![]() |
|
Log-Analyse und Auswertung: WIN8.1: Malwarebytes Pro stoppt Zugänge zu bösartigen Seiten während Battle.net läuftWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
| ![]() WIN8.1: Malwarebytes Pro stoppt Zugänge zu bösartigen Seiten während Battle.net läuft Hi, ich habe vor 2 Wochen eine neue SSD gekauft und Windows 8.1 installiert - das System ist also frisch. Heute habe ich mit der Battle.net-Software von Blizzard Starcraft 2 heruntergeladen. Während des Downloads blockierte Malwarebytes Pro mehrmals Zugänge zu gefährlichen Seiten. Als Prozess wird agent.exe angezeigt, das ist die Bnet-Software. Wird der Download pausiert, ist Stille. MWB meckert nur bei der Bnet-Software ansonsten bei keinem anderen Programm. Scans mit Avast und Malwarebytes Pro brachten keinen Fund hervor. Hoffe ihr könnt mir weiterhelfen. Schonmal besten Dank dafür. Nachfolgend die Logs. FRST war zu groß, daher als Anhang. Malwarebytes Code:
ATTFilter 2013/12/29 11:53:15 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.5 (Type: outgoing, Port: 49621, Process: agent.exe) 2013/12/29 11:58:03 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.5 (Type: outgoing, Port: 50446, Process: agent.exe) 2013/12/29 12:09:31 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.5 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 12:09:39 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.5 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 12:09:39 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.5 (Type: outgoing, Port: 52476, Process: agent.exe) 2013/12/29 12:11:39 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.5 (Type: outgoing, Port: 52848, Process: agent.exe) 2013/12/29 12:14:43 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.5 (Type: outgoing, Port: 53410, Process: agent.exe) 2013/12/29 12:16:19 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.4 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 12:16:27 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.4 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 12:16:27 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.4 (Type: outgoing, Port: 53746, Process: agent.exe) 2013/12/29 12:18:27 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.4 (Type: outgoing, Port: 54140, Process: agent.exe) 2013/12/29 12:22:35 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.4 (Type: outgoing, Port: 54889, Process: agent.exe) 2013/12/29 12:33:39 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.6 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 12:33:47 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.6 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 12:33:47 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.6 (Type: outgoing, Port: 56949, Process: agent.exe) 2013/12/29 12:35:47 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.6 (Type: outgoing, Port: 57354, Process: agent.exe) 2013/12/29 12:38:51 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.6 (Type: outgoing, Port: 57916, Process: agent.exe) 2013/12/29 15:42:14 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 15:42:22 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 15:42:22 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 63709, Process: agent.exe) 2013/12/29 15:42:22 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 15:42:22 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 15:42:46 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 15:42:46 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 63798, Process: agent.exe) 2013/12/29 15:42:46 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 16:29:51 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.5 (Type: outgoing, Port: 55292, Process: agent.exe) 2013/12/29 16:31:51 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.5 (Type: outgoing, Port: 55719, Process: agent.exe) 2013/12/29 16:36:39 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.5 (Type: outgoing, Port: 56537, Process: agent.exe) 2013/12/29 16:42:31 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 16:42:31 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 57617, Process: agent.exe) 2013/12/29 16:42:39 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 16:42:47 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 16:42:55 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 16:43:03 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 16:43:03 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 57709, Process: agent.exe) 2013/12/29 16:43:03 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 16:43:03 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 16:43:11 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 16:43:11 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 16:43:19 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 57755, Process: agent.exe) 2013/12/29 16:46:15 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 58314, Process: agent.exe) 2013/12/29 17:28:40 +0100 RAFAEL-PC Rafael MESSAGE Stopping protection 2013/12/29 17:28:40 +0100 RAFAEL-PC Rafael MESSAGE Protection stopped