Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Windows 7 : Facebook Login Versuch aus Taiwan (https://www.trojaner-board.de/171533-windows-7-facebook-login-versuch-taiwan.html)

Ändzen91 25.09.2015 14:59
Windows 7 : Facebook Login Versuch aus Taiwan
 
Liste der Anhänge anzeigen (Anzahl: 2)
Hallo,

ich habe folgendes Problem:

Wollte mich heute bei Facebook.de anmelden als ich eine Meldung erhalten habe, dass mein Facebook Konto gesperrt wurde da jemand aus Taiwan versucht hat sich mit meiner E-Mail Adresse einzuloggen.

schrauber 25.09.2015 17:05
Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

Ändzen91 26.09.2015 11:59
FRST Additions Logfile:
Code:
Zusätzliches Untersuchungsergebnis von Farbar Recovery Scan Tool (x64) Version:23-09-2015
durchgeführt von Ändzen (2015-09-25 15:32:55)
Gestartet von C:\Users\Ändzen\Downloads
Windows 7 Professional Service Pack 1 (X64) (2015-02-15 18:23:51)
Start-Modus: Normal
==========================================================


==================== Konten: =============================

Administrator (S-1-5-21-2452096756-4269888630-2670504680-500 - Administrator - Disabled)
Gast (S-1-5-21-2452096756-4269888630-2670504680-501 - Limited - Disabled)
Ändzen (S-1-5-21-2452096756-4269888630-2670504680-1000 - Administrator - Enabled) => C:\Users\Ändzen

==================== Sicherheits-Center ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er entfernt.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installierte Programme ======================

(Nur Adware-Programme mit dem Zusatz "Hidden" können in die Fixlist aufgenommen werden, um sie sichtbar zu machen. Die Adware-Programme sollten manuell deinstalliert werden.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Alien: Isolation (HKLM-x32\...\Steam App 214490) (Version:  - Creative Assembly)
AMD Catalyst Install Manager (HKLM\...\{14D58A97-B60E-A858-34D8-95469C02F7EC}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
Anker Precision Laser Gaming Mouse version 1.1 (HKLM-x32\...\{F9A7ED2C-34E1-4A96-9A25-B022C23C3361}_is1) (Version: 1.1 - ANKER Technology)
Apple Application Support (32-Bit) (HKLM-x32\...\{2FE00055-C4F3-4F7A-AEDD-E198D54CF12F}) (Version: 3.1.1 - Apple Inc.)
Apple Application Support (64-Bit) (HKLM\...\{28791292-D18D-42FA-AE66-3D3D20AA8618}) (Version: 3.1.1 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5ED7462B-EF58-4757-B609-53755021EC34}) (Version: 8.1.0.18 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Arma 2 (HKLM-x32\...\Steam App 33910) (Version:  - Bohemia Interactive)
Arma 2: DayZ Mod (HKLM-x32\...\Steam App 224580) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead (HKLM-x32\...\Steam App 33930) (Version:  - Bohemia Interactive)
Arma 2: Operation Arrowhead Beta (Obsolete) (HKLM-x32\...\Steam App 219540) (Version:  - )
Avira Antivirus (HKLM-x32\...\Avira Antivirus) (Version: 15.0.12.420 - Avira Operations GmbH & Co. KG)
Avira Launcher (HKLM-x32\...\{315dd168-0794-4cf1-8355-f195cde642fc}) (Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG)
Avira Launcher (x32 Version: 1.1.45.11819 - Avira Operations GmbH & Co. KG) Hidden
Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.4.2.30944 - Electronic Arts)
Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.7.1 - EA Digital Illusions CE AB)
BattlEye for OA Uninstall (HKLM-x32\...\BattlEye for OA) (Version:  - )
BattlEye Uninstall (HKLM-x32\...\BattlEye for A2) (Version:  - )
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Call of Duty: Modern Warfare 2 - Multiplayer (HKLM-x32\...\Steam App 10190) (Version:  - Infinity Ward)
Company of Heroes 2 (HKLM-x32\...\Steam App 231430) (Version:  - Relic Entertainment)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
DayZ (HKLM-x32\...\Steam App 221100) (Version:  - Bohemia Interactive)
DayZ Commander (HKLM-x32\...\{668B7711-6DAF-465F-9BE2-F3C07C962131}) (Version: 0.92.117 - Dotjosh Studios)
DayZLauncher version 0.0.0.15 (HKLM-x32\...\{E31045B4-9DB5-9EBD-44DF-BD4E6CFD40DF}_is1) (Version: 0.0.0.15 - Maca134)
Dead Rising 3 (HKLM-x32\...\Steam App 265550) (Version:  - Capcom Game Studio Vancouver)
DiRT 3 Complete Edition (HKLM-x32\...\Steam App 321040) (Version:  - Codemasters Racing Studio)
DiRT Rally (HKLM-x32\...\Steam App 310560) (Version:  - Codemasters Racing Studio)
Dying Light (HKLM-x32\...\Steam App 239140) (Version:  - Techland)
Edimax Wireless LAN (HKLM-x32\...\{B63CCD1C-A133-4DF8-8306-DA0387231152}) (Version: 1.00.0205.2 - Edimax Technology Co.)
F1 2015 (HKLM-x32\...\Steam App 286570) (Version:  - Codemasters)
FarCry 4 (HKLM-x32\...\Uplay Install 420) (Version:  - Ubisoft)
FFB Racing Wheel drivers (HKLM-x32\...\{28B758EA-5C83-48B1-B352-C70F12C73F5A}) (Version: 3.TTRS.2014 - Thrustmaster)
GOG Galaxy (HKLM-x32\...\{7258BA11-600C-430E-A759-27E2C691A335}_is1) (Version:  - GOG.com)
H1Z1 (HKLM-x32\...\Steam App 295110) (Version:  - Sony Online Entertainment)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel(R) Network Connections 18.5.54.0 (HKLM\...\PROSetDX) (Version: 18.5.54.0 - Intel)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation)
iTunes (HKLM\...\{7B8D4E8A-EA2B-4A71-BFEB-A4AAAB87C5D0}) (Version: 12.1.0.71 - Apple Inc.)
Java 8 Update 45 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218045F0}) (Version: 8.0.450 - Oracle Corporation)
Landwirtschafts Simulator 15 (HKLM-x32\...\FarmingSimulator2015DE_is1) (Version: 1.2.0.0 - GIANTS Software)
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
LibreOffice 4.4.3.2 (HKLM-x32\...\{A651A592-2F6C-4D66-AEA8-9BFE4B61BCB3}) (Version: 4.4.3.2 - The Document Foundation)
Lightworks (HKLM-x32\...\{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}) (Version: 12.0.2.0 - Lightworks)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 de) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 de)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
NVIDIA PhysX (HKLM-x32\...\{B455E95A-B804-439F-B533-336B1635AE97}) (Version: 9.14.0702 - NVIDIA Corporation)
OpenAL (HKLM-x32\...\OpenAL) (Version:  - )
Origin (HKLM-x32\...\Origin) (Version: 9.5.12.2862 - Electronic Arts, Inc.)
PAYDAY 2 (HKLM-x32\...\Steam App 218620) (Version:  - OVERKILL - a Starbreeze Studio.)
PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.26914 - Razer Inc.)
Rocket League (HKLM-x32\...\Steam App 252950) (Version:  - Psyonix)
Rust (HKLM-x32\...\Steam App 252490) (Version:  - Facepunch Studios)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-2452096756-4269888630-2670504680-1000\...\Spotify) (Version: 1.0.13.108.gcd94e7db - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.16 - TeamSpeak Systems GmbH)
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.43879 - TeamViewer)
The Witcher 3 - Wild Hunt (HKLM-x32\...\1207664643_is1) (Version: 1.0.4.0 - GOG.com)
Uplay (HKLM-x32\...\Uplay) (Version: 4.8 - Ubisoft)
VLC media player (HKLM\...\VLC media player) (Version: 2.1.5 - VideoLAN)
World of Warships (HKU\S-1-5-21-2452096756-4269888630-2670504680-1000\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814eu}_is1) (Version:  - Wargaming.net)

