loukoumas | 27.08.2015 14:39 | Hallo liebe Forumsmember,
ich habe wieder dasselbe Problem wie vor einem halben Jahr. Ich habe die Schritte wie letztes Mal beschrieben durchgeführt. Es hat aber leider nichts genutzt....
Nochmal mein Text vom "ersten Mal":
Ich habe das Problem, dass auf meinem Desktop PC Webseiten nicht bzw. sehr langsam geladen werden. Oft wird das Laden der Seite nach kurzer Zeit abgebrochen. Es tritt mit alle meinen Browsern auch (IE, Chrome, Firefox).
Mein Antiviren Programm AVIRA hat keinen Virus gefunden.
An meinem Router kann es (meiner Meinung nach) auch nicht liegen, da ich mit meinem Laptop/ Tablet/ Handy keine Probleme habe eine Verbindung (Wlan und Lan) zu Webseiten herzustellen.
Anbei meine Logfiles:
defogger_disable.log Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:22 on 27/08/2015 (Admin_U)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=- FRST.txt
FRST Logfie:
Da der Text zu lang war habe ich das Logfile in den nächsten Beitrag gepackt....
--- --- ---
Addition.txt Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:26-08-2015
durchgeführt von Admin_U (2015-08-27 14:24:43)
Gestartet von C:\Users\Admin_U\Desktop
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1513188554-1182099613-58821433-500 - Administrator - Disabled)
Admin_U (S-1-5-21-1513188554-1182099613-58821433-1000 - Administrator - Enabled) => C:\Users\Admin_U
Gast (S-1-5-21-1513188554-1182099613-58821433-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1513188554-1182099613-58821433-1002 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 14.0.0.110 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Alibre Design Hilfe (HKLM-x32\...\Alibre Design Hilfe) (Version: - )
Amazon Music (HKU\S-1-5-21-1513188554-1182099613-58821433-1000\...\Amazon Amazon Music) (Version: 3.9.5.820 - Amazon Services LLC)
Amazon Music Importer (HKLM-x32\...\com.amazon.music.uploader) (Version: 3.1.0 - Amazon Services LLC)
Amazon Music Importer (x32 Version: 3.1.0 - Amazon Services LLC) Hidden
Android Studio (HKLM\...\Android Studio) (Version: 1.0 - Google Inc.)
AnyMeeting (HKLM-x32\...\{4DF71428-E2A8-4FED-8D67-B37D706D008F}) (Version: 3.0.1 - AnyMeeting, Inc.)
Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atmel ARM GNU Toolchain (HKLM-x32\...\{08B03F6C-2739-4178-85FB-AAC67B4E51F6}) (Version: 4.8.1426 - Atmel)
Atmel AVR (32 bit) GNU Toolchain (HKLM-x32\...\{7BEE75D3-B4D8-428B-A619-0A717EB7AA7E}) (Version: 3.4.1057 - Atmel)
Atmel AVR (8 bit) GNU Toolchain (HKLM-x32\...\{132C587D-2A0B-494C-86FB-7383D48EB850}) (Version: 3.4.1056 - Atmel)
Atmel JungoUSB (x32 Version: 6.2.86 - Atmel) Hidden
Atmel Kits (HKLM-x32\...\{6AA7B5AC-161F-4FEB-B559-AA81AA141BBF}) (Version: 6.2.39 - Atmel)
Atmel LibUSB (x32 Version: 6.2.38 - Atmel) Hidden
Atmel SeggerUSB (x32 Version: 6.2.22 - Atmel) Hidden
Atmel Studio 6.2 (HKLM-x32\...\{D64E2610-CFBA-4EA0-9EC3-00EB134B04A1}) (Version: 6.2.1153 - Atmel)
Atmel Studio Backend (HKLM-x32\...\{8D623996-B0EF-448A-BE23-9E3198C806A5}) (Version: 1.11.412 - Atmel Corporation)
Atmel Studio InfFiles (x32 Version: 6.2.80 - Atmel Corporation) Hidden
Atmel Studio Memory Logger (HKLM-x32\...\{612F3078-C59F-40DA-B649-491CE9522DDF}) (Version: 6.2.167 - Atmel)
Atmel USB Driver Package (HKLM-x32\...\{0b919373-80a6-47d9-8542-540e14f914dc}) (Version: 6.2.241 - Atmel)
Atmel WinUSB (x32 Version: 6.2.22 - Atmel) Hidden
AtmelSoftwareFramework (HKLM-x32\...\{666E30F7-A2EF-4A99-A897-18F9811DD196}) (Version: 3.16.1275 - Atmel)
Avira (HKLM-x32\...\{a5e00a72-db4a-4f77-8874-d1265b8fcd7e}) (Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG)
Avira (x32 Version: 1.1.42.10415 - Avira Operations GmbH & Co. KG) Hidden
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
AVR Jungo USB (HKLM-x32\...\{E8F8861D-98E0-43FF-9E48-AC236CC3BE4E}) (Version: 10.2 - Atmel)
AVR macro Assembler (HKLM-x32\...\{F416CF32-64E4-4E86-BB0E-1FF6891004E7}) (Version: 2.1.1117 - Atmel)
BitTorrent Sync (HKLM-x32\...\BitTorrent Sync) (Version: 2.0.128 - BitTorrent Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Brother HL-2030 (HKLM-x32\...\{CF73D5B5-24C4-4E1A-9F3F-33EED3A08D87}) (Version: 1.00 - Brother)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
