Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall


Log-Analyse und Auswertung: Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.05.2014, 00:05   #1
JanR91
 
Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Standard

Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall


Hallo Trojaner-Board,

seit einigen Tagen habe ich das Problem, das mein Laptop eine relativ hohe CPU-Auslastung hat.
Möglicherweise habe ich mir durch Surfen im Internet einen oder mehrere Viren/Trojaner eingefangen. Ich hoffe Sie können mir helfen.

Hier der Defogger logfile:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 00:29 on 16/05/2014 (Jan)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Hier der FRST logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version:15-05-2014
Ran by Jan (administrator) on JAN-PC on 16-05-2014 00:30:43
Running from C:\Users\Jan\Downloads
Platform: Microsoft Windows 7 Ultimate  Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal


==================== Processes (Whitelisted) =================

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
() C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(Microsoft Corporation) C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
(The Privoxy team - www.privoxy.org) C:\Program Files\MSR\Privoxy\privoxy.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wuauclt.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\firefox.exe
(Mozilla Corporation) C:\Program Files\Mozilla Firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe
(Adobe Systems, Inc.) C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [Nvtmru] => C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1028384 2013-11-14] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\nvspcap.dll [982232 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files\NVIDIA Corporation\Update Core\NvBackend.exe [2279712 2013-12-10] (NVIDIA Corporation)
HKLM\...\Run: [Adobe ARM] => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-12-21] (Adobe Systems Incorporated)
HKU\.DEFAULT\...\RunOnce: [SPReview] - C:\Windows\System32\SPReview\SPReview.exe [280576 2013-12-09] (Microsoft Corporation)
GroupPolicy: Group Policy on Chrome detected <======= ATTENTION

==================== Internet (Whitelisted) ====================

ProxyEnable: Internet Explorer proxy is enabled.
ProxyServer: http=127.0.0.1:8118;https=127.0.0.1:8118
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
SearchScopes: HKLM - DefaultScope value is missing.
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1

FireFox:
========
FF ProfilePath: C:\Users\Jan\AppData\Roaming\Mozilla\Firefox\Profiles\dcuyuvrt.default
FF Homepage: google.de
FF NetworkProxy: "http", "127.0.0.1"
FF NetworkProxy: "http_port", 8118
FF NetworkProxy: "ssl", "127.0.0.1"
FF NetworkProxy: "ssl_port", 8118
FF NetworkProxy: "type", 1
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll ()
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: @nvidia.com/3DVision - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin: @nvidia.com/3DVisionStreaming - C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF HKCU\...\Firefox\Extensions: [{B9CAB6E3-383E-2705-9275-E9FFFCD2C970}] - C:\Program Files\BlockAndSurf-soft\161.xpi

========================== Services (Whitelisted) =================

S3 BEService; C:\Program Files\Common Files\BattlEye\BEService.exe [49152 2013-12-06] ()
S2 MBAMScheduler; G:\Jans Stuff\ Malwarebytes Anti-Malware \mbamscheduler.exe [1809720 2014-04-03] (Malwarebytes Corporation)
S2 MBAMService; G:\Jans Stuff\ Malwarebytes Anti-Malware \mbamservice.exe [857912 2014-04-03] (Malwarebytes Corporation)
R2 NvNetworkService; C:\Program Files\NVIDIA Corporation\NetService\NvNetworkService.exe [1494304 2013-12-10] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [14658848 2013-12-10] (NVIDIA Corporation)
R2 SystemUpdatekb70007; C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe [18944 2014-05-08] ()

