| |  Auch "Der Computer wurde für die Verletzung..."-Virus bekommen.
 Hallo trojaner-board.de-Team,
den Laptop meiner Schwester hat es leider auch erwischt mit diesem Virus.
Ich habe gestern bereits mit Malwarebytes gescannt, aber die Logdatei ist irgendwie verschwunden  , deswegen habe ich heute nochmal gescannt und Malywarebytes findet nichts mehr..
Hier ist die OTL: PHP-Code: OTL logfile created on: 22.08.2012 11:14:15 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Sonja\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 83,85% Memory free
5,49 Gb Paging File | 5,09 Gb Available in Paging File | 92,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 244,00 Gb Free Space | 81,86% Space Free | Partition Type: NTFS
Computer Name: CLEMENS | User Name: Sonja | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Processes (SafeList) ==========[/color]
PRC - [2012.08.22 11:13:31 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sonja\Downloads\OTL.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
[color=#E56717]========== Modules (No Company Name) ==========[/color]
MOD - [2010.01.30 02:41:12 | 004,254,560 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
[color=#E56717]========== Win32 Services (SafeList) ==========[/color]
SRV - [2012.08.14 20:34:07 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.05.11 21:11:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.11 21:11:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.02 20:46:18 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.09.08 12:05:34 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\Programme\IDT\WDM\stacsv.exe -- (STacSV)
SRV - [2010.03.25 10:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.08.04 11:51:00 | 000,176,128 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.03.02 12:43:08 | 000,081,920 | ---- | M] (Andrea Electronics Corporation) [Auto | Stopped] -- C:\Programme\IDT\WDM\AEstSrv.exe -- (AESTFilters)
[color=#E56717]========== Driver Services (SafeList) ==========[/color]
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\athr.sys -- (athr)
DRV - [2012.05.11 21:11:58 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.11 21:11:58 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2010.11.20 23:29:34 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 23:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,112,640 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - [2010.11.20 23:29:03 | 000,077,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2010.11.20 23:29:03 | 000,025,600 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\terminpt.sys -- (terminpt)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.09.08 12:05:34 | 000,431,616 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\stwrt.sys -- (STHDA)
DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.08.04 12:25:00 | 004,994,048 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV - [2009.07.14 00:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009.07.14 00:02:53 | 000,311,296 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\yk62x86.sys -- (yukonw7)
DRV - [2009.05.04 23:30:00 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie)
[color=#E56717]========== Standard Registry (SafeList) ==========[/color]
[color=#E56717]========== Internet Explorer ==========[/color]
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
[color=#E56717]========== FireFox ==========[/color]
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.02 20:46:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2012.04.29 18:05:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonja\AppData\Roaming\mozilla\Extensions
[2012.05.17 11:50:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sonja\AppData\Roaming\mozilla\Firefox\Profiles\mhxsmrta.default\extensions
[2012.05.06 09:22:04 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.05.06 09:22:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}
[2012.05.02 20:46:18 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray.exe (IDT, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{353E0889-B5E4-4FC3-963A-C579ABBC3340}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CB7F3784-97F2-406C-A465-6E2951BE5B2B}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]
[2012.08.19 11:37:48 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Roaming\Malwarebytes
