Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: win32/small.ca virus entdeckt + blue screen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Alt 09.06.2013, 17:01   #1
IceQueen
 
win32/small.ca virus entdeckt + blue screen - Standard

win32/small.ca virus entdeckt + blue screen



Hi,

seit etwa 2 Tagen meldet sich der Blue Screen of Death vermehrt bei mir.
Nachdem ich gestern ein paar Windows updates vorgenommen habe, habe ich fest gestellt, dass das Wartungscenter diese Nachricht für mich hatte:

"Windows hat Win32/Small.CA, einen bekannten Computervirus, auf ihrem Pc erkannt. "
Kein Pfad, nur das er am 4.6. entdeckt wurde, und einmal bewirkt hat, dass der PC nicht mehr ordnungsgemäß funktioniert.

Virenscans haben nichts weiter gebracht.

Habe defogger benutzt, keine Fehlermeldung erhalten.


OTL
Code:
ATTFilter
OTL logfile created on: 09.06.2013 16:53:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 51,43% Memory free
6,49 Gb Paging File | 4,44 Gb Available in Paging File | 68,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 170,90 Gb Total Space | 31,18 Gb Free Space | 18,24% Space Free | Partition Type: NTFS
Drive D: | 68,97 Gb Total Space | 19,58 Gb Free Space | 28,38% Space Free | Partition Type: NTFS
Drive E: | 80,08 Gb Total Space | 22,15 Gb Free Space | 27,66% Space Free | Partition Type: NTFS
Drive F: | 294,76 Gb Total Space | 14,46 Gb Free Space | 4,91% Space Free | Partition Type: NTFS
Drive G: | 372,61 Gb Total Space | 42,30 Gb Free Space | 11,35% Space Free | Partition Type: NTFS
Drive H: | 465,65 Gb Total Space | 46,49 Gb Free Space | 9,98% Space Free | Partition Type: FAT32
Drive J: | 675,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: THE-SWAN | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.09 16:38:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe
PRC - [2013.06.09 16:38:23 | 000,050,477 | ---- | M] () -- G:\Defogger.exe
PRC - [2013.05.13 02:55:46 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Users\***\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
PRC - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.24 16:17:34 | 001,767,936 | ---- | M] (Last.fm) -- C:\Programme\Last.fm\Last.fm Scrobbler.exe
PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.08.31 18:06:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.08.31 18:06:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.08.31 18:06:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.08.31 18:06:04 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.08.01 16:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.07.14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe
PRC - [2008.01.22 11:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008.01.22 11:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2007.01.01 23:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\***\AppData\Roaming\Google\Google Talk\googletalk.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.06.09 16:38:23 | 000,050,477 | ---- | M] () -- G:\Defogger.exe
MOD - [2013.06.01 10:24:46 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll
MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\libglesv2.dll
MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\libegl.dll
MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll
MOD - [2013.01.28 14:08:56 | 000,087,952 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013.01.28 14:08:28 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013.01.23 20:54:34 | 000,121,856 | ---- | M] () -- C:\Programme\Last.fm\listener.dll
MOD - [2013.01.23 20:54:32 | 000,608,256 | ---- | M] () -- C:\Programme\Last.fm\unicorn.dll
MOD - [2013.01.23 20:54:16 | 000,032,768 | ---- | M] () -- C:\Programme\Last.fm\logger.dll
MOD - [2013.01.22 14:04:08 | 000,088,576 | ---- | M] () -- C:\Programme\Last.fm\lastfm_fingerprint.dll
MOD - [2013.01.22 14:04:06 | 000,354,304 | ---- | M] () -- C:\Programme\Last.fm\lastfm.dll
MOD - [2013.01.18 14:01:32 | 001,478,144 | ---- | M] () -- C:\Programme\Last.fm\libsamplerate-0.dll
MOD - [2013.01.18 13:37:32 | 002,000,384 | ---- | M] () -- C:\Programme\Last.fm\avcodec-54.dll
MOD - [2013.01.18 13:37:32 | 000,302,592 | ---- | M] () -- C:\Programme\Last.fm\avformat-54.dll
MOD - [2013.01.18 13:37:32 | 000,286,720 | ---- | M] () -- C:\Programme\Last.fm\avutil-52.dll
MOD - [2013.01.18 13:37:32 | 000,140,800 | ---- | M] () -- C:\Programme\Last.fm\swresample-0.dll
MOD - [2013.01.18 12:49:56 | 000,182,784 | ---- | M] () -- C:\Programme\Last.fm\plugins\phonon_backend\phonon_vlc.dll
MOD - [2013.01.18 12:39:50 | 000,302,592 | ---- | M] () -- C:\Programme\Last.fm\phonon.dll
MOD - [2012.10.15 21:28:38 | 002,286,592 | ---- | M] () -- C:\Programme\Last.fm\libvlccore.dll
MOD - [2012.10.15 21:28:30 | 000,049,664 | ---- | M] () -- C:\Programme\Last.fm\plugins\audio_output\libaout_directx_plugin.dll
MOD - [2012.10.15 21:27:56 | 000,111,616 | ---- | M] () -- C:\Programme\Last.fm\libvlc.dll
MOD - [2012.04.28 11:15:28 | 002,320,776 | ---- | M] () -- C:\Programme\Last.fm\libfftw3f-3.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.08.31 18:06:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.08.31 18:06:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.12.15 15:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc)
DRV - File not found [File_System | On_Demand | Stopped] --  -- (StarOpen)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.08.31 18:06:41 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012.08.31 18:06:41 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.08.31 18:06:40 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.08.31 18:06:40 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009.07.27 04:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu)
DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel)
DRV - [2005.08.17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm)
DRV - [2005.08.17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV - [2005.08.17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B 93 61 25 22 64 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "IMDb"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.startup.homepage: "hxxp://fanforum.ioff.de/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7
FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {D469DA71-A9C6-48f1-B86E-67313AADB588}:3.2.2
FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2
FF - prefs.js..extensions.enabledItems: {a81bafeb-b6ed-4501-aa17-15a2b3857e56}:3.5
FF - prefs.js..extensions.enabledItems: {74b288e6-77b6-41c7-8138-bb81f4539689}:3.5
FF - prefs.js..extensions.enabledItems: {d3d70bca-2d54-425e-b02c-b7e2f4b07688}:3.5
FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:2.20091115
FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0
FF - prefs.js..extensions.enabledItems: {ff356687-aa08-463d-a46c-11c451824939}:4.2.4
FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:4.2.4
FF - prefs.js..keyword.URL: "hxxp://ws1.appswebservice.com/index.php?tpid=10301&ttid=105&st="
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\***\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 05:39:39 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.31 18:56:51 | 000,000,000 | ---D | M]
 
