| |
| |||||||
Log-Analyse und Auswertung: Avast schlägt beim Start von Firefox jedes mal AlarmWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
30.09.2015, 09:28
| #1 |
 |  Avast schlägt beim Start von Firefox jedes mal Alarm Hi, Beim Start von Firefox schlägt mein Avast! stets Alarm und zeigt: Code:
ATTFilter hxxp://request.saferbrowsingcache.com/users/a1906463-3457-4fdb-824b-fe6ada067c9d
URL:Mal
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
Logfiles finde ich nicht, sie sollten hier sein; C:\ProgramData\Avast Software\Avast\Log aber der Ordner Log existiert nicht. ESET und Malwarebyte habe ich vor 3 Tagen schon versucht. Ergebnisse hänge ich an. Insgesammt nerfig aber verkraftbar. Nur wollte ich demnächst vielleicht online-banking auf dem Rechner betreiben und da will ich mal kein Risiko eingehen Dx PLZ Help *.* / Das FRST macht den Thread zu lang, seperat posten oder Archiv? defogger_disable.log Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:51 on 30/09/2015 (DAS k1ishEé)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:27-09-2015 01
durchgeführt von DAS k1ishEé (2015-09-30 09:53:40)
Gestartet von F:\Downloads\TrojanerBoard\FRST
Windows 7 Professional Service Pack 1 (X64) (2015-04-02 02:26:33)
Start-Modus: Normal
==========================================================
==================== Konten: =============================
Administrator (S-1-5-21-1784364803-3053550495-1265879695-500 - Administrator - Disabled)
DAS k1ishEé (S-1-5-21-1784364803-3053550495-1265879695-1000 - Administrator - Enabled) => C:\Users\DAS k1ishEé
Gast (S-1-5-21-1784364803-3053550495-1265879695-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1784364803-3053550495-1265879695-1002 - Limited - Enabled)
==================== Sicherheits-Center ========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
==================== Installierte Programme ======================
(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)
2007 Microsoft Office Suite Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
2007 Microsoft Office Suite Service Pack 3 (SP3) (x32 Version: - Microsoft) Hidden
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Amnesia: The Dark Descent (HKLM-x32\...\Steam App 57300) (Version: - Frictional Games)
Asmedia ASM106x SATA Host Controller Driver (HKLM-x32\...\{61942EF5-2CD8-47D4-869C-2E9A8BB085F1}) (Version: 1.3.8.000 - Asmedia Technology)
AudibleManager (HKLM-x32\...\AudibleManager) (Version: 2009608308.48.56.34082162 - Audible, Inc.)
Audiograbber 1.83 SE (HKLM-x32\...\Audiograbber) (Version: 1.83 SE - Audiograbber)
Audiosurf (HKLM-x32\...\Steam App 12900) (Version: - Dylan Fitterer)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.0.0.0 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.0 - EA Digital Illusions CE AB)
Braid (HKLM-x32\...\Steam App 26800) (Version: - Number None)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.4.5306 - CDBurnerXP)
Cities: Skylines (HKLM-x32\...\Steam App 255710) (Version: - Colossal Order Ltd.)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version: - Valve)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
CyberLink Blu-ray Disc Suite (HKLM-x32\...\InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}) (Version: 6.0.3226 - CyberLink Corp.)
CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4704.58 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM\...\DAEMON Tools Lite) (Version: 5.0.1.0406 - Disc Soft Ltd)
Dark Souls: Prepare to Die Edition (HKLM-x32\...\Steam App 211420) (Version: - FromSoftware)
DARK SOULS™ II: Scholar of the First Sin (HKLM-x32\...\Steam App 335300) (Version: - FromSoftware, Inc)
Deus Ex: Human Revolution - Director's Cut (HKLM-x32\...\Steam App 238010) (Version: - Eidos Montreal)
DVD Flick 1.3.0.7 (HKLM-x32\...\DVD Flick_is1) (Version: 1.3.0.7 - Dennis Meuwissen)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
Fingered (HKLM-x32\...\Steam App 384360) (Version: - Edmund McMillen)
Fotogalerie (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Free Mouse Auto Clicker 3.4.5 (HKLM-x32\...\{7D9D583E-EC8B-4390-B3A4-017B8182C8FF}_is1) (Version: - Advanced Mouse Auto Clicker ltd.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.101 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Half-Life 2 (HKLM-x32\...\Steam App 220) (Version: - Valve)
Half-Life 2: Episode One (HKLM-x32\...\Steam App 380) (Version: - Valve)
Half-Life 2: Episode Two (HKLM-x32\...\Steam App 420) (Version: - Valve)
Half-Life 2: Lost Coast (HKLM-x32\...\Steam App 340) (Version: - Valve)
Half-Life 2: Update (HKLM-x32\...\Steam App 290930) (Version: - Filip Victor)
Hotline Miami 2: Wrong Number (HKLM-x32\...\Steam App 274170) (Version: - Dennaton Games)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
Left 4 Dead (HKLM-x32\...\Steam App 500) (Version: - Valve)
LG Tool Kit (HKLM-x32\...\{6179550A-3E7C-499E-BCC9-9E8113E0A285}) (Version: 10.01.0712.01 - )
Malwarebytes Anti-Exploit version 1.07.1.1015 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.07.1.1015 - Malwarebytes)
Malwarebytes Anti-Malware Version 2.1.6.1022 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.6.1022 - Malwarebytes Corporation)
MestReNova LITE 5.2.5-5780 (HKLM-x32\...\MestReNova LITE) (Version: 5.2.5-5780 - Mestrelab Research S.L.)