successfully 2013/12/29 17:28:43 +0100 RAFAEL-PC Rafael MESSAGE Stopping IP protection 2013/12/29 17:28:43 +0100 RAFAEL-PC Rafael MESSAGE IP Protection stopped successfully 2013/12/29 17:39:28 +0100 RAFAEL-PC Rafael MESSAGE Starting protection 2013/12/29 17:39:28 +0100 RAFAEL-PC Rafael MESSAGE Protection started successfully 2013/12/29 17:39:32 +0100 RAFAEL-PC Rafael MESSAGE Starting IP protection 2013/12/29 17:39:33 +0100 RAFAEL-PC Rafael MESSAGE IP Protection started successfully 2013/12/29 17:40:33 +0100 RAFAEL-PC (null) MESSAGE Starting protection 2013/12/29 17:40:33 +0100 RAFAEL-PC (null) MESSAGE Protection started successfully 2013/12/29 17:40:33 +0100 RAFAEL-PC (null) MESSAGE Starting IP protection 2013/12/29 17:40:34 +0100 RAFAEL-PC (null) MESSAGE IP Protection started successfully 2013/12/29 18:12:20 +0100 RAFAEL-PC (null) MESSAGE Starting protection 2013/12/29 18:12:20 +0100 RAFAEL-PC (null) MESSAGE Protection started successfully 2013/12/29 18:12:20 +0100 RAFAEL-PC (null) MESSAGE Starting IP protection 2013/12/29 18:12:21 +0100 RAFAEL-PC (null) MESSAGE IP Protection started successfully 2013/12/29 18:28:13 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.3 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 18:28:13 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.3 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 18:28:21 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.3 (Type: outgoing, Port: 49875, Process: agent.exe) 2013/12/29 18:30:21 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 18:30:21 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.3 (Type: outgoing, Port: 50308, Process: agent.exe) 2013/12/29 18:30:21 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 50311, Process: agent.exe) 2013/12/29 18:32:21 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 50740, Process: agent.exe) 2013/12/29 18:33:01 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 18:33:01 +0100 RAFAEL-PC Rafael IP-BLOCK 91.188.56.146 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 18:33:25 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.3 (Type: outgoing, Port: 50936, Process: agent.exe) 2013/12/29 18:41:28 +0100 RAFAEL-PC (null) MESSAGE Starting protection 2013/12/29 18:41:28 +0100 RAFAEL-PC (null) MESSAGE Protection started successfully 2013/12/29 18:41:28 +0100 RAFAEL-PC (null) MESSAGE Starting IP protection 2013/12/29 18:41:29 +0100 RAFAEL-PC (null) MESSAGE IP Protection started successfully 2013/12/29 18:45:23 +0100 RAFAEL-PC (null) MESSAGE Starting protection 2013/12/29 18:45:23 +0100 RAFAEL-PC (null) MESSAGE Protection started successfully 2013/12/29 18:45:23 +0100 RAFAEL-PC (null) MESSAGE Starting IP protection 2013/12/29 18:45:24 +0100 RAFAEL-PC (null) MESSAGE IP Protection started successfully 2013/12/29 19:56:06 +0100 RAFAEL-PC (null) MESSAGE Starting protection 2013/12/29 19:56:06 +0100 RAFAEL-PC (null) MESSAGE Protection started successfully 2013/12/29 19:56:06 +0100 RAFAEL-PC (null) MESSAGE Starting IP protection 2013/12/29 19:56:07 +0100 RAFAEL-PC (null) MESSAGE IP Protection started successfully 2013/12/29 22:51:44 +0100 RAFAEL-PC (null) MESSAGE Starting protection 2013/12/29 22:51:44 +0100 RAFAEL-PC (null) MESSAGE Protection started successfully 2013/12/29 22:51:44 +0100 RAFAEL-PC (null) MESSAGE Starting IP protection 2013/12/29 22:51:45 +0100 RAFAEL-PC (null) MESSAGE IP Protection started successfully 2013/12/29 23:43:29 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.4 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 23:43:29 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.4 (Type: outgoing, Port: 6881, Process: agent.exe) 2013/12/29 23:45:45 +0100 RAFAEL-PC Rafael IP-BLOCK 41.203.69.4 (Type: outgoing, Port: 53653, Process: agent.exe) 2013/12/29 23:47:06 +0100 RAFAEL-PC Rafael MESSAGE Executing scheduled update: Daily 2013/12/29 23:47:17 +0100 RAFAEL-PC Rafael MESSAGE Scheduled update executed successfully: database updated from version v2013.12.28.06 to version v2013.12.29.06 2013/12/29 23:47:17 +0100 RAFAEL-PC Rafael MESSAGE Starting database refresh 2013/12/29 23:47:17 +0100 RAFAEL-PC Rafael MESSAGE Stopping IP protection 2013/12/29 23:47:17 +0100 RAFAEL-PC Rafael MESSAGE IP Protection stopped successfully 2013/12/29 23:47:19 +0100 RAFAEL-PC Rafael MESSAGE Database refreshed successfully 2013/12/29 23:47:19 +0100 RAFAEL-PC Rafael MESSAGE Starting IP protection 2013/12/29 23:47:20 +0100 RAFAEL-PC Rafael MESSAGE IP Protection started successfully 2013/12/29 23:48:20 +0100 RAFAEL-PC (null) MESSAGE Starting protection 2013/12/29 23:48:20 +0100 RAFAEL-PC (null) MESSAGE Protection started successfully 2013/12/29 23:48:20 +0100 RAFAEL-PC (null) MESSAGE Starting IP protection 2013/12/29 23:48:21 +0100 RAFAEL-PC (null) MESSAGE IP Protection started successfully Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 00:27 on 30/12/2013 (Admin) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net Rootkit scan 2013-12-30 00:39:00 Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\00000028 Samsung_SSD_840_EVO_500GB rev.EXT0BB6Q 465,76GB Running: xe2ew767.exe; Driver: C:\Users\Admin\AppData\Local\Temp\uxlyqpow.sys ---- Kernel code sections - GMER 2.1 ---- .text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000173700 15 bytes [00, EA, 0F, 02, 00, 7F, 6F, ...] .text C:\Windows\System32\win32k.sys!W32pServiceTable + 16 fffff96000173710 11 bytes [00, 1F, FC, FF, 80, 52, DE, ...] ---- User code sections - GMER 2.1 ---- .text C:\Windows\system32\wininit.exe[612] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\services.exe[672] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\lsass.exe[704] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\svchost.exe[796] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\svchost.exe[836] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[984] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\System32\svchost.exe[348] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\svchost.exe[536] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\svchost.exe[848] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\System32\svchost.exe[1052] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\svchost.exe[1200] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1440] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\System32\spoolsv.exe[1440] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1ce1169a 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\System32\spoolsv.exe[1440] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1ce116a2 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\System32\spoolsv.exe[1440] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1ce1181a 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\System32\spoolsv.exe[1440] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1ce11832 4 bytes [E1, 1C, FE, 7F] .text C:\Program Files\Bonjour\mDNSResponder.exe[1772] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Program Files\Intel\iCLS Client\HeciServer.exe[1820] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\svchost.exe[1040] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\svchost.exe[2512] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\System32\WUDFHost.exe[2632] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\SearchIndexer.exe[3504] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\winlogon.exe[4872] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\dwm.exe[1936] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\dwm.exe[1936] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1ce1169a 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\system32\dwm.exe[1936] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1ce116a2 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\system32\dwm.exe[1936] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1ce1181a 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\system32\dwm.exe[1936] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1ce11832 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\Explorer.EXE[3076] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\Explorer.EXE[3076] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1ce1169a 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\Explorer.EXE[3076] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1ce116a2 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\Explorer.EXE[3076] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1ce1181a 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\Explorer.EXE[3076] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1ce11832 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\system32\DllHost.exe[3864] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\System32\skydrive.exe[3568] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe[4916] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 506 00007ffe1ce1169a 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\system32\PSAPI.DLL!GetModuleBaseNameA + 514 00007ffe1ce116a2 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 118 00007ffe1ce1181a 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\system32\nvvsvc.exe[1208] C:\Windows\system32\PSAPI.DLL!QueryWorkingSet + 142 00007ffe1ce11832 4 bytes [E1, 1C, FE, 7F] .text C:\Windows\System32\RuntimeBroker.exe[4996] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\taskhostex.exe[4292] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\System\HsMgr64.exe[2748] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\System\HsMgr64.exe[2748] C:\Windows\SYSTEM32\combase.dll!CoCreateInstance 00007ffe1c6122d0 7 bytes JMP 00007fff1c3b00d8 .text C:\Windows\System\HsMgr64.exe[2748] C:\Windows\SYSTEM32\combase.dll!CoCreateInstanceEx 00007ffe1c658130 7 bytes JMP 00007fff1c3b0110 .text C:\Windows\System\HsMgr64.exe[2748] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundCreate8 00007ffe061aae88 7 bytes JMP 00007ffe1c3b0180 .text C:\Windows\System\HsMgr64.exe[2748] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundCaptureCreate8 00007ffe061b1d10 7 bytes JMP 00007ffe1c3b05a8 .text C:\Windows\System\HsMgr64.exe[2748] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundCaptureCreate 00007ffe061bd2dc 7 bytes JMP 00007ffe1c3b0570 .text C:\Windows\System\HsMgr64.exe[2748] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundCreate 00007ffe061bd3ec 7 bytes JMP 00007ffe1c3b0148 .text C:\Windows\System\HsMgr64.exe[2748] C:\Windows\SYSTEM32\DSOUND.dll!DirectSoundFullDuplexCreate 00007ffe061bd4fc 5 bytes JMP 00007ffe1c3b05e0 .text C:\Windows\System32\SettingSyncHost.exe[2072] C:\Windows\system32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe[4504] C:\Windows\system32\KERNEL32.dll!