==================== Drivers (Whitelisted) ====================

R3 EuMusDesignVirtualAudioCableWdm; C:\Windows\System32\DRIVERS\vrtaucbl.sys [50728 2014-04-11] (Eugene V. Muzychenko)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [23256 2014-04-03] (Malwarebytes Corporation)
R3 MTsensor; C:\Windows\System32\DRIVERS\ATKACPI.sys [7680 2007-07-31] (ATK0100)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad32v.sys [34080 2013-12-05] (NVIDIA Corporation)
R3 Sftfs; C:\Windows\System32\DRIVERS\Sftfswin7.sys [581480 2011-10-01] (Microsoft Corporation)
R3 Sftplay; C:\Windows\System32\DRIVERS\Sftplaywin7.sys [194408 2011-10-01] (Microsoft Corporation)
R3 Sftredir; C:\Windows\System32\DRIVERS\Sftredirwin7.sys [21864 2011-10-01] (Microsoft Corporation)
R3 Sftvol; C:\Windows\System32\DRIVERS\Sftvolwin7.sys [19304 2011-10-01] (Microsoft Corporation)
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
U5 VWiFiFlt; C:\Windows\System32\Drivers\VWiFiFlt.sys [48128 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-05-16 00:30 - 2014-05-16 00:30 - 00007012 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-05-16 00:30 - 2014-05-16 00:30 - 00000000 ____D () C:\FRST
2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log
2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable
2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Downloads\FRST.exe
2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe
2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe
2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt
2014-05-15 13:59 - 2010-08-30 08:34 - 00536576 _____ (SQLite Development Team) C:\Windows\system32\sqlite3.dll
2014-05-15 13:55 - 2014-05-15 13:55 - 00000079 _____ () C:\Windows\wininit.ini
2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps
2014-05-15 01:36 - 2014-05-06 05:25 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-15 01:36 - 2014-05-06 05:07 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-15 01:36 - 2014-05-06 04:10 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url
2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics
2014-05-14 11:11 - 2014-05-15 14:02 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-14 11:11 - 2014-05-15 13:55 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-14 11:10 - 2014-05-15 17:20 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-14 11:08 - 2014-05-15 13:43 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-14 11:06 - 2014-05-14 11:06 - 00000744 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 11:06 - 2014-04-03 09:51 - 00073432 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbamchameleon.sys
2014-05-14 11:06 - 2014-04-03 09:51 - 00051416 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2014-05-14 11:06 - 2014-04-03 09:50 - 00023256 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 01727624 _____ () C:\Users\Jan\Downloads\Adaware_Installer_11153540.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-14 09:26 - 2014-05-09 09:06 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-14 09:26 - 2014-05-09 09:04 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-14 09:26 - 2014-04-12 04:15 - 00136640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2014-05-14 09:26 - 2014-04-12 04:15 - 00067520 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2014-05-14 09:26 - 2014-04-12 04:12 - 00100352 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2014-05-14 09:26 - 2014-04-12 04:12 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2014-05-14 09:26 - 2014-04-12 04:12 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2014-05-14 09:26 - 2014-04-12 04:11 - 01059840 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2014-05-14 09:26 - 2014-04-12 04:11 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2014-05-14 09:26 - 2014-03-25 04:09 - 12874240 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2014-05-14 09:26 - 2014-03-04 11:20 - 03969984 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2014-05-14 09:26 - 2014-03-04 11:20 - 03914176 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2014-05-14 09:26 - 2014-03-04 11:17 - 00550912 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00538112 _____ (Microsoft Corporation) C:\Windows\system32\objsel.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00304128 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2014-05-14 09:26 - 2014-03-04 11:17 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00259584 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\cngprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00049664 _____ (Microsoft Corporation) C:\Windows\system32\adprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\capiprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\dpapiprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\dimsroam.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00035328 _____ (Microsoft Corporation) C:\Windows\system32\wincredprovider.dll
2014-05-14 09:26 - 2014-03-04 11:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList
2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR
2014-05-13 22:52 - 2014-05-13 22:52 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\InetStat
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\GetPrivate
2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe
2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe
2014-05-13 22:19 - 2014-05-13 22:39 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe
2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe
2014-05-13 21:07 - 2014-05-14 12:24 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent
2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe
2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe
2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 22:49 - 2014-05-14 12:25 - 00000000 ____D () C:\ProgramData\18be15233c43999c
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator
2014-05-12 22:48 - 2014-05-12 22:55 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 22:38 - 2014-02-12 22:26 - 00000426 _____ () C:\AVScanner.ini
2014-05-12 22:10 - 2014-05-13 22:46 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar
2014-05-10 17:56 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-06 17:34 - 2014-05-15 13:10 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo -
2014-04-29 18:12 - 2014-03-06 10:31 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-04-29 18:12 - 2014-03-06 10:02 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-04-29 18:12 - 2014-03-06 10:02 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-04-29 18:12 - 2014-03-06 10:01 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-04-29 18:12 - 2014-03-06 09:47 - 02178048 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-04-29 18:12 - 2014-03-06 09:46 - 04254720 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-04-29 18:12 - 2014-03-06 09:46 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-04-29 18:12 - 2014-03-06 09:45 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-04-29 18:12 - 2014-03-06 09:40 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-04-29 18:12 - 2014-03-06 09:38 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-04-29 18:12 - 2014-03-06 09:38 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-04-29 18:12 - 2014-03-06 09:36 - 00592896 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-04-29 18:12 - 2014-03-06 09:28 - 00646144 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2014-04-29 18:12 - 2014-03-06 09:22 - 00367616 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2014-04-29 18:12 - 2014-03-06 09:18 - 00575488 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-04-29 18:12 - 2014-03-06 09:13 - 00032256 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2014-04-29 18:12 - 2014-03-06 09:07 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-04-29 18:12 - 2014-03-06 09:01 - 00244224 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2014-04-29 18:12 - 2014-03-06 08:46 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-04-29 18:12 - 2014-03-06 08:40 - 01967104 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-04-29 18:12 - 2014-03-06 08:36 - 11745792 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-04-29 18:12 - 2014-03-06 07:43 - 00704512 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-04-29 18:12 - 2014-03-06 07:41 - 01789440 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-04-29 18:12 - 2014-03-06 07:36 - 01143808 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-04-26 13:05 - 2014-05-14 12:24 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-26 13:04 - 2014-04-26 13:07 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe
2014-04-18 23:28 - 2014-04-18 23:28 - 04440764 _____ () C:\Users\Jan\Downloads\Pinkzebra