Microsoft .NET Framework 4.5.2 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Live Add-in 1.5 (HKLM-x32\...\{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}) (Version: 2.0.4024.1 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 (64-bit) (HKLM\...\Microsoft SQL Server 2008 R2) (Version: - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Native Client (HKLM\...\{471AAD2C-9078-4DAC-BD43-FA10FB7C3FCE}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Setup (English) (HKLM\...\{01078B88-2981-4F75-96B0-8B22E2D2DE03}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server Browser (HKLM-x32\...\{BF9BF038-FE03-429D-9B26-2FA0FD756052}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{288D79EE-A2D1-42AF-9597-B0ADCC23A8ED}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 41.0 (x86 de) (HKLM-x32\...\Mozilla Firefox 41.0 (x86 de)) (Version: 41.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 37.0 - Mozilla)
MPC-HC 1.7.9 (HKLM-x32\...\{2624B969-7135-4EB1-B0F6-2D8C397B45F7}_is1) (Version: 1.7.9 - MPC-HC Team)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Natural Selection 2 (HKLM-x32\...\Steam App 4920) (Version: - Unknown Worlds Entertainment)
NVIDIA 3D Vision Treiber 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.82 - NVIDIA Corporation)
NVIDIA Grafiktreiber 353.82 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.82 - NVIDIA Corporation)
NVIDIA HD-Audiotreiber 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA PhysX-Systemsoftware 9.15.0324 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0324 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Origin (HKLM-x32\...\Origin) (Version: 9.2.1.4399 - Electronic Arts, Inc.)
PerkinElmer ChemOffice Professional 2015 (HKLM-x32\...\{83DBA37B-B24C-431B-9D7B-8331D28A067C}) (Version: 15.0 - PerkinElmer Informatics, Inc.)
PerkinElmer ChemScript 15.0 (HKLM-x32\...\{2623D946-2CA9-4E69-A6C1-DDFA46C87EFF}) (Version: 15.0 - PerkinElmer Informatics, Inc.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.991 - Even Balance, Inc.)
Python 3.2 pywin32-217 (HKLM-x32\...\pywin32-py3.2) (Version: - )
Python 3.2.2 (HKLM-x32\...\{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}) (Version: 3.2.2150 - Python Software Foundation)
Qualcomm Atheros Bandwidth Control Filter Driver (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer E220x Drivers (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Qualcomm Atheros Killer Network Manager Suite (HKLM-x32\...\{DD21E907-9A2A-44B8-A12E-13691E166664}) (Version: 1.0.30.1003 - Qualcomm Atheros)
Qualcomm Atheros Network Manager (Version: 1.0.30.1003 - Qualcomm Atheros) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7069 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{17528CE4-C333-48FB-A9E4-D841E795CDCE}) (Version: 3.0.23.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 3.0.23.0 - Renesas Electronics Corporation) Hidden
resident evil 4 / biohazard 4 (HKLM-x32\...\Steam App 254700) (Version: - Capcom)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit) (HKLM\...\KB2528583) (Version: 10.51.2500.0 - Microsoft Corporation)
Shovel Knight (HKLM-x32\...\Steam App 250760) (Version: - Yacht Club Games)
Snakebird (HKLM-x32\...\Steam App 357300) (Version: - Noumenon Games)
Speccy (HKLM\...\Speccy) (Version: 1.28 - Piriform)
SQL Server 2008 R2 SP1 Common Files (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Services (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Database Engine Shared (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
SQL Server 2008 R2 SP1 Full text search (Version: 10.51.2500.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.50.1600.1 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Terraria (HKLM-x32\...\Steam App 105600) (Version: - Re-Logic)
The Talos Principle (HKLM-x32\...\Steam App 257510) (Version: - Croteam)
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Update für Microsoft Office Excel 2007 Help (KB963678) (HKLM-x32\...\{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{BEC163EC-7A83-48A1-BFB6-3BF47CC2F8CF}) (Version: - Microsoft)
Update für Microsoft Office Outlook 2007 Help (KB963677) (HKLM-x32\...\{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{F6828576-6F79-470D-AB50-69D1BBADBD30}) (Version: - Microsoft)
Update für Microsoft Office Powerpoint 2007 Help (KB963669) (HKLM-x32\...\{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{EA160DA3-E9B5-4D03-A518-21D306665B96}) (Version: - Microsoft)
Update für Microsoft Office Word 2007 Help (KB963665) (HKLM-x32\...\{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{38472199-D7B6-4833-A949-10E4EE6365A1}) (Version: - Microsoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.0 - VideoLAN)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
WinRAR 5.21 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
==================== Wiederherstellungspunkte =========================
29-09-2015 09:55:48 Windows Modules Installer
29-09-2015 18:27:54 Windows Update
==================== Hosts Inhalt: ===============================
(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)
2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
Task: {20CA2662-1B8A-40FB-80C9-580C332DD850} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {277F6B8B-A972-4EA9-B12F-274A79DA008F} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-08-13] (AVAST Software)
Task: {2B8F8E16-D169-46A6-8FB1-9698904767B9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-02] (Google Inc.)
