0.6 (HKLM-x32\...\FileZilla Client) (Version: 3.9.0.6 - Tim Kosse)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Audio Converter version 5.0.40.514 (HKLM-x32\...\Free Audio Converter_is1) (Version: 5.0.40.514 - DVDVideoSoft Ltd.)
Free Audio to Flash Converter version 5.0.39.430 (HKLM-x32\...\Free Audio to Flash Converter_is1) (Version: 5.0.39.430 - DVDVideoSoft Ltd.)
Free Studio version 2014 (HKLM-x32\...\Free Studio_is1) (Version: 6.3.4.604 - DVDVideoSoft Ltd.)
Free Video Converter (HKLM-x32\...\Free Video Converter) (Version: 1.0.1.4 - Extensoft)
Free YouTube to MP3 Converter version 3.12.32.327 (HKLM-x32\...\Free YouTube to MP3 Converter_is1) (Version: 3.12.32.327 - DVDVideoSoft Ltd.)
Galería de fotos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Galerie de photos (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 40.0.2214.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Hardlock Gerätetreiber (HKLM-x32\...\Hardlock Gerätetreiber) (Version: - )
HP Update (HKLM-x32\...\{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}) (Version: 5.003.003.001 - Hewlett-Packard)
INFORM (HKLM-x32\...\{6554815C-24E2-4B54-AE6D-E3BB0D824043}) (Version: - )
Inkscape 0.48 (HKLM-x32\...\Inkscape) (Version: 0.48 - Partha Bagchi)
InkscapeBatch (HKLM-x32\...\InkscapeBatch) (Version: - )
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217065FF}) (Version: 7.0.650 - Oracle)
Java 8 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218025F0}) (Version: 8.0.250 - Oracle Corporation)
Java SE Development Kit 8 Update 5 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180050}) (Version: 8.0.50 - Oracle Corporation)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
kuler (x32 Version: 2.0 - Adobe Systems Incorporated) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - )
Lexware Elster (HKLM-x32\...\{3CDE9277-9569-4098-A07C-293B1D86E27D}) (Version: 15.02.00.0011 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (HKLM-x32\...\{938be26d-4ec5-43a6-b9c5-5ba06d26bf39}) (Version: 18.51.0.199 - Haufe-Lexware GmbH & Co.KG)
Lexware financial office 2014 (x32 Version: 18.51.00.0199 - Haufe-Lexware GmbH & Co.KG) Hidden
Lexware Info Service (HKLM-x32\...\{C5F9841A-CE4B-4D57-AB97-D7A82910E1F6}) (Version: 4.51.00.0091 - Haufe-Lexware GmbH & Co.KG)
Lexware Installations Dienst (HKLM-x32\...\{1071B240-540B-420C-A40F-EF0AF5CD4892}) (Version: 3.51.00.0022 - Haufe-Lexware GmbH & Co.KG)
Lexware online banking (HKLM-x32\...\{7F603892-89C9-4EC4-9236-7AD4A798EA41}) (Version: 21.00.00.0039 - Haufe-Lexware GmbH & Co.KG)
MAGIX Web Designer 9 Premium (HKLM\...\MX.{B497E1E1-E2E9-4B93-B242-86087EDEDF92}) (Version: 9.0.1.27343 - MAGIX AG)
MAGIX Web Designer 9 Premium (Version: 9.0.1.27343 - MAGIX AG) Hidden
MEDION NAS TOOL (HKLM-x32\...\MEDION NAS TOOL) (Version: - MEDION)
MFC RunTime files (x32 Version: 1.0.0 - Extensoft) Hidden
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - de-de (HKLM\...\HomeBusinessRetail - de-de) (Version: 15.0.4675.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-4053853362-2496096949-833470796-1001\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{90ffcee5-8608-4e94-8c18-a4feb4f83fb8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{4fcf070a-daac-45e9-a8b0-6850941f7ed8}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Works 6-9 Converter (HKLM-x32\...\{95140000-0137-0407-0000-0000000FF1CE}) (Version: 14.0.6120.5002 - Microsoft Corporation)
Mouse Driver (HKLM-x32\...\InstallShield_{24236089-DB6C-4DA6-9B33-7C802099B889}) (Version: 5.1 - Driver Builder)
Mouse Driver (x32 Version: 5.1 - Driver Builder) Hidden
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MPEG4E VFW - H.264/MPEG-4 AVC codec (remove only) (HKLM-x32\...\MPEG4E) (Version: - )
MSXML 4.0 SP2 Parser und SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2721691) (HKLM-x32\...\{355B5AC0-CEEE-42C5-AD4D-7F3CFD806C36}) (Version: 4.30.2114.0 - Microsoft Corporation)
MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)
NVIDIA 3D Vision Controller-Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 334.89 - NVIDIA Corporation)
NVIDIA 3D Vision Treiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 334.89 - NVIDIA Corporation)
NVIDIA GeForce Experience 1.8.2.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.2.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 334.89 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 334.89 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.30.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.30.1 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