==================== One Month Modified Files and Folders =======

2014-05-16 00:30 - 2014-05-16 00:30 - 00007012 _____ () C:\Users\Jan\Downloads\FRST.txt
2014-05-16 00:30 - 2014-05-16 00:30 - 00000000 ____D () C:\FRST
2014-05-16 00:29 - 2014-05-16 00:29 - 00000468 _____ () C:\Users\Jan\Downloads\defogger_disable.log
2014-05-16 00:29 - 2014-05-16 00:29 - 00000000 _____ () C:\Users\Jan\defogger_reenable
2014-05-16 00:29 - 2013-12-06 19:26 - 00000000 ____D () C:\Users\Jan
2014-05-16 00:27 - 2014-05-16 00:27 - 01056768 _____ (Farbar) C:\Users\Jan\Downloads\FRST.exe
2014-05-16 00:27 - 2014-05-16 00:27 - 00380416 _____ () C:\Users\Jan\Downloads\Gmer-19357.exe
2014-05-16 00:26 - 2014-05-16 00:26 - 00050477 _____ () C:\Users\Jan\Downloads\Defogger.exe
2014-05-16 00:11 - 2013-12-13 16:17 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\TS3Client
2014-05-16 00:08 - 2013-12-06 22:22 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-05-15 21:54 - 2013-12-06 18:47 - 01226295 _____ () C:\Windows\WindowsUpdate.log
2014-05-15 17:20 - 2014-05-14 11:10 - 00107736 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2014-05-15 14:25 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-05-15 14:25 - 2009-07-14 06:34 - 00014016 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-05-15 14:23 - 2013-12-06 19:08 - 01622164 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-05-15 14:21 - 2014-05-15 14:21 - 00000498 _____ () C:\DelFix.txt
2014-05-15 14:17 - 2013-12-09 17:20 - 00151656 _____ () C:\Windows\PFRO.log
2014-05-15 14:17 - 2013-12-06 20:15 - 00000000 ____D () C:\ProgramData\NVIDIA
2014-05-15 14:17 - 2009-07-14 06:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-05-15 14:17 - 2009-07-14 06:39 - 00058974 _____ () C:\Windows\setupact.log
2014-05-15 14:02 - 2014-05-14 11:11 - 00000000 ____D () C:\Program Files\Spybot - Search & Destroy 2
2014-05-15 14:00 - 2013-12-06 19:27 - 00001144 _____ () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2014-05-15 13:55 - 2014-05-15 13:55 - 00000079 _____ () C:\Windows\wininit.ini
2014-05-15 13:55 - 2014-05-14 11:11 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-05-15 13:43 - 2014-05-14 11:08 - 00000000 ____D () C:\Program Files\Lavasoft
2014-05-15 13:40 - 2014-05-15 13:40 - 00000000 ____D () C:\Users\Jan\Documents\ProcAlyzer Dumps
2014-05-15 13:25 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-05-15 13:10 - 2014-05-06 17:34 - 00000000 ___SD () C:\Windows\system32\CompatTel
2014-05-15 13:10 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\system32\de-DE
2014-05-14 20:04 - 2014-05-14 20:04 - 00000199 _____ () C:\Users\Jan\Desktop\Counter-Strike Global Offensive.url
2014-05-14 19:35 - 2013-12-06 19:36 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Mozilla
2014-05-14 19:34 - 2014-05-14 19:34 - 00001117 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00001105 _____ () C:\Users\Public\Desktop\Mozilla Firefox.lnk
2014-05-14 19:34 - 2014-05-14 19:34 - 00000000 ____D () C:\Program Files\Mozilla Maintenance Service
2014-05-14 19:34 - 2014-05-10 17:56 - 00000000 ____D () C:\Program Files\Mozilla Firefox
2014-05-14 12:25 - 2014-05-12 22:49 - 00000000 ____D () C:\ProgramData\18be15233c43999c
2014-05-14 12:24 - 2014-05-13 21:07 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\uTorrent
2014-05-14 12:24 - 2014-04-26 13:05 - 00002441 _____ () C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2014-05-14 12:19 - 2014-05-14 12:19 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\LavasoftStatistics
2014-05-14 11:06 - 2014-05-14 11:06 - 00000744 _____ () C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
2014-05-14 11:06 - 2014-05-14 11:06 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-05-14 11:04 - 2014-05-14 11:04 - 46392680 _____ (Safer-Networking Ltd. ) C:\Users\Jan\Downloads\spybot-2.3.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 17305616 _____ (Malwarebytes Corporation ) C:\Users\Jan\Downloads\mbam-setup-2.0.1.1004.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 01727624 _____ () C:\Users\Jan\Downloads\Adaware_Installer_11153540.exe
2014-05-14 11:03 - 2014-05-14 11:03 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieUserList
2014-05-13 22:55 - 2014-05-13 22:55 - 00000000 __SHD () C:\Users\Jan\AppData\Local\EmieSiteList
2014-05-13 22:53 - 2014-05-13 22:53 - 00000000 ____D () C:\Program Files\MSR
2014-05-13 22:52 - 2014-05-13 22:52 - 00000512 __RSH () C:\ProgramData\ntuser.pol
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\wi_upd
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\InetStat
2014-05-13 22:52 - 2014-05-13 22:52 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\GetPrivate
2014-05-13 22:52 - 2009-07-14 04:37 - 00000000 ___HD () C:\Windows\system32\GroupPolicy
2014-05-13 22:51 - 2014-05-13 22:51 - 02271256 _____ () C:\Users\Jan\Downloads\Garrys.Mod.v13.06.20-v13.07.05.Update.exe
2014-05-13 22:46 - 2014-05-12 22:10 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2014-05-13 22:39 - 2014-05-13 22:19 - 1015875267 _____ () C:\Users\Jan\Downloads\CSS_2013_patch_1909615_nosTEAM.exe
2014-05-13 22:37 - 2014-05-13 22:37 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_xMdXQR_.exe
2014-05-13 21:19 - 2014-05-13 21:19 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_luc4Mu_.exe
2014-05-13 21:08 - 2013-12-06 22:22 - 00692400 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-05-13 21:08 - 2013-12-06 22:22 - 00070832 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-05-13 21:06 - 2014-05-13 21:06 - 01670992 _____ (BitTorrent Inc.) C:\Users\Jan\Downloads\uTorrent_3.4.1_31139.exe
2014-05-13 21:00 - 2014-05-13 21:00 - 00222184 _____ (Deposit Files) C:\Users\Jan\Downloads\dfdownloader_sbRdYx_.exe
2014-05-12 23:14 - 2013-12-06 19:31 - 00000000 ____D () C:\Program Files\Common Files\Steam
2014-05-12 22:55 - 2014-05-12 22:48 - 00000000 ____D () C:\ProgramData\InstallMate
2014-05-12 22:50 - 2014-05-12 22:50 - 00000000 ____D () C:\ProgramData\ItsMyApp
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Jan\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Gast
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Google
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Comodo
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator\AppData\Local\Chromatic Browser
2014-05-12 22:49 - 2014-05-12 22:49 - 00000000 ____D () C:\Users\Administrator
2014-05-12 22:20 - 2013-12-06 19:27 - 00000000 ____D () C:\Users\Jan\AppData\Local\VirtualStore
2014-05-12 22:07 - 2014-05-12 22:07 - 00000000 ____D () C:\Users\Jan\Documents\230828-672014-dungeon-keeper-2.rar
2014-05-09 09:06 - 2014-05-14 09:26 - 00369664 _____ (Microsoft Corporation) C:\Windows\system32\aepdu.dll
2014-05-09 09:04 - 2014-05-14 09:26 - 00302592 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2014-05-08 16:12 - 2009-07-14 04:37 - 00000000 ____D () C:\Windows\rescache
2014-05-06 05:25 - 2014-05-15 01:36 - 17382912 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-05-06 05:07 - 2014-05-15 01:36 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-05-06 04:10 - 2014-05-15 01:36 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2014-05-02 21:03 - 2014-05-02 21:03 - 03441423 _____ () C:\Users\Jan\Downloads\Instalok - Pick Anyone (Jason Derulo -
2014-04-26 13:07 - 2014-04-26 13:04 - 00000000 ____D () C:\ProgramData\Adobe
2014-04-26 13:06 - 2013-12-06 22:21 - 00000000 ____D () C:\Users\Jan\AppData\Local\Adobe
2014-04-26 13:06 - 2013-12-06 20:53 - 00000000 ____D () C:\Users\Jan\AppData\Roaming\Adobe
2014-04-26 13:05 - 2014-04-26 13:05 - 00001993 _____ () C:\Users\Public\Desktop\Adobe Reader XI.lnk
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Common Files\Adobe
2014-04-26 13:04 - 2014-04-26 13:04 - 00000000 ____D () C:\Program Files\Adobe
2014-04-18 23:28 - 2014-04-18 23:28 - 04440764 _____ () C:\Users\Jan\Downloads\Pinkzebra

