Code:
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-01-25 23:23 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Public\Libraries
2015-01-25 23:18 - 2009-07-14 05:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 23:18 - 2009-07-14 05:50 - 00019920 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 23:17 - 2011-04-12 09:14 - 00698688 _____ () C:\Windows\system32\perfh007.dat
2015-01-25 23:17 - 2011-04-12 09:14 - 00148828 _____ () C:\Windows\system32\perfc007.dat
2015-01-25 23:17 - 2009-07-14 06:12 - 01618320 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-25 23:17 - 2009-07-14 05:56 - 00027375 _____ () C:\Windows\setupact.log
2015-01-25 23:11 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-25 23:10 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2015-01-25 22:17 - 2009-07-14 03:34 - 00000387 _____ () C:\Windows\win.ini
2015-01-25 22:14 - 2009-07-14 05:50 - 00358376 _____ () C:\Windows\system32\FNTCACHE.DAT
2015-01-25 22:12 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\PolicyDefinitions
2015-01-25 22:09 - 2011-04-12 09:24 - 00000000 ____D () C:\Windows\ShellNew
2015-01-25 22:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2015-01-25 21:50 - 2010-11-21 04:47 - 00326916 _____ () C:\Windows\PFRO.log
2015-01-25 08:44 - 2011-04-12 09:24 - 00000000 ____D () C:\Program Files\Windows Journal
2015-01-25 08:44 - 2009-07-14 06:38 - 00000000 ____D () C:\Program Files\Windows Defender
2015-01-25 08:44 - 2009-07-14 06:38 - 00000000 ____D () C:\Program Files (x86)\Windows Defender
2015-01-25 08:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\zh-HK
2015-01-25 08:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\tr-TR
2015-01-25 08:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\Dism
2015-01-25 08:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\zh-HK
2015-01-25 08:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\tr-TR
2015-01-25 08:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Dism
2015-01-25 08:44 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2015-01-25 05:26 - 2009-07-14 06:38 - 00000000 ____D () C:\Windows\system32\restore
2015-01-25 05:14 - 2009-07-14 04:20 - 00000000 __RHD () C:\Users\Default
2015-01-25 05:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\Recovery
2015-01-25 05:14 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Windows NT
2015-01-25 05:09 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\rescache
2015-01-25 04:51 - 2009-07-14 05:51 - 00002790 _____ () C:\Windows\DtcInstall.log
2015-01-25 04:51 - 2009-07-14 04:20 - 00000000 ___RD () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-01-25 04:51 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\sysprep
2015-01-25 04:49 - 2011-04-12 09:24 - 00000000 ____D () C:\Windows\CSC
2015-01-25 04:48 - 2009-07-14 06:43 - 00025600 ___SH () C:\Windows\system32\config\BCD-Template.LOG
2015-01-25 04:48 - 2009-07-14 06:38 - 00028672 _____ () C:\Windows\system32\config\BCD-Template
2015-01-08 09:55 - 2010-11-21 04:27 - 00298120 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
Some content of TEMP:
====================
C:\Users\scorer\AppData\Local\Temp\bitool.dll
C:\Users\scorer\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpgmgbsx.dll
C:\Users\scorer\AppData\Local\Temp\ose00000.exe
C:\Users\scorer\AppData\Local\Temp\procexp64.exe
C:\Users\scorer\AppData\Local\Temp\raptrpatch.exe
C:\Users\scorer\AppData\Local\Temp\raptr_stub.exe
C:\Users\scorer\AppData\Local\Temp\SkypeSetup.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2015-01-25 04:49
==================== End Of Log ============================
Code:
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 24-01-2015 01
Ran by scorer at 2015-01-25 23:42:19
Running from C:\Users\scorer\Downloads
Boot Mode: Normal
==========================================================
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installed Programs ======================
(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 16 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 16.0.0.287 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{F2A7CE36-57BF-5C86-952D-90DBF3746D82}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.0.2208 - AVAST Software)
BlueStacks App Player (HKLM-x32\...\BlueStacks App Player) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
BlueStacks Notification Center (HKLM-x32\...\{152E0B21-19D5-4772-9EF8-8E76074B0C0A}) (Version: 0.9.4.4078 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.49.1.0356 - Disc Soft Ltd)
Dota 2 (HKLM-x32\...\Steam App 570) (Version: - Valve)
Dropbox (HKU\S-0-0-00-000000000-2740519338-0000000000-0000\...\Dropbox) (Version: 3.0.5 - Dropbox, Inc.)