EAGLE 5.11.0 (HKLM-x32\...\EAGLE 5.11.0) (Version: 5.11.0 - CadSoft Computer GmbH)
EAGLE 7.1.0 (HKLM-x32\...\EAGLE 7.1.0) (Version: 7.1.0 - CadSoft Computer GmbH)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Garmin USB Drivers (HKLM-x32\...\{3D5D6CFC-3097-425A-8D8F-7EAF5D57641D}) (Version: 2.3.1.0 - Garmin Ltd or its subsidiaries)
Geomagic Design (HKLM\...\{6AA0C179-7154-4C7D-863D-EABA6EFFBB32}) (Version: 16.0.2.16496 - 3D Systems, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.157 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
helo_usb_drv_x64 (HKLM-x32\...\{8169725C-186E-4F92-AE39-26611F45ACE3}) (Version: 1.00.0000 - HELO)
HeloCut 5 (HKLM-x32\...\{8580EDDE-ACD8-4AC5-A5A3-309C41B16BF4}) (Version: 5.09.8000 - )
HeloCut 5 (HKLM-x32\...\{BC79822D-3183-4AA0-AC02-E1DF4C4183EC}) (Version: 5.09.8000 - VECAP Software Solutions)
HeloCut5 Update (HKLM-x32\...\{FE440F55-D821-4F2E-B831-3A3A883D41EF}) (Version: 5.15.0000 - VECAP IT Solutions GmbH)
Inkscape 0.48.4 (HKLM-x32\...\Inkscape) (Version: 0.48.4 - )
Intel® Hardware Accelerated Execution Manager (HKLM\...\{ECCB31F5-435D-4F37-A98D-5854D3C62718}) (Version: 1.1.1 - Intel Corporation)
iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Java SE Development Kit 7 Update 71 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0170710}) (Version: 1.7.0.710 - Oracle)
KeyShot 5 64 bit (HKLM-x32\...\KeyShot 5_64) (Version: 5.2 64 bit - Luxion ApS)
KeyShot4 4.0 64 bit (HKLM-x32\...\KeyShot4_64) (Version: 4.0 64 bit - Luxion ApS)
LochMaster 4.0 (Demo) (HKLM-x32\...\LochMaster_40_Demo_is1) (Version: - )
Logitech SetPoint 6.65 (HKLM\...\sp6) (Version: 6.65.62 - Logitech)
Logitech Webcam-Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.51 - Logitech Inc.)
LTspice IV (HKLM-x32\...\LTspice IV) (Version: - )
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Home and Student 2007 (HKLM-x32\...\HOMESTUDENTR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{77F1F8AD-51B8-4490-AEEC-BF480073E0FC}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{877B76B2-F83F-4F5A-B28D-3F398641ADB6}) (Version: 10.50.1750.9 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 (HKLM\...\{8338783A-0968-3B85-AFC7-BAAE0A63DC50}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 (HKLM-x32\...\{B7E38540-E355-3503-AFD7-635B2F2F76E1}) (Version: 9.0.30729.4974 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 (HKLM\...\{1C7C8AAF-A16D-32E8-89E5-F6D165DE0BCE}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Service Pack 1 (HKLM-x32\...\Microsoft Visual Studio 2010 Service Pack 1) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU) (Version: 10.0.50903 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 29.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 24.5.0 - Mozilla)
Mozilla Thunderbird 38.2.0 (x86 de) (HKLM-x32\...\Mozilla Thunderbird 38.2.0 (x86 de)) (Version: 38.2.0 - Mozilla)
MyDriveConnect 4.0.3.2180 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.3.2180 - TomTom)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{0CB3C535-1171-4A20-B549-E2CB5DEB9723}) (Version: 3.51.12 - MySQL AB)
NVIDIA 3D Vision Treiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 341.44 - NVIDIA Corporation)
NVIDIA Grafiktreiber 341.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 341.44 - NVIDIA Corporation)
NVIDIA nView 141.36 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NView) (Version: 141.36 - NVIDIA Corporation)
NVIDIA WMI 2.18.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVWMI) (Version: 2.18.0 - NVIDIA Corporation)
Paragon Backup & Recovery™ 2014 Free (HKLM\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
PDFCreator (HKLM-x32\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.7.3 - pdfforge)
Perfy (HKU\S-1-5-21-1513188554-1182099613-58821433-1000\...\d2fb94997995be3c) (Version: 1.0.0.1 - Perfy)
phase-6 2.3.4 (HKLM-x32\...\phase-6) (Version: 2.3.4 - phase-6)
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.24.0 - Ralink)
Repetier-Host Version 1.0.6 (HKLM\...\{1143F758-929B-4EEB-8784-46CCB622F037}_is1) (Version: 1.0.6 - repetier)
Skype™ 7.7 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.7.103 - Skype Technologies S.A.)