Task: {6CFEFC76-9147-4ED0-96C4-C7F3745678F7} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {7B3A535B-5553-4B93-9E00-FF1BCA3D5D1D} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-07-07] (Adobe Systems Incorporated)
Task: {E74F7CBB-7EC7-4D7D-8E18-6C07CD6C5A3E} - System32\Tasks\{3578B826-B9D8-4952-8426-F5EEDD5E0400} => pcalua.exe -a "F:\Dateien\Spiele, Programme\Programme\RegCleaner.exe" -d "F:\Dateien\Spiele, Programme\Programme"
Task: {F079F527-81EB-42E9-AA12-FD6210A804BE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-04-02] (Google Inc.)
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============
2015-05-16 09:49 - 2015-08-07 02:44 - 00116528 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-04-30 10:22 - 2015-04-30 10:24 - 00076152 _____ () C:\Windows\SysWOW64\PnkBstrA.exe
2015-07-04 18:36 - 2015-02-27 14:38 - 00721263 _____ () C:\Windows\SysWOW64\WSCM64.dll
2015-08-13 10:06 - 2015-08-13 10:06 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-08-13 10:06 - 2015-08-13 10:06 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-29 17:34 - 2015-09-29 17:34 - 02966016 _____ () C:\Program Files\AVAST Software\Avast\defs\15092901\algo.dll
2015-04-02 22:52 - 2015-04-02 22:52 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-07-04 18:36 - 2015-04-28 15:22 - 01498112 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\DAQExp.dll
2015-07-04 18:36 - 2014-05-19 17:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\CBSCreateVC.dll
2015-04-02 04:40 - 2013-09-16 21:20 - 01242584 ____R () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-04-02 12:24 - 2015-07-03 18:12 - 00778240 _____ () F:\Spiele\Steam\SDL2.dll
2015-04-02 12:24 - 2015-07-03 18:12 - 04962816 _____ () F:\Spiele\Steam\v8.dll
2015-04-02 12:24 - 2015-07-03 18:12 - 01556992 _____ () F:\Spiele\Steam\icui18n.dll
2015-04-02 12:24 - 2015-07-03 18:12 - 01187840 _____ () F:\Spiele\Steam\icuuc.dll
2015-04-02 12:24 - 2015-08-19 22:39 - 02413248 _____ () F:\Spiele\Steam\video.dll
2015-04-02 12:24 - 2014-12-01 23:31 - 02396672 _____ () F:\Spiele\Steam\libavcodec-56.dll
2015-04-02 12:24 - 2014-12-01 23:31 - 00442880 _____ () F:\Spiele\Steam\libavutil-54.dll
2015-04-02 12:24 - 2014-12-01 23:31 - 00479744 _____ () F:\Spiele\Steam\libavformat-56.dll
2015-04-02 12:24 - 2014-12-01 23:31 - 00332800 _____ () F:\Spiele\Steam\libavresample-2.dll
2015-04-02 12:24 - 2014-12-01 23:31 - 00485888 _____ () F:\Spiele\Steam\libswscale-3.dll
2015-04-02 12:24 - 2015-08-19 22:39 - 00704192 _____ () F:\Spiele\Steam\bin\chromehtml.DLL
2015-07-22 08:58 - 2015-07-27 03:13 - 00171008 _____ () F:\Spiele\Steam\bin\openvr_api.dll
2015-04-02 12:24 - 2015-07-03 18:12 - 39553928 _____ () F:\Spiele\Steam\bin\libcef.dll
==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)
==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)
==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)
==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)
==================== Andere Bereiche ============================
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
HKU\S-1-5-21-1784364803-3053550495-1265879695-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\DAS k1ishEé\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.
==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==
(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Killer Network Manager.lnk => C:\Windows\pss\Killer Network Manager.lnk.CommonStartup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: CyberGhost => "C:\Program Files\CyberGhost 5\CyberGhost.exe" /autostart /min
MSCONFIG\startupreg: DAEMON Tools Lite => "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
MSCONFIG\startupreg: LGODDFU => "C:\Program Files (x86)\lg_fwupdate\lgfw.exe" blrun
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: PowerDVD14Agent => "F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
MSCONFIG\startupreg: UpdatePSTShortCut => "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============
(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{1E0F2F7A-A558-46CF-AC17-681EADAA6419}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{210CFCD5-8DFF-471C-8E11-5669BBD8F364}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{26FCC47A-C95A-48FA-BC76-5C2BF9D9936C}] => (Allow) F:\Spiele\Steam\Steam.exe
FirewallRules: [{279BB053-6DD7-401B-B333-EF4C03F087B5}] => (Allow) F:\Spiele\Steam\Steam.exe
FirewallRules: [{570C261C-AA77-4C8F-9A19-39C3E3CB4E64}] => (Allow) F:\Spiele\Steam\bin\steamwebhelper.exe