[2010.02.27 23:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.11.19 18:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions
[2010.02.27 23:35:48 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
[2010.02.27 23:35:48 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
[2010.02.27 23:35:48 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429}
[2010.02.27 23:35:49 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66}
[2010.02.27 23:35:49 | 000,000,000 | ---D | M] (iFox Graphite) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
[2010.02.27 23:35:49 | 000,000,000 | ---D | M] (iFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
[2010.02.27 23:35:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010.02.27 23:35:50 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2010.02.27 23:35:50 | 000,000,000 | ---D | M] (iPox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
[2010.02.27 23:35:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010.02.27 23:35:54 | 000,000,000 | ---D | M] (iFox Smooth) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
[2010.02.27 23:35:55 | 000,000,000 | ---D | M] (LiveJournal Hook) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{D469DA71-A9C6-48f1-B86E-67313AADB588}
[2010.02.27 23:35:55 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2010.02.27 23:35:55 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
[2010.02.27 23:35:56 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2010.02.27 23:35:57 | 000,000,000 | ---D | M] (Red Cats (blue flavor)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{ff356687-aa08-463d-a46c-11c451824939}
[2010.02.27 23:35:57 | 000,000,000 | ---D | M] (FireCat LagoonPaws) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{FireCat-da96cdd0-0f65-11d9-9669-0800200c9a66}
[2010.02.27 23:35:47 | 000,000,000 | ---D | M] ("Gradient Gray") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\GradientGray@pumpel.com
[2010.02.27 23:35:47 | 000,000,000 | ---D | M] (LiveJournal Addons) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\homo_nudus@livejournal.com
[2010.05.02 01:05:02 | 000,000,000 | ---D | M] (CrowdStar Gamebar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\toolbar@ask.com
[2010.02.27 23:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions
[2010.02.27 23:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS
[2009.08.09 23:39:24 | 000,665,733 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}\chrome\tmp-4.xpi
[2009.08.09 23:39:22 | 000,762,510 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}\chrome\tmp-3.xpi
[2009.08.09 23:39:31 | 000,612,107 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}\chrome\tmp-8.xpi
[2008.02.08 07:47:30 | 000,001,204 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\xpinstall\xpinstallConfirm.css
[2008.01.27 19:53:20 | 000,001,812 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\xpinstall\xpinstallItemGeneric.png
[2009.08.09 23:39:27 | 000,750,444 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}\chrome\tmp-5.xpi
[2007.03.04 16:36:09 | 000,989,543 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\GradientGray@pumpel.com\chrome\gradient_gray-1.4-fx.xpi
[2012.03.10 08:25:19 | 000,002,511 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\amazon-de.xml
[2012.03.10 08:25:19 | 000,000,991 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\ebay-deutschland.xml
[2008.06.25 20:11:26 | 000,000,908 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\imdb.xml
[2012.03.10 08:25:19 | 000,001,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\leo-de-en.xml
[2012.03.10 08:25:19 | 000,001,093 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\lostpedia.xml
[2012.03.10 08:25:19 | 000,001,076 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\mininova.xml
[2008.06.18 21:41:20 | 000,001,108 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\wikipedia-en.xml
[2008.05.28 06:43:44 | 000,001,628 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\youtube.xml
[2011.12.01 11:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.08.26 19:02:45 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010.06.24 00:48:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.22 14:12:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.03.06 17:18:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2010.06.24 00:48:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010.09.22 14:12:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011.03.06 17:18:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
[2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\***\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll
CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: LiveJournal: Add Preview button to new comment form = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpohkinnollkepobbmfompgncblldlbf\1.0_0\
CHR - Extension: Adblock Plus = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\
CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\8.0_0\
CHR - Extension: Session Buddy = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0\
CHR - Extension: Stylish = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.1_0\
CHR - Extension: XKit = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd\7.1.0_0\
CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\
CHR - Extension: LJ Account Juggler = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hilmhfanjaopnpifmelahkepnglhkkeg\3.2.0_0\
CHR - Extension: Die2Nite Map Viewer updater = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjndgoejgacbklpeeiloghkihmijjlnc\1.1_0\
CHR - Extension: LiveJournal Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmfgnboikinlhnaomlhalipemjbmfgi\2.5.10_0\
CHR - Extension: Girls with Slingshots = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\klekabppkloooaiiialimdjlchhjagje\0.4.2_0\
CHR - Extension: AT_PPQ = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmcplcebggimminoiheibhndgamccdgl\2_0\
CHR - Extension: Little Alchemy = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\
CHR - Extension: Die2Nite Agent = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbnodoolliadkflmgoebfepeehmelnj\1.17_0\
 
