| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: win32/small.ca virus entdeckt + blue screenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.06.2013, 17:01
| #1 |
| |  win32/small.ca virus entdeckt + blue screen Hi, seit etwa 2 Tagen meldet sich der Blue Screen of Death vermehrt bei mir. Nachdem ich gestern ein paar Windows updates vorgenommen habe, habe ich fest gestellt, dass das Wartungscenter diese Nachricht für mich hatte: "Windows hat Win32/Small.CA, einen bekannten Computervirus, auf ihrem Pc erkannt. " Kein Pfad, nur das er am 4.6. entdeckt wurde, und einmal bewirkt hat, dass der PC nicht mehr ordnungsgemäß funktioniert. Virenscans haben nichts weiter gebracht. Habe defogger benutzt, keine Fehlermeldung erhalten. OTL Code:
ATTFilter OTL logfile created on: 09.06.2013 16:53:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = G:\ Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 51,43% Memory free 6,49 Gb Paging File | 4,44 Gb Available in Paging File | 68,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 170,90 Gb Total Space | 31,18 Gb Free Space | 18,24% Space Free | Partition Type: NTFS Drive D: | 68,97 Gb Total Space | 19,58 Gb Free Space | 28,38% Space Free | Partition Type: NTFS Drive E: | 80,08 Gb Total Space | 22,15 Gb Free Space | 27,66% Space Free | Partition Type: NTFS Drive F: | 294,76 Gb Total Space | 14,46 Gb Free Space | 4,91% Space Free | Partition Type: NTFS Drive G: | 372,61 Gb Total Space | 42,30 Gb Free Space | 11,35% Space Free | Partition Type: NTFS Drive H: | 465,65 Gb Total Space | 46,49 Gb Free Space | 9,98% Space Free | Partition Type: FAT32 Drive J: | 675,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: THE-SWAN | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.09 16:38:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe PRC - [2013.06.09 16:38:23 | 000,050,477 | ---- | M] () -- G:\Defogger.exe PRC - [2013.05.13 02:55:46 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Users\***\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.01.24 16:17:34 | 001,767,936 | ---- | M] (Last.fm) -- C:\Programme\Last.fm\Last.fm Scrobbler.exe PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.08.31 18:06:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.08.31 18:06:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.31 18:06:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.08.31 18:06:04 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.08.01 16:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe PRC - [2008.01.22 11:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2008.01.22 11:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2007.01.01 23:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\***\AppData\Roaming\Google\Google Talk\googletalk.exe ========== Modules (No Company Name) ========== MOD - [2013.06.09 16:38:23 | 000,050,477 | ---- | M] () -- G:\Defogger.exe MOD - [2013.06.01 10:24:46 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\libglesv2.dll MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\libegl.dll MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll MOD - [2013.01.28 14:08:56 | 000,087,952 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 14:08:28 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2013.01.23 20:54:34 | 000,121,856 | ---- | M] () -- C:\Programme\Last.fm\listener.dll MOD - [2013.01.23 20:54:32 | 000,608,256 | ---- | M] () -- C:\Programme\Last.fm\unicorn.dll MOD - [2013.01.23 20:54:16 | 000,032,768 | ---- | M] () -- C:\Programme\Last.fm\logger.dll MOD - [2013.01.22 14:04:08 | 000,088,576 | ---- | M] () -- C:\Programme\Last.fm\lastfm_fingerprint.dll MOD - [2013.01.22 14:04:06 | 000,354,304 | ---- | M] () -- C:\Programme\Last.fm\lastfm.dll MOD - [2013.01.18 14:01:32 | 001,478,144 | ---- | M] () -- C:\Programme\Last.fm\libsamplerate-0.dll MOD - [2013.01.18 13:37:32 | 002,000,384 | ---- | M] () -- C:\Programme\Last.fm\avcodec-54.dll MOD - [2013.01.18 13:37:32 | 000,302,592 | ---- | M] () -- C:\Programme\Last.fm\avformat-54.dll MOD - [2013.01.18 13:37:32 | 000,286,720 | ---- | M] () -- C:\Programme\Last.fm\avutil-52.dll MOD - [2013.01.18 13:37:32 | 000,140,800 | ---- | M] () -- C:\Programme\Last.fm\swresample-0.dll MOD - [2013.01.18 12:49:56 | 000,182,784 | ---- | M] () -- C:\Programme\Last.fm\plugins\phonon_backend\phonon_vlc.dll MOD - [2013.01.18 12:39:50 | 000,302,592 | ---- | M] () -- C:\Programme\Last.fm\phonon.dll MOD - [2012.10.15 21:28:38 | 002,286,592 | ---- | M] () -- C:\Programme\Last.fm\libvlccore.dll MOD - [2012.10.15 21:28:30 | 000,049,664 | ---- | M] () -- C:\Programme\Last.fm\plugins\audio_output\libaout_directx_plugin.dll MOD - [2012.10.15 21:27:56 | 000,111,616 | ---- | M] () -- C:\Programme\Last.fm\libvlc.dll MOD - [2012.04.28 11:15:28 | 002,320,776 | ---- | M] () -- C:\Programme\Last.fm\libfftw3f-3.dll ========== Services (SafeList) ========== SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.08.31 18:06:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.08.31 18:06:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.15 15:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen) DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.08.31 18:06:41 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.31 18:06:41 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.31 18:06:40 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.08.31 18:06:40 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.27 04:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2005.08.17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005.08.17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005.08.17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B 93 61 25 22 64 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "IMDb" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://fanforum.ioff.