Sony Mobile Update Engine (HKLM-x32\...\Update Engine) (Version: 2.14.11.201408051401 - Sony Mobile Communications AB)
Sony PC Companion 2.10.275 (HKLM-x32\...\{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}) (Version: 2.10.275 - Sony)
TeamDrive 3 (HKLM-x32\...\TeamDrive 3) (Version: 3.2.0.721 - TeamDrive Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.41459 - TeamViewer)
Total Commander 64-bit (Remove or Repair) (HKLM\...\Totalcmd64) (Version: 8.51a - Ghisler Software GmbH)
Ultra Librarian (HKLM-x32\...\Product_Name) (Version: - )
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
Visual Pinball (HKLM-x32\...\{B36C4994-A563-4339-8754-CCCE51314A4C}) (Version: 0.0.4.1226 - Randy Davis)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VLC media player 2.1.4 (HKLM\...\VLC media player) (Version: 2.1.4 - VideoLAN)
WD My Cloud (HKLM\...\{8F19C800-80A5-4636-B560-39A58112D45B}) (Version: 1.0.4.37 - Western Digital Technologies, Inc.)
WD Quick View (HKLM-x32\...\{55E709AF-BC77-4961-89FD-57E4FF2757FC}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
WD SmartWare (HKLM\...\{A6B0C5AE-8F87-4FE3-A1F0-DF7CB639CE7E}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
WD SmartWare Installer (HKLM-x32\...\{72fda14f-5a07-49d5-b7f7-202377e9b522}) (Version: 2.4.1.9 - Western Digital Technologies, Inc.)
Win32DiskImager version 0.9.5 (HKLM-x32\...\{D074CE74-912A-4AD3-A0BF-3937D9D01F17}_is1) (Version: 0.9.5 - ImageWriter Developers)
Windows Driver Package - Garmin (grmnusb) GARMIN Devices (04/19/2012 2.3.1.0) (HKLM\...\98157A226B40B173301B0F53C8E98C47805D5152) (Version: 04/19/2012 2.3.1.0 - Garmin)
Windows Driver Package - Intel System (01/21/2009 9.1.0.1013) (HKLM\...\7A975CADB61C6AB8385AC0A2A178C7C56BD45CF4) (Version: 01/21/2009 9.1.0.1013 - Intel)
Windows Driver Package - Intel System (02/08/2010 9.1.1.1026) (HKLM\...\CE8CE21C068F20F9395BCE36F04703D739A2811D) (Version: 02/08/2010 9.1.1.1026 - Intel)
Windows Driver Package - wch.cn (CH341SER_A64) Ports (11/04/2011 3.3.2011.11) (HKLM\...\97C9A01181CB4369C61AF9B1459B09809636C13D) (Version: 11/04/2011 3.3.2011.11 - wch.cn)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows-Treiberpaket - Segger (jlink) USB (04/11/2012 2.6.8.2) (HKLM\...\419546AE8E4244C647A348987F769803F43B9C4F) (Version: 04/11/2012 2.6.8.2 - Segger)
Windows-Treiberpaket - SEGGER (usbser) Ports (01/25/2012 6.0.2600.4) (HKLM\...\BD6BF8BBF7BE0D0091163F649A1A423B7EB9D4F1) (Version: 01/25/2012 6.0.2600.4 - SEGGER)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
CustomCLSID: HKU\S-1-5-21-1513188554-1182099613-58821433-1000_Classes\CLSID\{68883D34-FDEB-6FE1-3877-42B3CE8437537}\InprocServer32 -> kein Dateipfad
==================== Wiederherstellungspunkte =========================
09-08-2015 22:40:08 Windows Update
13-08-2015 10:15:50 Windows Update
13-08-2015 11:04:55 Windows Update
16-08-2015 11:20:55 Windows Update
20-08-2015 21:25:03 Windows Update
21-08-2015 13:22:25 Windows Update
24-08-2015 19:01:26 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2015-07-26 23:20 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {1914E31A-90FE-4C04-A9AD-DC05F9B6E7F0} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {1C0A318F-1AFF-416C-B2A4-31C7DA71EE47} - System32\Tasks\{C9C9E97A-F4BF-449A-A93D-FBB2E3E35046} => D:\SETUP.EXE
Task: {305FB5CA-5825-42D4-B967-F94FDA70A461} - System32\Tasks\{BC1A3C68-A88D-45DF-BBA3-B2ADAE29A588} => pcalua.exe -a C:\Users\Admin_U\Downloads\AmazonMusicImporterInstaller-2.1.0._V337128703_.exe -d C:\Users\Admin_U\Downloads
Task: {57C9E7AD-777E-4156-838A-5D778C7BBC4F} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-13] (Adobe Systems Incorporated)
Task: {8E5297B9-45D5-48CE-A110-CB494E1B53BE} - System32\Tasks\{DE71662C-D0D1-4592-A1A4-16B4BB14DC33} => pcalua.exe -a C:\Users\Admin_U\Downloads\HiJackThis204.exe -d C:\Users\Admin_U\Downloads
Task: {94DAFF5F-91DD-43F2-93BD-016922D73495} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