O1 HOSTS File: ([2011.05.16 21:03:33 | 000,000,860 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [PWRISOVM.EXE] F:\Games\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKCU..\Run: [googletalk] C:\Users\***\AppData\Roaming\Google\Google Talk\googletalk.exe (Google)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation)
O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe ()
O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Copy to Semagic - C:\Programme\Semagic\copy.htm ()
O8 - Extra context menu item: Semagic - C:\Programme\Semagic\link.htm ()
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46B1D4F9-5B55-4DA4-A35E-500BC5927E31}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2007.10.05 16:21:18 | 000,000,000 | ---D | M] - J:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2004.10.05 19:11:42 | 000,180,224 | R--- | M] () - J:\Autorun.exe -- [ CDFS ]
O32 - AutoRun File - [2004.08.24 17:57:32 | 000,000,042 | R--- | M] () - J:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{06d3314d-f02e-11e0-a561-6cf04971fefe}\Shell - "" = AutoRun
O33 - MountPoints2\{06d3314d-f02e-11e0-a561-6cf04971fefe}\Shell\AutoRun\command - "" = "K:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{8e770dc6-23e2-11df-98e8-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{8e770dc6-23e2-11df-98e8-806e6f6e6963}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2004.10.05 19:11:42 | 000,180,224 | R--- | M] ()
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe -auto
O33 - MountPoints2\K\Shell - "" = AutoRun
O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe -auto
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.09 02:58:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan
[2013.06.09 00:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.06.09 00:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2013.06.08 20:10:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Atari
[2013.06.08 20:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari
[2013.06.07 16:46:47 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\RCT3
[2013.06.06 23:31:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Leadertech
[2013.06.06 23:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Atari
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.09 16:49:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable
[2013.06.09 16:31:19 | 000,032,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 16:31:19 | 000,032,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.09 16:26:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.09 16:25:55 | 303,090,725 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.09 16:25:51 | 2613,694,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.09 16:02:05 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2076165687-2804224095-2318519866-1001UA.job
[2013.06.09 00:31:02 | 004,816,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.06.08 20:09:30 | 000,001,221 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
[2013.06.08 20:07:18 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2013.06.08 03:02:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2076165687-2804224095-2318519866-1001Core.job
[2013.06.05 22:03:53 | 000,002,467 | ---- | M] () -- C:\Users\***\Desktop\Chrome.lnk
[2013.05.28 22:11:19 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.09 16:49:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable
[2013.06.09 00:09:11 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.06.09 00:08:22 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.06.08 20:09:30 | 000,001,221 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk
[2013.06.08 20:07:18 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk
[2013.06.07 16:46:03 | 000,002,467 | ---- | C] () -- C:\Users\***\Desktop\Chrome.lnk
[2012.07.10 22:49:37 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2012.07.10 22:49:37 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2012.07.10 22:42:04 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.05.31 06:15:49 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe GIF Format CS5 Prefs
[2010.11.15 03:24:43 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2010.10.22 06:49:39 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel
[2010.07.08 00:16:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.23 23:54:05 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs
[2010.06.22 16:32:13 | 000,001,456 | ---- | C] () -- C:\Users\***\AppData\Local\Adobe Save for Web 12.0 Prefs
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011.04.18 18:06:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple
[2010.02.27 23:42:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\acccore
[2010.03.04 16:54:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon
[2013.06.08 20:10:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari
[2010.03.19 17:15:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited
[2010.09.23 02:03:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2011.08.14 16:31:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go
[2011.02.22 04:15:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0
[2010.05.23 16:18:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder
[2011.04.24 03:04:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo
[2011.05.16 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView
[2013.06.06 23:31:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech
[2012.07.31 17:11:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera
[2012.07.11 01:45:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape
[2013.06.09 02:58:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan
[2011.03.01 18:29:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rovio
[2010.03.14 04:55:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SharePod
[2010.06.28 22:37:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony
[2010.07.26 22:06:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2013.06.06 05:32:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 