FirewallRules: [{629E809E-64BA-4106-9B2E-47F8B1E41335}] => (Allow) F:\Spiele\Steam\bin\steamwebhelper.exe
FirewallRules: [{92014B67-495F-4ECF-9C32-682768104B65}] => (Allow) F:\Spiele\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{03EF6D4E-4649-4723-BEAD-B959EFF34788}] => (Allow) F:\Spiele\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{2C5350DA-C17A-4B24-9173-7A753683A171}] => (Allow) F:\Spiele\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{540A8A10-F541-4843-97D8-C5214C979776}] => (Allow) F:\Spiele\Steam\steamapps\common\Audiosurf\engine\QuestViewer.exe
FirewallRules: [{D682FC21-58EB-4DDF-87B1-1F16D96176FD}] => (Allow) F:\Spiele\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{B331D8AD-BE57-4922-A418-9E3BF81554FE}] => (Allow) F:\Spiele\Steam\steamapps\common\Cities_Skylines\Cities.exe
FirewallRules: [{C6F34538-0C56-4F25-BD7B-AB6D0A589042}] => (Allow) F:\Spiele\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{ECD645F9-33D1-4B51-B150-E92DF1824B4A}] => (Allow) F:\Spiele\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{E7223286-2CF3-4169-B0EC-5FE7D969CA94}] => (Allow) F:\Spiele\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{C4BD1D8D-B8F5-42F6-830A-F70B9DE93D50}] => (Allow) F:\Spiele\Steam\steamapps\common\left 4 dead\left4dead.exe
FirewallRules: [{4DCE6E7B-B1CB-488A-8910-8FD920B7D39E}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{3E2C54DD-15ED-435F-B914-363C67143115}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{36278193-CAF0-402B-B82B-854D730911E5}] => (Allow) F:\Spiele\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{B400751A-3DDC-42B6-B470-3B23247FEC88}] => (Allow) F:\Spiele\Steam\steamapps\common\Half-Life 2\hl2.exe
FirewallRules: [{252677FA-4A92-49ED-BC17-28D0B11FC193}] => (Allow) F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD.exe
FirewallRules: [{E25063C3-2A1F-45F9-BFA3-7681B2DAA69B}] => (Allow) F:\Programme\PowerDVD 14\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe
FirewallRules: [{8F28E477-790B-4900-A196-2C63B3E7E889}] => (Allow) F:\Programme\PowerDVD 14\PowerDVD14\PowerDVD14Agent.exe
FirewallRules: [{83E4E662-3293-47EC-B49C-47E60021BD90}] => (Allow) F:\Programme\PowerDVD 14\PowerDVD14\Movie\PowerDVDMovie.exe
FirewallRules: [{5B861A3F-C986-4FA7-A521-1543AC4532E2}] => (Allow) F:\Programme\PowerDVD 14\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [{F296240D-71A3-4625-9808-3F2D2CF39594}] => (Allow) F:\Spiele\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{71AA19D8-D6CC-4D49-9034-6DB692E8C575}] => (Allow) F:\Spiele\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{31054C48-B698-4D07-B7EC-C78CEFB717A7}] => (Allow) F:\Spiele\Steam\steamapps\common\Natural Selection 2\NS2.exe
FirewallRules: [{85642BC7-3A7C-45E2-BA60-87A56F014B92}] => (Allow) F:\Spiele\Steam\steamapps\common\Natural Selection 2\NS2.exe
FirewallRules: [{5171EC52-3631-472C-9E33-23C64F163CE5}] => (Allow) F:\Spiele\Origin\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{44A4667F-0532-44D8-9D53-B709375A2AAD}] => (Allow) F:\Spiele\Origin\Origin Games\Battlefield 3\bf3.exe
FirewallRules: [{4F7EC111-B7DC-45C7-8DCF-D97F3AB5CC74}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{18B73E1F-E4AE-4290-A976-AB3034C70C54}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{7DA54BC1-6C73-4069-BE7B-1D260E1F36B3}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{DB521126-2320-42EE-93A9-1735CBB2AE6A}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{ABD66C93-7915-4831-B332-0E57C7A7F127}] => (Allow) F:\Spiele\Steam\steamapps\common\Snakebird\Snakebird.exe
FirewallRules: [{6C6B52A7-066C-4B6B-AD62-2E7BB7A1A2D6}] => (Allow) F:\Spiele\Steam\steamapps\common\Snakebird\Snakebird.exe
FirewallRules: [{E8FCC921-D9CD-4072-83DF-C3B0BA2241F2}] => (Allow) F:\Spiele\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{F88FDCA6-F9BA-4B6A-AE8D-6743EB776DE2}] => (Allow) F:\Spiele\Steam\steamapps\common\Dark Souls II Scholar of the First Sin\Game\DarkSoulsII.exe
FirewallRules: [{C90DB305-E8FE-4FF5-8BEB-B9723421E431}] => (Allow) F:\Spiele\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{4D2BA304-7B04-4F86-BD41-24F13449D592}] => (Allow) F:\Spiele\Steam\steamapps\common\Hotline Miami 2\HotlineMiami2.exe
FirewallRules: [{3573BA62-46C1-468E-B0AE-2222BFAACF4A}] => (Allow) F:\Spiele\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{42DB1BF2-AC80-45AD-90CE-49EC4B3B062C}] => (Allow) F:\Spiele\Steam\steamapps\common\Resident Evil 4\Bin32\bio4.exe
