Hier noch der
GMER Log:
Ps.: Mich hat gerade so ein Inder angerufen und der wollte mir bei meinen Viren helfen war von ammyy kennt das jemand?
Code:
Alles auswählen Aufklappen ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-02-18 09:24:50
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_SSD_830_Series rev.CXM03B1Q 59,63GB
Running: Gmer-19357.exe; Driver: C:\USERS\CHRIST~1\APPDATA\LOCAL\TEMP\kglyiuod.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000144900 7 bytes [00, 99, F3, FF, 41, AC, F0]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000144908 3 bytes [00, 07, 02]
---- User code sections - GMER 2.1 ----
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\kernel32.dll!CreateFileW 0000000075043f1c 5 bytes JMP 000000015acc75f0
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\USER32.dll!SetWindowPos 00000000760a8e4e 5 bytes JMP 000000015acc6ad0
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\USER32.dll!ShowWindow 00000000760b0dfb 5 bytes JMP 000000015acc68b0
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\USER32.dll!SetFocus 00000000760b2175 5 bytes JMP 000000015acc69c0
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\USER32.dll!SetActiveWindow 00000000760b3208 5 bytes JMP 000000015acc6be0
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\USER32.dll!BringWindowToTop 00000000760b7b3b 5 bytes JMP 000000015acc65e0
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\USER32.dll!SetForegroundWindow 00000000760cf170 5 bytes JMP 000000015acc64d0
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\USER32.dll!SwitchToThisWindow 00000000760e90fc 5 bytes JMP 000000015acc66f0
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\USER32.dll!ShowWindowAsync 0000000076107d97 5 bytes JMP 000000015acc67a0
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\ole32.dll!DoDragDrop 0000000076d8a827 5 bytes JMP 000000015acc63e0
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767d1401 2 bytes JMP 7506b21b C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767d1419 2 bytes JMP 7506b346 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767d1431 2 bytes JMP 750e8ea9 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767d144a 2 bytes CALL 750448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767d14dd 2 bytes JMP 750e87a2 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767d14f5 2 bytes JMP 750e8978 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767d150d 2 bytes JMP 750e8698 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767d1525 2 bytes JMP 750e8a62 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767d153d 2 bytes JMP 7505fca8 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767d1555 2 bytes JMP 750668ef C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767d156d 2 bytes JMP 750e8f61 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767d1585 2 bytes JMP 750e8ac2 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767d159d 2 bytes JMP 750e865c C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767d15b5 2 bytes JMP 7505fd41 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767d15cd 2 bytes JMP 7506b2dc C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767d16b2 2 bytes JMP 750e8e24 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\Origin\Origin.exe[2340] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767d16bd 2 bytes JMP 750e85f1 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767d1401 2 bytes JMP 7506b21b C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767d1419 2 bytes JMP 7506b346 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767d1431 2 bytes JMP 750e8ea9 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767d144a 2 bytes CALL 750448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767d14dd 2 bytes JMP 750e87a2 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767d14f5 2 bytes JMP 750e8978 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767d150d 2 bytes JMP 750e8698 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767d1525 2 bytes JMP 750e8a62 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767d153d 2 bytes JMP 7505fca8 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767d1555 2 bytes JMP 750668ef C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767d156d 2 bytes JMP 750e8f61 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767d1585 2 bytes JMP 750e8ac2 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767d159d 2 bytes JMP 750e865c C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767d15b5 2 bytes JMP 7505fd41 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767d15cd 2 bytes JMP 7506b2dc C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767d16b2 2 bytes JMP 750e8e24 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamscheduler.exe[2684] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767d16bd 2 bytes JMP 750e85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767d1401 2 bytes JMP 7506b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767d1419 2 bytes JMP 7506b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767d1431 2 bytes JMP 750e8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767d144a 2 bytes CALL 750448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767d14dd 2 bytes JMP 750e87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767d14f5 2 bytes JMP 750e8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767d150d 2 bytes JMP 750e8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767d1525 2 bytes JMP 750e8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767d153d 2 bytes JMP 7505fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767d1555 2 bytes JMP 750668ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767d156d 2 bytes JMP 750e8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767d1585 2 bytes JMP 750e8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767d159d 2 bytes JMP 750e865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767d15b5 2 bytes JMP 7505fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767d15cd 2 bytes JMP 7506b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767d16b2 2 bytes JMP 750e8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe[2816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767d16bd 2 bytes JMP 