< End of report >
         

Extras
Code:
ATTFilter
OTL Extras logfile created on: 09.06.2013 16:53:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 51,43% Memory free
6,49 Gb Paging File | 4,44 Gb Available in Paging File | 68,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 170,90 Gb Total Space | 31,18 Gb Free Space | 18,24% Space Free | Partition Type: NTFS
Drive D: | 68,97 Gb Total Space | 19,58 Gb Free Space | 28,38% Space Free | Partition Type: NTFS
Drive E: | 80,08 Gb Total Space | 22,15 Gb Free Space | 27,66% Space Free | Partition Type: NTFS
Drive F: | 294,76 Gb Total Space | 14,46 Gb Free Space | 4,91% Space Free | Partition Type: NTFS
Drive G: | 372,61 Gb Total Space | 42,30 Gb Free Space | 11,35% Space Free | Partition Type: NTFS
Drive H: | 465,65 Gb Total Space | 46,49 Gb Free Space | 9,98% Space Free | Partition Type: FAT32
Drive J: | 675,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: THE-SWAN | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0897427C-004F-4017-923D-19414DAC12C0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{0C1D3967-0DE9-47F9-8EFA-7D4AACC3B9E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{26654C1F-912D-4F04-81AD-24B56CE32985}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{2A79667F-7E70-4E10-A69E-6393B1696A75}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2CB9E7CD-AEA7-4B3D-8B6C-5B499C95E49A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2EFA8DC6-2AD0-408A-AD70-841E26928356}" = rport=138 | protocol=17 | dir=out | app=system | 
"{38E472D5-37B5-4F94-8FA9-57B4E233FBE8}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{42FEFF08-A7D2-4411-A3FC-A20EDDA225A7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{47366416-F55D-4CA1-ADA6-C78BEE9B1D12}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4FC62578-E360-4EAB-A735-FF7F89F91788}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{4FEA1F31-581A-4510-A300-B8538ABDBA8A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{500E24A1-038F-438A-8244-C1202ED1DA47}" = lport=445 | protocol=6 | dir=in | app=system | 
"{53486B89-E11A-48FB-9DD6-47C450ADAB02}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{64ED1788-67B2-4339-B171-E30B6A69D7EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{66BF6BAE-437F-4BD4-869F-8077C2874003}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6A85D9DF-5167-4436-B8D5-5808813C7082}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6AEB4A5B-19D0-484C-AC6B-2A7DEE31A74C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7FEE47A6-4DB9-4015-8142-D39037665FF6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{8E002564-B93B-4F3D-AE14-4761BB027302}" = lport=139 | protocol=6 | dir=in | app=system | 
"{8EE141DF-32FC-478B-8818-5889A5312F6E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D0E0669A-C77F-4FEA-8E0D-2F78D74AADD0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D1444F4E-8D96-420A-9263-7EDA2FD7B749}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FFCAF0D6-3A26-4383-A483-4190F7D7C67C}" = rport=137 | protocol=17 | dir=out | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09A22307-937B-4D5B-A87B-DF095E625E15}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{1180EE62-3207-4795-ABCD-0DA982D2CE92}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{15B9471F-201F-4F17-B3C9-CE758580E11B}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe | 
"{1D31505D-28AF-439F-8EAC-4D841CCCAC89}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe | 
"{2FDC4C6F-BE3D-44E7-8AA8-B573EF82DD68}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{358D8386-5325-4AB2-8363-32DB585F0669}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3BBF2B9F-F874-4FAE-AEE2-644072B5FCBB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{3D306EE8-3B90-4653-99B3-740C2E8554D8}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | 
"{47E9D71A-34EE-473C-8968-4376F5FA920B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4EFF8904-A72A-4C96-983B-5BC5D98172CC}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe | 
"{55D09581-B6A4-41F8-B12A-9915AF5A0859}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"{56744841-0DB4-49BF-B48B-2D00D2FBBD3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5B501B3F-0FB7-4CF3-8F4A-15A4676CDA16}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe | 
"{5FFFA5EE-C711-4B58-8B8A-ADE514AC1784}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{66FA6626-29D4-4B72-8CC2-8346559093F9}" = protocol=6 | dir=out | app=system | 
"{6BFE3C09-798A-4F8C-BB79-3B9A6B20E4AA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6F3221B5-B4D0-49AD-BDC8-38745FB865D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6FC594E6-FA94-4417-9841-88754C7D1B59}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{7176027C-CE17-40CC-8839-C5D5008E7003}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{71C14B36-7A07-460E-A7CD-1BDC7DBD77E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{73A8D4AD-1BB3-4793-B9BE-1475461927A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7BF84B83-4390-4BEE-9EBF-A03CC08C8D01}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{7DE06240-9FD3-40D3-A9FE-961E3F07ADD0}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe | 
"{8EFEC7DF-1EAA-475B-BA03-78BC617EBF13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{911C652E-3F8B-41C9-8B82-82C2FF6A668D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9298D418-E790-49E8-9851-99A171C871F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A3AF01F4-B2D3-4379-BD46-7B3DE02F0C02}" = dir=in | app=c:\program files\itunes\itunes.exe | 
"{A8B59C8B-E749-491E-BDCE-CD08D5F3BC97}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe | 
"{ACF1D017-7BA3-4ACF-A4D0-0C8FA8293EB8}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{B05397EF-253A-4C17-971E-671D4FDA56D6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe | 
"{B72F01E4-104E-4514-96BD-90333BF91A42}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe | 
"{C28F8BDD-DECB-4B29-AD3B-4881118793D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{C2EEC9B1-C59E-4541-AB31-9055870EF98A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C4DBC66A-EA38-42FC-97D2-D41DBB016033}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | 
"{C5788EDA-2728-402B-9FBD-35278BDECDC5}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe | 
"{D1D8D193-C4D5-497C-837F-6ADB61390440}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{DB75476F-C74A-46CD-A197-8B08F530D13D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{DC9D0D27-5044-4666-94C6-E17D347E17E3}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | 
"{DD45792A-5249-4807-AE41-4BCC543FE1CA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{F1BAA99F-57AA-4732-847B-49B5A83014E6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe | 
"{F9741C4A-6DC1-4B0F-910D-C901B26E9F8B}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe | 
"{FA9D6B48-945F-4F0B-8B2A-2D0DF13D5878}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe | 
"TCP Query User{0F9B48B0-F6FA-498B-BB9F-B15A07D7045B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{2397CAB6-F89A-4DE0-90F1-9D256124BECD}C:\program files\sony\vegas pro 9.0\vegsrv90.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegsrv90.exe | 
"TCP Query User{444BBF13-5436-4EA9-842B-2FBEFB8E6B3B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{5F9CFE06-B9CC-4C43-A100-68E42B4D22E5}C:\program files\intervideo\dvd7\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd7\windvd.exe | 
"TCP Query User{62EF3862-252C-457F-97BF-76DCF04C93D5}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"TCP Query User{6FAC2637-27C9-46E8-8E88-6A21660418C5}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | 
"TCP Query User{86811EB0-BEF8-4794-9E64-6DB8203FD6A7}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe | 
"TCP Query User{8B1DF195-176E-4640-ADDC-BCE50C95BA57}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe | 
"TCP Query User{8FF82CB6-D42D-4BCF-81EE-8F7378D8DDF3}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"TCP Query User{C3759AE0-05E2-4F38-A9FA-20396BEBBB78}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe | 
"UDP Query User{0783F262-FDEF-419C-BD87-D04EB3E52584}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe | 
"UDP Query User{157B05B2-69D3-4B80-A21A-F90EE83826ED}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{22A9A61A-DF76-4364-AC9C-EA5184EF572C}C:\program files\intervideo\dvd7\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd7\windvd.exe | 
"UDP Query User{45DF4C3D-F0BD-42D6-A830-8FA192BF60C6}C:\program files\sony\vegas pro 9.0\vegsrv90.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegsrv90.exe | 
"UDP Query User{8A614BC0-6137-4A04-AC43-7AFCF1B68557}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe | 
"UDP Query User{A99983B6-A23A-45BB-A7DF-EE00C6FB5B65}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe | 
"UDP Query User{B8141986-5123-4705-A3FE-1EBB11A703DE}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe | 
"UDP Query User{BB7C15E6-D80B-413D-86DF-BA3F97AD14CF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{C65A6F42-CC0A-4D54-AD7E-6246A6BE40B0}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe | 
"UDP Query User{DC58C94A-23CB-4CD5-9B4D-9A8612B5E44A}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A2063BC-CE17-420A-A629-D9D7AE6EC136}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6723E416-88C8-4451-BE53-AEE03DBA4DBA}" = Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"ACDSee Classic" = ACDSee Classic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM_6" = AIM
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Badaboom" = Badaboom 1.2.0.87
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"InterActual Player" = InterActual Player
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full)
"LastFM_is1" = Last.fm Scrobbler 2.1.33
"LJ Comment Stats Wizard_is1" = LJ Comment Stats Wizard 1.7
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.02.1578" = Opera 12.02
"PhotoScape" = PhotoScape
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Semagic" = Semagic (remove only)
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"Vtune_is1" = Vtune 7.6
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Zynga Toolbar" = Zynga Toolbar
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 08.06.2013 13:47:14 | Computer Name = The-Swan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RCT3plus.exe, Version: 3.2.8.13, 
Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, 
Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xf0ddc870  ID des fehlerhaften
 Prozesses: 0x468  Startzeit der fehlerhaften Anwendung: 0x01ce647033b37dad  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Pfad
 des fehlerhaften Moduls: unknown  Berichtskennung: 73e3bf43-d063-11e2-9bec-6cf04971fefe
 