[2012.08.19 11:37:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.19 11:37:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.19 11:37:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.19 11:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.16 22:23:06 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.08.16 22:23:05 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.08.16 22:23:04 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.08.16 22:23:04 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.08.16 22:23:03 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.08.16 22:23:03 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.08.16 22:23:02 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.08.16 20:54:08 | 000,400,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\srcore.dll
[2012.08.16 20:54:07 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.08.16 20:54:03 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\browcli.dll
[2012.08.02 20:18:07 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Local\PunkBuster
[2012.08.02 20:16:05 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_34.dll
[2012.08.02 20:16:05 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_34.dll
[2012.08.02 20:16:05 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_34.dll
[2012.08.02 20:16:05 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_8.dll
[2012.08.02 20:16:05 | 000,018,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_2.dll
[2012.08.02 20:16:04 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_33.dll
[2012.08.02 20:16:04 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\D3DCompiler_33.dll
[2012.08.02 20:16:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10_33.dll
[2012.08.02 20:16:04 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_7.dll
[2012.08.02 20:16:04 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xinput1_3.dll
[2012.08.02 20:16:03 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx10.dll
[2012.08.02 20:16:03 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_6.dll
[2012.08.02 20:16:03 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_5.dll
[2012.08.02 20:16:02 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_32.dll
[2012.08.02 20:16:02 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3dx9_31.dll
[2012.08.02 20:16:02 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xactengine2_4.dll
[2012.08.02 20:16:02 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\x3daudio1_1.dll
[2012.08.02 20:14:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Activision
[2012.08.02 19:54:57 | 000,000,000 | ---D | C] -- C:\Program Files\Activision
[2012.08.02 18:14:15 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
[2012.08.02 18:14:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Counter-Strike Source
[2012.08.02 18:01:59 | 000,000,000 | ---D | C] -- C:\Program Files\Counter-Strike Source
[2012.07.31 11:58:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverTuner
[2012.07.31 11:58:15 | 000,000,000 | ---D | C] -- C:\Program Files\DriverTuner
[2012.07.31 11:43:19 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Monte Cristo
[2012.07.31 11:40:30 | 000,000,000 | ---D | C] -- C:\Program Files\Monte Cristo
[2012.07.24 10:42:32 | 000,000,000 | ---D | C] -- C:\Users\Sonja\AppData\Local\Macromedia
[2 C:\Users\Sonja\Desktop\*.tmp files -> C:\Users\Sonja\Desktop\*.tmp -> ]
[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]
[2012.08.22 11:12:58 | 000,000,000 | ---- | M] () -- C:\Users\Sonja\defogger_reenable
[2012.08.22 10:50:52 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.22 10:50:52 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.22 10:50:52 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.22 10:50:52 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.22 10:46:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.22 10:46:30 | 2212,126,720 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.19 11:37:42 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.19 11:33:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.19 11:23:04 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.19 11:23:04 | 000,021,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.17 22:17:42 | 000,406,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.08.14 20:33:55 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.08.14 20:33:55 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.08.03 01:35:49 | 000,022,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.08.02 20:15:16 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk
[2012.08.02 20:15:15 | 000,001,956 | ---- | M] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Einzelspieler.lnk
[2012.08.02 20:14:52 | 000,022,328 | ---- | M] () -- C:\Users\Sonja\AppData\Roaming\PnkBstrK.sys
[2012.08.02 20:14:14 | 000,000,319 | ---- | M] () -- C:\Windows\game.ini
[2012.08.02 18:14:16 | 000,001,969 | ---- | M] () -- C:\Users\Sonja\Desktop\Counter-Strike Source.lnk
[2012.07.31 11:58:17 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2012.07.31 11:43:19 | 000,001,179 | ---- | M] () -- C:\Users\Sonja\Desktop\Medieval Lords.lnk
[2 C:\Users\Sonja\Desktop\*.tmp files -> C:\Users\Sonja\Desktop\*.tmp -> ]
[color=#E56717]========== Files Created - No Company Name ==========[/color]
[2012.08.22 11:12:58 | 000,000,000 | ---- | C] () -- C:\Users\Sonja\defogger_reenable
[2012.08.19 11:37:42 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.08.02 20:15:16 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Mehrspieler.lnk
[2012.08.02 20:15:15 | 000,001,956 | ---- | C] () -- C:\Users\Public\Desktop\Call of Duty(R) 4 - Modern Warfare(TM) - Einzelspieler.lnk
[2012.08.02 20:14:53 | 000,022,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.08.02 20:14:52 | 000,022,328 | ---- | C] () -- C:\Users\Sonja\AppData\Roaming\PnkBstrK.sys
[2012.08.02 20:14:18 | 000,103,736 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2012.08.02 20:14:16 | 000,066,872 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.08.02 20:14:14 | 000,000,319 | ---- | C] () -- C:\Windows\game.ini
[2012.08.02 18:14:16 | 000,001,969 | ---- | C] () -- C:\Users\Sonja\Desktop\Counter-Strike Source.lnk
[2012.07.31 11:58:17 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\DriverTuner.lnk
[2012.07.31 11:43:19 | 000,001,179 | ---- | C] () -- C:\Users\Sonja\Desktop\Medieval Lords.lnk
[2012.04.11 19:05:35 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.04.12 03:30:05 | 000,653,928 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 03:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 03:30:05 | 000,129,800 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 03:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2010.11.20 23:29:34 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2010.11.20 23:29:26 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
< End of report >
und die Extras: PHP-Code: OTL Extras logfile created on: 22.08.2012 11:14:15 - Run 1
OTL by OldTimer - Version 3.2.58.1 Folder = C:\Users\Sonja\Downloads
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,75 Gb Total Physical Memory | 2,30 Gb Available Physical Memory | 83,85% Memory free
5,49 Gb Paging File | 5,09 Gb Available in Paging File | 92,69% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 298,08 Gb Total Space | 244,00 Gb Free Space | 81,86% Space Free | Partition Type: NTFS
Computer Name: CLEMENS | User Name: Sonja | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
[color=#E56717]========== Extra Registry (SafeList) ==========[/color]
[color=#E56717]========== File Associations ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[color=#E56717]========== Shell Spawning ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[color=#E56717]========== Security Center Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[color=#E56717]========== Firewall Settings ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[color=#E56717]========== Authorized Applications List ==========[/color]
[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02CB02FC-9820-4D1C-8286-683CFC99D08A}" = rport=138 | protocol=17 | dir=out | app=system |
"{13BFAEFF-E576-4D19-94A3-3BBCEFDBF197}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1CEEB34F-A4E3-4892-A231-1D93655402F1}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{23848D9B-73AE-47A6-8C9D-0E8EACFB06BD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{27563500-D763-4A66-B619-256784F63CFB}" = lport=10243 | protocol=6 | dir=in | app=system |
"{34F5CFBA-7F5E-455E-B0C2-9BE60115C7A5}" = rport=139 | protocol=6 | dir=out | app=system |
"{3A90CD43-B70B-4677-BCD4-44FFDD644968}" = rport=445 | protocol=6 | dir=out | app=system |