GhostMouse (HKLM-x32\...\GhostMouse_is1) (Version: Free V3.2.2 - ghost-mouse.com)
Java 7 Update 75 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417075FF}) (Version: 7.0.750 - Oracle)
Logitech Gaming Software 8.57 (HKLM\...\Logitech Gaming Software) (Version: 8.57.145 - Logitech Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Mozilla Firefox 35.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 35.0 (x86 de)) (Version: 35.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 35.0 - Mozilla)
PDF24 Creator 6.9.2 (HKLM-x32\...\{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1) (Version: - PDF24.org)
puush (HKLM-x32\...\{C3592426-531E-4110-911D-BFECE2CE284B}) (Version: 1.0.0.0 - Dean Herbert)
ShootMania Storm (HKLM-x32\...\Steam App 229870) (Version: - Nadeo)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.3.16540.9015 - Microsoft Corporation)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.100 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM-x32\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.36897 - TeamViewer)
Telegram Desktop Version 0.7.9 (HKU\S-0-0-00-000000000-2740519338-0000000000-0000\...\{53F49750-6209-4FBF-9CA8-7A333C87D1ED}_is1) (Version: 0.7.9 - Telegram Messenger LLP)
TP-LINK TL-WDN3800 Driver (HKLM-x32\...\{FDA7E907-6539-42C1-9721-0239C281B336}) (Version: 1.3.1 - TP-LINK)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
WinRAR 5.20 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.20.0 - win.rar GmbH)
==================== Custom CLSID (selected items): ==========================
(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)
CustomCLSID: HKU\S-0-0-00-000000000-2740519338-1732021852-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\scorer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-0-0-00-000000000-2740519338-1732021852-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\scorer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-0-0-00-000000000-2740519338-1732021852-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\scorer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-0-0-00-000000000-2740519338-1732021852-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\scorer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-0-0-00-000000000-2740519338-1732021852-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\scorer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-0-0-00-000000000-2740519338-1732021852-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\scorer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-0-0-00-000000000-2740519338-1732021852-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\scorer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-0-0-00-000000000-2740519338-1732021852-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\scorer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-0-0-00-000000000-2740519338-1732021852-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\scorer\AppData\Roaming\Dropbox\bin\DropboxExt64.24.dll (Dropbox, Inc.)
==================== Restore Points =========================
06-11-2013 16:10:26 Installiert Hama Wireless LAN Adapter
14-02-2014 15:38:54 Wiederherstellungsvorgang
25-01-2015 22:43:54 Removed Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
25-01-2015 22:44:28 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
25-01-2015 22:44:44 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
25-01-2015 23:09:01 Wiederherstellungsvorgang
25-01-2015 23:13:51 avast! antivirus system restore point
25-01-2015 23:16:41 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
25-01-2015 23:19:14 Removed BlueStacks Notification Center
25-01-2015 23:34:43 Installed Java 7 Update 75 (64-bit)
==================== Hosts content: ==========================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-14 03:34 - 2009-06-10 22:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Scheduled Tasks (whitelisted) =============
(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)
Task: {2017E518-D5CE-4303-926D-E7CABCFD643A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2014-12-19] (Adobe Systems Incorporated)
Task: {850E4F3E-38FD-4D2C-9484-26ED7221E21D} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-01-25] (AVAST Software)
Task: {9E4500B5-2FDE-429C-9A75-DD0334383F7B} - System32\Tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask => Sc.exe start osppsvc
==================== Loaded Modules (whitelisted) =============