Task: {AE998EC6-87EF-49FA-9423-F94F047665F4} - System32\Tasks\close sysprep => C:\rpktools\closesysprep.bat [2013-05-07] ()
Task: {C19016EB-067F-4231-99E5-DB73015DBC32} - System32\Tasks\{5F6DCE26-E571-4FDE-8B52-1550D80259C2} => D:\SETUP.EXE
Task: {D20DDD5E-F54D-4B11-95B5-78F07C21A122} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-07] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2014-04-29 20:08 - 2014-08-19 23:15 - 02683736 _____ () C:\Windows\system32\nvwmi64.exe
2014-04-29 20:07 - 2015-02-04 04:21 - 00115400 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-20 23:09 - 2015-04-20 23:09 - 00359936 _____ () C:\Program Files (x86)\BitTorrent Sync\SyncShellExtension_33554537.dll
2015-08-23 12:54 - 2015-08-23 12:54 - 00408576 _____ () C:\Program Files (x86)\BitTorrent Sync\SyncShellExtension64_33554560.dll
2014-04-29 20:07 - 2015-02-20 00:43 - 00710288 _____ () C:\Program Files\NVIDIA Corporation\nview\nvshell.dll
2014-07-06 13:20 - 2015-05-07 21:12 - 05886784 _____ () C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe
2014-10-30 15:42 - 2014-10-30 15:42 - 42657408 _____ () C:\Program Files (x86)\AnyMeeting\anymeeting.exe
2015-08-20 21:34 - 2015-08-18 07:21 - 01763144 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libglesv2.dll
2015-08-20 21:34 - 2015-08-18 07:21 - 00093000 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\libegl.dll
2015-08-20 21:34 - 2015-08-18 07:21 - 28659016 _____ () C:\Program Files (x86)\Google\Chrome\Application\44.0.2403.157\PepperFlash\pepflashplayer.dll
2015-08-27 14:18 - 2015-08-27 14:18 - 00050477 _____ () C:\Users\Admin_U\Desktop\Defogger.exe
2015-08-20 17:43 - 2015-08-20 17:43 - 00153768 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
2015-08-20 17:43 - 2015-08-20 17:43 - 00023208 _____ () C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2014-10-30 15:43 - 2014-10-30 15:43 - 00904576 _____ () C:\Program Files (x86)\AnyMeeting\libglesv2.dll
2014-10-30 15:43 - 2014-10-30 15:43 - 00106880 _____ () C:\Program Files (x86)\AnyMeeting\libegl.dll
2014-10-30 15:42 - 2014-10-30 15:42 - 00886656 _____ () C:\Program Files (x86)\AnyMeeting\ffmpegsumo.dll
2015-08-23 12:54 - 2015-08-23 12:54 - 00362496 _____ () C:\Program Files (x86)\BitTorrent Sync\SyncShellExtension86_33554560.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver"
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1513188554-1182099613-58821433-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Admin_U\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.1.1 - 193.189.244.202
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{64798867-9A56-4BC8-ADA7-0C207DEB0688}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{561D502D-DE40-4825-B218-5F3A51DB61E3}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [UDP Query User{27455BC4-B07B-401F-B720-5BB4D53E1FC7}C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe] => (Allow) C:\program files (x86)\amazon\utilities\amazon music importer\amazon music importer.exe
FirewallRules: [TCP Query User{6CD97876-FB81-4BC5-8F53-EF09AFA487D0}C:\program files (x86)\atmel\atmel studio 6.2\atmelstudio.exe] => (Allow) C:\program files (x86)\atmel\atmel studio 6.2\atmelstudio.exe
FirewallRules: [UDP Query User{19324D05-8D9A-4DF0-B89B-3C61E7E4E7E6}C:\program files (x86)\atmel\atmel studio 6.2\atmelstudio.exe] => (Allow) C:\program files (x86)\atmel\atmel studio 6.2\atmelstudio.exe
FirewallRules: [{B2C2FD53-ED94-4C36-9CCA-790F846AD4A8}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{74A0AAAA-4F86-4149-B468-26752EB08AAC}] => (Allow) C:\Program Files (x86)\Sony Mobile\Update Engine\Sony Mobile Update Engine.exe
FirewallRules: [{67F8A6E0-16C2-491F-811D-3731BFEF9E46}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
FirewallRules: [{DC7AA664-1B14-4DEE-BDD1-36B7A6D36D6D}] => (Allow) C:\Program Files (x86)\BitTorrent Sync\BTSync.exe
FirewallRules: [{0AC6FA01-09FD-4B96-BC1C-48CF3C5B4DEC}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{D9302875-3CEB-45E9-AF6A-5F476B4FD93A}] => (Allow) LPort=2869