Some content of TEMP:
====================
C:\Users\Jan\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2014-05-14 09:26] - [2014-03-04 11:17] - 0304128 ____A (Microsoft Corporation) 998507B046BA314CE8245364C686FA67

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll => MD5 is legit
C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-05-09 11:39

==================== End Of Log ============================
--- --- ---

--- --- ---

--- --- ---

--- --- ---
Hier der Addition logfile:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x86) Version:15-05-2014
Ran by Jan at 2014-05-16 00:31:15
Running from C:\Users\Jan\Downloads
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe Flash Player 13 Plugin (HKLM\...\Adobe Flash Player Plugin) (Version: 13.0.0.214 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.07) - Deutsch (HKLM\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.07 - Adobe Systems Incorporated)
Age of Empires II: HD Edition (HKLM\...\Steam App 221380) (Version:  - Hidden Path Entertainment, Ensemble Studios)
Battle.net (HKLM\...\Battle.net) (Version:  - Blizzard Entertainment)
BattlEye for OA Uninstall (HKLM\...\BattlEye for OA) (Version:  - )
Counter-Strike: Global Offensive (HKLM\...\Steam App 730) (Version:  - Valve)
Dawngate (HKLM\...\{25FAB7E0-526C-437F-8D55-7F00436B873D}) (Version: 180.16.77.0 - Electronic Arts, Inc.)
DayZ Commander (HKLM\...\{B3653588-3AC0-4A1D-950F-D96531E84374}) (Version: 0.92.91 - Dotjosh Studios)
Dota 2 (HKLM\...\Steam App 570) (Version:  - Valve)
GeForce Experience NvStream Client Components (Version: 1.6.28 - NVIDIA Corporation) Hidden
Hearthstone (HKLM\...\Hearthstone) (Version:  - Blizzard Entertainment)
Malwarebytes Anti-Malware Version 2.0.1.1004 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.1.1004 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (DEU) (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4.5.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 (Version: 4.5.50938 - Microsoft Corporation) Hidden
Microsoft Office Home and Business 2010 - Deutsch (HKLM\...\{90140011-0062-0407-0000-0000000FF1CE}) (Version: 14.0.6137.5006 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (HKLM\...\Office14.Click2Run) (Version: 14.0.6122.5000 - Microsoft Corporation)
Microsoft Office Klick-und-Los 2010 (Version: 14.0.6122.5000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 29.0.1 (x86 de) (HKLM\...\Mozilla Firefox 29.0.1 (x86 de)) (Version: 29.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM\...\MozillaMaintenanceService) (Version: 29.0.1 - Mozilla)
NVIDIA 3D Vision Treiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.3 - )
NVIDIA GeForce Experience 1.8.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 1.8.1 - NVIDIA Corporation)
NVIDIA Grafiktreiber 332.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 332.21 - NVIDIA Corporation)
NVIDIA Install Application (Version: 2.1002.142.992 - NVIDIA Corporation) Hidden
NVIDIA LED Visualizer 1.0 (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA Network Service (Version: 1.0 - NVIDIA Corporation) Hidden
NVIDIA PhysX (Version: 9.13.0725 - NVIDIA Corporation) Hidden
NVIDIA PhysX-Systemsoftware 9.13.0725 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.0725 - NVIDIA Corporation)
NVIDIA ShadowPlay 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Stereoscopic 3D Driver (Version: 7.17.13.3221 - NVIDIA Corporation) Hidden
NVIDIA Systemsteuerung 332.21 (Version: 332.21 - NVIDIA Corporation) Hidden
NVIDIA Update 10.11.15 (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Update Core (Version: 10.11.15 - NVIDIA Corporation) Hidden
NVIDIA Virtual Audio 1.2.19 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver) (Version: 1.2.19 - NVIDIA Corporation)
RICOH R5U8xx Media Driver ver.3.62.02 (HKLM\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.62.02 - RICOH)
SHIELD Streaming (Version: 1.6.85 - NVIDIA Corporation) Hidden
System Update kb70007 (Version: 1.0.0 - MSR) Hidden
TeamSpeak 3 Client (HKLM\...\TeamSpeak 3 Client) (Version: 3.0.14 - TeamSpeak Systems GmbH)
Virtual Audio Cable 4.10 (HKLM\...\Virtual Audio Cable 4.10) (Version:  - )
Winamp (HKLM\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
WinRAR 5.01 (32-Bit) (HKLM\...\WinRAR archiver) (Version: 5.01.0 - win.rar GmbH)

==================== Restore Points  =========================

13-05-2014 09:05:50 Windows Update
14-05-2014 09:03:45 AA11
14-05-2014 19:00:40 DirectX wurde installiert
14-05-2014 21:17:52 DirectX wurde installiert
14-05-2014 23:35:37 Windows Update
15-05-2014 11:42:14 AA11