NVIDIA Virtual Audio 1.2.20 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.20 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4675.1003 - Microsoft Corporation) Hidden
Outlook on the Desktop version 3.1.0 (HKU\S-1-5-21-4053853362-2496096949-833470796-1001\...\{6D9785D9-FF53-4C06-9C2A-E4173D41A2FD}_is1) (Version: 3.1.0 - Michael Scrivo)
PDF Architect (HKLM-x32\...\{064A929A-4DE8-40CF-A901-BD40C14E4D25}) (Version: 1.1.83.9982 - pdfforge GmbH)
PDF Settings CS4 (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.2 - pdfforge)
PDF-Viewer (HKLM\...\{A278382D-4F1B-4D47-9885-8523F7261E8D}_is1) (Version: 2.5.214.2 - Tracker Software Products Ltd)
Photoshop Camera Raw (x32 Version: 5.0 - Adobe Systems Incorporated) Hidden
Photoshop Camera Raw_x64 (Version: 5.0 - Adobe Systems Incorporated) Hidden
PYTHA 21 (HKLM\...\{1AC02F3B-E9CD-47B0-A6E1-4CB643B0CE18}) (Version: 21.2014.0407.0852 - PYTHA Lab GmbH)
PYTHA Texturen 20.2012.0710.1715 (HKLM\...\{7CF669F5-9D35-4C8B-B556-B8FE7B53359D}) (Version: 20.2012.0710.1715 - PYTHA Lab GmbH)
QuickPar 0.9 (HKLM-x32\...\QuickPar) (Version: 0.9 - Peter B. Clements)
Raccolta foto (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Search Protect (HKLM-x32\...\SearchProtect) (Version: 2.19.30.69 - Client Connect LTD) <==== ATTENTION
SHIELD Streaming (Version: 1.7.321 - NVIDIA Corporation) Hidden
Sparkol VideoScribe (HKLM-x32\...\Sparkol VideoScribe 2.0.1) (Version: 2.0.1 - Sparkol)
Sparkol VideoScribe (x32 Version: 2.0.1 - Sparkol) Hidden
Suite Shared Configuration CS4 (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
sv.net (HKLM-x32\...\sv.net) (Version: 14.1 - ITSG GmbH)
TuxGuitar (HKLM-x32\...\{03534DA5-2F88-4B8E-A978-849B979E1B8F}) (Version: 1.2 - Herac)
Universal Adb Driver (HKLM-x32\...\{D9C4202E-6D51-4B06-A8F1-22316E654BCA}) (Version: 1.0.0 - ClockworkMod)
Universal Extractor 1.6.1 (HKLM-x32\...\Universal Extractor_is1) (Version: 1.6.1 - Jared Breland)
UseNeXT by Tangysoft (HKLM-x32\...\UseNeXT by Tangysoft_is1) (Version: - Tangysoft Ltd.)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
windata 8 (HKLM-x32\...\{34C6D00B-D2B8-40A9-ABB1-89EBC1E826D8}) (Version: 08.08.0000 - windata GmbH & Co.KG)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WoodWorks 1.5 (HKLM-x32\...\WoodWorks) (Version: 1.5 - Robert Denk)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
==================== Restore Points =========================
ATTENTION: System Restore is disabled.
Check "winmgmt" service or repair WMI.
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2014-03-24 13:03 - 00000852 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 activate.adobe.com
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => ?
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => ?
==================== Loaded Modules (whitelisted) =============
2014-05-01 20:29 - 2014-05-01 20:29 - 00098304 _____ () P:\Programme (x86)\FileZilla FTP Client\fzshellext_64.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\startupreg: EaseUS EPM tray => C:\Program Files (x86)\EaseUS\EaseUS Partition Master 9.3.0\bin\EpmNews.exe
========================= Accounts: ==========================
Administrator (S-1-5-21-4053853362-2496096949-833470796-500 - Administrator - Disabled)
******** (S-1-5-21-4053853362-2496096949-833470796-1000 - Administrator - Enabled) => C:\Users\********
******** User (S-1-5-21-4053853362-2496096949-833470796-1001 - Limited - Enabled) => C:\Users\******** User
Gast (S-1-5-21-4053853362-2496096949-833470796-501 - Limited - Enabled)
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (02/02/2015 08:02:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 07:58:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
Error: (02/02/2015 06:01:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 06:38:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2015 07:58:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
Error: (02/01/2015 07:13:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
Error: (02/01/2015 07:13:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
Error: (02/01/2015 07:13:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
Error: (02/01/2015 07:00:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
Error: (02/01/2015 07:00:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable).