FirewallRules: [{8BCF18CF-0F94-4710-8070-A75265510E1D}] => (Allow) LPort=1900
FirewallRules: [TCP Query User{296CC8F5-1DE6-49FB-9080-321D9C695001}C:\program files (x86)\atmel\atmel studio 6.2\atmelstudio.exe] => (Allow) C:\program files (x86)\atmel\atmel studio 6.2\atmelstudio.exe
FirewallRules: [UDP Query User{FF9AA3DD-D0BD-4A80-89B0-E89A671B3649}C:\program files (x86)\atmel\atmel studio 6.2\atmelstudio.exe] => (Allow) C:\program files (x86)\atmel\atmel studio 6.2\atmelstudio.exe
FirewallRules: [{7446ECC4-B47B-4909-9703-3633DFBCEDA8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B6AB73E5-B291-4FF0-AE6A-256E8286DAAA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{D896C77D-F5F0-485B-BFBE-D04B9956D3AD}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{35A82CDA-EC70-4953-AE94-5EFA6D1669E8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A00FBCB5-CF95-4117-9CC6-EF47C6A6FA01}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{130C8F3D-C887-4F35-8D5A-63A5E5715F44}] => (Allow) C:\Windows\system32\hasplms.exe
FirewallRules: [{F2C77029-50A9-43E8-A971-64B3135F3DF8}] => (Allow) C:\Program Files\KeyShot4\bin\keyshot4.exe
FirewallRules: [{26EF4A3A-895F-4AAD-B19E-3008E8074229}] => (Allow) C:\Program Files\KeyShot5\bin\keyshot5.exe
FirewallRules: [{33821C50-B9C5-4FF0-8F19-5325648FF754}] => (Allow) C:\Program Files\KeyShot5\bin\keyshot_daemon.exe
FirewallRules: [{5905467D-64DB-4D9E-A4AF-594B74D2DEE8}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{E99F2BD1-6835-4A43-ABF9-F55A7EE1C133}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{294F008A-2A81-4655-A84C-3A76F3444FB1}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{8D3227FD-1E20-43BC-8E9C-441C30036319}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{09C11626-1A7E-40EC-A9F3-B9784B5F1D33}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name: Standardtastatur (PS/2)
Description: Standardtastatur (PS/2)
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standardtastaturen)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
Name: PS/2-kompatible Maus
Description: PS/2-kompatible Maus
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (08/25/2015 10:54:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 3011
Error: (08/25/2015 10:54:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 3011
Error: (08/25/2015 10:54:08 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/25/2015 10:54:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2012
Error: (08/25/2015 10:54:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2012
Error: (08/25/2015 10:54:07 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/25/2015 10:54:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1014
Error: (08/25/2015 10:54:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1014
Error: (08/25/2015 10:54:06 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second
Error: (08/25/2015 10:27:56 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: GWXUX.exe, Version: 6.3.9600.17923, Zeitstempel: 0x55945dbd
Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.18933, Zeitstempel: 0x55a6a196
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000000000004ac04
ID des fehlerhaften Prozesses: 0x1464
Startzeit der fehlerhaften Anwendung: 0xGWXUX.exe0
Pfad der fehlerhaften Anwendung: GWXUX.exe1
Pfad des fehlerhaften Moduls: GWXUX.exe2
Berichtskennung: GWXUX.exe3
Systemfehler:
=============
Error: (08/23/2015 05:22:20 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/23/2015 12:10:09 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{CDAF8A88-BC3E-42E9-9F7C-92D06CA54C97} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (08/21/2015 04:21:21 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Apple Mobile Device" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error: (08/21/2015 04:21:21 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Apple Mobile Device erreicht.