==================== Hosts content: ==========================

2009-07-14 04:04 - 2009-06-10 23:39 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (whitelisted) =============

Task: {1BB89AD4-3C3A-42D0-9CF6-A0A5A8DF2A39} - System32\Tasks\GPUpdate => C:\Users\Jan\AppData\Roaming\GetPrivate\gp_upd.exe [2014-05-13] ()
Task: {215F6E25-FBDC-4792-80CE-113F63F866E1} - System32\Tasks\SW-Booster-S-702149676 => c:\programdata\itsmyapp\sw-booster\SW-Booster.exe
Task: {C466B0A0-A28D-4B57-882F-293F688E84EB} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13] (Adobe Systems Incorporated)
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Loaded Modules (whitelisted) =============

2013-12-06 20:14 - 2013-12-19 20:37 - 00107296 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax.dll
2014-05-13 22:53 - 2014-05-08 15:23 - 00018944 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\WindowsUpdater.exe
2014-05-13 22:53 - 2014-05-08 15:23 - 00064000 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\InstallerLibrary.dll
2014-05-13 22:53 - 2014-05-08 15:23 - 00016896 _____ () C:\Windows\Microsoft\SystemUpdatekb70007\Installer.dll
2014-05-13 22:53 - 2014-05-15 14:17 - 00086528 _____ () C:\Program Files\MSR\Privoxy\mgwz.dll
2014-05-14 19:34 - 2014-05-07 04:27 - 03839088 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll
2014-05-13 21:08 - 2014-05-13 21:08 - 16361136 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== EXE Association (whitelisted) =============


==================== Disabled items from MSCONFIG ==============


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (05/14/2014 11:53:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0x1184
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/14/2014 11:17:50 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {915dad4b-985f-485f-8f3d-afceda119803}

Error: (05/14/2014 11:08:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0xffc
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/14/2014 10:34:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0xb0c
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/14/2014 10:17:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0x7f4
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/14/2014 09:55:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0xda4
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/14/2014 09:47:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0x840
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/14/2014 09:36:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Name der fehlerhaften Anwendung: csgo.exe, Version: 0.0.0.0, Zeitstempel: 0x53628ca7
Name des fehlerhaften Moduls: tier0.dll, Version: 0.0.0.0, Zeitstempel: 0x5362c098
Ausnahmecode: 0x40000015
Fehleroffset: 0x0002181e
ID des fehlerhaften Prozesses: 0x1184
Startzeit der fehlerhaften Anwendung: 0xcsgo.exe0
Pfad der fehlerhaften Anwendung: csgo.exe1
Pfad des fehlerhaften Moduls: csgo.exe2
Berichtskennung: csgo.exe3

Error: (05/14/2014 09:00:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005, Zugriff verweigert
.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {915dad4b-985f-485f-8f3d-afceda119803}

Error: (05/14/2014 00:23:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: Jan-PC)
Description: Produkt: Adobe Reader XI - Deutsch - Update "{AC76BA86-7AD7-0000-2550-7A8C40011007}" konnte nicht installiert werden. Fehlercode 1625. Windows Installer kann Protokolle erstellen, um bei der Problembehandlung betreffend der Installation von Softwarepaketen behilflich zu sein. Verwenden Sie folgenden Link, um Anweisungen zur Aktivierung der Protokollierungsunterstützung zu erhalten: hxxp://go.microsoft.com/fwlink/?LinkId=23127


System errors:
=============
Error: (05/14/2014 11:46:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Updating Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/14/2014 11:46:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Security Center Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/14/2014 11:46:35 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: Der Dienst "Spybot-S&D 2 Scanner Service" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (05/14/2014 11:42:49 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "SW-Sustainer" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/14/2014 11:41:01 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Supporter" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/14/2014 11:18:41 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst BlockAndSurf erreicht.

Error: (05/13/2014 10:54:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: Dienst "Search Protect Service" wurde unerwartet beendet. Dies ist bereits 1 Mal passiert.

Error: (05/12/2014 10:44:45 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers nicht gestartet: 
%%1053

Error: (05/12/2014 10:44:45 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst Steam Client Service erreicht.

Error: (04/27/2014 11:33:57 AM) (Source: ACPI) (EventID: 13) (User: )
Description: : Der eingebettete Controller (EC) hat nicht innerhalb des angegebenen Zeitlimits reagiert. Dies deutet auf einen Fehler in der EC-Hardware oder -Firmware hin bzw. darauf, dass das BIOS auf falsche Art auf den EC zugreift. Fragen Sie den Computerhersteller nach einem aktualisierten BIOS. Dieser Fehler kann in einigen Situationen zur Folge haben, dass der Computer fehlerhaft läuft.


Microsoft Office Sessions:
=========================
Error: (05/14/2014 11:53:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181e118401cf6fba271f2c5eG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll20c04a4a-dbb2-11e3-9838-001d606b6967

Error: (05/14/2014 11:17:50 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {915dad4b-985f-485f-8f3d-afceda119803}

Error: (05/14/2014 11:08:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181effc01cf6fb3f947451aG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dlle7f1ad5d-dbab-11e3-9838-001d606b6967

Error: (05/14/2014 10:34:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181eb0c01cf6fb34836bfe3G:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll2f3d1ee9-dba7-11e3-9838-001d606b6967

Error: (05/14/2014 10:17:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181e7f401cf6fae8514f91aG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dllbd04743e-dba4-11e3-9838-001d606b6967

Error: (05/14/2014 09:55:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181eda401cf6fad7195de2bG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dllb9d69425-dba1-11e3-9838-001d606b6967

Error: (05/14/2014 09:47:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181e84001cf6fabf1291a9cG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dlla2d54a2f-dba0-11e3-9838-001d606b6967