System errors:
=============
Error: (02/02/2015 06:01:03 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst NVIDIA Network Service erreicht.
Error: (02/02/2015 05:59:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Lexware Update Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (02/02/2015 05:59:55 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Lexware Update Service erreicht.
Error: (01/28/2015 06:40:38 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Avira Service Host erreicht.
Error: (01/22/2015 06:47:14 AM) (Source: WMPNetworkSvc) (EventID: 14332) (User: )
Description: WMPNetworkSvc0x80004005
Error: (01/05/2015 04:38:18 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LUDI-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{313D1A27-FCE7-4C9A-B54E-B633E5C7BCFA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/03/2015 08:45:33 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LUDI-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{313D1A27-FCE7-4C9A-B54E-B633E5C7BCFA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/02/2015 09:18:31 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LUDI-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{313D1A27-FCE7-4C9A-B54E-B633E5C7BCFA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/02/2015 08:41:15 PM) (Source: bowser) (EventID: 8003) (User: )
Description: Der Hauptsuchdienst erhielt eine Serverankündigung vom Computer "LUDI-PC",
der der Hauptsuchdienst der Domäne für den NetBT_Tcpip_{313D1A27-FCE7-4C9A-B54E-B633E5C7BCFA}-Transport zu sein scheint.
Der Hauptsuchdienst wurde beendet oder es wird eine Auswahl erzwungen.
Error: (01/01/2015 09:33:51 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Windows-Bilderfassung (WIA)" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
Microsoft Office Sessions:
=========================
Error: (02/02/2015 08:02:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 07:58:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable)
Error: (02/02/2015 06:01:45 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/02/2015 06:38:48 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (02/01/2015 07:58:41 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable)
Error: (02/01/2015 07:13:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable)
Error: (02/01/2015 07:13:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable)
Error: (02/01/2015 07:13:58 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable)
Error: (02/01/2015 07:00:13 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable)
Error: (02/01/2015 07:00:12 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddCoreCsiFiles : RtlConvertNtFilePathToWin32Path() failed.
System Error:
0xC0000039 (unresolvable)
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i7-4770 CPU @ 3.40GHz
Percentage of memory in use: 32%
Total physical RAM: 8134.66 MB
Available physical RAM: 5475.31 MB
Total Pagefile: 16267.5 MB
Available Pagefile: 13249.26 MB
Total Virtual: 8192 MB
Available Virtual: 8191.82 MB
==================== Drives ================================
Drive c: (Windows) (Fixed) (Total:119.35 GB) (Free:41.42 GB) NTFS
Drive f: (40117_23) (CDROM) (Total:0.48 GB) (Free:0 GB) CDFS
Drive i: (CODEMETER) (Fixed) (Total:0.04 GB) (Free:0 GB) FAT32
Drive p: (Programme) (Fixed) (Total:292.96 GB) (Free:274.83 GB) NTFS
Drive r: (Daten) (Fixed) (Total:390.62 GB) (Free:269.04 GB) NTFS
Drive s: (Sicherungen) (Fixed) (Total:128.23 GB) (Free:56.14 GB) NTFS
Drive z: () (Network) (Total:930.9 GB) (Free:499.2 GB)
==================== MBR & Partition Table ==================
==================== End Of Log ============================
und gmer-LOG :
Code:
Alles auswählen Aufklappen ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-02 20:54:26
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 TOSHIBA_DT01ACA100 rev.MS2OA750 931,51GB
Running: Gmer-19357.exe; Driver: C:\Users\freisinn\AppData\Local\Temp\kgrcakod.sys
---- User code sections - GMER 2.1 ----
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text P:\Programme (x86)\Lexware\Update Service\Hmg.InstallationService.Service.exe[2364] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text P:\Programme (x86)\SearchProtect\Main\bin\CltMngSvc.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeter.exe[2724] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\SearchProtect\bin\cltmng.exe[1100] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text P:\PROGRA~3\SEARCH~1\UI\bin\cltmngui.exe[1288] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[4764] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text P:\Programme (x86)\CodeMeter\Runtime\bin\CodeMeterCC.exe[4808] C:\Windows\syswow64\PsApi.dll!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe[4832] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtClose 0000000077a4f9e0 5 bytes JMP 00000001650cea93
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey 0000000077a4fa28 5 bytes JMP 00000001650cf0f8
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateValueKey 0000000077a4fa40 5 bytes JMP 00000001650cd830
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtQueryKey 0000000077a4fa90 5 bytes JMP 00000001650cd38c
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtQueryValueKey 0000000077a4faa8 5 bytes JMP 00000001650cd67d
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey 0000000077a4fb40 5 bytes JMP 00000001650cf338
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile 0000000077a4fc38 5 bytes JMP 00000001650da713