750e85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17 00000000767d1401 2 bytes JMP 7506b21b C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17 00000000767d1419 2 bytes JMP 7506b346 C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17 00000000767d1431 2 bytes JMP 750e8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 42 00000000767d144a 2 bytes CALL 750448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17 00000000767d14dd 2 bytes JMP 750e87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17 00000000767d14f5 2 bytes JMP 750e8978 C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17 00000000767d150d 2 bytes JMP 750e8698 C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17 00000000767d1525 2 bytes JMP 750e8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17 00000000767d153d 2 bytes JMP 7505fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17 00000000767d1555 2 bytes JMP 750668ef C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17 00000000767d156d 2 bytes JMP 750e8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17 00000000767d1585 2 bytes JMP 750e8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17 00000000767d159d 2 bytes JMP 750e865c C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17 00000000767d15b5 2 bytes JMP 7505fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17 00000000767d15cd 2 bytes JMP 7506b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20 00000000767d16b2 2 bytes JMP 750e8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe[2404] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 31 00000000767d16bd 2 bytes JMP 750e85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767d1401 2 bytes JMP 7506b21b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767d1419 2 bytes JMP 7506b346 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767d1431 2 bytes JMP 750e8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767d144a 2 bytes CALL 750448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767d14dd 2 bytes JMP 750e87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767d14f5 2 bytes JMP 750e8978 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767d150d 2 bytes JMP 750e8698 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767d1525 2 bytes JMP 750e8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767d153d 2 bytes JMP 7505fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767d1555 2 bytes JMP 750668ef C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767d156d 2 bytes JMP 750e8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767d1585 2 bytes JMP 750e8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767d159d 2 bytes JMP 750e865c C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767d15b5 2 bytes JMP 7505fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767d15cd 2 bytes JMP 7506b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767d16b2 2 bytes JMP 750e8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Apple\Internet Services\AppleChromeDAV.exe[1044] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767d16bd 2 bytes JMP 750e85f1 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767d1401 2 bytes JMP 7506b21b C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767d1419 2 bytes JMP 7506b346 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767d1431 2 bytes JMP 750e8ea9 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767d144a 2 bytes CALL 750448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767d14dd 2 bytes JMP 750e87a2 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767d14f5 2 bytes JMP 750e8978 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767d150d 2 bytes JMP 750e8698 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767d1525 2 bytes JMP 750e8a62 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767d153d 2 bytes JMP 7505fca8 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767d1555 2 bytes JMP 750668ef C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767d156d 2 bytes JMP 750e8f61 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767d1585 2 bytes JMP 750e8ac2 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767d159d 2 bytes JMP 750e865c C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767d15b5 2 bytes JMP 7505fd41 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767d15cd 2 bytes JMP 7506b2dc C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767d16b2 2 bytes JMP 750e8e24 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbam.exe[4584] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767d16bd 2 bytes JMP 750e85f1 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767d1401 2 bytes JMP 7506b21b C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767d1419 2 bytes JMP 7506b346 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767d1431 2 bytes JMP 750e8ea9 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767d144a 2 bytes CALL 750448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767d14dd 2 bytes JMP 750e87a2 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767d14f5 2 bytes JMP 750e8978 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767d150d 2 bytes JMP 750e8698 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767d1525 2 bytes JMP 750e8a62 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767d153d 2 bytes JMP 7505fca8 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767d1555 2 bytes JMP 750668ef C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767d156d 2 bytes JMP 750e8f61 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767d1585 2 bytes JMP 750e8ac2 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767d159d 2 bytes JMP 750e865c C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767d15b5 2 bytes JMP 7505fd41 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767d15cd 2 bytes JMP 7506b2dc C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767d16b2 2 bytes JMP 750e8e24 C:\Windows\syswow64\kernel32.dll