==================== Benutzerdefinierte CLSID (Nicht auf der Ausnahmeliste): ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Wiederherstellungspunkte =========================

04-08-2015 13:03:58 Geplanter Prüfpunkt
13-08-2015 17:38:44 Installiert Skiller Pro
13-08-2015 17:38:50 Installiert Skiller Pro
13-08-2015 17:56:08 Entfernt Skiller Pro
23-08-2015 18:31:47 Geplanter Prüfpunkt
03-09-2015 03:23:15 Geplanter Prüfpunkt
18-09-2015 00:07:08 Geplanter Prüfpunkt

==================== Hosts Inhalt: ===============================

(Wenn benötigt kann der Hosts: Schalter in die Fixlist aufgenommen werden um die Hosts Datei zurückzusetzen.)

2009-07-14 04:34 - 2009-06-10 23:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Geplante Aufgaben (Nicht auf der Ausnahmeliste) =============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

Task: {54BBC32F-D54E-4C44-B4D8-30854FB103D6} - System32\Tasks\{64FD7FF9-0322-4562-A254-5C71B33EF6BB} => C:\Users\Ändzen\Downloads\Xbox360_64Deu.exe [2015-05-24] (Microsoft Corporation)

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Aufgabe verschoben. Die Datei, die durch die Aufgabe gestartet wird, wird nicht verschoben.)


==================== Geladene Module (Nicht auf der Ausnahmeliste) ==============

2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 23:35 - 2015-01-20 23:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-24 19:44 - 2015-07-24 19:43 - 00076152 _____ () C:\Windows\system32\PnkBstrA.exe
2015-06-23 21:11 - 2015-06-23 21:11 - 00187048 _____ () C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
2015-02-22 20:33 - 2013-05-15 16:27 - 00096768 _____ () C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
2015-08-13 17:57 - 2013-03-11 15:34 - 03349504 _____ () D:\Programme\Anker Gaming Maus\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
2015-02-15 22:20 - 2015-09-25 14:41 - 00619840 _____ () C:\Users\NDZEN~1\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
2015-05-20 04:29 - 2015-05-20 04:29 - 00137728 _____ () C:\ProgramData\Razer\Synapse\CrashReporter\CrashRpt1402.dll
2015-08-13 17:57 - 2011-01-27 00:53 - 00028160 _____ () D:\Programme\Anker Gaming Maus\Anker Precision Laser Gaming Mouse\uiHook.dll
2015-02-15 20:35 - 2013-09-03 17:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll
2015-02-15 21:33 - 2015-07-03 18:12 - 00778240 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-02-15 21:33 - 2015-07-03 18:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-02-15 21:33 - 2015-07-03 18:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-02-15 21:33 - 2015-07-03 18:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-02-15 21:33 - 2015-08-19 22:39 - 02413248 _____ () C:\Program Files (x86)\Steam\video.dll
2015-02-15 21:33 - 2014-12-01 23:31 - 02396672 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-02-15 21:33 - 2014-12-01 23:31 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-02-15 21:33 - 2014-12-01 23:31 - 00479744 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-02-15 21:33 - 2014-12-01 23:31 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-02-15 21:33 - 2014-12-01 23:31 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-02-15 21:33 - 2015-08-19 22:39 - 00704192 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-07-22 19:30 - 2015-07-27 03:13 - 00171008 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-02-15 21:33 - 2015-07-03 18:12 - 39553928 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2015-07-14 18:54 - 2015-07-14 18:54 - 17448624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll

==================== Alternate Data Streams (Nicht auf der Ausnahmeliste) =========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird nur der ADS entfernt.)


==================== Abgesicherter Modus (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Der Wert "AlternateShell" wird wiederhergestellt.)


==================== EXE Verknüpfungen (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt.)


==================== Internet Explorer Vertrauenswürdig/Eingeschränkt ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt.)

IE trusted site: HKU\S-1-5-21-2452096756-4269888630-2670504680-1000\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2452096756-4269888630-2670504680-1000\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2452096756-4269888630-2670504680-1000\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2452096756-4269888630-2670504680-1000\...\sony.com -> sony.com


==================== Andere Bereiche ============================

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

HKU\S-1-5-21-2452096756-4269888630-2670504680-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Ändzen\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall ist aktiviert.

==================== MSCONFIG/TASK MANAGER Deaktivierte Einträge ==

(Aktuell gibt es keinen automatisierten Fix für diesen Bereich.)

MSCONFIG\startupreg: GalaxyClient => C:\Program Files (x86)\GalaxyClient\GalaxyClient.exe /launchViaAutoStart
MSCONFIG\startupreg: iTunesHelper => "D:\Programme\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
MSCONFIG\startupreg: Spotify => "C:\Users\Ändzen\AppData\Roaming\Spotify\Spotify.exe" -autostart -minimized
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\Ändzen\AppData\Roaming\Spotify\SpotifyWebHelper.exe"

==================== Firewall Regeln (Nicht auf der Ausnahmeliste) ===============