Error: (05/14/2014 09:36:17 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: csgo.exe0.0.0.053628ca7tier0.dll0.0.0.05362c098400000150002181e118401cf6fa96471365eG:\Steam\steamapps\common\Counter-Strike Global Offensive\csgo.exeG:\Steam\steamapps\common\Counter-Strike Global Offensive\bin\tier0.dll042706d7-db9f-11e3-9838-001d606b6967

Error: (05/14/2014 09:00:35 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005, Zugriff verweigert


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {915dad4b-985f-485f-8f3d-afceda119803}

Error: (05/14/2014 00:23:19 PM) (Source: MsiInstaller) (EventID: 1024) (User: Jan-PC)
Description: Adobe Reader XI - Deutsch{AC76BA86-7AD7-0000-2550-7A8C40011007}1625(NULL)(NULL)(NULL)


==================== Memory info =========================== 

Percentage of memory in use: 34%
Total physical RAM: 3071.3 MB
Available physical RAM: 2002.75 MB
Total Pagefile: 6140.9 MB
Available Pagefile: 4919.7 MB
Total Virtual: 2047.88 MB
Available Virtual: 1918.57 MB

==================== Drives ================================

Drive c: (Main) (Fixed) (Total:67.07 GB) (Free:24.38 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (DATA) (Fixed) (Total:44.71 GB) (Free:39.35 GB) NTFS
Drive f: (INTENSO) (Removable) (Total:3.73 GB) (Free:1.28 GB) FAT32
Drive g: (Elements) (Fixed) (Total:931.51 GB) (Free:716.72 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 112 GB) (Disk ID: 15807A61)
Partition 1: (Active) - (Size=67 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=45 GB) - (Type=OF Extended)

========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)

Partition: GPT Partition Type.

========================================================
Disk: 2 (MBR Code: Windows XP) (Size: 932 GB) (Disk ID: 00261DDD)
Partition 1: (Not Active) - (Size=932 GB) - (Type=07 NTFS)

==================== End Of Log ============================
Hier der GMER logfile:
Code:
ATTFilter
GMER 2.1.19357 - hxxp://www.gmer.net
Rootkit scan 2014-05-16 00:42:49
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 FUJITSU_MHW2120BH rev.00930013 111,79GB
Running: Gmer-19357.exe; Driver: C:\Users\Jan\AppData\Local\Temp\pxldypow.sys


---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 142D                                                                           82A56A15 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                             82A90212 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}