Error - 08.06.2013 14:07:31 | Computer Name = The-Swan | Source = VSS | ID = 8194
Description = 
 
Error - 08.06.2013 15:56:58 | Computer Name = The-Swan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RCT3plus.exe, Version: 3.2.8.13, 
Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: RCT3plus.exe, Version: 3.2.8.13,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0018fd9b  ID des fehlerhaften
 Prozesses: 0x7e8  Startzeit der fehlerhaften Anwendung: 0x01ce64791bad512a  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Berichtskennung:
 938439f5-d075-11e2-9bec-6cf04971fefe
 
Error - 08.06.2013 16:03:12 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description = 
 
Error - 08.06.2013 16:06:26 | Computer Name = The-Swan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RCT3plus.exe, Version: 3.2.8.13, 
Zeitstempel: 0x00000000  Name des fehlerhaften Moduls: RCT3plus.exe, Version: 3.2.8.13,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0018fd9b  ID des fehlerhaften
 Prozesses: 0x14d4  Startzeit der fehlerhaften Anwendung: 0x01ce648270050e4c  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Pfad
 des fehlerhaften Moduls: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Berichtskennung:
 e5fa6aea-d076-11e2-9bec-6cf04971fefe
 
Error - 09.06.2013 07:51:28 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description = 
 
Error - 09.06.2013 08:54:33 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description = 
 
Error - 09.06.2013 10:08:16 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description = 
 
Error - 09.06.2013 10:09:03 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description = 
 
Error - 09.06.2013 10:09:07 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description = 
 
[ System Events ]
Error - 08.06.2013 20:09:36 | Computer Name = The-Swan | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Media Player-Netzwerkfreigabedienst erreicht.
 
Error - 08.06.2013 20:09:36 | Computer Name = The-Swan | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
 folgenden Fehlers nicht gestartet:   %%1053
 
Error - 08.06.2013 21:30:39 | Computer Name = The-Swan | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 08.06.2013 21:30:39 | Computer Name = The-Swan | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 08.06.2013 21:30:39 | Computer Name = The-Swan | Source = DCOM | ID = 10005
Description = 
 
Error - 08.06.2013 21:31:36 | Computer Name = The-Swan | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 09.06.2013 10:15:34 | Computer Name = The-Swan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?06.?2013 um 16:14:20 unerwartet heruntergefahren.
 
Error - 09.06.2013 10:15:39 | Computer Name = THE-SWAN | Source = BugCheck | ID = 1001
Description = 
 
Error - 09.06.2013 10:26:02 | Computer Name = The-Swan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?06.?2013 um 16:24:24 unerwartet heruntergefahren.
 
Error - 09.06.2013 10:26:07 | Computer Name = THE-SWAN | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >
         

gmer
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-09 17:46:19
Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-6 SAMSUNG_HD503HI rev.1AJ100E4 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ANGELI~1\AppData\Local\Temp\fgdcipow.sys


---- System - GMER 2.1 ----

SSDT            97653D36                                                                                                                     ZwCreateSection
SSDT            97653D40                                                                                                                     ZwRequestWaitReplyPort
SSDT            97653D3B                                                                                                                     ZwSetContextThread
SSDT            97653D45                                                                                                                     ZwSetSecurityObject
SSDT            97653D4A                                                                                                                     ZwSystemDebugControl
SSDT            97653CD7                                                                                                                     ZwTerminateProcess

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                     82E8FA09 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                       82EC91F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                          82ED034C 4 Bytes  [36, 3D, 65, 97]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                          82ED06A8 4 Bytes  [40, 3D, 65, 97]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1597                                                                                          82ED06EC 4 Bytes  [3B, 3D, 65, 97]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1613                                                                                          82ED0768 4 Bytes  [45, 3D, 65, 97]
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1667                                                                                          82ED07BC 4 Bytes  [4A, 3D, 65, 97]
.text           ...                                                                                                                          