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {D469DA71-A9C6-48f1-B86E-67313AADB588}:3.2.2 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2 FF - prefs.js..extensions.enabledItems: {a81bafeb-b6ed-4501-aa17-15a2b3857e56}:3.5 FF - prefs.js..extensions.enabledItems: {74b288e6-77b6-41c7-8138-bb81f4539689}:3.5 FF - prefs.js..extensions.enabledItems: {d3d70bca-2d54-425e-b02c-b7e2f4b07688}:3.5 FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:2.20091115 FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 FF - prefs.js..extensions.enabledItems: {ff356687-aa08-463d-a46c-11c451824939}:4.2.4 FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:4.2.4 FF - prefs.js..keyword.URL: "hxxp://ws1.appswebservice.com/index.php?tpid=10301&ttid=105&st=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\***\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 05:39:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.31 18:56:51 | 000,000,000 | ---D | M] [2010.02.27 23:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.11.19 18:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions [2010.02.27 23:35:48 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} [2010.02.27 23:35:48 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.02.27 23:35:48 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429} [2010.02.27 23:35:49 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66} [2010.02.27 23:35:49 | 000,000,000 | ---D | M] (iFox Graphite) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689} [2010.02.27 23:35:49 | 000,000,000 | ---D | M] (iFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56} [2010.02.27 23:35:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.02.27 23:35:50 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} [2010.02.27 23:35:50 | 000,000,000 | ---D | M] (iPox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66} [2010.02.27 23:35:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.27 23:35:54 | 000,000,000 | ---D | M] (iFox Smooth) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688} [2010.02.27 23:35:55 | 000,000,000 | ---D | M] (LiveJournal Hook) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{D469DA71-A9C6-48f1-B86E-67313AADB588} [2010.02.27 23:35:55 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.02.27 23:35:55 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764} [2010.02.27 23:35:56 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.02.27 23:35:57 | 000,000,000 | ---D | M] (Red Cats (blue flavor)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{ff356687-aa08-463d-a46c-11c451824939} [2010.02.27 23:35:57 | 000,000,000 | ---D | M] (FireCat LagoonPaws) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{FireCat-da96cdd0-0f65-11d9-9669-0800200c9a66} [2010.02.27 23:35:47 | 000,000,000 | ---D | M] ("Gradient Gray") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\GradientGray@pumpel.com [2010.02.27 23:35:47 | 000,000,000 | ---D | M] (LiveJournal Addons) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\homo_nudus@livejournal.com [2010.05.02 01:05:02 | 000,000,000 | ---D | M] (CrowdStar Gamebar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\toolbar@ask.com [2010.02.27 23:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions [2010.02.27 23:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS [2009.08.09 23:39:24 | 000,665,733 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}\chrome\tmp-4.xpi [2009.08.09 23:39:22 | 000,762,510 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}\chrome\tmp-3.xpi [2009.08.09 23:39:31 | 000,612,107 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}\chrome\tmp-8.xpi [2008.02.08 07:47:30 | 000,001,204 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\xpinstall\xpinstallConfirm.css [2008.01.27 19:53:20 | 000,001,812 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\xpinstall\xpinstallItemGeneric.png [2009.08.09 23:39:27 | 000,750,444 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}\chrome\tmp-5.xpi [2007.03.04 16:36:09 | 000,989,543 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\GradientGray@pumpel.com\chrome\gradient_gray-1.4-fx.xpi [2012.03.10 08:25:19 | 000,002,511 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\amazon-de.xml [2012.03.10 08:25:19 | 000,000,991 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\ebay-deutschland.xml [2008.06.25 20:11:26 | 000,000,908 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\imdb.xml [2012.03.10 08:25:19 | 000,001,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\leo-de-en.xml [2012.03.10 08:25:19 | 000,001,093 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\lostpedia.xml [2012.03.10 08:25:19 | 000,001,076 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\mininova.xml [2008.06.18 21:41:20 | 000,001,108 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\wikipedia-en.xml [2008.05.28 06:43:44 | 000,001,628 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\youtube.xml [2011.12.01 11:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.08.26 19:02:45 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.06.24 00:48:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.22 14:12:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.03.06 17:18:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.06.24 00:48:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.22 14:12:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.03.06 17:18:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\***\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: LiveJournal: Add Preview button to new comment form = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpohkinnollkepobbmfompgncblldlbf\1.0_0\ CHR - Extension: Adblock Plus = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\8.0_0\ CHR - Extension: Session Buddy = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0\ CHR - Extension: Stylish = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.1_0\ CHR - Extension: XKit = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd\7.1.0_0\ CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\ CHR - Extension: LJ Account Juggler = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hilmhfanjaopnpifmelahkepnglhkkeg\3.2.0_0\ CHR - Extension: Die2Nite Map Viewer updater = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjndgoejgacbklpeeiloghkihmijjlnc\1.1_0\ CHR - Extension: LiveJournal Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmfgnboikinlhnaomlhalipemjbmfgi\2.5.10_0\ CHR - Extension: Girls with Slingshots = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\klekabppkloooaiiialimdjlchhjagje\0.4.2_0\ CHR - Extension: AT_PPQ = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmcplcebggimminoiheibhndgamccdgl\2_0\ CHR - Extension: Little Alchemy = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\ CHR - Extension: Die2Nite Agent = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbnodoolliadkflmgoebfepeehmelnj\1.17_0\ O1 HOSTS File: ([2011.05.16 21:03:33 | 000,000,860 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [PWRISOVM.EXE] F:\Games\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [googletalk] C:\Users\***\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O8 - Extra context menu item: Copy to Semagic - C:\Programme\Semagic\copy.htm () O8 - Extra context menu item: Semagic - C:\Programme\Semagic\link.htm () O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46B1D4F9-5B55-4DA4-A35E-500BC5927E31}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.10.05 16:21:18 | 000,000,000 | ---D | M] - J:\Autorun -- [ CDFS ] O32 - AutoRun File - [2004.10.05 19:11:42 | 000,180,224 | R--- | M] () - J:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2004.08.24 17:57:32 | 000,000,042 | R--- | M] () - J:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{06d3314d-f02e-11e0-a561-6cf04971fefe}\Shell - "" = AutoRun O33 - MountPoints2\{06d3314d-f02e-11e0-a561-6cf04971fefe}\Shell\AutoRun\command - "" = "K:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{8e770dc6-23e2-11df-98e8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8e770dc6-23e2-11df-98e8-806e6f6e6963}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2004.10.05 19:11:42 | 000,180,224 | R--- | M] () O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe -auto O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe -auto O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.09 02:58:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan [2013.06.09 00:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.06.09 00:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.06.08 20:10:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Atari [2013.06.08 20:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari [2013.06.07 16:46:47 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\RCT3 [2013.06.06 23:31:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Leadertech [2013.06.06 23:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Atari [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.09 16:49:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.06.09 16:31:19 | 000,032,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 16:31:19 | 000,032,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 16:26:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.09 16:25:55 | 303,090,725 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.09 16:25:51 | 2613,694,464 | -HS- | M] () -- C:\hiberfil.sys [2013.06.09 16:02:05 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2076165687-2804224095-2318519866-1001UA.job [2013.06.09 00:31:02 | 004,816,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.06.08 20:09:30 | 000,001,221 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk [2013.06.08 20:07:18 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk [2013.06.08 03:02:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2076165687-2804224095-2318519866-1001Core.job [2013.06.05 22:03:53 | 000,002,467 | ---- | M] () -- C:\Users\***\Desktop\Chrome.lnk [2013.05.28 22:11:19 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.09 16:49:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.06.09 00:09:11 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.06.09 00:08:22 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.06.08 20:09:30 | 000,001,221 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk [2013.06.08 20:07:18 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk [2013.06.07 16:46:03 | 000,002,467 | ---- | C] () -- C:\Users\***\Desktop\Chrome.lnk [2012.07.10 22:49:37 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.07.10 22:49:37 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.07.10 22:42:04 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.05.31 06:15:49 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010.11.15 03:24:43 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.10.22 06:49:39 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.07.08 00:16:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.23 23:54:05 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.06.22 16:32:13 | 000,001,456 | ---- | C] () -- C:\Users\***\AppData\Local\Adobe Save for Web 12.0 Prefs ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.04.18 18:06:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple [2010.02.27 23:42:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\acccore [2010.03.04 16:54:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2013.06.08 20:10:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari [2010.03.19 17:15:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2010.09.23 