---- User code sections - GMER 2.1 ----

.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateFile + 6               77BF560E 4 Bytes  [28, 20, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateFile + B               77BF5613 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateKey + 6                77BF564E 4 Bytes  [68, 21, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateKey + B                77BF5653 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateMutant + 6             77BF568E 4 Bytes  [68, 22, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateMutant + B             77BF5693 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateSection + 6            77BF572E 4 Bytes  [A8, 22, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtCreateSection + B            77BF5733 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtMapViewOfSection + B         77BF5C73 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenFile + 6                 77BF5D1E 4 Bytes  [68, 20, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenFile + B                 77BF5D23 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenKey + 6                  77BF5D4E 4 Bytes  [A8, 21, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenKey + B                  77BF5D53 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenKeyEx + B                77BF5D63 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenMutant + 6               77BF5D9E 4 Bytes  [28, 22, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenMutant + B               77BF5DA3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcess + 6              77BF5DCE 4 Bytes  [68, 23, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcess + B              77BF5DD3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcessToken + 6         77BF5DDE 4 Bytes  [A8, 23, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcessToken + B         77BF5DE3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcessTokenEx + 6       77BF5DEE 4 Bytes  [68, 24, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenProcessTokenEx + B       77BF5DF3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenSection + B              77BF5E13 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThread + 6               77BF5E4E 4 Bytes  [28, 23, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThread + B               77BF5E53 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThreadToken + 6          77BF5E5E 4 Bytes  [28, 24, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThreadToken + B          77BF5E63 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThreadTokenEx + 6        77BF5E6E 4 Bytes  [A8, 24, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtOpenThreadTokenEx + B        77BF5E73 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtQueryAttributesFile + 6      77BF5F7E 4 Bytes  [A8, 20, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtQueryAttributesFile + B      77BF5F83 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtQueryFullAttributesFile + B  77BF6033 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtSetInformationFile + 6       77BF667E 4 Bytes  [28, 21, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtSetInformationFile + B       77BF6683 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtSetInformationThread + B     77BF66E3 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtUnmapViewOfSection + 6       77BF69FE 4 Bytes  [28, 25, 07, 00]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ntdll.dll!NtUnmapViewOfSection + B       77BF6A03 1 Byte  [E2]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] kernel32.dll!CreateProcessW              763F204D 5 Bytes  JMP 00080030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] kernel32.dll!CreateProcessA              763F2082 5 Bytes  JMP 00080070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!ActivateKeyboardLayout        765D8203 5 Bytes  JMP 000C04F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!ScreenToClient                765DA506 7 Bytes  JMP 000C0670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!RegisterClipboardFormatA      765DC091 5 Bytes  JMP 000C02F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!RegisterClipboardFormatW      765DDF8D 5 Bytes  JMP 000C02B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!SetCursor                     765E3075 5 Bytes  JMP 000C0530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!MonitorFromWindow             765E3622 7 Bytes  JMP 000C0630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!PostMessageW                  765E447B 5 Bytes  JMP 000C05F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!IsWindowVisible               765E4D69 7 Bytes  JMP 000C06B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClientRect                 765E54DD 7 Bytes  JMP 000C05B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!MapWindowPoints               765E5CAA 5 Bytes  JMP 000C0570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetParent                     765E6029 7 Bytes  JMP 000C06F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!EmptyClipboard                765F290C 5 Bytes  JMP 000C0130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!SetClipboardData              765F2962 5 Bytes  JMP 000C0170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardData              765F2BA7 5 Bytes  JMP 000C0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardFormatNameW       765F5FD2 5 Bytes  JMP 000C0230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!SetClipboardViewer            765F6FF6 5 Bytes  JMP 000C04B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardFormatNameA       765F700A 5 Bytes  JMP 000C0270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!ChangeClipboardChain          7660147C 5 Bytes  JMP 000C0430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetTopWindow                  766024D9 7 Bytes  JMP 000C0730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!CloseClipboard                7660446C 5 Bytes  JMP 000C00B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!OpenClipboard                 7660447E 5 Bytes  JMP 000C0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!IsClipboardFormatAvailable    766044FF 5 Bytes  JMP 000C00F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardSequenceNumber    76604513 5 Bytes  JMP 000C0330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardOwner             76604525 5 Bytes  JMP 000C0370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!CountClipboardFormats         7660470A 5 Bytes  JMP 000C01F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!EnumClipboardFormats          766047EC 5 Bytes  JMP 000C01B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetOpenClipboardWindow        7660480B 5 Bytes  JMP 000C03F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!SetCursorPos                  7661C1B0 5 Bytes  JMP 000C0770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetClipboardViewer            76634AF7 5 Bytes  JMP 000C0470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] user32.DLL!GetPriorityClipboardFormat    76634BF9 5 Bytes  JMP 000C03B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!DeleteObject                   77885F14 5 Bytes  JMP 000D01B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SelectObject                   77886640 5 Bytes  JMP 000D05F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetTextColor                   77886906 5 Bytes  JMP 000D0A30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetBkMode                      778869B1 5 Bytes  JMP 000D08F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!DeleteDC                       77886EAA 5 Bytes  JMP 000D0170 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetDeviceCaps                  77886F7F 5 Bytes  JMP 000D03B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ExtSelectClipRgn               77887114 5 Bytes  JMP 000D02F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SelectClipRgn                  77887242 5 Bytes  JMP 000D05B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetStretchBltMode              77887705 5 Bytes  JMP 000D06B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetCurrentObject               77887917 5 Bytes  JMP 000D0370 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextMetricsW                77887B8F 5 Bytes  JMP 000D0E30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextAlign                   77887DAF 5 Bytes  JMP 000D0D70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!IntersectClipRect              77887DFE 5 Bytes  JMP 000D03F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ExtTextOutW                    77888192 5 Bytes  JMP 000D0970 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetTextAlign                   7788828E 5 Bytes  JMP 000D09F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetClipBox                     77888525 5 Bytes  JMP 000D0330 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!MoveToEx                       77888C21 5 Bytes  JMP 000D0470 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!StretchDIBits                  7788A53E 5 Bytes  JMP 000D0770 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!RestoreDC                      7788A67B 5 Bytes  JMP 000D0530 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SaveDC                         7788A74B 5 Bytes  JMP 000D0570 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextExtentPoint32W          7788B4B5 5 Bytes  JMP 000D0670 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextFaceW                   7788B73A 2 Bytes  JMP 000D0D30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextFaceW + 3               7788B73D 2 Bytes  [84, 88]
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetFontData                    7788BCC4 5 Bytes  JMP 000D0C70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetWorldTransform              7788C90A 5 Bytes  JMP 000D06F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CreateDCA                      7788CCA9 5 Bytes  JMP 000D00B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CreateDCW                      7788CF79 5 Bytes  JMP 000D00F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CreateICW                      7788CFD0 5 Bytes  JMP 000D0130 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextMetricsA                7788D0F2 5 Bytes  JMP 000D0DF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!Rectangle                      7788F1FF 5 Bytes  JMP 000D09B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!LineTo                         7788F59B 5 Bytes  JMP 000D0430 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetICMMode                     7788FAA4 5 Bytes  JMP 000D0DB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ExtTextOutA                    77890D20 5 Bytes  JMP 000D0930 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextExtentPoint32A          7789117F 5 Bytes  JMP 000D0630 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ExtEscape                      77892D49 5 Bytes  JMP 000D02B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!Escape                         77893400 5 Bytes  JMP 000D0270 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!ResetDCW                       77893A9B 5 Bytes  JMP 000D0AB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!EndPage                        778940DA 5 Bytes  JMP 000D0230 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetPolyFillMode                778967E1 5 Bytes  JMP 000D0B30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SetMiterLimit                  7789699D 5 Bytes  JMP 000D0B70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetTextFaceA                   778A0D22 5 Bytes  JMP 000D0CF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!GetGlyphOutlineW               778AC2DA 5 Bytes  JMP 000D0CB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CreateScalableFontResourceW    778AE937 5 Bytes  JMP 000D0BB0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!AddFontResourceW               778AED33 5 Bytes  JMP 000D0BF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!RemoveFontResourceW            778AF229 5 Bytes  JMP 000D0C30 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!AbortDoc                       778B4E29 5 Bytes  JMP 000D0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!EndDoc                         778B5270 5 Bytes  JMP 000D01F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!StartPage                      778B535B 5 Bytes  JMP 000D0730 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!StartDocW                      778B5D76 5 Bytes  JMP 000D07F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!BeginPath                      778B651D 5 Bytes  JMP 000D0830 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!SelectClipPath                 778B6574 5 Bytes  JMP 000D0AF0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!CloseFigure                    778B65CF 5 Bytes  JMP 000D0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!EndPath                        778B6626 5 Bytes  JMP 000D0A70 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!StrokePath                     778B6859 5 Bytes  JMP 000D07B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!FillPath                       778B68E6 5 Bytes  JMP 000D0870 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!PolylineTo                     778B6D54 5 Bytes  JMP 000D04F0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!PolyBezierTo                   778B6DE5 5 Bytes  JMP 000D04B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] GDI32.dll!PolyDraw                       778B6E97 5 Bytes  JMP 000D08B0 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ole32.dll!OleSetClipboard                77AB0045 5 Bytes  JMP 000F0030 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ole32.dll!OleIsCurrentClipboard          77AB36B2 5 Bytes  JMP 000F0070 
.text           C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_13_0_0_214.exe[2068] ole32.dll!OleGetClipboard                77ADFDCD 5 Bytes  JMP 000F00B0 
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3984] ntdll.dll!LdrLoadDll                                            77C122AE 5 Bytes  JMP 71671EB1 C:\Program Files\Mozilla Firefox\mozglue.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3984] kernel32.dll!K32GetDeviceDriverBaseNameW + 5D                   764394E6 7 Bytes  JMP 5DC084D6 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3984] kernel32.dll!QueryPerformanceCounter + 13                       7643C4E5 7 Bytes  JMP 5DC084F9 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3984] kernel32.dll!LoadAppInitDlls + 355                              7643F5A6 7 Bytes  JMP 5D283A32 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\firefox.exe[3984] GDI32.dll!GetViewportOrgEx + 26C                                7788884B 7 Bytes  JMP 5DC08457 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] USER32.dll!GetWindowInfo                               765E4B5E 5 Bytes  JMP 5D4BD777 C:\Program Files\Mozilla Firefox\xul.dll
.text           C:\Program Files\Mozilla Firefox\plugin-container.exe[5112] USER32.dll!ToUnicodeEx + 71                            765F2223 7 Bytes  JMP 5D4B70E4 C:\Program Files\Mozilla Firefox\xul.dll