Error: (08/21/2015 01:51:30 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (08/20/2015 09:25:37 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/20/2015 04:10:57 PM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{CDAF8A88-BC3E-42E9-9F7C-92D06CA54C97} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (08/16/2015 11:21:29 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Error: (08/16/2015 11:07:26 AM) (Source: Server) (EventID: 2505) (User: )
Description: Aufgrund eines doppelten Netzwerknamens konnte zu der Transportschicht \Device\NetBT_Tcpip_{CDAF8A88-BC3E-42E9-9F7C-92D06CA54C97} vom Serverdienst nicht gebunden werden. Der Serverdienst konnte nicht gestartet werden.
Error: (08/15/2015 12:40:45 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80240020 fehlgeschlagen: Upgrade auf Windows 10 Pro
Microsoft Office:
=========================
CodeIntegrity:
===================================
Date: 2015-07-26 23:20:04.900
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
Date: 2015-07-26 23:20:04.864
Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume2\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.
==================== Speicherinformationen ===========================
Processor: Intel(R) Xeon(R) CPU W3550 @ 3.07GHz
Prozentuale Nutzung des RAM: 23%
Installierter physikalischer RAM: 12271.22 MB
Verfügbarer physikalischer RAM: 9410.97 MB
Summe virtueller Speicher: 24540.64 MB
Verfügbarer virtueller Speicher: 18794.05 MB
==================== Laufwerke ================================
Drive c: (Windows) (Fixed) (Total:273.09 GB) (Free:57.18 GB) NTFS
Drive d: (KleineHexe) (CDROM) (Total:1.9 GB) (Free:0 GB) UDF
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 279.4 GB) (Disk ID: 4F3D0C6E)
Partition 1: (Active) - (Size=6.3 GB) - (Type=27)
Partition 2: (Not Active) - (Size=273.1 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================ Gmer.txt Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-08-27 14:55:21
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000006a SEAGATE_ rev.HPS1 279,40GB
Running: Gmer-19357.exe; Driver: C:\Users\Admin_U\AppData\Local\Temp\awtiqfod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c11401 2 bytes JMP 74d3b20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c11419 2 bytes JMP 74d3b336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c11431 2 bytes JMP 74db8f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c1144a 2 bytes CALL 74d14885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c114dd 2 bytes JMP 74db8832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c114f5 2 bytes JMP 74db8a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c1150d 2 bytes JMP 74db8728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c11525 2 bytes JMP 74db8af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c1153d 2 bytes JMP 74d2fc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c11555 2 bytes JMP 74d368df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c1156d 2 bytes JMP 74db8ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c11585 2 bytes JMP 74db8b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c1159d 2 bytes JMP 74db86ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c115b5 2 bytes JMP 74d2fd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c115cd 2 bytes JMP 74d3b2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c116b2 2 bytes JMP 74db8eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe[1388] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c116bd 2 bytes JMP 74db8681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c11401 2 bytes JMP 74d3b20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c11419 2 bytes JMP 74d3b336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c11431 2 bytes JMP 74db8f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c1144a 2 bytes CALL 74d14885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c114dd 2 bytes JMP 74db8832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c114f5 2 bytes JMP 74db8a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c1150d 2 bytes JMP 74db8728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c11525 2 bytes JMP 74db8af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c1153d 2 bytes JMP 74d2fc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c11555 2 bytes JMP 74d368df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c1156d 2 bytes JMP 74db8ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c11585 2 bytes JMP 74db8b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c1159d 2 bytes JMP 74db86ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c115b5 2 bytes JMP 74d2fd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c115cd 2 bytes JMP 74d3b2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c116b2 2 bytes JMP 74db8eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe[2160] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c116bd 2 bytes JMP 74db8681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c11401 2 bytes JMP 74d3b20b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c11419 2 bytes JMP 74d3b336 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c11431 2 bytes JMP 74db8f39 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c1144a 2 bytes CALL 74d14885 C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c114dd 2 bytes JMP 74db8832 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c114f5 2 bytes JMP 74db8a08 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c1150d 2 bytes JMP 74db8728 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c11525 2 bytes JMP 74db8af2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c1153d 2 bytes JMP 74d2fc98 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c11555 2 bytes JMP 74d368df C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c1156d 2 bytes JMP 74db8ff1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c11585 2 bytes JMP 74db8b52 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c1159d 2 bytes JMP 74db86ec C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c115b5 2 bytes JMP 74d2fd31 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c115cd 2 bytes JMP 74d3b2cc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c116b2 2 bytes JMP 74db8eb4 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe[2396] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c116bd 2 bytes JMP 74db8681 C:\Windows\syswow64\KERNEL32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c11401 2 bytes JMP 74d3b20b C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c11419 2 bytes JMP 74d3b336 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c11431 