.text F:\Programme\ Malwarebytes Anti-Malware \mbamservice.exe[4612] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767d16bd 2 bytes JMP 750e85f1 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767d1401 2 bytes JMP 7506b21b C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767d1419 2 bytes JMP 7506b346 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767d1431 2 bytes JMP 750e8ea9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767d144a 2 bytes CALL 750448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767d14dd 2 bytes JMP 750e87a2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767d14f5 2 bytes JMP 750e8978 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767d150d 2 bytes JMP 750e8698 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767d1525 2 bytes JMP 750e8a62 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767d153d 2 bytes JMP 7505fca8 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767d1555 2 bytes JMP 750668ef C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767d156d 2 bytes JMP 750e8f61 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767d1585 2 bytes JMP 750e8ac2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767d159d 2 bytes JMP 750e865c C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767d15b5 2 bytes JMP 7505fd41 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767d15cd 2 bytes JMP 7506b2dc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767d16b2 2 bytes JMP 750e8e24 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\system32\PnkBstrA.exe[4740] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767d16bd 2 bytes JMP 750e85f1 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 00000000767d1401 2 bytes JMP 7506b21b C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 00000000767d1419 2 bytes JMP 7506b346 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 00000000767d1431 2 bytes JMP 750e8ea9 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 00000000767d144a 2 bytes CALL 750448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 00000000767d14dd 2 bytes JMP 750e87a2 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 00000000767d14f5 2 bytes JMP 750e8978 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 00000000767d150d 2 bytes JMP 750e8698 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 00000000767d1525 2 bytes JMP 750e8a62 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 00000000767d153d 2 bytes JMP 7505fca8 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 00000000767d1555 2 bytes JMP 750668ef C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 00000000767d156d 2 bytes JMP 750e8f61 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 00000000767d1585 2 bytes JMP 750e8ac2 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 00000000767d159d 2 bytes JMP 750e865c C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 00000000767d15b5 2 bytes JMP 7505fd41 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 00000000767d15cd 2 bytes JMP 7506b2dc C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 00000000767d16b2 2 bytes JMP 750e8e24 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\Steam.exe[4312] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 00000000767d16bd 2 bytes JMP 750e85f1 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767d1401 2 bytes JMP 7506b21b C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767d1419 2 bytes JMP 7506b346 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767d1431 2 bytes JMP 750e8ea9 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767d144a 2 bytes CALL 750448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767d14dd 2 bytes JMP 750e87a2 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767d14f5 2 bytes JMP 750e8978 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767d150d 2 bytes JMP 750e8698 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767d1525 2 bytes JMP 750e8a62 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767d153d 2 bytes JMP 7505fca8 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767d1555 2 bytes JMP 750668ef C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767d156d 2 bytes JMP 750e8f61 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767d1585 2 bytes JMP 750e8ac2 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767d159d 2 bytes JMP 750e865c C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767d15b5 2 bytes JMP 7505fd41 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767d15cd 2 bytes JMP 7506b2dc C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767d16b2 2 bytes JMP 750e8e24 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767d16bd 2 bytes JMP 750e85f1 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767d1401 2 bytes JMP 7506b21b C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767d1419 2 bytes JMP 7506b346 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767d1431 2 bytes JMP 750e8ea9 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767d144a 2 bytes CALL 750448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767d14dd 2 bytes JMP 750e87a2 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767d14f5 2 bytes JMP 750e8978 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767d150d 2 bytes JMP 750e8698 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767d1525 2 bytes JMP 750e8a62 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767d153d 2 bytes JMP 7505fca8 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767d1555 2 bytes JMP 750668ef C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767d156d 2 bytes JMP 750e8f61 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767d1585 2 bytes JMP 750e8ac2 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767d159d 2 bytes JMP 750e865c C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767d15b5 2 bytes JMP 7505fd41 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767d15cd 2 bytes JMP 7506b2dc C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767d16b2 2 bytes JMP 750e8e24 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767d16bd 2 bytes JMP 750e85f1 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000767d1401 2 bytes JMP 7506b21b C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000767d1419 2 bytes JMP 7506b346 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000767d1431 2 bytes JMP 750e8ea9 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000767d144a 2 bytes CALL 750448ad C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000767d14dd 2 bytes JMP 750e87a2 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000767d14f5 2 bytes JMP 750e8978 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000767d150d 2 bytes JMP 750e8698 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000767d1525 2 bytes JMP 750e8a62 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000767d153d 2 bytes JMP 7505fca8 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000767d1555 2 bytes JMP 750668ef C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000767d156d 2 bytes JMP 750e8f61 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000767d1585 2 bytes JMP 750e8ac2 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000767d159d 2 bytes JMP 750e865c C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000767d15b5 2 bytes JMP 7505fd41 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000767d15cd 2 bytes JMP 7506b2dc C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000767d16b2 2 bytes JMP 750e8e24 C:\Windows\syswow64\kernel32.dll