FirewallRules: [{E1B32547-3B4C-46E6-A614-94FF13508412}] => (Allow) F:\Spiele\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [{5FF79E94-4E04-465A-9651-02E435DFA46A}] => (Allow) F:\Spiele\Steam\steamapps\common\Terraria\Terraria.exe
FirewallRules: [TCP Query User{CF09A7BF-5D5F-4BFF-9AFB-78CB88EA4530}F:\spiele\steam\steamapps\common\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Allow) F:\spiele\steam\steamapps\common\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [UDP Query User{18FABF59-46F9-4528-9C09-FA4446BF7737}F:\spiele\steam\steamapps\common\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe] => (Allow) F:\spiele\steam\steamapps\common\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [{A09809EA-830C-4443-A69C-D55434C059BF}] => (Block) F:\spiele\steam\steamapps\common\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [{B5E7C185-73CF-46FC-8FB7-8628DFF96C4E}] => (Block) F:\spiele\steam\steamapps\common\the vanishing of ethan carter\binaries\win64\astronautsgame-win64-shipping.exe
FirewallRules: [{7A4563AD-E33F-42FC-B096-EECE6E03139B}] => (Allow) F:\Spiele\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [{2EF97596-0DC2-4BB2-BBEA-248D87EBD838}] => (Allow) F:\Spiele\Steam\steamapps\common\Shovel Knight\ShovelKnight.exe
FirewallRules: [TCP Query User{303F9D88-037F-4C6B-8376-B412C458DFC1}F:\spiele\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) F:\spiele\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [UDP Query User{5A79D509-8547-488F-81B3-627BABFA4881}F:\spiele\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe] => (Allow) F:\spiele\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{7306F907-9804-4763-95C0-04C751F84400}] => (Block) F:\spiele\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{9B40A4EF-510D-4F3F-BC18-4382AEF04417}] => (Block) F:\spiele\steam\steamapps\common\xcom-enemy-unknown\xew\binaries\win32\xcomew.exe
FirewallRules: [{630BA0DC-44F2-441B-9D31-8679593D2215}] => (Allow) F:\Spiele\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [{D6D3CAB8-CF19-4412-9A54-B2264B91B3E2}] => (Allow) F:\Spiele\Steam\steamapps\common\Dirty Bomb\Binaries\Win32\ShooterGame-Win32-Shipping.exe
FirewallRules: [TCP Query User{E5BF3108-C5EA-4BFF-BCF1-DFCA7E47B6C8}C:\program files (x86)\cambridgesoft\chemoffice2015\chem3d\chem3d.exe] => (Allow) C:\program files (x86)\cambridgesoft\chemoffice2015\chem3d\chem3d.exe
FirewallRules: [UDP Query User{10D37C6C-9702-4BCE-8A29-D9790E1A07E3}C:\program files (x86)\cambridgesoft\chemoffice2015\chem3d\chem3d.exe] => (Allow) C:\program files (x86)\cambridgesoft\chemoffice2015\chem3d\chem3d.exe
FirewallRules: [{E0C14F89-5380-4A78-AE34-E36CB4FBC950}] => (Block) C:\program files (x86)\cambridgesoft\chemoffice2015\chem3d\chem3d.exe
FirewallRules: [{D547A9FE-DBFC-4FC2-A191-CDD42B609C19}] => (Block) C:\program files (x86)\cambridgesoft\chemoffice2015\chem3d\chem3d.exe
FirewallRules: [TCP Query User{76F43518-7A3C-4DAC-A0EE-6F4210AAD50C}C:\program files (x86)\cambridgesoft\chemoffice2015\chemdraw\chemdraw.exe] => (Allow) C:\program files (x86)\cambridgesoft\chemoffice2015\chemdraw\chemdraw.exe
FirewallRules: [UDP Query User{CC80989A-C51D-40ED-8E4E-AA17795D4A5D}C:\program files (x86)\cambridgesoft\chemoffice2015\chemdraw\chemdraw.exe] => (Allow) C:\program files (x86)\cambridgesoft\chemoffice2015\chemdraw\chemdraw.exe
FirewallRules: [{F73204BB-DA35-4210-9F68-CEF36075181B}] => (Block) C:\program files (x86)\cambridgesoft\chemoffice2015\chemdraw\chemdraw.exe
FirewallRules: [{753AC014-AAB9-4DF5-BA50-F86B1C3BDEAD}] => (Block) C:\program files (x86)\cambridgesoft\chemoffice2015\chemdraw\chemdraw.exe
FirewallRules: [{B1168708-3C93-45E6-AA77-662D1FC3DBD9}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{2EFF02D8-CC5C-47E3-B7B1-E02B18CC85BB}] => (Allow) LPort=2869
FirewallRules: [{8AE9D58D-8ECB-4688-9D2F-6928BD3BCA3E}] => (Allow) LPort=1900
FirewallRules: [{10D0D2CE-A3C2-4E9B-A31C-707EAC404142}] => (Allow) F:\Spiele\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{16D4649D-CD8E-4A1C-B2BE-3DEFF97C61DD}] => (Allow) F:\Spiele\Steam\steamapps\common\The Talos Principle\Bin\Talos.exe
FirewallRules: [{ED7179D2-CD11-4E92-8CD4-E39F1C890E41}] => (Allow) F:\Spiele\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{77083937-9B33-4A99-B1DE-698799B7C514}] => (Allow) F:\Spiele\Steam\steamapps\common\The Talos Principle\Bin\Talos_Unrestricted.exe
FirewallRules: [{73CE6CD4-5D92-4373-8204-16CE4D229D49}] => (Allow) F:\Spiele\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{5B15EE25-DA46-4A67-909D-98B47E4ADFB7}] => (Allow) F:\Spiele\Steam\steamapps\common\Dark Souls Prepare to Die Edition\DATA\DARKSOULS.exe