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtEnumerateKey 0000000077a4fd4c 5 bytes JMP 00000001650cd1d4
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile 0000000077a4fd64 5 bytes JMP 00000001650d9d35
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtQueryDirectoryFile 0000000077a4fd98 5 bytes JMP 00000001650da030
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtDuplicateObject 0000000077a4fe44 5 bytes JMP 00000001650ce668
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile 0000000077a4fe5c 5 bytes JMP 00000001650d9e5e
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile 0000000077a500b4 5 bytes JMP 00000001650d9b7a
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtSetValueKey 0000000077a501c4 5 bytes JMP 00000001650cd9d8
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtCreateKeyTransacted 0000000077a50754 5 bytes JMP 00000001650cf3da
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtDeleteFile 0000000077a509e4 5 bytes JMP 00000001650d9d72
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtDeleteKey 0000000077a509fc 5 bytes JMP 00000001650ccfa8
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtDeleteValueKey 0000000077a50a44 5 bytes JMP 00000001650cdb8e
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtFlushKey 0000000077a50b80 5 bytes JMP 00000001650cd0be
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeKey 0000000077a50f70 5 bytes JMP 00000001650ce01b
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077a50f88 5 bytes JMP 00000001650ce1b7
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx 0000000077a51018 5 bytes JMP 00000001650cf185
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransacted 0000000077a51030 5 bytes JMP 00000001650cf2a8
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyTransactedEx 0000000077a51048 5 bytes JMP 00000001650cf215
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile 0000000077a5133c 5 bytes JMP 00000001650d9f47
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtQueryMultipleValueKey 0000000077a5147c 5 bytes JMP 00000001650cde8e
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtQuerySecurityObject 0000000077a51528 5 bytes JMP 00000001650ce37b
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtRenameKey 0000000077a51718 5 bytes JMP 00000001650cdd06
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationKey 0000000077a51a58 5 bytes JMP 00000001650cd535
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\SysWOW64\ntdll.dll!NtSetSecurityObject 0000000077a51b9c 5 bytes JMP 00000001650ce4fd
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\kernel32.dll!CreateProcessW 000000007738103d 5 bytes JMP 00000001650b3904
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000077381072 5 bytes JMP 00000001650b3d68
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000077388791 5 bytes JMP 0000000160ea99c1
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\kernel32.dll!CreateProcessAsUserW 00000000773ac9b5 5 bytes JMP 00000001650b3a1e
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\kernel32.dll!WinExec 0000000077402ff1 5 bytes JMP 00000001650b3c62
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ADVAPI32.dll!CreateProcessAsUserA 0000000076b62642 5 bytes JMP 00000001650b3f75
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000076fe9ebd 5 bytes JMP 0000000160ec99ff
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000076ff0afa 5 bytes JMP 0000000160ece26c
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\USER32.dll!BeginPaint 0000000076ff1361 5 bytes JMP 0000000160edc8b4
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\USER32.dll!ValidateRect 0000000076ff7849 5 bytes JMP 0000000161051f12
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\SHELL32.dll!SHParseDisplayName 0000000075ea7ea3 5 bytes JMP 0000000160fa54dc
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076c16143 5 bytes JMP 000000016164debe
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoResumeClassObjects + 7 0000000076c1ea09 7 bytes JMP 00000001650ee370
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!OleRun 0000000076c207de 5 bytes JMP 00000001650ede9e
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoRegisterClassObject 0000000076c221e1 5 bytes JMP 00000001650f1745
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!OleUninitialize 0000000076c2eba1 6 bytes JMP 00000001650ede15
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!OleInitialize 0000000076c2efd7 5 bytes JMP 00000001650eddcd
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoGetClassObject 0000000076c454ad 5 bytes JMP 00000001650efdbb
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoInitializeEx 0000000076c509ad 5 bytes JMP 00000001650edd6d
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoUninitialize 0000000076c586d3 5 bytes JMP 00000001650f07cf
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoCreateInstance 0000000076c59d0b 5 bytes JMP 00000001650f14ec
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoCreateInstanceEx 0000000076c59d4e 5 bytes JMP 00000001650ef3c7
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoSuspendClassObjects + 7 0000000076c7bb09 7 bytes JMP 00000001650edee6
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoRevokeClassObject 0000000076c9eacf 5 bytes JMP 00000001650efa7c
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!CoGetInstanceFromFile 0000000076cd340b 5 bytes JMP 00000001650f08cf
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\ole32.dll!OleRegEnumFormatEtc 0000000076d1cfd9 5 bytes JMP 00000001650ede56