.text F:\Spiele\Steam\bin\steamwebhelper.exe[6704] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000767d16bd 2 bytes JMP 750e85f1 C:\Windows\syswow64\kernel32.dll
---- Processes - GMER 2.1 ----
Library C:\Users\christian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\GPU_Meter_V2.4.gadget\GPUStatusReader.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [2416] (FILE NOT FOUND) 0000000061040000
Library C:\Users\christian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\CoreTempReader.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [2416] (FILE NOT FOUND) 0000000055ed0000
Library C:\Users\christian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\GetCoreTempInfoNET.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [2416] (FILE NOT FOUND) 0000000055ec0000
Library C:\Users\christian\AppData\Local\Microsoft\Windows Sidebar\Gadgets\All_CPU_Meter_V4.7.3.gadget\SystemInfo.dll (*** suspicious ***) @ C:\Program Files\Windows Sidebar\sidebar.exe [2416] (FILE NOT FOUND) 0000000055eb0000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\Qt5Widgets.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:28) 0000000059100000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\Qt5Gui.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000005da90000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\libGLESv2.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404](2015-02-10 21:00:30) 000000005d9d0000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\Qt5Core.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 000000005a400000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\icuin52.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (ICU I18N DLL/The ICU Project)(2015-02-10 21:00:30) 000000004a900000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\icuuc52.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (ICU Common DLL/The ICU Project)(2015-02-10 21:00:30) 0000000004190000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\icudt52.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (ICU Data DLL/The ICU Project)(2015-02-10 21:00:30) 000000004ad00000
Library c:\users\christ~1\appdata\local\temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpxgukgh.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404](2015-02-18 07:43:54) 0000000003a70000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\Qt5Network.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000055bd0000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\Qt5WebKit.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 0000000054be0000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\Qt5Quick.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000549c0000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\Qt5Qml.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000054760000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\Qt5Sql.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000054730000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\libEGL.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404](2015-02-10 21:00:30) 0000000054720000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\Qt5WebKitWidgets.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:26) 00000000546f0000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\Qt5OpenGL.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 00000000546b0000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\Qt5PrintSupport.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404] (C++ application development framework./Digia Plc and/or its subsidiary(-ies))(2015-02-10 21:00:24) 0000000054660000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\plugins\platforms\qwindows.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404](2015-02-10 21:00:28) 0000000054580000
Library C:\Users\christian\AppData\Roaming\Dropbox\bin\plugins\imageformats\qjpeg.dll (*** suspicious ***) @ C:\Users\christian\AppData\Roaming\Dropbox\bin\Dropbox.exe [2404](2015-02-10 21:00:28) 0000000054540000
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk2\DR2 unknown MBR code
---- EOF - GMER 2.1 ----
Zitat:
Zitat von
cosinus Hallo und
Zukünftig bitte beachten:
Leider hast du unsere Anleitung nicht richtig befolgt:
Bitte alle Tools direkt auf den Desktop downloaden bzw. dorthin verschieben und vom Desktop starten, da unsere Anleitungen daraufhin ausgelegt sind.
Zudem lassen sich dann am Ende der Bereinigung alle verwendeten Tools sehr einfach entfernen.
Alle Tools bis zum Ende der Bereinigung auf dem Desktop lassen, evtl. benötigen wir manche öfter.
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind
die mal fündig geworden ?
Ich frage deswegen nach =>
http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs in CODE-Tags posten! Lesestoff: Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR oder 7Z-Archiv zu packen erschwert mir massiv die Arbeit.
Auch wenn die Logs für einen Beitrag zu groß sein sollten, bitte ich dich die Logs direkt und notfalls über mehrere Beiträge verteilt zu posten.
Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C . Klicke im Editor auf das # -Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE]. Setze den Curser zwischen die CODE-Tags und drücke STRG+V . Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
Soll ich die Tools nochmal vom Desktop starten und dann die Logs neu hochladen?
18.02.2015, 09:55
Lesestoff:
Baum-Darstellung