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{A7E99202-D614-4979-B86B-4233BB9A2A2A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6831F42D-1B64-4B5D-8C10-437B2BC0CFC2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F1BC2A3D-3390-454D-B0CA-22889025C1DD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0094C178-4508-432D-8065-CBEA48FB4937}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AD9FFD31-20F1-486E-B216-F9428E688FA0}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D9EBA810-7869-423C-A2C7-295E4422DC66}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{2379CF2B-8ED1-4AB9-BBEC-BAAA1C05822A}] => (Allow) D:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{B1CBBED5-D752-4FB0-BCB4-C596B6763DF3}] => (Allow) D:\Programme\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exe
FirewallRules: [{3EC526EA-F9AB-4773-9172-F6BC4721C550}] => (Allow) D:\Programme\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{948C8E1D-3525-4529-AF70-626B793714DA}] => (Allow) D:\Programme\Steam\steamapps\common\DayZ\DayZ_BE.exe
FirewallRules: [{2728540C-0756-487A-921F-A59214B361B9}] => (Allow) D:\Programme\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [{0BBCD8EC-2197-4784-83A7-F96EAAE68476}] => (Allow) D:\Programme\Steam\steamapps\common\H1Z1\LaunchPad.exe
FirewallRules: [TCP Query User{675C70BA-1469-4C07-95F9-8FF472A03AE9}D:\programme\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\programme\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [UDP Query User{3BFECECF-B6B9-4488-8884-2C095AAE2767}D:\programme\steam\steamapps\common\h1z1\h1z1.exe] => (Allow) D:\programme\steam\steamapps\common\h1z1\h1z1.exe
FirewallRules: [{7B43AA46-4410-45D4-9202-6FC80D6AEEA4}] => (Allow) D:\Programme\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{9DCAE31F-F66A-4732-A991-EF93D8F51C61}] => (Allow) D:\Programme\Steam\steamapps\common\PAYDAY 2\payday2_win32_release.exe
FirewallRules: [{9A5136CC-CC8F-42A0-BABD-31A56B2D6784}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{3A2C2F05-B89D-464B-BD68-CAC65B193D96}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A6FE1DD0-4D51-40E3-8163-C7F9414ABC77}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{2C481204-96ED-44FE-A15C-06E17572ABB7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{E360A7D3-433E-401F-9826-269BF487E41B}] => (Allow) D:\Programme\iTunes\iTunes.exe
FirewallRules: [TCP Query User{FEF5D7D8-7D96-4858-8E63-4BED450C9F58}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{BE7CEC22-4837-4EE2-A3EE-F6BA023EA0DF}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{BC4A2D05-29FE-4E41-8347-5AC1A49C2BE5}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [TCP Query User{BD21D399-8EA2-496C-8A79-8AEB1AB8E8E8}D:\programme\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\programme\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [UDP Query User{A7CFA493-3125-443F-987A-BA3ADD269386}D:\programme\steam\steamapps\common\dayz\dayz.exe] => (Allow) D:\programme\steam\steamapps\common\dayz\dayz.exe
FirewallRules: [TCP Query User{F6E53541-E08E-4CFD-843E-6D592B667E17}C:\users\ändzen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ändzen\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{1B2D85F9-AE47-4E5D-9E3E-FF92B4BB7D44}C:\users\ändzen\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\ändzen\appdata\roaming\spotify\spotify.exe
FirewallRules: [{46FA551B-9694-4AB2-A762-BCE511F168F2}] => (Allow) D:\Programme\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{6B230379-9967-47D8-8335-0E3EDC3D8E3D}] => (Allow) D:\Programme\Steam\steamapps\common\DiRT 3 Complete Edition\dirt3_game.exe
FirewallRules: [{D911AA59-D648-4CBE-9669-AE28BF06CEF7}] => (Allow) D:\Spiele\FarCry 4\bin\FarCry4.exe
FirewallRules: [{AE0DD351-15D3-4C2E-980B-D68060EB8AF3}] => (Allow) D:\Spiele\FarCry 4\bin\FarCry4.exe
FirewallRules: [{72CE4FB0-D67F-4B71-A795-04C675CEDEB5}] => (Allow) D:\Spiele\FarCry 4\bin\IGE_WPF64.exe
FirewallRules: [{7D870491-EF9F-47C6-A0EE-DAE3FD98AB71}] => (Allow) D:\Spiele\FarCry 4\bin\IGE_WPF64.exe
FirewallRules: [{FB29EC76-F58B-4B84-B03F-01D3C9573AB1}] => (Allow) D:\Programme\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{15ADB5CA-657C-407D-87A8-ACA8E0DE9EE7}] => (Allow) D:\Programme\Steam\steamapps\common\DiRT Rally\drt.exe
FirewallRules: [{0A86124D-17A6-48FB-ADBE-A8A6DFAE9E9C}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{C8C53564-06F9-4B8C-A685-757DE2C867B7}] => (Allow) C:\Program Files\Lightworks\Lightworks.exe
FirewallRules: [{70992685-B3FF-4207-BD8D-DD157F02EC3A}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{80737F73-462C-4962-8BC2-FDF006748AE9}] => (Allow) C:\Program Files\Lightworks\ntcardvt.exe
FirewallRules: [{82C9F520-DB0C-4ECD-A8E5-893761DE8143}] => (Allow) D:\Programme\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{F6CEBE08-00FF-461B-ADC1-379F3D9818DD}] => (Allow) D:\Programme\Steam\steamapps\common\arma 2 operation arrowhead\Expansion\beta\Arma2OA.exe
FirewallRules: [{9B4CAC73-AF45-4E2F-889B-477B429581F0}] => (Allow) D:\Programme\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{9B4A3D32-1A1B-42B8-A063-A7963D8E69F9}] => (Allow) D:\Programme\Steam\steamapps\common\Arma 2\arma2.exe
FirewallRules: [{183084DF-475B-44E7-8B3B-8814463FE56A}] => (Allow) D:\Programme\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{74CD51F3-31B7-48E1-B43B-817EB94922EF}] => (Allow) D:\Programme\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA_BE.exe
FirewallRules: [{486EAFFB-6759-433B-92CC-9B005B5E5C7D}] => (Allow) D:\Programme\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [{376A2B55-1DE6-4584-A444-BC1FBC5B0256}] => (Allow) D:\Programme\Steam\steamapps\common\arma 2 operation arrowhead\ArmA2OA.exe
FirewallRules: [TCP Query User{5F1D8081-967B-442E-A69E-040FDE8B4F1A}D:\spiele\dayz mod\dayzlauncher\dayzlauncher.exe] => (Block) D:\spiele\dayz mod\dayzlauncher\dayzlauncher.exe