2 bytes JMP 74db8f39 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c1144a 2 bytes CALL 74d14885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c114dd 2 bytes JMP 74db8832 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c114f5 2 bytes JMP 74db8a08 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c1150d 2 bytes JMP 74db8728 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c11525 2 bytes JMP 74db8af2 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c1153d 2 bytes JMP 74d2fc98 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c11555 2 bytes JMP 74d368df C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c1156d 2 bytes JMP 74db8ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c11585 2 bytes JMP 74db8b52 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c1159d 2 bytes JMP 74db86ec C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c115b5 2 bytes JMP 74d2fd31 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c115cd 2 bytes JMP 74d3b2cc C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c116b2 2 bytes JMP 74db8eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Users\Admin_U\AppData\Local\Amazon Music\Amazon Music Helper.exe[4200] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c116bd 2 bytes JMP 74db8681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c11401 2 bytes JMP 74d3b20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c11419 2 bytes JMP 74d3b336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c11431 2 bytes JMP 74db8f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c1144a 2 bytes CALL 74d14885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c114dd 2 bytes JMP 74db8832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c114f5 2 bytes JMP 74db8a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c1150d 2 bytes JMP 74db8728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c11525 2 bytes JMP 74db8af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c1153d 2 bytes JMP 74d2fc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c11555 2 bytes JMP 74d368df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c1156d 2 bytes JMP 74db8ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c11585 2 bytes JMP 74db8b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c1159d 2 bytes JMP 74db86ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c115b5 2 bytes JMP 74d2fd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c115cd 2 bytes JMP 74d3b2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c116b2 2 bytes JMP 74db8eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\BitTorrent Sync\BTSync.exe[4216] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c116bd 2 bytes JMP 74db8681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4224] C:\Windows\SYSTEM32\ntdll.dll!NtMapViewOfSection 00000000770adc30 16 bytes [50, 48, B8, 34, 35, 92, F3, ...]
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c11401 2 bytes JMP 74d3b20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c11419 2 bytes JMP 74d3b336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c11431 2 bytes JMP 74db8f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c1144a 2 bytes CALL 74d14885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c114dd 2 bytes JMP 74db8832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c114f5 2 bytes JMP 74db8a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c1150d 2 bytes JMP 74db8728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c11525 2 bytes JMP 74db8af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c1153d 2 bytes JMP 74d2fc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c11555 2 bytes JMP 74d368df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c1156d 2 bytes JMP 74db8ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c11585 2 bytes JMP 74db8b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c1159d 2 bytes JMP 74db86ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c115b5 2 bytes JMP 74d2fd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c115cd 2 bytes JMP 74d3b2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c116b2 2 bytes JMP 74db8eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe[4404] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c116bd 2 bytes JMP 74db8681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c11401 2 bytes JMP 74d3b20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c11419 2 bytes JMP 74d3b336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c11431 2 bytes JMP 74db8f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c1144a 2 bytes CALL 74d14885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c114dd 2 bytes JMP 74db8832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c114f5 2 bytes JMP 74db8a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c1150d 2 bytes JMP 74db8728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c11525 2 bytes JMP 74db8af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c1153d 2 bytes JMP 74d2fc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c11555 2 bytes JMP 74d368df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c1156d 2 bytes JMP 74db8ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c11585 2 bytes JMP 74db8b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c1159d 2 bytes JMP 74db86ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c115b5 2 bytes JMP 74d2fd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c115cd 2 bytes JMP 74d3b2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c116b2 2 bytes JMP 74db8eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe[5040] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c116bd 2 bytes JMP 74db8681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000770ada80 16 bytes [50, 48, B8, 18, F0, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000770adbf0 16 bytes [50, 48, B8, 70, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770adc10 48 bytes [50, 48, B8, EC, EE, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000770adc50 16 bytes [50, 48, B8, 3C, F0, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000770adca0 32 bytes [50, 48, B8, 94, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000770adce0 16 bytes [50, 48, B8, 7C, EE, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000770add80 16 bytes [50, 48, B8, C4, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000770adf00 16 bytes [50, 48, B8, 40, ED, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000770ae970 16 bytes [50, 48, B8, 10, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770ae9c0 16 bytes [50, 48, B8, 