2014-09-18 08:23 - 2014-09-18 08:23 - 00866584 _____ () C:\Program Files\Logitech Gaming Software\libGLESv2.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 01050904 _____ () C:\Program Files\Logitech Gaming Software\platforms\qwindows.dll
2014-09-18 08:23 - 2014-09-18 08:23 - 00059160 _____ () C:\Program Files\Logitech Gaming Software\libEGL.dll
2014-10-14 19:51 - 2014-10-14 19:51 - 00242456 _____ () C:\Program Files\Logitech Gaming Software\imageformats\qjpeg.dll
2012-01-10 14:41 - 2015-01-25 23:19 - 00567880 _____ () C:\Program Files (x86)\puush\puush.exe
2015-01-25 23:14 - 2015-01-25 23:14 - 02900480 _____ () C:\Program Files\AVAST Software\Avast\defs\14110700\algo.dll
2015-01-25 23:15 - 2015-01-25 23:15 - 02913280 _____ () C:\Program Files\AVAST Software\Avast\defs\15012501\algo.dll
2015-01-25 23:14 - 2015-01-25 23:14 - 38562088 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-01-25 05:30 - 2015-01-09 10:05 - 03925104 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-10-07 15:50 - 2015-01-25 23:22 - 00195584 _____ () C:\Program Files (x86)\BlueStacks\libEGL.dll
2014-10-07 15:50 - 2015-01-25 23:22 - 01467392 _____ () C:\Program Files (x86)\BlueStacks\libGLESv2.dll
2015-01-25 05:38 - 2014-12-01 22:31 - 02396672 _____ () D:\Steam\libavcodec-56.dll
2015-01-25 05:38 - 2014-12-01 22:31 - 00442880 _____ () D:\Steam\libavutil-54.dll
2015-01-25 05:38 - 2014-12-01 22:31 - 00479744 _____ () D:\Steam\libavformat-56.dll
2015-01-25 05:38 - 2014-12-01 22:31 - 00332800 _____ () D:\Steam\libavresample-2.dll
2015-01-25 05:38 - 2014-11-11 19:47 - 00774656 _____ () D:\Steam\SDL2.dll
2015-01-25 05:38 - 2014-12-02 01:29 - 05002752 _____ () D:\Steam\v8.dll
2015-01-25 05:38 - 2014-12-02 01:29 - 01612800 _____ () D:\Steam\icui18n.dll
2015-01-25 05:38 - 2014-12-02 01:29 - 01210368 _____ () D:\Steam\icuuc.dll
2015-01-25 05:38 - 2015-01-23 23:34 - 02227904 _____ () D:\Steam\video.dll
2015-01-25 05:38 - 2014-12-01 22:31 - 00485888 _____ () D:\Steam\libswscale-3.dll
2015-01-25 05:38 - 2015-01-23 23:33 - 00696512 _____ () D:\Steam\bin\chromehtml.DLL
2015-01-25 05:38 - 2015-01-16 00:42 - 34641288 _____ () D:\Steam\bin\libcef.dll
2015-01-25 05:38 - 2015-01-16 00:42 - 01709960 _____ () D:\Steam\bin\ffmpegsumo.dll
==================== Alternate Data Streams (whitelisted) =========
(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)
==================== Safe Mode (whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (whitelisted) =============
(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)
==================== MSCONFIG/TASK MANAGER disabled items =========
(Currently there is no automatic fix for this section.)
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: BstHdAndroidSvc => 2
MSCONFIG\Services: BstHdLogRotatorSvc => 2
MSCONFIG\Services: BstHdUpdaterSvc => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: SkypeUpdate => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: TeamViewer => 2
MSCONFIG\startupreg: BlueStacks Agent => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
MSCONFIG\startupreg: DAEMON Tools Lite => "d:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
========================= Accounts: ==========================
Administrator (S-0-0-00-000000000-2740519338-0000000000-000 - Administrator - Disabled)
Gast (S-0-0-00-000000000-2740519338-0000000000-000 - Limited - Disabled)
HomeGroupUser$ (S-0-0-00-000000000-2740519338-0000000000-0000 - Limited - Enabled)
scorer (S-0-0-00-000000000-2740519338-0000000000-0000 - Administrator - Enabled) => C:\Users\scorer
==================== Faulty Device Manager Devices =============
Name: Unknown Device
Description: Unknown Device
Class Guid: {36fc9e60-c465-11cf-0000-000000000000}
Manufacturer: (Standard-USB-Hostcontroller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.
==================== Event log errors: =========================
Application errors:
==================
Error: (01/25/2015 11:34:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary vkprwwje.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (01/25/2015 11:19:42 PM) (Source: MsiInstaller) (EventID: 11500) (User: scorer-PC)
Description: Product: puush -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.
Error: (01/25/2015 11:19:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary vkprwwje.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (01/25/2015 11:16:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary vkprwwje.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (01/25/2015 11:13:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Fehler beim Kryptografiedienst während der Verarbeitung des "OnIdentity()"-Aufrufobjekts "System Writer".