FirewallRules: [UDP Query User{AD8FBFE6-4941-42F0-9C90-FDC0EC526D5E}D:\spiele\dayz mod\dayzlauncher\dayzlauncher.exe] => (Block) D:\spiele\dayz mod\dayzlauncher\dayzlauncher.exe
FirewallRules: [{A5E1D165-E9CF-4882-998D-728FFA4B69D0}] => (Allow) D:\Programme\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{2D6E2DE4-00FA-4241-8680-49F2D01FA576}] => (Allow) D:\Programme\Steam\steamapps\common\Company of Heroes 2\RelicCoH2.exe
FirewallRules: [{D4CDF2B7-C9FA-443C-80CC-40FB8016CA00}] => (Allow) D:\Programme\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{02FB8C77-93E4-4232-8231-E4EEFAEF4568}] => (Allow) D:\Programme\Steam\steamapps\common\Alien Isolation\AI.exe
FirewallRules: [{B16444DD-4024-4766-8FF9-39F92E37C71B}] => (Allow) D:\Programme\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [{E84086FB-D744-41D9-AC7A-4805D2800DA5}] => (Allow) D:\Programme\Steam\steamapps\common\Left 4 Dead 2\left4dead2.exe
FirewallRules: [TCP Query User{E1B8D4E1-C887-4E48-976F-1ADA9EF7B9FB}D:\spiele\landwirtschafts simulator 2015\x64\farmingsimulator2015game.exe] => (Allow) D:\spiele\landwirtschafts simulator 2015\x64\farmingsimulator2015game.exe
FirewallRules: [UDP Query User{4513A01A-914B-4C96-9140-3BB28F99A48C}D:\spiele\landwirtschafts simulator 2015\x64\farmingsimulator2015game.exe] => (Allow) D:\spiele\landwirtschafts simulator 2015\x64\farmingsimulator2015game.exe
FirewallRules: [TCP Query User{AEE4E3C5-E32C-49BA-91FF-066E84953BC9}D:\spiele\landwirtschafts simulator 2015\dedicatedserver.exe] => (Block) D:\spiele\landwirtschafts simulator 2015\dedicatedserver.exe
FirewallRules: [UDP Query User{CFA3739F-6D88-432D-9BBD-FC716B8B074B}D:\spiele\landwirtschafts simulator 2015\dedicatedserver.exe] => (Block) D:\spiele\landwirtschafts simulator 2015\dedicatedserver.exe
FirewallRules: [{A1969D09-E5F8-4423-B800-CA5290BD1596}] => (Allow) D:\Spiele\Landwirtschaftssimulator 2015\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [{3DB8849D-52F8-4093-B15A-21FAC70161A3}] => (Allow) D:\Spiele\Landwirtschaftssimulator 2015\Landwirtschafts Simulator 2015\FarmingSimulator2015.exe
FirewallRules: [{E9D48B24-9DCA-4FB2-9038-908C95F9DA13}] => (Allow) D:\Spiele\Landwirtschaftssimulator 2015\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{EB33BF44-663D-469A-B7EA-984CA56B26AD}] => (Allow) D:\Spiele\Landwirtschaftssimulator 2015\Landwirtschafts Simulator 2015\x86\FarmingSimulator2015Game.exe
FirewallRules: [{9B216591-A6DA-49D2-88D7-A939121599AB}] => (Allow) D:\Spiele\Landwirtschaftssimulator 2015\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{C2533890-38F6-4800-8793-8AF21BE5C8AB}] => (Allow) D:\Spiele\Landwirtschaftssimulator 2015\Landwirtschafts Simulator 2015\x64\FarmingSimulator2015Game.exe
FirewallRules: [{9AB9A4A4-66C2-40DD-BAE0-60CD37BB4FE8}] => (Allow) D:\Programme\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{3D3BC081-D4E1-4FF7-842E-08E11C8E9345}] => (Allow) D:\Programme\Steam\steamapps\common\Rust\Rust.exe
FirewallRules: [{71C8729E-139C-4439-82EE-B413F65D8765}] => (Allow) D:\Programme\Steam\steamapps\common\deadrising3\deadrising3.exe
FirewallRules: [{EE83E36D-9A17-4857-AC4F-6DC6B06AAD79}] => (Allow) D:\Programme\Steam\steamapps\common\deadrising3\deadrising3.exe
FirewallRules: [{4A4C80FC-E347-4B42-B409-0794F8C74CA1}] => (Allow) D:\Programme\Steam\steamapps\common\F1 2015\F1_2015.exe
FirewallRules: [{D6C4E688-2B23-46D3-B79F-B380D082973D}] => (Allow) D:\Programme\Steam\steamapps\common\F1 2015\F1_2015.exe
FirewallRules: [{AF3CD81F-7EF4-4731-9FA0-9D356ACBCE0E}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{170862E3-3880-4B93-A41C-36C693F612A7}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
FirewallRules: [{F6C67B88-E17D-47C5-99E7-98BE96F19D33}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{20AC4E86-2E06-4927-86A1-61DCD33F9931}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
FirewallRules: [{E2A64EEC-FF5B-42F0-9918-7A702A5004B1}] => (Allow) D:\Spiele\Battlefield 4\Battlefield 4\bf4_x86.exe
FirewallRules: [{EA794F36-783F-46C6-AB8F-84BE549E9E4B}] => (Allow) D:\Spiele\Battlefield 4\Battlefield 4\bf4_x86.exe
FirewallRules: [{C97F1C54-27FD-477A-8D2C-1A70F4CF3BEC}] => (Allow) D:\Spiele\Battlefield 4\Battlefield 4\bf4.exe
FirewallRules: [{321AFB43-9FB8-4B9B-A31B-31F93E4B2B8C}] => (Allow) D:\Spiele\Battlefield 4\Battlefield 4\bf4.exe
FirewallRules: [{99421B38-F10B-4956-A946-B418D44A3431}] => (Allow) D:\Programme\TeamViewer\TeamViewer.exe
FirewallRules: [{564FA9C4-6B5B-4F58-8BEB-B6E245D29207}] => (Allow) D:\Programme\TeamViewer\TeamViewer.exe
FirewallRules: [{11409224-135F-480B-87C4-DB061636D981}] => (Allow) D:\Programme\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{75B3C331-020F-4C28-81D3-881CEABB634F}] => (Allow) D:\Programme\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{FD159BFE-D690-461B-8820-7E63068BDE13}] => (Allow) D:\Programme\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{99CE9D4D-0EFA-4BE3-A83B-F93E3F3D7170}] => (Allow) D:\Programme\Steam\steamapps\common\Dying Light\DyingLightGame.exe
FirewallRules: [{83FBBEC3-3086-4849-A896-888125D9C773}] => (Allow) D:\Programme\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{D27567F9-7625-4833-9E77-505D9527AE7E}] => (Allow) D:\Programme\Steam\steamapps\common\Dying Light\DevTools\DyingLightPlayer.exe
FirewallRules: [{50DE39B7-9F85-4147-94AC-BE1424B38D8D}] => (Allow) D:\Programme\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [{5F16D5AF-4F2E-40D3-9A1E-1B2C81ADE726}] => (Allow) D:\Programme\Steam\steamapps\common\rocketleague\Binaries\Win32\RocketLeague.exe
FirewallRules: [TCP Query User{80B907E4-D7FC-406B-9291-E5B90B2333F4}D:\spiele\world of warships\wowslauncher.exe] => (Allow) D:\spiele\world of warships\wowslauncher.exe
FirewallRules: [UDP Query User{B4C1723A-0AEC-4FF0-A8A8-00653240135D}D:\spiele\world of warships\wowslauncher.exe] => (Allow) D:\spiele\world of warships\wowslauncher.exe