"{3CD204F6-10B2-4507-A9A3-B0BCEE68E684}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{50683410-2D5F-4A3A-B80A-8B43B92C7E9D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{70EC0B63-12AC-48AD-A973-516F73748A46}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{742DF032-AF41-42EB-BED8-9210240DF0EE}" = lport=445 | protocol=6 | dir=in | app=system |
"{A03C24D5-883A-4971-8200-EBBB884DF375}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A59A3AC0-1398-411A-AD8F-23BCB42F6EB7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{A9C99E7D-E3BA-4EC3-A6DC-A743379CD554}" = lport=139 | protocol=6 | dir=in | app=system |
"{BC448D53-116A-4161-83EF-C75E69499F14}" = rport=137 | protocol=17 | dir=out | app=system |
"{BE3B25A5-2128-4AC3-8CAE-546FA100C4EE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CDD94FD3-8D53-4862-86BB-0B9A2E0311EE}" = lport=137 | protocol=17 | dir=in | app=system |
"{D2E22309-1DBF-4145-AB24-979334E020D2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D42F756D-0FDC-423C-9B7C-E1B81625DE13}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D50DD57E-29BA-49AA-A240-788260348CEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E062989C-EC3D-4A4B-9C92-6A5A51833763}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E74F63C1-1EA4-4BE4-A279-351CCFA01AE6}" = lport=138 | protocol=17 | dir=in | app=system |
"{F0C724EC-4059-4F1C-A1BC-244A384EA95C}" = lport=2869 | protocol=6 | dir=in | app=system |
"{F59B4463-6306-4AD8-B4BF-41CAA067AA8B}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
[color=#E56717]========== Vista Active Application Exception List ==========[/color]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03F178EE-E6E6-419F-A5BC-57C60565CAC6}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{139B89F7-7851-4536-ABEE-A610E88665BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{1559DB7B-0057-4FC2-910E-8A0866565A22}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{2B7E14B9-BC99-4CD7-BD4C-03A12677D9E8}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{349CC081-91AB-404E-917A-A9B92B1E0AC7}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{3EA836D9-0C69-4AB7-A91C-B45AFA6BE83D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{440A817F-1766-43F8-BCF4-D52735414520}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{48129188-3574-4EF1-990E-6BE49AB57783}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{560BC1D7-E0E8-4E31-9DFB-BDEBC8DC4066}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{61F7BE08-4C9C-46A8-84E2-41F7B7A7AFEA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{70B44C89-8F57-4D7F-AFC3-C81B8CD85F56}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{7B3955C4-DE2E-4AB8-85B8-BA064E6D7DD1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7C3FAFFB-9142-41B1-84A6-B415F17D64C2}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{7FED33AC-BE4D-44DE-8B33-4CC81D68CED9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8235D987-BFE6-4B8B-BC91-25406A23BC40}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A5557DAB-7C65-4429-AB02-DDD1BEA7B546}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe |
"{A6E9BED1-C556-49B2-80D5-25B862ACE850}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe |
"{A9F7725B-32CD-473F-96E7-CB74CA5C2191}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C92EC9B7-6ABF-468E-B3E3-FABE77405531}" = protocol=6 | dir=out | app=system |
"{D3F26544-F710-4470-A928-735C29FDE05C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DA849C10-D74E-4516-BDD7-592F25FC28A9}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe |
"{DAE60E92-DF4F-44F2-93DF-F00430756920}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E1476887-E059-462E-98A2-61B68685879C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E4D18F2C-A9BA-445E-8E87-49C184E6AD41}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{E87E15C4-798E-4A2B-827A-D6C42F14ED1D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F2BE46F5-5E59-4F68-A0BB-8A6DA24276E9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{AA805F0D-2502-4876-AD89-2F9589F7AFAD}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{2B57409D-2E49-4D5B-B340-A81E60800CA9}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{085A087C-8559-AC21-F988-9B885923B58B}" = CCC Help Japanese
"{17BDCAD2-39E2-A44B-CDCA-6854FA71421E}" = Catalyst Control Center Localization All
"{1D7DBD8E-4E22-B307-81F4-D55080B16FC7}" = ccc-utility