Details:
AddLegacyDriverFiles: Unable to back up image of binary vkprwwje.
System Error:
Das System kann die angegebene Datei nicht finden.
.
Error: (01/25/2015 11:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2015 10:50:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2015 10:37:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2015 10:30:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2015 10:25:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
System errors:
=============
Error: (01/25/2015 11:11:13 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "BlueStacks Hypervisor" wurde aufgrund folgenden Fehlers nicht gestartet:
%%3
Error: (01/25/2015 11:09:16 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/25/2015 10:40:15 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (01/25/2015 10:39:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Installer" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 120000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (01/25/2015 10:29:23 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error: (01/25/2015 10:29:22 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error: (01/25/2015 10:29:21 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error: (01/25/2015 10:29:20 PM) (Source: Disk) (EventID: 11) (User: )
Description: Der Treiber hat einen Controllerfehler auf \Device\Harddisk6\DR6 gefunden.
Error: (01/25/2015 10:25:27 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (01/25/2015 10:25:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.
Microsoft Office Sessions:
=========================
Error: (01/25/2015 11:34:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary vkprwwje.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (01/25/2015 11:19:42 PM) (Source: MsiInstaller) (EventID: 11500) (User: scorer-PC)
Description: Product: puush -- Error 1500. Another installation is in progress. You must complete that installation before continuing this one.(NULL)(NULL)(NULL)(NULL)(NULL)
Error: (01/25/2015 11:19:14 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary vkprwwje.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (01/25/2015 11:16:42 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary vkprwwje.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (01/25/2015 11:13:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary vkprwwje.
System Error:
Das System kann die angegebene Datei nicht finden.
Error: (01/25/2015 11:12:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2015 10:50:37 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2015 10:37:55 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2015 10:30:59 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (01/25/2015 10:25:21 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
==================== Memory info ===========================
Processor: AMD Phenom(tm) II X4 955 Processor
Percentage of memory in use: 56%
Total physical RAM: 6143.18 MB
Available physical RAM: 2684.3 MB
Total Pagefile: 12284.54 MB
Available Pagefile: 8393.32 MB
Total Virtual: 8192 MB
Available Virtual: 8191.83 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:70 GB) (Free:33.69 GB) NTFS
Drive d: (Daten ) (Fixed) (Total:49.24 GB) (Free:25.96 GB) NTFS
Drive e: () (Fixed) (Total:142 GB) (Free:105.95 GB) NTFS
Drive f: () (Fixed) (Total:442 GB) (Free:367.76 GB) NTFS
Drive g: () (Fixed) (Total:813.16 GB) (Free:72.47 GB) NTFS
Drive m: () (Removable) (Total:7.54 GB) (Free:4.73 GB) NTFS
Drive n: (Musik) (Fixed) (Total:304.69 GB) (Free:220.07 GB) NTFS
Drive o: (Serien) (Fixed) (Total:1024 GB) (Free:340.19 GB) NTFS
Drive p: (Volume) (Fixed) (Total:195.31 GB) (Free:128.62 GB) NTFS
Drive q: (Filme) (Fixed) (Total:697.85 GB) (Free:32.19 GB) NTFS
Drive r: (Trash) (Fixed) (Total:470.39 GB) (Free:34.15 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: B6D9B6D9)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=142 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=442 GB) - (Type=07 NTFS)
Partition 4: (Not Active) - (Size=813.2 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 119.2 GB) (Disk ID: ED7720BC)
Partition 1: (Not Active) - (Size=70 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=49.2 GB) - (Type=07 NTFS)
========================================================
Disk: 6 (MBR Code: Windows 7 or 8) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=07 NTFS)
Attempted reading MBR returned 0 bytes.
Could not read MBR for disk 7.