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] .text C:\Windows\system32\AUDIODG.EXE[3492] C:\Windows\SYSTEM32\KERNEL32.DLL!GetBinaryTypeW + 165 00007ffe1c18977d 1 byte [62] ---- Threads - GMER 2.1 ---- Thread C:\Windows\system32\csrss.exe [4400:4524] fffff960008964d0 Thread C:\Windows\System32\SettingSyncHost.exe [2072:1312] 00007ffe12c36b7c ---- Registry - GMER 2.1 ---- Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemStartTime 0x47 0xE8 0xBB 0x27 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFStartTime 0xCF 0x10 0xBC 0x27 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@CMFLastStartTime 0xD9 0x6A 0x5C 0x9E ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData@SystemLastStartTime 0x76 0x0A 0x5C 0x9E ... Reg HKLM\SYSTEM\CurrentControlSet\Control\CMF\SqmData\BootLanguages@de-DE 67 Reg HKLM\SYSTEM\CurrentControlSet\Control\GraphicsDrivers\Configuration\SAM0524H9MZB01769_2C_07DA_7B^B0FBC157F3DA4B297EEB2AAE124810DF@Timestamp 0x50 0x2E 0xBB 0x28 ... Reg HKLM\SYSTEM\CurrentControlSet\Control\Lsa@LsaPid 716 Reg HKLM\SYSTEM\CurrentControlSet\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{4AADC1B1-8BD0-46EE-A026-805ACF90A363}\Connection@Name isatap.{7379E095-4DF4-42D1-922B-19145A1AB9C1} Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations \??\C:\Users\Admin\AppData\Local\Temp\~nsu.tmp\Au_.exe??\??\C:\Users\Admin\AppData\Local\Temp\~nsu.tmp?? Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Executive@UuidSequenceNumber 3900045 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -591502326 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BootId 69 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Memory Management\PrefetchParameters@BaseTime 400436220 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@POSTTime 4289 Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Power@FwPOSTTime 3929 Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@InstanceID ba14877a-83c4-484b-9f99-ecd32ad Reg HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server@GlassSessionId 1 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\AITEventLog@FileCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\SQMLogger@FileCounter 9 Reg HKLM\SYSTEM\CurrentControlSet\Control\WMI\Autologger\WdiContextLog@FileCounter 3 Reg HKLM\SYSTEM\CurrentControlSet\Services\aswRvrt\Parameters@BootCounter 56 Reg HKLM\SYSTEM\CurrentControlSet\Services\Dnscache\Parameters\Probe\{915a6fed-b040-412a-9190-ff6a9533e885}@LastProbeTime 1388357503 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{4AADC1B1-8BD0-46EE-A026-805ACF90A363}@InterfaceName isatap.{7379E095-4DF4-42D1-922B-19145A1AB9C1} Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{4AADC1B1-8BD0-46EE-A026-805ACF90A363}@ReusableType 0 Reg HKLM\SYSTEM\CurrentControlSet\Services\iphlpsvc\Parameters\Isatap\{4AADC1B1-8BD0-46EE-A026-805ACF90A363}@DefunctTimestamp 0x95 0x4D 0xC0 0x52 ... Reg HKLM\SYSTEM\CurrentControlSet\Services\rdyboost\Parameters@LastBootPlanUserTime ?So?, ?Dez ?29 ?13, 10:52:35??????????????????????????????????? Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch@Epoch 1429 Reg HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Epoch2@Epoch 204 Reg HKLM\SYSTEM\CurrentControlSet\Services\srvnet\Parameters@MajorSequence 68 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7379E095-4DF4-42D1-922B-19145A1AB9C1}@LeaseObtainedTime 1388353902 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7379E095-4DF4-42D1-922B-19145A1AB9C1}@T1 -759129747 Reg HKLM\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{7379E095-4DF4-42D1-922B-19145A1AB9C1}@T2 1925224813 Reg HKLM\SYSTEM\CurrentControlSet\Services\Winmgmt\Parameters@ServiceDllUnloadOnStop 0 ---- EOF - GMER 2.1 ---- Code:
ATTFilter Additional scan result of Farbar Recovery Scan Tool (x64) Version: 29-12-2013 01 Ran by Admin at 2013-12-30 00:28:27 Running from C:\Users\Rafael\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AV: avast! Internet Security (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: avast! Internet Security (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736} ==================== Installed Programs ====================== Adobe Flash Player 11 Plugin (x32 Version: 11.9.900.170 - Adobe Systems Incorporated) Apple Application Support (x32 Version: 2.3.6 - Apple Inc.) Apple Mobile Device Support (Version: 7.0.0.117 - Apple Inc.) Apple Software Update (x32 Version: 2.1.3.127 - Apple Inc.) ASUS Xonar DGX Audio (x32 Version: - ) avast! Internet Security (x32 Version: 9.0.2011 - Avast Software) Batman™: Arkham Origins (x32 Version: - WB Games Montreal) Battle.net (x32 Version: - Blizzard Entertainment) Bonjour (Version: 3.0.0.10 - Apple Inc.) Canon IJ Network Scanner Selector EX (x32 Version: - ) Canon IJ Network Tool (x32 Version: 3.1.1 - Canon Inc.) Canon MP Navigator EX 5.1 (x32 Version: - ) Canon MX890 series MP Drivers (Version: - Canon Inc.) Diablo III (x32 Version: - Blizzard Entertainment) Endless Space (x32 Version: - AMPLITUDE Studios) Fraps (remove only) (x32 Version: - ) Guild Wars 2 (x32 Version: - NCsoft Corporation, Ltd.) Hearthstone (x32 Version: - Blizzard Entertainment) iCloud (Version: 3.1.0.40 - Apple Inc.) Intel(R) Manageability Engine Firmware Recovery Agent (x32 Version: 1.1.0.36960 - Intel Corporation) Intel(R) Management Engine Components (x32 Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (x32 Version: 10.18.10.3345 - Intel Corporation) Intel(R) Smart Connect Technology (Version: 4.2.40.2439 - Intel Corporation) Intel® Trusted Connect Service Client (Version: 1.31.8.1 - Intel Corporation) iTunes (Version: 11.1.3.8 - Apple Inc.) KeePass Password Safe 1.26 (x32 Version: 1.26 - Dominik Reichl) Logitech Gaming Software (Version: 8.45.88 - Logitech Inc.) Logitech Gaming Software 8.51 (Version: 8.51.5 - Logitech Inc.) Malwarebytes Anti-Malware Version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation) Microsoft .NET Framework 1.1 (x32 Version: - ) Microsoft .NET Framework 1.1 (x32 Version: 1.1.4322 - Microsoft) Microsoft Silverlight (Version: 5.1.20913.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x32 Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation) Mozilla Firefox 26.0 (x86 de) (x32 Version: 26.0 - Mozilla) Mozilla Maintenance Service (x32 Version: 24.2.0 - Mozilla) Mozilla Thunderbird 24.2.0 (x86 de) (x32 Version: 24.2.0 - Mozilla) NVIDIA Grafiktreiber 331.82 (Version: 331.82 - NVIDIA Corporation) NVIDIA HD-Audiotreiber 1.3.26.4 (Version: 1.3.26.4 - NVIDIA Corporation) NVIDIA Install Application (Version: 2.1002.140.952 - NVIDIA Corporation) NVIDIA PhysX (x32 Version: 9.13.0725 - NVIDIA Corporation) NVIDIA PhysX-Systemsoftware 9.13.0725 (Version: 9.13.0725 - NVIDIA Corporation) NVIDIA Systemsteuerung 331.82 (Version: 331.82 - NVIDIA Corporation) OpenAL (x32 Version: - ) Path of Exile (x32 Version: - Grinding Gear Games) Realtek Ethernet Controller Driver (x32 Version: 8.20.815.2013 - Realtek) Sid Meier's Civilization V (x32 Version: - 2K Games, Inc.) StarCraft II (x32 Version: - Blizzard Entertainment) Steam (x32 Version: - Valve Corporation) SteelSeries Engine (Version: 2.8.171.34768 - SteelSeries) TeamViewer 9 (x32 Version: 9.0.24951 - TeamViewer) The Lord of the Rings Online™ (x32 Version: - Turbine, Inc.) The Lord of the Rings Online™ v03.08.00.8029 (x32 Version: 03.08.00.8029 - Turbine, Inc.) Torchlight II (x32 Version: - Runic Games) VLC media player 2.1.2 (x32 Version: 2.1.2 - VideoLAN) World of Warcraft (x32 Version: - Blizzard Entertainment) ==================== Restore Points ========================= 18-12-2013 16:55:44 Installiert ASUS Xonar DGX Audio 18-12-2013 17:16:37 Windows-Sicherung 18-12-2013 21:18:41 Windows-Sicherung 21-12-2013 16:48:16 DirectX wurde installiert 22-12-2013 19:25:26 DirectX wurde installiert 25-12-2013 12:06:04 DirectX wurde installiert 29-12-2013 10:51:30 Windows Update ==================== Hosts content: ========================== 2013-08-22 14:25 - 2013-08-22 14:25 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts ==================== Scheduled Tasks (whitelisted) ============= Task: {05293577-D647-4185-B859-C94839A0B2E3} - System32\Tasks\Microsoft\Windows\SettingSync\NetworkStateChangeTask Task: {0B4B5ADC-EDDE-4FDA-A1A7-B1C96A813727} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2013-12-18] (AVAST Software) Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList Task: {1B26865A-EF0F-41FC-A74E-9818CC4FB8E6} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {1EE4C4D8-AE70-4E0E-A6E9-8F701BD0CB15} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\System32\MRT.exe [2013-12-01] (Microsoft Corporation) Task: {2085BF56-520D-4951-B7C0-DF34AF90CC6A} - System32\Tasks\Microsoft\Windows\Sysmain\WsSwapAssessmentTask => Rundll32.exe sysmain.dll,PfSvWsSwapAssessmentTask Task: {2C9C0C6C-2A74-46F2-858A-4389D253EAD0} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCachePrepopulate Task: {352E6CA0-7314-4DF4-89C4-682368D80D57} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Workplace-Join => C:\Windows\System32\AutoWorkplace.exe [2013-08-22] (Microsoft Corporation) Task: {3B6D8A73-F20B-4C93-B8FB-56A154F172D2} - System32\Tasks\Microsoft\Windows\Time Zone\SynchronizeTimeZone => C:\Windows\System32\tzsync.exe [2013-08-22] (Microsoft Corporation) Task: {49754026-21E1-41FC-94FD-727AFE414FE7} - System32\Tasks\Microsoft\Windows\Sysmain\HybridDriveCacheRebalance Task: {5B0A7E4C-ED36-4B08-9C66-C09FF7FBCC57} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {6AA91E8C-DDBD-4979-8464-4062F7681A19} - System32\Tasks\Microsoft\Windows\Plug and Play\Plug and Play Cleanup Task: {6DFCB649-0769-4F83-BB10-F60F235F6D3D} - System32\Tasks\Microsoft\Windows\SkyDrive\Idle Sync Maintenance Task Task: {73B1B253-CE67-4501-AE1A-377DD1D68B65} - System32\Tasks\Microsoft\Windows\Application Experience\StartupAppTask => Rundll32.exe Startupscan.dll,SusRunTask Task: {77F1D869-6E65-4079-A2A0-E2023408EF97} - System32\Tasks\Microsoft\Windows\ApplicationData\CleanupTemporaryState => Rundll32.exe Windows.Storage.ApplicationData.dll,CleanupTemporaryState Task: {7F2422DD-3041-479A-BC97-FC2290DB14B6} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2013-03-07] (Intel Corporation) Task: {872D0E53-FD2E-41E3-B431-698AF82882CE} - System32\Tasks\Microsoft\Windows\SkyDrive\Routine Maintenance Task Task: {8CC813C9-712A-41EF-9512-B233444FC669} - System32\Tasks\Microsoft\Windows\AppxDeploymentClient\Pre-staged app cleanup => Rundll32.exe %windir%\system32\AppxDeploymentClient.dll,AppxPreStageCleanupRunTask Task: {9FF4C139-5234-410C-B7FA-23EE2FD2AB53} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Maintenance Work Task: {BB958513-107E-4C9A-B63B-5791E8C56001} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-12-25] (Adobe Systems Incorporated) Task: {CFD7C21A-808B-487B-A6EC-8A10E44E8360} - System32\Tasks\Microsoft\Windows\SettingSync\BackupTask Task: {D88FEC9E-A82A-46F9-87E2-B6B97B301C1A} - System32\Tasks\Microsoft\Windows\WS\License Validation => Rundll32.exe WSClient.dll,WSpTLR licensing Task: {DA46820F-FF8A-4B5E-A6B2-B12185DCFFFB} - System32\Tasks\Microsoft\Windows\Work Folders\Work Folders Logon Synchronization Task: {E6D378FA-E068-4BCB-80DE-56D43A249507} - System32\Tasks\Microsoft\Windows\RecoveryEnvironment\VerifyWinRE Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe ==================== Loaded Modules (whitelisted) ============= 2013-11-05 18:19 - 2013-11-05 18:19 - 00708096 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineLib.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00175104 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DBUtils.dll 2013-12-18 20:40 - 2013-12-18 20:40 - 00089915 _____ () C:\Users\Rafael\AppData\Local\Temp\10d2ca4a-28d7-4d81-8c1e-dc42bb6c83fc\CliSecureRT64.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00280064 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DriverCommunication.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00139776 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\ISSPlugin.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00148480 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Localization.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00145408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\Utilities.dll 2013-01-10 06:46 - 2013-01-10 06:46 - 00047616 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SteelSeriesDrivers\x2api.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 09562112 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SSEngineWinGui.dll 2013-01-10 06:46 - 2013-01-10 06:46 - 01102336 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\System.Data.SQLite.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00209408 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CustomWPFColorPicker.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00349696 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MousePlugin.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00171008 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\D3MousePlugin.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00173056 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\KKMousePlugin.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00171008 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\SRawPlugin.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00307200 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\MLGSenseiPlugin.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00154624 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWGoldPlugin.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00170496 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\GW2MousePlugin.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00169472 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CSGOMousePlugin.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00169984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\DOTA2MousePlugin.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00157184 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoWWirelessPlugin.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00170496 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\CODMousePlugin.dll 2013-11-05 18:19 - 2013-11-05 18:19 - 00169984 _____ () C:\Program Files\SteelSeries\SteelSeries Engine\WoTMousePlugin.dll 2013-12-29 15:16 - 2013-12-29 13:54 - 02153984 _____ () C:\Program Files\AVAST Software\Avast\defs\13122900\algo.