4C, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[5092] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000770aeb10 16 bytes [50, 48, B8, D8, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000770ada80 16 bytes [50, 48, B8, 18, F0, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000770adbf0 16 bytes [50, 48, B8, 70, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770adc10 48 bytes [50, 48, B8, EC, EE, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000770adc50 16 bytes [50, 48, B8, 3C, F0, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000770adca0 32 bytes [50, 48, B8, 94, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000770adce0 16 bytes [50, 48, B8, 7C, EE, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000770add80 16 bytes [50, 48, B8, C4, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000770adf00 16 bytes [50, 48, B8, 40, ED, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000770ae970 16 bytes [50, 48, B8, 10, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770ae9c0 16 bytes [50, 48, B8, 4C, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4436] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000770aeb10 16 bytes [50, 48, B8, D8, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000770ada80 16 bytes [50, 48, B8, 18, F0, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000770adbf0 16 bytes [50, 48, B8, 70, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770adc10 48 bytes [50, 48, B8, EC, EE, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000770adc50 16 bytes [50, 48, B8, 3C, F0, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000770adca0 32 bytes [50, 48, B8, 94, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000770adce0 16 bytes [50, 48, B8, 7C, EE, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000770add80 16 bytes [50, 48, B8, C4, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000770adf00 16 bytes [50, 48, B8, 40, ED, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000770ae970 16 bytes [50, 48, B8, 10, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770ae9c0 16 bytes [50, 48, B8, 4C, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1600] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000770aeb10 16 bytes [50, 48, B8, D8, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000770ada80 16 bytes [50, 48, B8, 18, F0, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000770adbf0 16 bytes [50, 48, B8, 70, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770adc10 48 bytes [50, 48, B8, EC, EE, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000770adc50 16 bytes [50, 48, B8, 3C, F0, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000770adca0 32 bytes [50, 48, B8, 94, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000770adce0 16 bytes [50, 48, B8, 7C, EE, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000770add80 16 bytes [50, 48, B8, C4, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000770adf00 16 bytes [50, 48, B8, 40, ED, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000770ae970 16 bytes [50, 48, B8, 10, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770ae9c0 16 bytes [50, 48, B8, 4C, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1596] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000770aeb10 16 bytes [50, 48, B8, D8, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtSetInformationThread 00000000770ada80 16 bytes [50, 48, B8, 18, F0, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadToken 00000000770adbf0 16 bytes [50, 48, B8, 70, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcess 00000000770adc10 48 bytes [50, 48, B8, EC, EE, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtUnmapViewOfSection 00000000770adc50 16 bytes [50, 48, B8, 3C, F0, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThreadTokenEx 00000000770adca0 32 bytes [50, 48, B8, 94, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenFile 00000000770adce0 16 bytes [50, 48, B8, 7C, EE, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryAttributesFile 00000000770add80 16 bytes [50, 48, B8, C4, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtCreateFile 00000000770adf00 16 bytes [50, 48, B8, 40, ED, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenProcessToken 00000000770ae970 16 bytes [50, 48, B8, 10, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtOpenThread 00000000770ae9c0 16 bytes [50, 48, B8, 4C, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4588] C:\Windows\SYSTEM32\ntdll.dll!NtQueryFullAttributesFile 00000000770aeb10 16 bytes [50, 48, B8, D8, EF, 70, 3F, ...]
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000074c11401 2 bytes JMP 74d3b20b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000074c11419 2 bytes JMP 74d3b336 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000074c11431 2 bytes JMP 74db8f39 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000074c1144a 2 bytes CALL 74d14885 C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000074c114dd 2 bytes JMP 74db8832 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000074c114f5 2 bytes JMP 74db8a08 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000074c1150d 2 bytes JMP 74db8728 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000074c11525 2 bytes JMP 74db8af2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000074c1153d 2 bytes JMP 74d2fc98 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000074c11555 2 bytes JMP 74d368df C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000074c1156d 2 bytes JMP 74db8ff1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000074c11585 2 bytes JMP 74db8b52 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000074c1159d 2 bytes JMP 74db86ec C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000074c115b5 2 bytes JMP 74d2fd31 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000074c115cd 2 bytes JMP 74d3b2cc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000074c116b2 2 bytes JMP 74db8eb4 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[5276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000074c116bd 2 bytes JMP 74db8681 C:\Windows\syswow64\KERNEL32.dll
---- Registry - GMER 2.1 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Admin_U\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe 1
---- EOF - GMER 2.1 ---- Es wäre super, wenn ihr mir wieder so gut und schnell wie letztes Mal helfen könntet. Wenn es wieder das Problem: "Wir haben nur Tempfiles geleert und den DNS Cache gelöscht, wenn der voll ist kommt es gern zu Problemen.". Wie kann ich das ohne Anleitung und somit ohne euch zu nerven ;-) selbst lösen?
Danke und Gruß Uli |