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\oleaut32.dll!SysFreeString 00000000771f3e59 5 bytes JMP 0000000160f00b7f
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\oleaut32.dll!VariantClear 00000000771f3eae 5 bytes JMP 0000000160f1d70c
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\oleaut32.dll!SysAllocStringByteLen 00000000771f4731 5 bytes JMP 0000000160f68714
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\oleaut32.dll!VariantChangeType 00000000771f5dee 5 bytes JMP 0000000160f9a6a0
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\oleaut32.dll!RegisterActiveObject 00000000772227ce 5 bytes JMP 00000001650f03db
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\oleaut32.dll!RevokeActiveObject 00000000772232c4 5 bytes JMP 00000001650edd25
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\oleaut32.dll!GetActiveObject 0000000077238f80 5 bytes JMP 00000001650f056f
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 18 0000000076aa1402 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 18 0000000076aa141a 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 18 0000000076aa1432 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 43 0000000076aa144b 1 byte [76]
.text ... * 9
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 18 0000000076aa14de 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 18 0000000076aa14f6 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 18 0000000076aa150e 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 18 0000000076aa1526 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 18 0000000076aa153e 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 18 0000000076aa1556 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 18 0000000076aa156e 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 18 0000000076aa1586 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 18 0000000076aa159e 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 18 0000000076aa15b6 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 18 0000000076aa15ce 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 21 0000000076aa16b3 1 byte [76]
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 32 0000000076aa16be 1 byte [76]
? C:\Windows\system32\mssprxy.dll [5704] entry point in ".rdata" section 0000000051d471e6
.text C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE[5704] C:\Program Files\Microsoft Office 15\Root\Office15\outlrpc.dll!MAPIRevokeMoniker@4 + 657 00000000671a287c 4 bytes [C3, BF, 8A, D4]
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\svchost.exe [2604:3660] 000007fef3c59688
Thread C:\Program Files\Microsoft Office 15\root\office15\onenotem.exe [4824:5720] 0000000064cb784b
Thread C:\Windows\SysWOW64\ntdll.dll [6296:3032] 0000000000dd58be
Thread C:\Windows\SysWOW64\ntdll.dll [6296:2348] 0000000072f732fb
---- Processes - GMER 2.1 ----
Library c:\users\freisinn\appdata\local\temp\7zs54b7\hpslpsvc64.dll (*** suspicious ***) @ C:\Windows\system32\svchost.exe [620] (HP Network Devices Support/Hewlett-Packard Co.)(2014-04-07 16:59:51) 0000000180000000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 0000000073230000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000064400000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832](2014-10-22 00:22:50) 0000000073170000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000063c00000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (ICU I18N DLL/The ICU Project)(2014-10-22 00:22:50) 000000004a900000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (ICU Common DLL/The ICU Project)(2014-10-22 00:22:50) 0000000004560000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (ICU Data DLL/The ICU Project)(2014-10-22 00:22:50) 000000004ad00000
Library c:\users\freisi~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpqiqjzl.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832](2015-02-02 19:07:32) 00000000040e0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 00000000641d0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000005f9b0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000005efe0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 000000005e7e0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:40) 00000000641a0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832](2014-10-22 00:22:50) 0000000064f50000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:46) 0000000064170000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 0000000064130000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2014-10-22 00:22:38) 00000000640e0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832](2014-10-22 00:22:48) 00000000633f0000
Library C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\Freisinn User\AppData\Roaming\Dropbox\bin\Dropbox.exe [4832](2014-10-22 00:22:46) 00000000582c0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\mso.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE [5704] 0000000060ea0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\riched20.dll (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE [5704] 00000000598d0000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\Office15\MSPTLS.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE [5704] 0000000051670000
Library C:\Program Files (x86)\Common Files\Microsoft Shared\PROOF\MSLID.DLL (*** suspicious ***) @ C:\Program Files\Microsoft Office 15\Root\Office15\OUTLOOK.EXE [5704] 00000000546d0000
---- EOF - GMER 2.1 ----
02.02.2015, 22:08
Baum-Darstellung