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                           fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Superfetch@VirtualStoreSize                                      1492

---- EOF - GMER 2.1 ----
Und hier noch 2 Malwarebyte logs, die ich im Vorfeld schon einmal durchgeführt hatte.
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 14.05.2014
Scan Time: 12:18:35
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.14.02
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Jan

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 240744
Time Elapsed: 1 hr, 3 min, 10 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
Code:
ATTFilter
 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 15.05.2014
Scan Time: 14:13:48
Logfile: mbam2.txt
Administrator: Yes

Version: 2.00.1.1004
Malware Database: v2014.05.15.04
Rootkit Database: v2014.03.27.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Chameleon: Disabled

OS: Windows 7 Service Pack 1
CPU: x86
File System: NTFS
User: Jan

Scan Type: Hyper Scan
Result: Completed
Objects Scanned: 209344
Time Elapsed: 4 min, 39 sec

Memory: Enabled
Startup: Enabled
Filesystem: Disabled
Archives: Enabled
Rootkits: Disabled
Shuriken: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Vielen Dank schonmal für Ihre Hilfe.

MfG JanR91
Geändert von JanR91 (16.05.2014 um 00:15 Uhr)

 

Themen zu Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall
association, auslastung, fehlercode 1, flash player, homepage, iexplore.exe, installation, services.exe, software, svchost.exe, virenbefal, win32/adware.lollipop.t, win32/adware.pricepeep.b, win32/conduit.searchprotect.h, win32/installerex.m, win32/mypcbackup.a, win32/outbrowse.c, win32/outbrowse.d, win32/skintrim.lq, win32/toolbar.conduit.r, win32/wajam.b, win32/wajam.d, win32/wajam.f, windows, windows xp


« Keylogger auf dem System, WoW Account Angegriffen | Windows 8.1 Adware , Trojaner verdacht , Websiten werden auf Werbung umgeleitet »


Ähnliche Themen: Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall


  1. Möglicher Virenbefall im kompletten Netzwerk
    Antiviren-, Firewall- und andere Schutzprogramme - 27.07.2015 (4)
  2. Windows 7: Virusmeldungen + CPU und RAM Auslastung sehr hoch
    Log-Analyse und Auswertung - 01.04.2015 (15)
  3. System fährt extrem langsam hoch- Virenbefall??
    Plagegeister aller Art und deren Bekämpfung - 19.02.2015 (84)
  4. Windows 7 Lüfter durchgehend laut CPU Auslastung gering - PC neu aufgesetzt nach Virenbefall
    Log-Analyse und Auswertung - 19.02.2015 (18)
  5. Windows 7: Möglicher Virenbefall, Rechner lange Zeit ohne Antivirussoftware benutzt
    Plagegeister aller Art und deren Bekämpfung - 07.02.2015 (9)
  6. windows 7 cpu Auslastung sehr hoch vermute Virus
    Plagegeister aller Art und deren Bekämpfung - 09.01.2015 (23)
  7. Windows 8.1 neuer Laptop CPu auslastung bei allem zu hoch Tastatur reagiert sehr spät
    Plagegeister aller Art und deren Bekämpfung - 23.12.2014 (4)
  8. Möglicher Trojaner-/Virenbefall von Webseite
    Plagegeister aller Art und deren Bekämpfung - 20.02.2014 (3)
  9. hohe cpu-auslastung durch systemunterbrechungen sowie virenbefall
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (9)
  10. PC fährt nicht hoch, mit Fehlermeldung - WinXP, 32bit, BIOS Version V1.3 110405
    Netzwerk und Hardware - 26.02.2013 (2)
  11. CPU Auslastung zu hoch, was tun?
    Log-Analyse und Auswertung - 30.11.2012 (5)
  12. Cpu & ram auslastung zu hoch!
    Netzwerk und Hardware - 24.11.2012 (0)
  13. CPU Auslastung zu hoch
    Log-Analyse und Auswertung - 19.02.2011 (7)
  14. CPU Auslastung als auch RAM ständig zu hoch (Windows 7)
    Alles rund um Windows - 21.01.2011 (18)
  15. CPU Auslastung zu hoch
    Log-Analyse und Auswertung - 14.02.2010 (1)
  16. CPU-Auslastung hoch
    Mülltonne - 20.12.2008 (0)
  17. Hoch CPU-Auslastung
    Alles rund um Windows - 17.11.2007 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall - Hallo Trojaner-Board, seit einigen Tagen habe ich das Problem, das mein Laptop eine relativ hohe CPU-Auslastung hat. Möglicherweise habe ich mir durch Surfen im Internet einen oder mehrere Viren/Trojaner eingefangen. - Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall...
Archiv
Du betrachtest: Windows 7(32Bit): CPU Auslastung hoch/möglicher Virenbefall auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131