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2013-09-13 19:51 - 2013-09-13 19:51 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2013-12-18 17:50 - 2013-09-16 12:17 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll 2013-12-18 17:55 - 2012-06-06 09:56 - 00143360 ____N () C:\Program Files\ASUS Xonar DGX Audio\Customapp\VmixP8.dll 2013-12-18 18:41 - 2013-12-18 18:41 - 19336120 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll 2013-12-29 22:58 - 2013-12-05 20:36 - 03559024 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll 2013-09-14 01:51 - 2013-09-14 01:51 - 00087952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll 2013-09-14 01:50 - 2013-09-14 01:50 - 01242952 _____ () C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll ==================== Alternate Data Streams (whitelisted) ========= AlternateDataStreams: C:\Users\Rafael\SkyDrive:ms-properties ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (12/29/2013 11:04:07 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.3.9600.16441, Zeitstempel: 0x5265dec8 Name des fehlerhaften Moduls: PlayToDevice.dll, Version: 12.0.9600.16384, Zeitstempel: 0x5215d4ce Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000000000018295 ID des fehlerhaften Prozesses: 0x160 Startzeit der fehlerhaften Anwendung: 0xExplorer.EXE0 Pfad der fehlerhaften Anwendung: Explorer.EXE1 Pfad des fehlerhaften Moduls: Explorer.EXE2 Berichtskennung: Explorer.EXE3 Vollständiger Name des fehlerhaften Pakets: Explorer.EXE4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: Explorer.EXE5 Error: (12/29/2013 10:54:57 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest. Error: (12/29/2013 09:00:24 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest. Error: (12/29/2013 09:00:20 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest. Error: (12/29/2013 09:00:16 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest. Error: (12/29/2013 09:00:16 PM) (Source: SideBySide) (User: ) Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest1". Fehler in Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest3. Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifest. Error: (12/29/2013 07:29:17 PM) (Source: Microsoft-Windows-LocationProvider) (User: NT-AUTORITÄT) Description: There was an error with the Windows Location Provider database Error: (12/29/2013 01:20:46 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: TurbineLauncher.exe, Version: 1201.54.1950.4009, Zeitstempel: 0x52a7fd34 Name des fehlerhaften Moduls: patchclient.DLL, Version: 3.0.1.8, Zeitstempel: 0x5284f609 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00024359 ID des fehlerhaften Prozesses: 0x11ec Startzeit der fehlerhaften Anwendung: 0xTurbineLauncher.exe0 Pfad der fehlerhaften Anwendung: TurbineLauncher.exe1 Pfad des fehlerhaften Moduls: TurbineLauncher.exe2 Berichtskennung: TurbineLauncher.exe3 Vollständiger Name des fehlerhaften Pakets: TurbineLauncher.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TurbineLauncher.exe5 Error: (12/28/2013 04:43:44 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: TurbineLauncher.exe, Version: 1201.54.1950.4009, Zeitstempel: 0x52a7fd34 Name des fehlerhaften Moduls: patchclient.DLL, Version: 3.0.1.8, Zeitstempel: 0x5284f609 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00024359 ID des fehlerhaften Prozesses: 0x86c Startzeit der fehlerhaften Anwendung: 0xTurbineLauncher.exe0 Pfad der fehlerhaften Anwendung: TurbineLauncher.exe1 Pfad des fehlerhaften Moduls: TurbineLauncher.exe2 Berichtskennung: TurbineLauncher.exe3 Vollständiger Name des fehlerhaften Pakets: TurbineLauncher.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TurbineLauncher.exe5 Error: (12/28/2013 02:32:40 PM) (Source: Application Error) (User: ) Description: Name der fehlerhaften Anwendung: TurbineLauncher.exe, Version: 1201.54.1950.4009, Zeitstempel: 0x52a7fd34 Name des fehlerhaften Moduls: patchclient.DLL, Version: 3.0.1.8, Zeitstempel: 0x5284f609 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00024359 ID des fehlerhaften Prozesses: 0x10b8 Startzeit der fehlerhaften Anwendung: 0xTurbineLauncher.exe0 Pfad der fehlerhaften Anwendung: TurbineLauncher.exe1 Pfad des fehlerhaften Moduls: TurbineLauncher.exe2 Berichtskennung: TurbineLauncher.exe3 Vollständiger Name des fehlerhaften Pakets: TurbineLauncher.exe4 Anwendungs-ID, die relativ zum fehlerhaften Paket ist: TurbineLauncher.exe5 System errors: ============= Error: (12/29/2013 11:48:22 PM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RAFAEL-PC" auf Transport "NetBT_Tcpip_{7379E095-4DF4-42D1-922B-19145A1AB9C1}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (12/29/2013 05:59:40 PM) (Source: DCOM) (User: Rafael-PC) Description: AnwendungsspezifischLokalAktivierung{7D1933CB-86F6-4A98-8628-01BE94C9A575}{F290BFB2-1864-45B1-8804-2654194A87E7}Rafael-PCRafaelS-1-5-21-3784432251-2332202779-1408902637-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/29/2013 05:59:40 PM) (Source: DCOM) (User: Rafael-PC) Description: AnwendungsspezifischLokalAktivierung{7D1933CB-86F6-4A98-8628-01BE94C9A575}{F290BFB2-1864-45B1-8804-2654194A87E7}Rafael-PCRafaelS-1-5-21-3784432251-2332202779-1408902637-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/29/2013 05:59:18 PM) (Source: DCOM) (User: Rafael-PC) Description: AnwendungsspezifischLokalAktivierung{7D1933CB-86F6-4A98-8628-01BE94C9A575}{F290BFB2-1864-45B1-8804-2654194A87E7}Rafael-PCRafaelS-1-5-21-3784432251-2332202779-1408902637-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/29/2013 