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 32
"{31D9C74D-CD7A-4215-B1E4-DF8099AEA997}" = Catalyst Control Center - Branding
"{37D6F9FA-A5F2-3040-AF7B-78BE92957D89}" = CCC Help Thai
"{38CA1644-39F5-44EB-F200-DFC6C5E9C5A8}" = CCC Help Chinese Standard
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4D833CF3-A3AE-2863-584B-3AD3A0D70981}" = CCC Help Russian
"{520C1D80-935C-42B9-9340-E883849D804F}_is1" = DriverTuner 3.1.0.0
"{52AD35F5-FDA6-6E74-27E4-5EC2BD8A8B29}" = CCC Help Korean
"{52B24A16-729C-BDB9-D921-01556B19283D}" = CCC Help Greek
"{565AEE5D-35E5-0A21-02E2-3DC8CEA652FB}" = Catalyst Control Center Graphics Light
"{57115A63-203E-8864-8951-4D5864D23956}" = CCC Help Norwegian
"{572964E9-BE64-1F57-B672-4D2B7595FAA1}" = Catalyst Control Center Graphics Full Existing
"{5AE47629-FA38-4747-4CEA-1DD2983FA8BF}" = CCC Help German
"{5E984B44-B441-5361-B00B-91441EE7B5B4}" = CCC Help English
"{602C75D1-0C09-D216-D83D-F3126AC24A27}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B20C1C7-2766-DDB8-A02E-D6F9C7341864}" = CCC Help Finnish
"{7EFEE754-EA7D-A79B-8DDA-65CADCAF1AB4}" = Catalyst Control Center InstallProxy
"{7FFAA34E-0AA6-BF03-D37C-7AC5C380CF2F}" = CCC Help Chinese Traditional
"{805F8590-510E-74AD-FC88-ADE4224B8854}" = CCC Help Polish
"{853403A9-70A9-2C60-9E74-67BDC650E820}" = Catalyst Control Center Core Implementation
"{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"{8A75B387-6A34-7FBE-3512-89809AF89524}" = CCC Help Hungarian
"{8F0EDF80-31C2-FA10-DEE8-BD435A5F7D61}" = ATI Catalyst Install Manager
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"{9E4FC4A7-E9E1-1EF1-104B-ECFB738A1824}" = CCC Help Italian
"{9EE30AB4-1D07-7C32-106D-7AE7CEEFD1EC}" = CCC Help Spanish
"{A45AF5E2-3648-EA45-2A62-C3EA975D57D9}" = Catalyst Control Center Graphics Full New
"{A657B744-4F40-6973-D177-5FD028712702}" = ccc-core-static
"{A6C74F91-1BB6-4405-A6AC-F785984CCEE2}" = Medieval Lords
"{BA728FCC-0B8C-6F7F-B29C-583829D1E8BB}" = CCC Help Dutch
"{D796ABCD-73D4-F18D-CF80-9BA1BE403933}" = CCC Help Swedish
"{DA932D71-E52A-43D5-009E-395A1AEC1474}" = Die Sims™ Lebensgeschichten
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E48D0275-B2E0-C879-4B86-506757A16DC7}" = CCC Help Turkish
"{E9B0164A-27EA-4C31-5526-867C6882B60D}" = CCC Help Czech
"{EA891D60-C20D-03C4-88CB-E4597A1753AA}" = CCC Help Portuguese
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3818CCA-B7E4-2B53-F86E-2D4F195F66F3}" = CCC Help Danish
"{F5F16745-6FCB-4134-83F9-2688ACFF5DC9}" = HP ESU for Microsoft Windows 7
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"Counter-Strike: Source" = Counter-Strike: Source
"InstallShield_{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch
"InstallShield_{931C37FC-594D-43A9-B10F-A2F2B1F03498}" = Call of Duty(R) 4 - Modern Warfare(TM) 1.7 Patch
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR
[color=#E56717]========== Last 20 Event Log Errors ==========[/color]
[ Application Events ]
Error - 10.08.2012 14:25:22 | Computer Name = Clemens | Source = WinMgmt | ID = 10
Description =
Error - 11.08.2012 03:05:57 | Computer Name = Clemens | Source = WinMgmt | ID = 10
Description =
Error - 11.08.2012 05:00:56 | Computer Name = Clemens | Source = WinMgmt | ID = 10
Description =
Error - 11.08.2012 06:16:12 | Computer Name = Clemens | Source = WinMgmt | ID = 10
Description =
Error - 11.08.2012 15:51:03 | Computer Name = Clemens | Source = WinMgmt | ID = 10
Description =
Error - 11.08.2012 16:12:06 | Computer Name = Clemens | Source = WinMgmt | ID = 10
Description =
Error - 12.08.2012 04:24:20 | Computer Name = Clemens | Source = WinMgmt | ID = 10
Description =
Error - 12.08.2012 05:28:52 | Computer Name = Clemens | Source = WinMgmt | ID = 10
Description =
Error - 12.08.2012 05:38:11 | Computer Name = Clemens | Source = WinMgmt | ID = 10
Description =
Error - 12.08.2012 06:03:23 | Computer Name = Clemens | Source = WinMgmt | ID = 10
Description =
[ Media Center Events ]
Error - 11.04.2012 14:16:00 | Computer Name = Clemens | Source = MCUpdate | ID = 0
Description = 20:16:00 - Fehler beim Herstellen der Internetverbindung. 20:16:00
- Serververbindung konnte nicht hergestellt werden..
Error - 12.04.2012 05:14:22 | Computer Name = Clemens | Source = MCUpdate | ID = 0
Description = 11:14:22 - Fehler beim Herstellen der Internetverbindung. 11:14:22
- Serververbindung konnte nicht hergestellt werden..