FirewallRules: [{ADA1A6AF-798A-4CAB-A2D0-EB9A1AEF4995}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{ACDC1B76-01DA-4240-9334-7262023CF625}] => (Allow) C:\Program Files\AVAST Software\Avast\ng\vbox\aswFe.exe
FirewallRules: [{D541BA8B-22F1-4568-A22A-7855AD24030C}] => (Allow) F:\Spiele\Steam\steamapps\common\Fingered\nw.exe
FirewallRules: [{4C1A4A28-5115-40E1-9F84-8A3B88E15766}] => (Allow) F:\Spiele\Steam\steamapps\common\Fingered\nw.exe
FirewallRules: [{805F5926-9E49-41DF-A91D-69288864E5EF}] => (Allow) F:\Spiele\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{2EEDC5B8-F456-4031-BFD3-42CD1BE0893E}] => (Allow) F:\Spiele\Steam\steamapps\common\Deus Ex Human Revolution Director's Cut\DXHRDC.exe
FirewallRules: [{740508C4-ECCB-46FC-9683-66E153BA28DF}] => (Allow) F:\Spiele\Steam\steamapps\common\Braid\braid.exe
FirewallRules: [{5210A51A-B0EC-4279-A1C8-C4EF0BF9F700}] => (Allow) F:\Spiele\Steam\steamapps\common\Braid\braid.exe
FirewallRules: [{D28DEE9B-D16C-4EC6-9C39-AB54F79C330C}] => (Allow) F:\Spiele\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{D167F88F-35AF-40CC-89FC-C91904CADF6A}] => (Allow) F:\Spiele\Steam\steamapps\common\Amnesia The Dark Descent\Amnesia.exe
FirewallRules: [{AC23F731-4FA4-40BA-8029-4C0A6614D7B3}] => (Allow) F:\Spiele\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{C7147BB2-BDE1-4318-A466-DB359E501467}] => (Allow) F:\Spiele\Steam\steamapps\common\Amnesia The Dark Descent\Launcher.exe
FirewallRules: [{3F4BBDC5-3DCA-4A1F-9658-167AA654B7C8}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Fehlerhafte Geräte im Gerätemanager =============
Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
==================== Fehlereinträge in der Ereignisanzeige: =========================
Applikationsfehler:
==================
Error: (09/30/2015 09:47:52 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (09/30/2015 09:47:16 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (09/30/2015 09:22:36 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/29/2015 09:27:30 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/28/2015 09:20:50 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/28/2015 04:40:09 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/27/2015 10:46:01 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003
Error: (09/27/2015 09:40:42 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (09/27/2015 09:40:39 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Error: (09/27/2015 09:40:39 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Fehler beim Generieren des Aktivierungskontexts für "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1". Fehler in
Manifest- oder Richtliniendatei "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" in Zeile C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit
einer anderen, bereits aktiven Komponentenversion.
In Konflikt stehende Komponenten:.
Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
Systemfehler:
=============
Error: (09/30/2015 09:22:31 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (09/29/2015 06:28:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT-AUTORITÄT)
Description: Installationsfehler: Die Installation des folgenden Updates ist mit Fehler 0x80070103 fehlgeschlagen: nVidia - Graphics Adapter WDDM1.1, Graphics Adapter WDDM1.2, Graphics Adapter WDDM1.3, Graphics Adapter WDDM2.0, Other hardware - NVIDIA GeForce GTX 560 Ti
Error: (09/29/2015 09:27:25 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (09/28/2015 09:20:45 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (09/28/2015 04:40:04 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (09/27/2015 10:45:46 AM) (Source: volmgr) (EventID: 46) (User: )
Description: Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
Error: (09/27/2015 10:45:19 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Windows Live ID Sign-in Assistant" wurde aufgrund folgenden Fehlers nicht gestartet:
%%109
Error: (09/27/2015 10:45:10 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Intel(R) Capability Licensing Service Interface" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/27/2015 10:45:09 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt: Neustart des Diensts.
Error: (09/27/2015 10:45:09 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Intel(R) Dynamic Application Loader Host Interface Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.