05:59:18 PM) (Source: DCOM) (User: Rafael-PC) Description: AnwendungsspezifischLokalAktivierung{7D1933CB-86F6-4A98-8628-01BE94C9A575}{F290BFB2-1864-45B1-8804-2654194A87E7}Rafael-PCRafaelS-1-5-21-3784432251-2332202779-1408902637-1002LocalHost (unter Verwendung von LRPC)Nicht verfügbarNicht verfügbar Error: (12/29/2013 10:15:39 AM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RAFAEL-PC" auf Transport "NetBT_Tcpip_{7379E095-4DF4-42D1-922B-19145A1AB9C1}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (12/28/2013 10:44:18 AM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RAFAEL-PC" auf Transport "NetBT_Tcpip_{7379E095-4DF4-42D1-922B-19145A1AB9C1}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (12/28/2013 10:19:35 AM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RAFAEL-PC" auf Transport "NetBT_Tcpip_{7379E095-4DF4-42D1-922B-19145A1AB9C1}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (12/27/2013 10:43:57 PM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RAFAEL-PC" auf Transport "NetBT_Tcpip_{7379E095-4DF4-42D1-922B-19145A1AB9C1}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Error: (12/27/2013 10:38:14 PM) (Source: bowser) (User: ) Description: Der Suchdiensttreiber erhielt zu viele nicht erlaubte Datagramme vom Remotecomputer "EASYBOX" zum Namen "RAFAEL-PC" auf Transport "NetBT_Tcpip_{7379E095-4DF4-42D1-922B-19145A1AB9C1}". Das Datagramm steht in den Daten. Es werden keine weiteren Ereignisse erzeugt, solange die Rücksetzfrequenz nicht abgelaufen ist. Microsoft Office Sessions: ========================= Error: (12/29/2013 11:04:07 PM) (Source: Application Error)(User: ) Description: Explorer.EXE6.3.9600.164415265dec8PlayToDevice.dll12.0.9600.163845215d4cec0000005000000000001829516001cf04e031485310C:\Windows\Explorer.EXEC:\Windows\System32\PlayToDevice.dll230f2932-70d5-11e3-828d-bc5ff44a1d11 Error: (12/29/2013 10:54:57 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\Rafael\Downloads\esetsmartinstaller_deu.exe Error: (12/29/2013 09:00:24 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\Rafael\Downloads\esetsmartinstaller_deu.exe Error: (12/29/2013 09:00:20 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\Rafael\Downloads\esetsmartinstaller_deu.exe Error: (12/29/2013 09:00:16 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\Rafael\Downloads\esetsmartinstaller_deu.exe Error: (12/29/2013 09:00:16 PM) (Source: SideBySide)(User: ) Description: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_62475f7becb72503.manifestC:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.16384_none_a9f4965301334e09.manifestC:\Users\Rafael\Downloads\esetsmartinstaller_deu.exe Error: (12/29/2013 07:29:17 PM) (Source: Microsoft-Windows-LocationProvider)(User: NT-AUTORITÄT) Description: -2147024883 Error: (12/29/2013 01:20:46 PM) (Source: Application Error)(User: ) Description: TurbineLauncher.exe1201.54.1950.400952a7fd34patchclient.DLL3.0.1.85284f609c00000050002435911ec01cf049056997c37C:\Spiele\Steam\steamapps\common\Lord of the Rings Online\TurbineLauncher.exeC:\Spiele\Steam\steamapps\common\Lord of the Rings Online\patchclient.DLLa4d2ca9c-7083-11e3-8287-bc5ff44a1d11 Error: (12/28/2013 04:43:44 PM) (Source: Application Error)(User: ) Description: TurbineLauncher.exe1201.54.1950.400952a7fd34patchclient.DLL3.0.1.85284f609c00000050002435986c01cf03e387494385C:\Spiele\Steam\steamapps\common\Lord of the Rings Online\TurbineLauncher.exeC:\Spiele\Steam\steamapps\common\Lord of the Rings Online\patchclient.DLLd4b462b2-6fd6-11e3-8284-bc5ff44a1d11 Error: (12/28/2013 02:32:40 PM) (Source: Application Error)(User: ) Description: TurbineLauncher.exe1201.54.1950.400952a7fd34patchclient.DLL3.0.1.85284f609c00000050002435910b801cf03d134451d81C:\Spiele\Steam\steamapps\common\Lord of the Rings Online\TurbineLauncher.exeC:\Spiele\Steam\steamapps\common\Lord of the Rings Online\patchclient.DLL8563b163-6fc4-11e3-8284-bc5ff44a1d11 ==================== Memory info =========================== Percentage of memory in use: 23% Total physical RAM: 8077.82 MB Available physical RAM: 6191.73 MB Total Pagefile: 9357.82 MB Available Pagefile: 7401.43 MB Total Virtual: 131072 MB Available Virtual: 131071.77 MB ==================== Drives ================================ Drive c: (Windows 8.1) (Fixed) (Total:465.42 GB) (Free:307.1 GB) NTFS Drive f: (Elements) (Fixed) (Total:931.51 GB) (Free:835.9 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 42877442) Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 0002846E) Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS) ==================== End Of Log ============================ Geändert von psychenic (30.12.2013 um 01:41 Uhr) |
Themen zu WIN8.1: Malwarebytes Pro stoppt Zugänge zu bösartigen Seiten während Battle.net läuft |
4d36e972-e325-11ce-bfc1-08002be10318, amplitude, autostart, avast, bat, battle.net, beste, besten, code, dllhost.exe, fund, gefährliche, gekauft, installiert, malwarebytes, neue, port, process, prozess, remotecomputer, richtlinie, seite, seiten, system, update, updated, version, win, win32k.sys, win8.1, windows, woche, wochen |