==================== Fehlerhafte Geräte im Gerätemanager =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


==================== Fehlereinträge in der Ereignisanzeige: =========================

Applikationsfehler:
==================
Error: (09/25/2015 02:41:34 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2015 10:12:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/24/2015 07:40:01 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/23/2015 06:08:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/22/2015 11:20:38 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm UNKNOWN, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 146c

Startzeit: 01d0f5569f716ba7

Endzeit: 532

Anwendungspfad: UNKNOWN

Berichts-ID: c2e9fec8-616f-11e5-902d-d05099148ca5

Error: (09/22/2015 06:31:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/21/2015 11:54:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm UNKNOWN, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: ccc

Startzeit: 01d0f48d7b894c82

Endzeit: 498

Anwendungspfad: UNKNOWN

Berichts-ID: 57767df7-60ab-11e5-b1c6-d05099148ca5

Error: (09/21/2015 06:36:28 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2015 10:38:58 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (09/20/2015 10:26:16 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: Programm UNKNOWN, Version 0.0.0.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen.

Prozess-ID: 750

Startzeit: 01d0f3d23c75d543

Endzeit: 620

Anwendungspfad: UNKNOWN

Berichts-ID: d5d3d273-5fd5-11e5-bdda-d05099148ca5


Systemfehler:
=============
Error: (09/08/2015 12:02:21 AM) (Source: DCOM) (EventID: 10010) (User: )
Description: {F9717507-6651-4EDB-BFF7-AE615179BCCF}

Error: (08/28/2015 03:36:54 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎28.‎08.‎2015 um 03:31:35 unerwartet heruntergefahren.

Error: (08/27/2015 05:58:24 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎27.‎08.‎2015 um 17:57:26 unerwartet heruntergefahren.

Error: (08/27/2015 02:03:30 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎27.‎08.‎2015 um 02:18:57 unerwartet heruntergefahren.

Error: (08/26/2015 10:27:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎26.‎08.‎2015 um 22:25:21 unerwartet heruntergefahren.

Error: (08/26/2015 05:43:40 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎26.‎08.‎2015 um 17:42:02 unerwartet heruntergefahren.

Error: (08/26/2015 12:56:21 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎26.‎08.‎2015 um 03:46:45 unerwartet heruntergefahren.

Error: (08/26/2015 12:44:34 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎26.‎08.‎2015 um 00:43:16 unerwartet heruntergefahren.

Error: (08/25/2015 09:32:35 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎25.‎08.‎2015 um 21:31:10 unerwartet heruntergefahren.

Error: (08/25/2015 03:21:42 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: Das System wurde zuvor am ‎25.‎08.‎2015 um 03:20:14 unerwartet heruntergefahren.


==================== Speicherinformationen ===========================

Prozessor: Intel(R) Core(TM) i5-4460 CPU @ 3.20GHz
Prozentuale Nutzung des RAM: 31%
Installierter physikalischer RAM: 8111.09 MB
Verfügbarer physikalischer RAM: 5521.92 MB
Summe virtueller Speicher: 16220.36 MB
Verfügbarer virtueller Speicher: 12932.99 MB

==================== Laufwerke ================================

Drive c: () (Fixed) (Total:238.37 GB) (Free:167.92 GB) NTFS
Drive d: () (Fixed) (Total:931.39 GB) (Free:476.65 GB) NTFS

==================== MBR & Partitionstabelle ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 238.5 GB) (Disk ID: 411B0115)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=238.4 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 931.5 GB) (Disk ID: B062757A)

Partition: GPT.

==================== Ende von Addition.txt ============================
--- --- ---


Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 15:30 on 25/09/2015 (Ändzen)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

FRST Logfile:
Code:
Untersuchungsergebnis von Farbar Recovery Scan Tool (FRST) (x64) Version:23-09-2015
durchgeführt von Ändzen (Administrator) auf ÄNDZEN-PC (25-09-2015 15:32:39)
Gestartet von C:\Users\Ändzen\Downloads
Geladene Profile: Ändzen (Verfügbare Profile: Ändzen)
Platform: Windows 7 Professional Service Pack 1 (X64) Sprache: Deutsch (Deutschland)
Internet Explorer Version 11 (Standard-Browser: FF)
Start-Modus: Normal
Anleitung für Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Prozesse (Nicht auf der Ausnahmeliste) =================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Prozess geschlossen. Die Datei wird nicht verschoben.)

(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Windows\System32\PnkBstrA.exe
() C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe
(TeamViewer GmbH) D:\Programme\TeamViewer\TeamViewer_Service.exe
(Thrustmaster®) D:\Programme\Thrustmaster T300RS\drivers\amd64\tmInstall.exe
() C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
(Spotify Ltd) C:\Users\Ändzen\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
(Razer Inc.) C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe
(Razer Inc) C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() D:\Programme\Anker Gaming Maus\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\System32\taskmgr.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
(Avira Operations GmbH & Co. KG) C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_18_0_0_209.exe


==================== Registry (Nicht auf der Ausnahmeliste) ===========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Registryeintrag auf den Standardwert zurückgesetzt oder entfernt. Die Datei wird nicht verschoben.)

HKLM-x32\...\Run: [IMSS] => C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [134616 2013-09-03] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-26] (Intel Corporation)
HKLM-x32\...\Run: [avgnt] => C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [782008 2015-08-27] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Razer Synapse] => C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe [592704 2015-07-08] (Razer Inc.)
HKLM-x32\...\Run: [Kraken71ChromaHelper] => C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe [1600320 2015-02-03] (Razer Inc)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [334896 2015-04-30] (Oracle Corporation)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-22] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EsternTimesMouseExRun] => D:\Programme\Anker Gaming Maus\Anker Precision Laser Gaming Mouse\AnkerMonEx.exe [3349504 2013-03-11] ()
HKLM-x32\...\Run: [Avira SystrayStartTrigger] => C:\Program Files (x86)\Avira\Launcher\Avira.SystrayStartTrigger.exe [66936 2015-08-13] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2452096756-4269888630-2670504680-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2899136 2015-08-19] (Valve Corporation)
HKU\S-1-5-21-2452096756-4269888630-2670504680-1000\...\Run: [Spotify Web Helper] => C:\Users\Ändzen\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2018360 2015-09-12] (Spotify Ltd)

==================== Internet (Nicht auf der Ausnahmeliste) ====================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird der Eintrag entfernt oder auf den Standardwert zurückgesetzt, wenn es sich um einen Registryeintrag handelt.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{42B18E52-3080-4AE4-9734-E3CC3ADE72CD}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{9A9E935C-37B5-4D27-975F-B3D4AE4EEF75}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-2452096756-4269888630-2670504680-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/de-de/?ocid=iehp
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> D:\Programme\Java\bin\ssv.dll [2015-05-05] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> D:\Programme\Java\bin\jp2ssv.dll [2015-05-05] (Oracle Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Ändzen\AppData\Roaming\Mozilla\Firefox\Profiles\05x8qk05.default
FF Homepage: google.de
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-14] ()
FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> D:\Programme\VLC Media Player\VLC\npvlc.dll [2014-07-30] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-14] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.45.2 -> D:\Programme\Java\bin\dtplugin\npDeployJava1.dll [2015-05-05] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.45.2 -> D:\Programme\Java\bin\plugin2\npjp2.dll [2015-05-05] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Extension: Avira Browser Safety - C:\Users\Ändzen\AppData\Roaming\Mozilla\Firefox\Profiles\05x8qk05.default\Extensions\abs@avira.com [2015-09-17]
FF Extension: Adblock Plus - C:\Users\Ändzen\AppData\Roaming\Mozilla\Firefox\Profiles\05x8qk05.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-02-15]