Error - 16.04.2012 05:03:47 | Computer Name = Clemens | Source = MCUpdate | ID = 0
Description = 11:03:47 - Fehler beim Herstellen der Internetverbindung. 11:03:47
- Serververbindung konnte nicht hergestellt werden..
Error - 16.04.2012 05:03:56 | Computer Name = Clemens | Source = MCUpdate | ID = 0
Description = 11:03:52 - Fehler beim Herstellen der Internetverbindung. 11:03:52
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 16.08.2012 14:44:41 | Computer Name = Clemens | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 17.08.2012 16:15:50 | Computer Name = Clemens | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 17.08.2012 16:15:50 | Computer Name = Clemens | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 17.08.2012 16:16:06 | Computer Name = Clemens | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 10 Prozessor-ID: 0 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 17.08.2012 16:16:06 | Computer Name = Clemens | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 0 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 17.08.2012 16:16:06 | Computer Name = Clemens | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 0 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 17.08.2012 16:16:06 | Computer Name = Clemens | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 17.08.2012 16:16:06 | Computer Name = Clemens | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 17.08.2012 16:17:38 | Computer Name = Clemens | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 17.08.2012 16:17:38 | Computer Name = Clemens | Source = atikmdag | ID = 43029
Description = Display is not active
< End of report >
gmer sagt: PHP-Code: GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-22 12:52:56
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 ST9320423AS rev.0006HPM1
Running: pd5pjgck.exe; Driver: C:\Users\Sonja\AppData\Local\Temp\uxtdqpoc.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81E5D3C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E96D52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtCreateFile + 6 777C55CE 4 Bytes [28, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtCreateFile + B 777C55D3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtCreateKey + 6 777C560E 4 Bytes [68, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtCreateKey + B 777C5613 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtCreateMutant + 6 777C564E 4 Bytes [68, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtCreateMutant + B 777C5653 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtCreateSection + 6 777C56EE 4 Bytes [A8, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtCreateSection + B 777C56F3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtMapViewOfSection + B 777C5C33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenFile + 6 777C5CDE 4 Bytes [68, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenFile + B 777C5CE3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenKey + 6 777C5D0E 4 Bytes [A8, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenKey + B 777C5D13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenKeyEx + B 777C5D23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenMutant + 6 777C5D5E 4 Bytes [28, 02, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenMutant + B 777C5D63 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenProcess + 6 777C5D8E 1 Byte [68]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenProcess + 6 777C5D8E 4 Bytes [68, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenProcess + B 777C5D93 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenProcessToken + 6 777C5D9E 1 Byte [A8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenProcessToken + 6 777C5D9E 4 Bytes [A8, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenProcessToken + B 777C5DA3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenProcessTokenEx + 6 777C5DAE 4 Bytes [68, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenProcessTokenEx + B 777C5DB3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenSection + B 777C5DD3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenThread + 6 777C5E0E 1 Byte [28]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenThread + 6 777C5E0E 4 Bytes [28, 03, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenThread + B 777C5E13 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenThreadToken + 6 777C5E1E 4 Bytes [28, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenThreadToken + B 777C5E23 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenThreadTokenEx + 6 777C5E2E 4 Bytes [A8, 04, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtOpenThreadTokenEx + B 777C5E33 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtQueryAttributesFile + 6 777C5F3E 4 Bytes [A8, 00, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtQueryAttributesFile + B 777C5F43 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtQueryFullAttributesFile + B 777C5FF3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtSetInformationFile + 6 777C663E 4 Bytes [28, 01, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtSetInformationFile + B 777C6643 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtSetInformationThread + 6 777C669E 1 Byte [E8]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtSetInformationThread + B 777C66A3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtUnmapViewOfSection + 6 777C69BE 4 Bytes [28, 05, 07, 00]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ntdll.dll!NtUnmapViewOfSection + B 777C69C3 1 Byte [E2]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] kernel32.dll!CreateProcessW 75CB204D 5 Bytes JMP 00010030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] kernel32.dll!CreateProcessA 75CB2082 5 Bytes JMP 00010070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!DeleteObject 76025F14 5 Bytes JMP 002101B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!SelectObject 76026640 5 Bytes JMP 002105F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!SetTextColor 76026906 5 Bytes JMP 002109F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!SetBkMode 760269B1 5 Bytes JMP 002108B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!DeleteDC 76026EAA 5 Bytes JMP 00210170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!GetDeviceCaps 76026F7F 5 Bytes JMP 002103B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!ExtSelectClipRgn 76027114 5 Bytes JMP 002102F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!SelectClipRgn 76027242 5 Bytes JMP 002105B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!SetStretchBltMode 76027705 5 Bytes JMP 00210670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!GetCurrentObject 76027917 5 Bytes JMP 00210370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!GetTextMetricsW 76027B8F 5 Bytes JMP 00210DF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!GetTextAlign 76027DAF 5 Bytes JMP 00210D30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!IntersectClipRect 76027DFE 5 Bytes JMP 002103F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!ExtTextOutW 76028192 5 Bytes JMP 00210930
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!SetTextAlign 7602828E 5 Bytes JMP 002109B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!GetClipBox 76028525 5 Bytes JMP 00210330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!MoveToEx 76028C21 5 Bytes JMP 00210470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!StretchDIBits 7602A53E 5 Bytes JMP 00210730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!RestoreDC 7602A67B 5 Bytes JMP 00210530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!SaveDC 7602A74B 5 Bytes JMP 00210570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!GetTextExtentPoint32W 7602B4B5 5 Bytes JMP 00210630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!GetTextFaceW 7602B73A 2 Bytes JMP 00210CF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!GetTextFaceW + 3 7602B73D 2 Bytes [1E, 8A]
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!GetFontData 7602BCC4 5 Bytes JMP 00210C30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!SetWorldTransform 7602C90A 5 Bytes JMP 002106B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!CreateDCA 7602CCA9 5 Bytes JMP 002100B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!CreateDCW 7602CF79 5 Bytes JMP 002100F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!CreateICW 7602CFD0 5 Bytes JMP 00210130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!GetTextMetricsA 7602D0F2 5 Bytes JMP 00210DB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!Rectangle 7602F1FF 5 Bytes JMP 00210970
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!LineTo 7602F59B 5 Bytes JMP 00210430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!SetICMMode 7602FAA4 5 Bytes JMP 00210D70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!ExtTextOutA 760303F9 5 Bytes JMP 002108F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!ExtEscape 76032949 5 Bytes JMP 002102B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!Escape 76033939 5 Bytes JMP 00210270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!GetTextFaceA 76033E6A 5 Bytes JMP 00210CB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!SetPolyFillMode 7603D851 5 Bytes JMP 00210AF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!SetMiterLimit 7603DA0D 5 Bytes JMP 00210B30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!EndPage 760400D7 5 Bytes JMP 00210230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!ResetDCW 7604050D 5 Bytes JMP 00210A70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!GetGlyphOutlineW 7604C1BA 5 Bytes JMP 00210C70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!CreateScalableFontResourceW 7604E817 5 Bytes JMP 00210B70
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!AddFontResourceW 7604EC13 5 Bytes JMP 00210BB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!RemoveFontResourceW 7604F109 5 Bytes JMP 00210BF0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!AbortDoc 76054C63 5 Bytes JMP 00210030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!EndDoc 760550AA 5 Bytes JMP 002101F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!StartPage 76055195 5 Bytes JMP 002106F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!StartDocW 76055BB0 5 Bytes JMP 002107B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!BeginPath 7605635D 5 Bytes JMP 002107F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!SelectClipPath 760563B4 5 Bytes JMP 00210AB0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!CloseFigure 7605640F 5 Bytes JMP 00210070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!EndPath 76056466 5 Bytes JMP 00210A30