---- User code sections - GMER 2.1 ----

.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtCreateFile + 6               77DB55CE 4 Bytes  [28, D8, 5E, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtCreateFile + B               77DB55D3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtMapViewOfSection + 6         77DB5C2E 4 Bytes  [28, DB, 5E, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtMapViewOfSection + B         77DB5C33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenFile + 6                 77DB5CDE 4 Bytes  [68, D8, 5E, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenFile + B                 77DB5CE3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcess + 6              77DB5D8E 4 Bytes  [A8, D9, 5E, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcess + B              77DB5D93 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessToken + B         77DB5DA3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessTokenEx + 6       77DB5DAE 4 Bytes  [A8, DA, 5E, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessTokenEx + B       77DB5DB3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThread + 6               77DB5E0E 4 Bytes  [68, D9, 5E, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThread + B               77DB5E13 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadToken + 6          77DB5E1E 4 Bytes  [68, DA, 5E, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadToken + B          77DB5E23 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadTokenEx + B        77DB5E33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryAttributesFile + 6      77DB5F3E 4 Bytes  [A8, D8, 5E, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryAttributesFile + B      77DB5F43 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryFullAttributesFile + B  77DB5FF3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationFile + 6       77DB663E 4 Bytes  [28, D9, 5E, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationFile + B       77DB6643 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationThread + 6     77DB669E 4 Bytes  [28, DA, 5E, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationThread + B     77DB66A3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtUnmapViewOfSection + 6       77DB69BE 4 Bytes  [68, DB, 5E, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtUnmapViewOfSection + B       77DB69C3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtCreateFile + 6               77DB55CE 4 Bytes  [28, 70, 4F, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtCreateFile + B               77DB55D3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtMapViewOfSection + 6         77DB5C2E 4 Bytes  [28, 73, 4F, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtMapViewOfSection + B         77DB5C33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenFile + 6                 77DB5CDE 4 Bytes  [68, 70, 4F, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenFile + B                 77DB5CE3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcess + 6              77DB5D8E 4 Bytes  [A8, 71, 4F, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcess + B              77DB5D93 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcessToken + B         77DB5DA3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcessTokenEx + 6       77DB5DAE 4 Bytes  [A8, 72, 4F, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcessTokenEx + B       77DB5DB3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThread + 6               77DB5E0E 4 Bytes  [68, 71, 4F, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThread + B               77DB5E13 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThreadToken + 6          77DB5E1E 4 Bytes  [68, 72, 4F, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThreadToken + B          77DB5E23 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThreadTokenEx + B        77DB5E33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtQueryAttributesFile + 6      77DB5F3E 4 Bytes  [A8, 70, 4F, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtQueryAttributesFile + B      77DB5F43 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtQueryFullAttributesFile + B  77DB5FF3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationFile + 6       77DB663E 4 Bytes  [28, 71, 4F, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationFile + B       77DB6643 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationThread + 6     77DB669E 4 Bytes  [28, 72, 4F, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationThread + B     77DB66A3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtUnmapViewOfSection + 6       77DB69BE 4 Bytes  [68, 73, 4F, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtUnmapViewOfSection + B       77DB69C3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtCreateFile + 6               77DB55CE 4 Bytes  [28, 7C, 49, 00] {SUB [ECX+ECX*2+0x0], BH}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtCreateFile + B               77DB55D3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtMapViewOfSection + 6         77DB5C2E 4 Bytes  [28, 7F, 49, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtMapViewOfSection + B         77DB5C33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenFile + 6                 77DB5CDE 4 Bytes  [68, 7C, 49, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenFile + B                 77DB5CE3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcess + 6              77DB5D8E 4 Bytes  [A8, 7D, 49, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcess + B              77DB5D93 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcessToken + B         77DB5DA3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcessTokenEx + 6       77DB5DAE 4 Bytes  [A8, 7E, 49, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcessTokenEx + B       77DB5DB3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThread + 6               77DB5E0E 4 Bytes  [68, 7D, 49, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThread + B               77DB5E13 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThreadToken + 6          77DB5E1E 4 Bytes  [68, 7E, 49, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThreadToken + B          77DB5E23 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThreadTokenEx + B        77DB5E33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtQueryAttributesFile + 6      77DB5F3E 4 Bytes  [A8, 7C, 49, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtQueryAttributesFile + B      77DB5F43 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtQueryFullAttributesFile + B  77DB5FF3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationFile + 6       77DB663E 4 Bytes  [28, 7D, 49, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationFile + B       77DB6643 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationThread + 6     77DB669E 4 Bytes  [28, 7E, 49, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationThread + B     77DB66A3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtUnmapViewOfSection + 6       77DB69BE 4 Bytes  [68, 7F, 49, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtUnmapViewOfSection + B       77DB69C3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtCreateFile + 6               77DB55CE 4 Bytes  [28, C0, 7D, 00] {SUB AL, AL; JGE 0x4}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtCreateFile + B               77DB55D3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtMapViewOfSection + 6         77DB5C2E 4 Bytes  [28, C3, 7D, 00] {SUB BL, AL; JGE 0x4}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtMapViewOfSection + B         77DB5C33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenFile + 6                 77DB5CDE 4 Bytes  [68, C0, 7D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenFile + B                 77DB5CE3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcess + 6              77DB5D8E 4 Bytes  [A8, C1, 7D, 00] {TEST AL, 0xc1; JGE 0x4}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcess + B              77DB5D93 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcessToken + B         77DB5DA3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcessTokenEx + 6       77DB5DAE 4 Bytes  [A8, C2, 7D, 00] {TEST AL, 0xc2; JGE 0x4}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcessTokenEx + B       77DB5DB3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThread + 6               77DB5E0E 4 Bytes  [68, C1, 7D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThread + B               77DB5E13 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThreadToken + 6          77DB5E1E 4 Bytes  [68, C2, 7D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThreadToken + B          77DB5E23 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThreadTokenEx + B        77DB5E33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtQueryAttributesFile + 6      77DB5F3E 4 Bytes  [A8, C0, 7D, 00] {TEST AL, 0xc0; JGE 0x4}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtQueryAttributesFile + B      77DB5F43 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtQueryFullAttributesFile + B  77DB5FF3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationFile + 6       77DB663E 4 Bytes  [28, C1, 7D, 00] {SUB CL, AL; JGE 0x4}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationFile + B       77DB6643 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationThread + 6     77DB669E 4 Bytes  [28, C2, 7D, 00] {SUB DL, AL; JGE 0x4}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationThread + B     77DB66A3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtUnmapViewOfSection + 6       77DB69BE 4 Bytes  [68, C3, 7D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtUnmapViewOfSection + B       77DB69C3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtCreateFile + 6               77DB55CE 4 Bytes  [28, BC, C3, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtCreateFile + B               77DB55D3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtMapViewOfSection + 6         77DB5C2E 4 Bytes  [28, BF, C3, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtMapViewOfSection + B         77DB5C33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenFile + 6                 77DB5CDE 4 Bytes  [68, BC, C3, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenFile + B                 77DB5CE3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcess + 6              77DB5D8E 4 Bytes  [A8, BD, C3, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcess + B              77DB5D93 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcessToken + B         77DB5DA3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcessTokenEx + 6       77DB5DAE 4 Bytes  [A8, BE, C3, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcessTokenEx + B       77DB5DB3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThread + 6               77DB5E0E 4 Bytes  [68, BD, C3, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThread + B               77DB5E13 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThreadToken + 6          77DB5E1E 4 Bytes  [68, BE, C3, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThreadToken + B          77DB5E23 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThreadTokenEx + B        77DB5E33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtQueryAttributesFile + 6      77DB5F3E 4 Bytes  [A8, BC, C3, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtQueryAttributesFile + B      77DB5F43 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtQueryFullAttributesFile + B  77DB5FF3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtSetInformationFile + 6       77DB663E 4 Bytes  [28, BD, C3, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtSetInformationFile + B       77DB6643 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtSetInformationThread + 6     77DB669E 4 Bytes  [28, BE, C3, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtSetInformationThread + B     77DB66A3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtUnmapViewOfSection + 6       77DB69BE 4 Bytes  [68, BF, C3, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtUnmapViewOfSection + B       77DB69C3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtCreateFile + 6               77DB55CE 4 Bytes  [28, 24, 3D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtCreateFile + B               77DB55D3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + 6         77DB5C2E 4 Bytes  [28, 27, 3D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + B         77DB5C33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenFile + 6                 77DB5CDE 4 Bytes  [68, 24, 3D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenFile + B                 77DB5CE3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcess + 6              77DB5D8E 4 Bytes  [A8, 25, 3D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcess + B              77DB5D93 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessToken + B         77DB5DA3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessTokenEx + 6       77DB5DAE 4 Bytes  [A8, 26, 3D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessTokenEx + B       77DB5DB3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThread + 6               77DB5E0E 4 Bytes  [68, 25, 3D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThread + B               77DB5E13 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadToken + 6          77DB5E1E 4 Bytes  [68, 26, 3D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadToken + B          77DB5E23 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadTokenEx + B        77DB5E33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryAttributesFile + 6      77DB5F3E 4 Bytes  [A8, 24, 3D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryAttributesFile + B      77DB5F43 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryFullAttributesFile + B  77DB5FF3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationFile + 6       77DB663E 4 Bytes  [28, 25, 3D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationFile + B       77DB6643 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationThread + 6     77DB669E 4 Bytes  [28, 26, 3D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationThread + B     77DB66A3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + 6       77DB69BE 4 Bytes  [68, 27, 3D, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + B       77DB69C3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtCreateFile + 6               77DB55CE 4 Bytes  [28, 18, AB, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtCreateFile + B               77DB55D3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + 6         77DB5C2E 4 Bytes  [28, 1B, AB, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + B         77DB5C33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenFile + 6                 77DB5CDE 4 Bytes  [68, 18, AB, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenFile + B                 77DB5CE3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcess + 6              77DB5D8E 4 Bytes  [A8, 19, AB, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcess + B              77DB5D93 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessToken + B         77DB5DA3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessTokenEx + 6       77DB5DAE 4 Bytes  [A8, 1A, AB, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessTokenEx + B       77DB5DB3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThread + 6               77DB5E0E 4 Bytes  [68, 19, AB, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThread + B               77DB5E13 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadToken + 6          77DB5E1E 4 Bytes  [68, 1A, AB, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadToken + B          77DB5E23 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadTokenEx + B        77DB5E33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryAttributesFile + 6      77DB5F3E 4 Bytes  [A8, 18, AB, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryAttributesFile + B      77DB5F43 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryFullAttributesFile + B  77DB5FF3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationFile + 6       77DB663E 4 Bytes  [28, 19, AB, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationFile + B       77DB6643 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationThread + 6     77DB669E 4 Bytes  [28, 1A, AB, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationThread + B     77DB66A3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + 6       77DB69BE 4 Bytes  [68, 1B, AB, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + B       77DB69C3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtCreateFile + 6               77DB55CE 4 Bytes  [28, F4, B6, 00] {SUB AH, DH; MOV DH, 0x0}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtCreateFile + B               77DB55D3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtMapViewOfSection + 6         77DB5C2E 4 Bytes  [28, F7, B6, 00] {SUB BH, DH; MOV DH, 0x0}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtMapViewOfSection + B         77DB5C33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenFile + 6                 77DB5CDE 4 Bytes  [68, F4, B6, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenFile + B                 77DB5CE3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcess + 6              77DB5D8E 4 Bytes  [A8, F5, B6, 00] {TEST AL, 0xf5; MOV DH, 0x0}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcess + B              77DB5D93 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessToken + B         77DB5DA3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessTokenEx + 6       77DB5DAE 4 Bytes  [A8, F6, B6, 00] {TEST AL, 0xf6; MOV DH, 0x0}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessTokenEx + B       77DB5DB3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThread + 6               77DB5E0E 4 Bytes  [68, F5, B6, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThread + B               77DB5E13 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadToken + 6          77DB5E1E 4 Bytes  [68, F6, B6, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadToken + B          77DB5E23 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadTokenEx + B        77DB5E33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryAttributesFile + 6      77DB5F3E 4 Bytes  [A8, F4, B6, 00] {TEST AL, 0xf4; MOV DH, 0x0}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryAttributesFile + B      77DB5F43 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryFullAttributesFile + B  77DB5FF3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationFile + 6       77DB663E 4 Bytes  [28, F5, B6, 00] {SUB CH, DH; MOV DH, 0x0}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationFile + B       77DB6643 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationThread + 6     77DB669E 4 Bytes  [28, F6, B6, 00] {SUB DH, DH; MOV DH, 0x0}
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationThread + B     77DB66A3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtUnmapViewOfSection + 6       77DB69BE 4 Bytes  [68, F7, B6, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtUnmapViewOfSection + B       77DB69C3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtCreateFile + 6               77DB55CE 4 Bytes  [28, 1C, 41, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtCreateFile + B               77DB55D3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtMapViewOfSection + 6         77DB5C2E 4 Bytes  [28, 1F, 41, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtMapViewOfSection + B         77DB5C33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenFile + 6                 77DB5CDE 4 Bytes  [68, 1C, 41, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenFile + B                 77DB5CE3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcess + 6              77DB5D8E 4 Bytes  [A8, 1D, 41, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcess + B              77DB5D93 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessToken + B         77DB5DA3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessTokenEx + 6       77DB5DAE 4 Bytes  [A8, 1E, 41, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessTokenEx + B       77DB5DB3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThread + 6               77DB5E0E 4 Bytes  [68, 1D, 41, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThread + B               77DB5E13 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadToken + 6          77DB5E1E 4 Bytes  [68, 1E, 41, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadToken + B          77DB5E23 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadTokenEx + B        77DB5E33 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryAttributesFile + 6      77DB5F3E 4 Bytes  [A8, 1C, 41, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryAttributesFile + B      77DB5F43 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryFullAttributesFile + B  77DB5FF3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationFile + 6       77DB663E 4 Bytes  [28, 1D, 41, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationFile + B       77DB6643 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationThread + 6     77DB669E 4 Bytes  [28, 1E, 41, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationThread + B     77DB66A3 1 Byte  [E2]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtUnmapViewOfSection + 6       77DB69BE 4 Bytes  [68, 1F, 41, 00]
.text           C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtUnmapViewOfSection + B       77DB69C3 1 Byte  [E2]