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx

==================== Dienste (Nicht auf der Ausnahmeliste) ========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

S2 AntiVirMailService; C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc7.exe [887128 2015-07-24] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [461672 2015-08-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [461672 2015-08-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe [1213072 2015-08-27] (Avira Operations GmbH & Co. KG)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-20] (Apple Inc.)
R2 Avira.ServiceHost; C:\Program Files (x86)\Avira\Launcher\Avira.ServiceHost.exe [228104 2015-08-13] (Avira Operations GmbH & Co. KG)
S3 BEService; C:\Program Files (x86)\Common Files\BattlEye\BEService.exe [1128448 2015-09-18] ()
S3 EasyAntiCheat; C:\Windows\SysWOW64\EasyAntiCheat.exe [235744 2015-06-27] (EasyAntiCheat Ltd)
S3 GalaxyClientService; C:\Program Files (x86)\GalaxyClient\GalaxyClientService.exe [1751096 2015-05-28] (GOG.com)
S3 GalaxyCommunication; C:\ProgramData\GOG.com\Galaxy\redists\GalaxyCommunication.exe [6677048 2015-06-20] (GOG.com)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel(R) Corporation) [Datei ist nicht signiert]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel(R) Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
S3 Origin Client Service; D:\Programme\Origin\OriginClientService.exe [2007048 2015-07-25] (Electronic Arts)
R2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76152 2015-07-24] ()
R2 PnkBstrA; C:\Windows\SysWOW64\PnkBstrA.exe [76888 2015-07-23] ()
R2 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [187048 2015-06-23] ()
R2 TeamViewer; D:\Programme\TeamViewer\TeamViewer_Service.exe [5495056 2015-06-18] (TeamViewer GmbH)
R2 tmInstall; D:\Programme\Thrustmaster T300RS\drivers\amd64\tmInstall.EXE [45296 2014-07-22] (Thrustmaster®)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
R2 WPSService20; C:\Program Files (x86)\Edimax\Edimax Wireless LAN\WPSService20.exe [96768 2013-05-15] () [Datei ist nicht signiert]

===================== Treiber (Nicht auf der Ausnahmeliste) ==========================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)

R2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [162528 2015-07-24] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [141416 2015-07-24] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2015-02-04] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\Windows\System32\DRIVERS\avnetflt.sys [44088 2015-02-04] (Avira Operations GmbH & Co. KG)
R3 e1dexpress; C:\Windows\System32\DRIVERS\e1d62x64.sys [495376 2013-05-30] (Intel Corporation)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 RtlWlanu; C:\Windows\System32\DRIVERS\rtwlanu.sys [1525904 2012-12-26] (Realtek Semiconductor Corporation                          )
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2015-06-12] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129472 2015-06-27] (Razer, Inc.)
R3 ScpVBus; C:\Windows\System32\DRIVERS\ScpVBus.sys [39168 2013-05-05] (Scarlet.Crush Productions)
S3 tmbulk; C:\Windows\System32\Drivers\tmbulk.sys [129264 2014-06-20] (© Guillemot R&D, 2014. All rights reserved.)
S3 tmhidusb; C:\Windows\System32\DRIVERS\tmhidusb.sys [166640 2014-07-22] (Thrustmaster)

==================== NetSvcs (Nicht auf der Ausnahmeliste) ===================

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird er aus der Registry entfernt. Die Datei wird nicht verschoben solange sie nicht separat aufgelistet wird.)


==================== Ein Monat: Erstellte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-25 15:32 - 2015-09-25 15:32 - 00013977 _____ C:\Users\Ändzen\Downloads\FRST.txt
2015-09-25 15:32 - 2015-09-25 15:32 - 00000000 ____D C:\FRST
2015-09-25 15:31 - 2015-09-25 15:31 - 02192384 _____ (Farbar) C:\Users\Ändzen\Downloads\FRST64.exe
2015-09-25 15:30 - 2015-09-25 15:30 - 00000474 _____ C:\Users\Ändzen\Downloads\defogger_disable.log
2015-09-25 15:30 - 2015-09-25 15:30 - 00000000 _____ C:\Users\Ändzen\defogger_reenable
2015-09-25 15:29 - 2015-09-25 15:29 - 00050477 _____ C:\Users\Ändzen\Downloads\Defogger.exe
2015-09-11 16:19 - 2015-09-11 16:19 - 00014805 _____ C:\Users\Ändzen\Downloads\Rückzahlung von Mindfactory AG.html
2015-09-11 16:18 - 2015-09-11 16:18 - 00050568 _____ C:\Users\Ändzen\Downloads\Ihre Bestellung bei ALTERNATE.html
2015-09-11 16:18 - 2015-09-11 16:18 - 00022560 _____ C:\Users\Ändzen\Downloads\Bearbeitungsstatus zu Kundennummer 27717160.html
2015-09-02 17:52 - 2015-09-02 17:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-09-02 17:52 - 2015-09-02 17:52 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-09-02 17:52 - 2015-09-02 17:52 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-09-02 17:51 - 2015-09-02 17:52 - 13155552 _____ (Microsoft Corporation) C:\Users\Ändzen\Downloads\Silverlight_x64.exe
2015-09-02 16:03 - 2015-09-08 17:30 - 00001138 _____ C:\Users\Public\Desktop\Avira Launcher.lnk
2015-08-29 14:22 - 2015-08-29 14:22 - 00000000 ____D C:\Users\Ändzen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships
2015-08-29 14:21 - 2015-08-29 14:21 - 06949352 _____ (Wargaming.net ) C:\Users\Ändzen\Downloads\WoWS_internet_install_eu.exe
2015-08-28 16:38 - 2015-08-28 23:14 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox

==================== Ein Monat: Geänderte Dateien und Ordner ========

(Wenn ein Eintrag in die Fixlist aufgenommen wird, wird die Datei/der Ordner verschoben.)