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!StrokePath 76056699 5 Bytes JMP 00210770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!FillPath 76056726 5 Bytes JMP 00210830
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!PolylineTo 76056B94 5 Bytes JMP 002104F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!PolyBezierTo 76056C25 5 Bytes JMP 002104B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] GDI32.dll!PolyDraw 76056CD7 5 Bytes JMP 00210870
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!ActivateKeyboardLayout 76078203 5 Bytes JMP 002204F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!ScreenToClient 7607A506 7 Bytes JMP 00220670
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!RegisterClipboardFormatA 7607C091 5 Bytes JMP 002202F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!RegisterClipboardFormatW 7607DF8D 5 Bytes JMP 002202B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!SetCursor 76083075 5 Bytes JMP 00220530
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!MonitorFromWindow 76083622 7 Bytes JMP 00220630
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!PostMessageW 7608447B 5 Bytes JMP 002205F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!IsWindowVisible 76084D69 7 Bytes JMP 002206B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!GetClientRect 760854DD 7 Bytes JMP 002205B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!MapWindowPoints 76085CAA 5 Bytes JMP 00220570
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!GetParent 76086029 7 Bytes JMP 002206F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!EmptyClipboard 7609290C 5 Bytes JMP 00220130
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!SetClipboardData 76092962 5 Bytes JMP 00220170
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!GetClipboardData 76092BA7 5 Bytes JMP 00220030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!GetClipboardFormatNameW 76095FD2 5 Bytes JMP 00220230
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!SetClipboardViewer 76096FF6 5 Bytes JMP 002204B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!GetClipboardFormatNameA 7609700A 5 Bytes JMP 00220270
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!ChangeClipboardChain 760A147C 5 Bytes JMP 00220430
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!GetTopWindow 760A24D9 7 Bytes JMP 00220730
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!CloseClipboard 760A446C 5 Bytes JMP 002200B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!OpenClipboard 760A447E 5 Bytes JMP 00220070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!IsClipboardFormatAvailable 760A44FF 5 Bytes JMP 002200F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!GetClipboardSequenceNumber 760A4513 5 Bytes JMP 00220330
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!GetClipboardOwner 760A4525 5 Bytes JMP 00220370
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!CountClipboardFormats 760A470A 5 Bytes JMP 002201F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!EnumClipboardFormats 760A47EC 5 Bytes JMP 002201B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!GetOpenClipboardWindow 760A480B 5 Bytes JMP 002203F0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!SetCursorPos 760BC1B0 5 Bytes JMP 00220770
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!GetClipboardViewer 760D4AF7 5 Bytes JMP 00220470
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] USER32.dll!GetPriorityClipboardFormat 760D4BF9 5 Bytes JMP 002203B0
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ole32.dll!OleSetClipboard 77150045 5 Bytes JMP 00230030
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ole32.dll!OleIsCurrentClipboard 771536B2 5 Bytes JMP 00230070
.text C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_3_300_271.exe[820] ole32.dll!OleGetClipboard 7717FDCD 5 Bytes JMP 002300B0
.text C:\Program Files\Mozilla Firefox\firefox.exe[1568] ntdll.dll!LdrLoadDll 777E223E 5 Bytes JMP 6B4FC930 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1568] kernel32.dll!MapViewOfFile 75CF93DB 5 Bytes JMP 6B72E083 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1568] kernel32.dll!VirtualAlloc 75CFC43A 5 Bytes JMP 6B72E0AA C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1568] USER32.dll!GetWindowInfo 76084B5E 5 Bytes JMP 6B67BEC9 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\firefox.exe[1568] GDI32.dll!CreateDIBSection 76028850 5 Bytes JMP 6B72E00D C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1704] USER32.dll!GetWindowInfo 76084B5E 5 Bytes JMP 6B674822 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1704] USER32.dll!TrackPopupMenu 76092228 5 Bytes JMP 6B674DD6 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004a halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\002713c8a8bd
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\002713c8a8bd (not active ControlSet)
---- EOF - GMER 1.0.15 ----
Alles nochmal im Anhang enthalten.
Ein großes  im Vorraus für eure Hilfe 
|
22.08.2012, 12:00
Linear-Darstellung