==================== Speicherinformationen ===========================
Prozessor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Prozentuale Nutzung des RAM: 33%
Installierter physikalischer RAM: 8134.54 MB
Verfügbarer physikalischer RAM: 5377.64 MB
Summe virtueller Speicher: 8132.74 MB
Verfügbarer virtueller Speicher: 4863.05 MB
==================== Laufwerke ================================
Drive c: (SSD) (Fixed) (Total:232.79 GB) (Free:196.6 GB) NTFS
Drive f: (HDD) (Fixed) (Total:465.76 GB) (Free:233.85 GB) NTFS
==================== MBR & Partitionstabelle ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 7906BE9F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=232.8 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: F590A1A7)
Partition 1: (Not Active) - (Size=465.8 GB) - (Type=07 NTFS)
==================== Ende von Addition.txt ============================
Code:
ATTFilter GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-30 10:01:15
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 Samsung_SSD_850_EVO_250GB rev.EMT01B6Q 232,89GB
Running: Gmer-19357.exe; Driver: F:\Temp\Windows\fxrcqaob.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c81401 2 bytes JMP 7547b20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c81419 2 bytes JMP 7547b336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c81431 2 bytes JMP 754f8f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c8144a 2 bytes CALL 75454885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c814dd 2 bytes JMP 754f8832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c814f5 2 bytes JMP 754f8a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c8150d 2 bytes JMP 754f8728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c81525 2 bytes JMP 754f8af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c8153d 2 bytes JMP 7546fc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c81555 2 bytes JMP 754768df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c8156d 2 bytes JMP 754f8ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c81585 2 bytes JMP 754f8b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c8159d 2 bytes JMP 754f86ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c815b5 2 bytes JMP 7546fd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c815cd 2 bytes JMP 7547b2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c816b2 2 bytes JMP 754f8eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe[1972] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c816bd 2 bytes JMP 754f8681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075c81401 2 bytes JMP 7547b20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075c81419 2 bytes JMP 7547b336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075c81431 2 bytes JMP 754f8f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075c8144a 2 bytes CALL 75454885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075c814dd 2 bytes JMP 754f8832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075c814f5 2 bytes JMP 754f8a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075c8150d 2 bytes JMP 754f8728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075c81525 2 bytes JMP 754f8af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075c8153d 2 bytes JMP 7546fc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075c81555 2 bytes JMP 754768df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075c8156d 2 bytes JMP 754f8ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075c81585 2 bytes JMP 754f8b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075c8159d 2 bytes JMP 754f86ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075c815b5 2 bytes JMP 7546fd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075c815cd 2 bytes JMP 7547b2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075c816b2 2 bytes JMP 754f8eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe[1128] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075c816bd 2 bytes JMP 754f8681 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000745617fa 2 bytes CALL 754511a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 0000000074561860 2 bytes CALL 754511a9 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 0000000074561942 2 bytes JMP 75377089 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 000000007456194d 2 bytes JMP 7537cba6 C:\Windows\syswow64\WS2_32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c81401 2 bytes JMP 7547b20b C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c81419 2 bytes JMP 7547b336 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c81431 2 bytes JMP 754f8f39 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c8144a 2 bytes CALL 75454885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c814dd 2 bytes JMP 754f8832 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c814f5 2 bytes JMP 754f8a08 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c8150d 2 bytes JMP 754f8728 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c81525 2 bytes JMP 754f8af2 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c8153d 2 bytes JMP 7546fc98 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c81555 2 bytes JMP 754768df C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c8156d 2 bytes JMP 754f8ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c81585 2 bytes JMP 754f8b52 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c8159d 2 bytes JMP 754f86ec C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c815b5 2 bytes JMP 7546fd31 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c815cd 2 bytes JMP 7547b2cc C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c816b2 2 bytes JMP 754f8eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Windows\SysWOW64\PnkBstrA.exe[2128] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c816bd 2 bytes JMP 754f8681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17 0000000075c81401 2 bytes JMP 7547b20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17 0000000075c81419 2 bytes JMP 7547b336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17 0000000075c81431 2 bytes JMP 754f8f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42 0000000075c8144a 2 bytes CALL 75454885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17 0000000075c814dd 2 bytes JMP 754f8832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17 0000000075c814f5 2 bytes JMP 754f8a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17 0000000075c8150d 2 bytes JMP 754f8728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17 0000000075c81525 2 bytes JMP 754f8af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17 0000000075c8153d 2 bytes JMP 7546fc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17 0000000075c81555 2 bytes JMP 754768df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17 0000000075c8156d 2 bytes JMP 754f8ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17 0000000075c81585 2 bytes JMP 754f8b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17 0000000075c8159d 2 bytes JMP 754f86ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17 0000000075c815b5 2 bytes JMP 7546fd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17 0000000075c815cd 2 bytes JMP 7547b2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20 0000000075c816b2 2 bytes JMP 754f8eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2208] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31 0000000075c816bd 2 bytes JMP 754f8681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c81401 2 bytes JMP 7547b20b C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c81419 2 bytes JMP 7547b336 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c81431 2 bytes JMP 754f8f39 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c8144a 2 bytes CALL 75454885 C:\Windows\syswow64\KERNEL32.dll
.text ... * 9
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c814dd 2 bytes JMP 754f8832 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c814f5 2 bytes JMP 754f8a08 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c8150d 2 bytes JMP 754f8728 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c81525 2 bytes JMP 754f8af2 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c8153d 2 bytes JMP 7546fc98 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c81555 2 bytes JMP 754768df C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c8156d 2 bytes JMP 754f8ff1 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c81585 2 bytes JMP 754f8b52 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c8159d 2 bytes JMP 754f86ec C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c815b5 2 bytes JMP 7546fd31 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c815cd 2 bytes JMP 7547b2cc C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c816b2 2 bytes JMP 754f8eb4 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files\CyberGhost 5\Service.exe[3132] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c816bd 2 bytes JMP 754f8681 C:\Windows\syswow64\KERNEL32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c81401 2 bytes JMP 7547b20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c81419 2 bytes JMP 7547b336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c81431 2 bytes JMP 754f8f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c8144a 2 bytes CALL 75454885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c814dd 2 bytes JMP 754f8832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c814f5 2 bytes JMP 754f8a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c8150d 2 bytes JMP 754f8728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c81525 2 bytes JMP 754f8af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c8153d 2 bytes JMP 7546fc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c81555 2 bytes JMP 754768df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c8156d 2 bytes JMP 754f8ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c81585 2 bytes JMP 754f8b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c8159d 2 bytes JMP 754f86ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c815b5 2 bytes JMP 7546fd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c815cd 2 bytes JMP 7547b2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c816b2 2 bytes JMP 754f8eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe[3452] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c816bd 2 bytes JMP 754f8681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files\AVAST Software\Avast\avastui.exe[4404] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075458769 8 bytes [31, C0, C2, 04, 00, 90, 90, ...]