2015-09-25 15:30 - 2015-02-15 20:23 - 00000000 ____D C:\Users\Ändzen
2015-09-25 15:08 - 2015-02-15 20:23 - 02011041 _____ C:\Windows\WindowsUpdate.log
2015-09-25 15:02 - 2015-02-15 21:21 - 00000000 ____D C:\Program Files (x86)\Steam
2015-09-25 15:01 - 2015-04-11 16:15 - 00000000 ____D C:\Users\Ändzen\AppData\Local\Spotify
2015-09-25 15:00 - 2015-04-11 16:12 - 00000000 ____D C:\Users\Ändzen\AppData\Roaming\Spotify
2015-09-25 14:48 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-09-25 14:48 - 2009-07-14 06:45 - 00021680 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-09-25 14:47 - 2010-11-21 08:50 - 00698688 _____ C:\Windows\system32\perfh007.dat
2015-09-25 14:47 - 2010-11-21 08:50 - 00148828 _____ C:\Windows\system32\perfc007.dat
2015-09-25 14:47 - 2009-07-14 07:13 - 01618320 _____ C:\Windows\system32\PerfStringBackup.INI
2015-09-25 14:41 - 2009-07-14 07:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-09-25 14:41 - 2009-07-14 06:51 - 00060121 _____ C:\Windows\setupact.log
2015-09-25 00:34 - 2015-02-15 22:27 - 00000000 ____D C:\Users\Ändzen\AppData\Roaming\TS3Client
2015-09-18 23:45 - 2015-02-15 22:31 - 00000000 ____D C:\Users\Ändzen\AppData\Roaming\vlc
2015-09-11 16:19 - 2015-08-16 23:32 - 00000000 ____D C:\Users\Ändzen\Documents\Rechnungen und Mails
2015-09-08 17:30 - 2015-02-15 21:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2015-09-08 17:30 - 2015-02-15 20:45 - 00000000 ____D C:\ProgramData\Package Cache
2015-09-02 16:29 - 2015-02-28 16:02 - 245175296 _____ C:\Users\Ändzen\Downloads\PS4UPDATE.PUP
2015-08-28 23:14 - 2015-03-08 15:58 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-28 23:14 - 2010-11-21 05:47 - 00377260 _____ C:\Windows\PFRO.log

==================== Dateien im Wurzelverzeichnis einiger Verzeichnisse =======

2015-06-26 22:38 - 2015-06-26 22:38 - 0007597 _____ () C:\Users\Ändzen\AppData\Local\Resmon.ResmonCfg

Einige Dateien in TEMP:
====================
C:\Users\Ändzen\AppData\Local\Temp\0Kraken71ChromaDevProps.dll
C:\Users\Ändzen\AppData\Local\Temp\avgnt.exe
C:\Users\Ändzen\AppData\Local\Temp\sonarinst.exe
C:\Users\Ändzen\AppData\Local\Temp\SpotifyUninstall.exe
C:\Users\Ändzen\AppData\Local\Temp\_is5AAD.exe
C:\Users\Ändzen\AppData\Local\Temp\_is7F1D.exe


==================== Bamital & volsnap =================

(Es ist kein automatischer Fix für Dateien vorhanden, die an der Verifikation gescheitert sind.)

C:\Windows\system32\winlogon.exe => Datei ist digital signiert
C:\Windows\system32\wininit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\wininit.exe => Datei ist digital signiert
C:\Windows\explorer.exe => Datei ist digital signiert
C:\Windows\SysWOW64\explorer.exe => Datei ist digital signiert
C:\Windows\system32\svchost.exe => Datei ist digital signiert
C:\Windows\SysWOW64\svchost.exe => Datei ist digital signiert
C:\Windows\system32\services.exe => Datei ist digital signiert
C:\Windows\system32\User32.dll => Datei ist digital signiert
C:\Windows\SysWOW64\User32.dll => Datei ist digital signiert
C:\Windows\system32\userinit.exe => Datei ist digital signiert
C:\Windows\SysWOW64\userinit.exe => Datei ist digital signiert
C:\Windows\system32\rpcss.dll => Datei ist digital signiert
C:\Windows\system32\dnsapi.dll => Datei ist digital signiert
C:\Windows\SysWOW64\dnsapi.dll => Datei ist digital signiert
C:\Windows\system32\Drivers\volsnap.sys => Datei ist digital signiert


LastRegBack: 2015-09-18 00:00

==================== Ende von FRST.txt ============================
--- --- ---

GMER Logfile:
Code:
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2015-09-25 15:44:54
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-1 Crucial_CT256MX100SSD1 rev.MU01 238,47GB
Running: Gmer-19357.exe; Driver: C:\Users\NDZEN~1\AppData\Local\Temp\uxdiipow.sys