==================== End Of Log ============================
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-01-25 23:54:40
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP0T1L0-3 Samsung_SSD_840_PRO_Series rev.DXM06B0Q 119,24GB
Running: tqte93yd.exe; Driver: C:\Users\scorer\AppData\Local\Temp\ufdiqpob.sys
---- Kernel code sections - GMER 2.1 ----
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 448 fffff80002dc1000 45 bytes [52, 43, 52, 44, 28, 00, 09, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 495 fffff80002dc102f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]
---- User code sections - GMER 2.1 ----
.text C:\Program Files\AVAST Software\Avast\avastUi.exe[4004] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000000000000 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files\AVAST Software\Avast\avastUi.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000000000000 2 bytes [91, 76]
.text C:\Program Files\AVAST Software\Avast\avastUi.exe[4004] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000769114bb 2 bytes [91, 76]
.text ... * 2
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077ba1360 5 bytes JMP 0000000077d00460
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077ba13b0 5 bytes JMP 0000000077d00450
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ba1510 5 bytes JMP 0000000077d00370
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077ba1560 5 bytes JMP 0000000077d00470
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ba1570 5 bytes JMP 0000000077d003e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ba1620 5 bytes JMP 0000000077d00320
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ba1650 5 bytes JMP 0000000077d003b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ba1670 5 bytes JMP 0000000077d00390
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077ba16b0 5 bytes JMP 0000000077d002e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077ba1730 5 bytes JMP 0000000077d002d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ba1750 5 bytes JMP 0000000077d00310
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ba1790 5 bytes JMP 0000000077d003c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077ba17e0 5 bytes JMP 0000000077d003f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077ba1940 5 bytes JMP 0000000077d00230
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ba1b00 5 bytes JMP 0000000077d00480
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077ba1b30 5 bytes JMP 0000000077d003a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077ba1c10 5 bytes JMP 0000000077d002f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077ba1c20 5 bytes JMP 0000000077d00350
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ba1c80 5 bytes JMP 0000000077d00290
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077ba1d10 5 bytes JMP 0000000077d002b0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ba1d30 5 bytes JMP 0000000077d003d0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077ba1d40 5 bytes JMP 0000000077d00330
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077ba1db0 5 bytes JMP 0000000077d00410
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077ba1de0 5 bytes JMP 0000000077d00240
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ba20a0 5 bytes JMP 0000000077d001e0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077ba2160 5 bytes JMP 0000000077d00250
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077ba2190 5 bytes JMP 0000000077d00490
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077ba21a0 5 bytes JMP 0000000077d004a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077ba21d0 5 bytes JMP 0000000077d00300
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077ba21e0 5 bytes JMP 0000000077d00360
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077ba2240 5 bytes JMP 0000000077d002a0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077ba2290 5 bytes JMP 0000000077d002c0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077ba22c0 5 bytes JMP 0000000077d00380
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077ba22d0 5 bytes JMP 0000000077d00340
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077ba25c0 5 bytes JMP 0000000077d00440
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077ba27c0 5 bytes JMP 0000000077d00260
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077ba27d0 5 bytes JMP 0000000077d00270
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ba27e0 5 bytes JMP 0000000077d00400
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ba29a0 5 bytes JMP 0000000077d001f0
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077ba29b0 5 bytes JMP 0000000077d00210
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077ba2a20 5 bytes JMP 0000000077d00200
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ba2a80 5 bytes JMP 0000000077d00420
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ba2a90 5 bytes JMP 0000000077d00430
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ba2aa0 5 bytes JMP 0000000077d00220
.text C:\Program Files\Bonjour\mDNSResponder.exe[4040] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ba2b80 5 bytes JMP 0000000077d00280
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePort 0000000077ba1360 5 bytes JMP 0000000077d00460
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtQueryObject 0000000077ba13b0 5 bytes JMP 0000000077d00450
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 0000000077ba1510 5 bytes JMP 0000000077d00370
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtReplyWaitReceivePortEx 0000000077ba1560 5 bytes JMP 0000000077d00470