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c81401 2 bytes JMP 7547b20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c81419 2 bytes JMP 7547b336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c81431 2 bytes JMP 754f8f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c8144a 2 bytes CALL 75454885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c814dd 2 bytes JMP 754f8832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c814f5 2 bytes JMP 754f8a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c8150d 2 bytes JMP 754f8728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c81525 2 bytes JMP 754f8af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c8153d 2 bytes JMP 7546fc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c81555 2 bytes JMP 754768df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c8156d 2 bytes JMP 754f8ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c81585 2 bytes JMP 754f8b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c8159d 2 bytes JMP 754f86ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c815b5 2 bytes JMP 7546fd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c815cd 2 bytes JMP 7547b2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c816b2 2 bytes JMP 754f8eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe[4428] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c816bd 2 bytes JMP 754f8681 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075c81401 2 bytes JMP 7547b20b C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075c81419 2 bytes JMP 7547b336 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075c81431 2 bytes JMP 754f8f39 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 0000000075c8144a 2 bytes CALL 75454885 C:\Windows\syswow64\kernel32.dll
.text ... * 9
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 0000000075c814dd 2 bytes JMP 754f8832 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 0000000075c814f5 2 bytes JMP 754f8a08 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 0000000075c8150d 2 bytes JMP 754f8728 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075c81525 2 bytes JMP 754f8af2 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 0000000075c8153d 2 bytes JMP 7546fc98 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075c81555 2 bytes JMP 754768df C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 0000000075c8156d 2 bytes JMP 754f8ff1 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075c81585 2 bytes JMP 754f8b52 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 0000000075c8159d 2 bytes JMP 754f86ec C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 0000000075c815b5 2 bytes JMP 7546fd31 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 0000000075c815cd 2 bytes JMP 7547b2cc C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 0000000075c816b2 2 bytes JMP 754f8eb4 C:\Windows\syswow64\kernel32.dll
.text C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 0000000075c816bd 2 bytes JMP 754f8681 C:\Windows\syswow64\kernel32.dll
---- EOF - GMER 2.1 ----
Code:
ATTFilter Malwarebytes Anti-Malware www.malwarebytes.org Suchlaufdatum: 27.09.2015 Suchlaufzeit: 09:35 Protokolldatei: malwarebyte scan.txt Administrator: Ja Version: 2.01.6.1022 Malware-Datenbank: v2015.09.27.02 Rootkit-Datenbank: v2015.09.22.01 Lizenz: Kostenlose Version Malware-Schutz: Deaktiviert Schutz vor bösartigen Websites: Deaktiviert Selbstschutz: Deaktiviert Betriebssystem: Windows 7 Service Pack 1 CPU: x64 Dateisystem: NTFS Benutzer: DAS k1ishEé Suchlauftyp: Bedrohungssuchlauf Ergebnis: Abgeschlossen Durchsuchte Objekte: 422279 Abgelaufene Zeit: 4 Min., 19 Sek. Speicher: Aktiviert Start: Aktiviert Dateisystem: Aktiviert Archive: Aktiviert Rootkits: Deaktiviert Heuristik: Aktiviert PUP: Aktiviert PUM: Aktiviert Prozesse: 0 (keine bösartigen Elemente erkannt) Module: 0 (keine bösartigen Elemente erkannt) Registrierungsschlüssel: 0 (keine bösartigen Elemente erkannt) Registrierungswerte: 0 (keine bösartigen Elemente erkannt) Registrierungsdaten: 0 (keine bösartigen Elemente erkannt) Ordner: 1 PUP.Optional.Convert, C:\Users\DAS k1ishEé\AppData\Roaming\PDFConvert, In Quarantäne, [e3fbfd37cfbc67cf4fd06f128381b947], Dateien: 1 PUP.Optional.Convert, C:\Users\DAS k1ishEé\AppData\Roaming\PDFConvert\tosty.dat, In Quarantäne, [e3fbfd37cfbc67cf4fd06f128381b947], Physische Sektoren: 0 (keine bösartigen Elemente erkannt) (end) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=04ae2dfd453293488c3d42581b2ca36e
# end=init
# utc_time=2015-09-27 07:40:49
# local_time=2015-09-27 09:40:49 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 25958
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=04ae2dfd453293488c3d42581b2ca36e
# end=updated
# utc_time=2015-09-27 07:42:53
# local_time=2015-09-27 09:42:53 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=04ae2dfd453293488c3d42581b2ca36e
# engine=25958
# end=finished
# remove_checked=true
# archives_checked=false
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2015-09-27 08:16:20
# local_time=2015-09-27 10:16:20 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1031
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 88 1558376 15333830 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 178874 194971630 0 0
# scanned=247773
# found=0
# cleaned=0
# scan_time=2006
|
| Themen zu Avast schlägt beim Start von Firefox jedes mal Alarm |
| antivirus, blockiert, browser, defender, desktop, downloader, explorer, firefox, flash player, helper, internet, internet explorer, mozilla, pup.optional.convert, registry, rundll, server, software |
Baum-Darstellung