---- User code sections - GMER 2.1 ----

.text  C:\Windows\System32\svchost.exe[1000] C:\Windows\SYSTEM32\ntdll.dll!NtWaitForDebugEvent                                                                              0000000077cb2b90 7 bytes [B8, 54, 03, 00, C0, C2, 10]
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                        0000000075be1401 2 bytes JMP 75f7b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                          0000000075be1419 2 bytes JMP 75f7b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                        0000000075be1431 2 bytes JMP 75ff8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                        0000000075be144a 2 bytes CALL 75f548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                  * 9
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                          0000000075be14dd 2 bytes JMP 75ff87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                                    0000000075be14f5 2 bytes JMP 75ff8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                          0000000075be150d 2 bytes JMP 75ff8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                                    0000000075be1525 2 bytes JMP 75ff8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                          0000000075be153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                              0000000075be1555 2 bytes JMP 75f768ef C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                        0000000075be156d 2 bytes JMP 75ff8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                          0000000075be1585 2 bytes JMP 75ff8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                            0000000075be159d 2 bytes JMP 75ff865c C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                          0000000075be15b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                        0000000075be15cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                                    0000000075be16b2 2 bytes JMP 75ff8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Windows\system32\PnkBstrA.exe[1884] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                                    0000000075be16bd 2 bytes JMP 75ff85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExW + 17                                  0000000075be1401 2 bytes JMP 75f7b21b C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!EnumProcessModules + 17                                    0000000075be1419 2 bytes JMP 75f7b346 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 17                                  0000000075be1431 2 bytes JMP 75ff8ea9 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 42                                  0000000075be144a 2 bytes CALL 75f548ad C:\Windows\syswow64\KERNEL32.dll
.text  ...                                                                                                                                                                  * 9
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!EnumDeviceDrivers + 17                                    0000000075be14dd 2 bytes JMP 75ff87a2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameA + 17                              0000000075be14f5 2 bytes JMP 75ff8978 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!QueryWorkingSetEx + 17                                    0000000075be150d 2 bytes JMP 75ff8698 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!GetDeviceDriverBaseNameW + 17                              0000000075be1525 2 bytes JMP 75ff8a62 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameW + 17                                    0000000075be153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!EnumProcesses + 17                                        0000000075be1555 2 bytes JMP 75f768ef C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!GetProcessMemoryInfo + 17                                  0000000075be156d 2 bytes JMP 75ff8f61 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!GetPerformanceInfo + 17                                    0000000075be1585 2 bytes JMP 75ff8ac2 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!QueryWorkingSet + 17                                      0000000075be159d 2 bytes JMP 75ff865c C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!GetModuleBaseNameA + 17                                    0000000075be15b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!GetModuleFileNameExA + 17                                  0000000075be15cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 20                              0000000075be16b2 2 bytes JMP 75ff8e24 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe[1964] C:\Windows\syswow64\psapi.dll!GetProcessImageFileNameW + 31                              0000000075be16bd 2 bytes JMP 75ff85f1 C:\Windows\syswow64\KERNEL32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075be1401 2 bytes JMP 75f7b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075be1419 2 bytes JMP 75f7b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075be1431 2 bytes JMP 75ff8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42      0000000075be144a 2 bytes CALL 75f548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                  * 9
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17        0000000075be14dd 2 bytes JMP 75ff87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  0000000075be14f5 2 bytes JMP 75ff8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17        0000000075be150d 2 bytes JMP 75ff8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075be1525 2 bytes JMP 75ff8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        0000000075be153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17            0000000075be1555 2 bytes JMP 75f768ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      0000000075be156d 2 bytes JMP 75ff8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075be1585 2 bytes JMP 75ff8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17          0000000075be159d 2 bytes JMP 75ff865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        0000000075be15b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      0000000075be15cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  0000000075be16b2 2 bytes JMP 75ff8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Razer\Razer_Kraken71Chroma_Driver\Drivers\SysAudio\Kraken71ChromaHelper.exe[3460] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31  0000000075be16bd 2 bytes JMP 75ff85f1 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[3920] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExA                                                        0000000075f548db 6 bytes [68, F0, 54, BB, 67, C3]
.text  C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[3920] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryW                                                          0000000075f548f3 6 bytes [68, 60, 53, BB, 67, C3]
.text  C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[3920] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryExW                                                        0000000075f54925 6 bytes [68, F0, 56, BB, 67, C3]
.text  C:\Program Files (x86)\Avira\Launcher\Avira.Systray.exe[3920] C:\Windows\syswow64\KERNEL32.dll!LoadLibraryA                                                          0000000075f5499f 6 bytes [68, D0, 51, BB, 67, C3]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\kernel32.dll!LoadLibraryExA                                                0000000075f548db 6 bytes [68, F0, 54, BB, 67, C3]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\kernel32.dll!LoadLibraryW                                                  0000000075f548f3 6 bytes [68, 60, 53, BB, 67, C3]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\kernel32.dll!LoadLibraryExW                                                0000000075f54925 6 bytes [68, F0, 56, BB, 67, C3]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\kernel32.dll!LoadLibraryA                                                  0000000075f5499f 6 bytes [68, D0, 51, BB, 67, C3]
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                        0000000075be1401 2 bytes JMP 75f7b21b C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                          0000000075be1419 2 bytes JMP 75f7b346 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                        0000000075be1431 2 bytes JMP 75ff8ea9 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                        0000000075be144a 2 bytes CALL 75f548ad C:\Windows\syswow64\kernel32.dll
.text  ...                                                                                                                                                                  * 9
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                          0000000075be14dd 2 bytes JMP 75ff87a2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                    0000000075be14f5 2 bytes JMP 75ff8978 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                          0000000075be150d 2 bytes JMP 75ff8698 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                    0000000075be1525 2 bytes JMP 75ff8a62 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                          0000000075be153d 2 bytes JMP 75f6fca8 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                              0000000075be1555 2 bytes JMP 75f768ef C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                        0000000075be156d 2 bytes JMP 75ff8f61 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                          0000000075be1585 2 bytes JMP 75ff8ac2 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                            0000000075be159d 2 bytes JMP 75ff865c C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                          0000000075be15b5 2 bytes JMP 75f6fd41 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                        0000000075be15cd 2 bytes JMP 75f7b2dc C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                    0000000075be16b2 2 bytes JMP 75ff8e24 C:\Windows\syswow64\kernel32.dll
.text  C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe[3600] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                    0000000075be16bd 2 bytes JMP 75ff85f1 C:\Windows\syswow64\kernel32.dll

---- Threads - GMER 2.1 ----

Thread  [1668:1704]                                                                                                                                                          0000000077847587
Thread  [1668:1716]                                                                                                                                                          000000007424bfb4
Thread  [1668:1720]                                                                                                                                                          000000007424bfb4
Thread  [1668:1744]                                                                                                                                                          0000000077e92e65
Thread  [1668:1816]                                                                                                                                                          0000000072078f48
Thread  [1668:1872]                                                                                                                                                          0000000072078f48
Thread  [1668:1876]                                                                                                                                                          00000000722023a0
Thread  [1668:2700]                                                                                                                                                          00000000715c4a00
Thread  [1668:2704]                                                                                                                                                          000000007424bfb4
Thread  [1668:2708]                                                                                                                                                          000000007424bfb4
Thread  [1668:2712]                                                                                                                                                          000000007424bfb4
Thread  [1668:2732]                                                                                                                                                          000000007424bfb4
Thread  [1668:2736]                                                                                                                                                          000000007424bfb4
Thread  [1668:2740]                                                                                                                                                          000000007424bfb4
Thread  [1668:2744]                                                                                                                                                          000000007424bfb4
Thread  [1668:2748]                                                                                                                                                          000000007424bfb4
Thread  [1668:2752]                                                                                                                                                          000000007424bfb4
Thread  [1668:2756]                                                                                                                                                          000000007424bfb4
Thread  [1668:2760]                                                                                                                                                          000000007424bfb4
Thread  [1668:2764]                                                                                                                                                          000000007424bfb4
Thread  [1668:2768]                                                                                                                                                          000000007424bfb4
Thread  [1668:2772]                                                                                                                                                          000000007424bfb4
Thread  [1668:2776]                                                                                                                                                          000000007424bfb4
Thread  [1668:2780]                                                                                                                                                          000000007424bfb4
Thread  [1668:2784]                                                                                                                                                          000000007424bfb4
Thread  [1668:2788]                                                                                                                                                          000000007424bfb4
Thread  [1668:2792]                                                                                                                                                          000000007424bfb4
Thread  [1668:2796]                                                                                                                                                          000000007424bfb4
Thread  [1668:2800]                                                                                                                                                          000000007424bfb4
Thread  [1668:2804]                                                                                                                                                          000000007424bfb4
Thread  [1668:2808]                                                                                                                                                          00000000685968f0
Thread  [1668:2812]                                                                                                                                                          00000000685968f0
Thread  [1668:2816]                                                                                                                                                          00000000685968f0
Thread  [1668:2820]                                                                                                                                                          0000000068594590
Thread  [1668:3632]                                                                                                                                                          000000007424bfb4
Thread  [1668:5388]                                                                                                                                                          0000000077e93e85
Thread  [1668:4508]                                                                                                                                                          0000000077e93e85
Thread  [1668:6108]                                                                                                                                                          0000000077e93e85
Thread  [1668:1484]                                                                                                                                                          0000000073e905ff

---- EOF - GMER 2.1 ----
--- --- ---

schrauber 27.09.2015 13:34
Keine Malware auf dem Rechner. Da wurde einfach nur versucht an das Konto ran zu kommen :)

Ändzen91 27.09.2015 14:58
Vielen lieben dank :)

schrauber 28.09.2015 13:31
Gern Geschehen :)


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:05 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131