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateProcess 0000000077ba1570 5 bytes JMP 0000000077d003e0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSection 0000000077ba1620 5 bytes JMP 0000000077d00320
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtWriteVirtualMemory 0000000077ba1650 5 bytes JMP 0000000077d003b0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtDuplicateObject 0000000077ba1670 5 bytes JMP 0000000077d00390
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEvent 0000000077ba16b0 5 bytes JMP 0000000077d002e0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEvent 0000000077ba1730 5 bytes JMP 0000000077d002d0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSection 0000000077ba1750 5 bytes JMP 0000000077d00310
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThread 0000000077ba1790 5 bytes JMP 0000000077d003c0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtTerminateThread 0000000077ba17e0 5 bytes JMP 0000000077d003f0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtAddBootEntry 0000000077ba1940 5 bytes JMP 0000000077d00230
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtAlpcSendWaitReceivePort 0000000077ba1b00 5 bytes JMP 0000000077d00480
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtAssignProcessToJobObject 0000000077ba1b30 5 bytes JMP 0000000077d003a0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateEventPair 0000000077ba1c10 5 bytes JMP 0000000077d002f0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateIoCompletion 0000000077ba1c20 5 bytes JMP 0000000077d00350
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateMutant 0000000077ba1c80 5 bytes JMP 0000000077d00290
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateSemaphore 0000000077ba1d10 5 bytes JMP 0000000077d002b0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateThreadEx 0000000077ba1d30 5 bytes JMP 0000000077d003d0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtCreateTimer 0000000077ba1d40 5 bytes JMP 0000000077d00330
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtDebugActiveProcess 0000000077ba1db0 5 bytes JMP 0000000077d00410
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtDeleteBootEntry 0000000077ba1de0 5 bytes JMP 0000000077d00240
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtLoadDriver 0000000077ba20a0 5 bytes JMP 0000000077d001e0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtModifyBootEntry 0000000077ba2160 5 bytes JMP 0000000077d00250
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeKey 0000000077ba2190 5 bytes JMP 0000000077d00490
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtNotifyChangeMultipleKeys 0000000077ba21a0 5 bytes JMP 0000000077d004a0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenEventPair 0000000077ba21d0 5 bytes JMP 0000000077d00300
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenIoCompletion 0000000077ba21e0 5 bytes JMP 0000000077d00360
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenMutant 0000000077ba2240 5 bytes JMP 0000000077d002a0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenSemaphore 0000000077ba2290 5 bytes JMP 0000000077d002c0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 0000000077ba22c0 5 bytes JMP 0000000077d00380
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtOpenTimer 0000000077ba22d0 5 bytes JMP 0000000077d00340
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtQueueApcThreadEx 0000000077ba25c0 5 bytes JMP 0000000077d00440
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootEntryOrder 0000000077ba27c0 5 bytes JMP 0000000077d00260
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtSetBootOptions 0000000077ba27d0 5 bytes JMP 0000000077d00270
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtSetContextThread 0000000077ba27e0 5 bytes JMP 0000000077d00400
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemInformation 0000000077ba29a0 5 bytes JMP 0000000077d001f0
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtSetSystemPowerState 0000000077ba29b0 5 bytes JMP 0000000077d00210
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtShutdownSystem 0000000077ba2a20 5 bytes JMP 0000000077d00200
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendProcess 0000000077ba2a80 5 bytes JMP 0000000077d00420
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtSuspendThread 0000000077ba2a90 5 bytes JMP 0000000077d00430
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtSystemDebugControl 0000000077ba2aa0 5 bytes JMP 0000000077d00220
.text C:\Windows\system32\notepad.exe[6996] C:\Windows\SYSTEM32\ntdll.dll!NtVdmControl 0000000077ba2b80 5 bytes JMP 0000000077d00280
---- Threads - GMER 2.1 ----
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3052:2292] 00000000776f7587
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3052:1628] 00000000747a8aa6
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3052:1468] 0000000077d82e65
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3052:4028] 0000000077d83e85
Thread C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [3052:2280] 0000000077d83e85
---- EOF - GMER 2.1 ----
Zusätzliche Informationen:
aktuell installierte Programme:
hxxp://puu.sh/f1JKP/5c6e554854.png
Der Beitrag im Dota 2 Forum:
High Ping only in Dota 2
Der Beitrag im o2 Online Forum:
Hoher Ping in Dota 2 - o2 Forum
Ping in anderen Spielen total ok.
Speedtest von genau jetzt:
Speedtest.net by Ookla - My Results
Vermute aktuell ein Windows Update, welches von den 170 lässt sich leider garnicht feststellen.
Direkt nach der Neuinstallation war der Ping bei konstanten 67 - wie ca im August letzten Jahres (so, wie ich es gewohnt war)
Falls die Logfiles sauber sind, habe ich schonmal einen Faktor mehr ausgeschlossen
Falls Ihr IRGENDWELCHE Ideen hab, ruhig Bescheid geben
Danke, wünsche Euch ne schöne Woche |