---- Devices - GMER 2.1 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                     fltmgr.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015832e74b5                                                  
Reg             HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015832e74b5 (not active ControlSet)                              

---- EOF - GMER 2.1 ----
         

Wäre um jegliche Hilfe dankbar.

 

Themen zu win32/small.ca virus entdeckt + blue screen
adblock, antivir, autorun, avira, bho, bonjour, defender, desktop, error, fehlermeldung, firefox, flash player, format, google, hijack, install.exe, logfile, ntdll.dll, plug-in, poweriso, registry, rundll, security, software, svchost.exe, udp, updates, virus, windows, windows updates, wrapper




Ähnliche Themen: win32/small.ca virus entdeckt + blue screen


  1. Windows 7: Browser stürzt immer wieder ab + Blue Screen - Virus?
    Log-Analyse und Auswertung - 06.08.2015 (14)
  2. Seltsamer Blue-Screen... .
    Plagegeister aller Art und deren Bekämpfung - 03.05.2015 (3)
  3. Windows 7: Trojaner Win32: Dropper-gen führte evtl. zu Blue Screen
    Plagegeister aller Art und deren Bekämpfung - 01.02.2015 (24)
  4. SuggestedSites.dat entdeckt und beim GMER Scan ist system abgestützt (blue screen)
    Log-Analyse und Auswertung - 18.10.2014 (11)
  5. Blue Screen
    Plagegeister aller Art und deren Bekämpfung - 17.07.2014 (31)
  6. Blue Screen: USB-Video.sys
    Alles rund um Windows - 11.01.2014 (3)
  7. Blue Screen Win7
    Plagegeister aller Art und deren Bekämpfung - 01.07.2013 (35)
  8. Blue Screen Of Death - Kann Virus nicht finden
    Log-Analyse und Auswertung - 28.09.2012 (9)
  9. Blue Screen Auswertung
    Log-Analyse und Auswertung - 24.09.2012 (1)
  10. Blue Screen bei PC Spiel
    Alles rund um Windows - 06.02.2012 (43)
  11. Virus : Windows Installation danach Blue Screen
    Log-Analyse und Auswertung - 21.05.2011 (17)
  12. Blue Screen Absturz
    Alles rund um Windows - 14.04.2011 (42)
  13. blue screen....shutdown....
    Log-Analyse und Auswertung - 11.11.2010 (1)
  14. Blue Screen of Death :(
    Alles rund um Windows - 11.11.2009 (10)
  15. blue screen
    Netzwerk und Hardware - 01.01.2009 (1)
  16. Blue Screen (Vista)
    Log-Analyse und Auswertung - 23.07.2008 (1)
  17. dr.watson, blue screen virus??? hilfe!!!
    Plagegeister aller Art und deren Bekämpfung - 14.01.2007 (1)

Zum Thema win32/small.ca virus entdeckt + blue screen - Hi, seit etwa 2 Tagen meldet sich der Blue Screen of Death vermehrt bei mir. Nachdem ich gestern ein paar Windows updates vorgenommen habe, habe ich fest gestellt, dass das - win32/small.ca virus entdeckt + blue screen...
Archiv
Du betrachtest: win32/small.ca virus entdeckt + blue screen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.