02:03:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.08.14 16:31:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go [2011.02.22 04:15:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.05.23 16:18:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder [2011.04.24 03:04:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo [2011.05.16 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2013.06.06 23:31:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.07.31 17:11:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.07.11 01:45:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2013.06.09 02:58:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2011.03.01 18:29:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rovio [2010.03.14 04:55:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SharePod [2010.06.28 22:37:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2010.07.26 22:06:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.06.06 05:32:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Extras Code:
ATTFilter OTL Extras logfile created on: 09.06.2013 16:53:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 51,43% Memory free
6,49 Gb Paging File | 4,44 Gb Available in Paging File | 68,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 170,90 Gb Total Space | 31,18 Gb Free Space | 18,24% Space Free | Partition Type: NTFS
Drive D: | 68,97 Gb Total Space | 19,58 Gb Free Space | 28,38% Space Free | Partition Type: NTFS
Drive E: | 80,08 Gb Total Space | 22,15 Gb Free Space | 27,66% Space Free | Partition Type: NTFS
Drive F: | 294,76 Gb Total Space | 14,46 Gb Free Space | 4,91% Space Free | Partition Type: NTFS
Drive G: | 372,61 Gb Total Space | 42,30 Gb Free Space | 11,35% Space Free | Partition Type: NTFS
Drive H: | 465,65 Gb Total Space | 46,49 Gb Free Space | 9,98% Space Free | Partition Type: FAT32
Drive J: | 675,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: THE-SWAN | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0897427C-004F-4017-923D-19414DAC12C0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0C1D3967-0DE9-47F9-8EFA-7D4AACC3B9E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26654C1F-912D-4F04-81AD-24B56CE32985}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2A79667F-7E70-4E10-A69E-6393B1696A75}" = rport=445 | protocol=6 | dir=out | app=system |
"{2CB9E7CD-AEA7-4B3D-8B6C-5B499C95E49A}" = lport=137 | protocol=17 | dir=in | app=system |
"{2EFA8DC6-2AD0-408A-AD70-841E26928356}" = rport=138 | protocol=17 | dir=out | app=system |
"{38E472D5-37B5-4F94-8FA9-57B4E233FBE8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{42FEFF08-A7D2-4411-A3FC-A20EDDA225A7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47366416-F55D-4CA1-ADA6-C78BEE9B1D12}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FC62578-E360-4EAB-A735-FF7F89F91788}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4FEA1F31-581A-4510-A300-B8538ABDBA8A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{500E24A1-038F-438A-8244-C1202ED1DA47}" = lport=445 | protocol=6 | dir=in | app=system |
"{53486B89-E11A-48FB-9DD6-47C450ADAB02}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{64ED1788-67B2-4339-B171-E30B6A69D7EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66BF6BAE-437F-4BD4-869F-8077C2874003}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A85D9DF-5167-4436-B8D5-5808813C7082}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6AEB4A5B-19D0-484C-AC6B-2A7DEE31A74C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7FEE47A6-4DB9-4015-8142-D39037665FF6}" = lport=138 | protocol=17 | dir=in | app=system |
"{8E002564-B93B-4F3D-AE14-4761BB027302}" = lport=139 | protocol=6 | dir=in | app=system |
"{8EE141DF-32FC-478B-8818-5889A5312F6E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0E0669A-C77F-4FEA-8E0D-2F78D74AADD0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1444F4E-8D96-420A-9263-7EDA2FD7B749}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FFCAF0D6-3A26-4383-A483-4190F7D7C67C}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09A22307-937B-4D5B-A87B-DF095E625E15}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1180EE62-3207-4795-ABCD-0DA982D2CE92}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{15B9471F-201F-4F17-B3C9-CE758580E11B}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{1D31505D-28AF-439F-8EAC-4D841CCCAC89}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe |
"{2FDC4C6F-BE3D-44E7-8AA8-B573EF82DD68}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{358D8386-5325-4AB2-8363-32DB585F0669}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3BBF2B9F-F874-4FAE-AEE2-644072B5FCBB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3D306EE8-3B90-4653-99B3-740C2E8554D8}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{47E9D71A-34EE-473C-8968-4376F5FA920B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4EFF8904-A72A-4C96-983B-5BC5D98172CC}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{55D09581-B6A4-41F8-B12A-9915AF5A0859}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{56744841-0DB4-49BF-B48B-2D00D2FBBD3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B501B3F-0FB7-4CF3-8F4A-15A4676CDA16}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe |
"{5FFFA5EE-C711-4B58-8B8A-ADE514AC1784}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{66FA6626-29D4-4B72-8CC2-8346559093F9}" = protocol=6 | dir=out | app=system |
"{6BFE3C09-798A-4F8C-BB79-3B9A6B20E4AA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F3221B5-B4D0-49AD-BDC8-38745FB865D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FC594E6-FA94-4417-9841-88754C7D1B59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7176027C-CE17-40CC-8839-C5D5008E7003}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{71C14B36-7A07-460E-A7CD-1BDC7DBD77E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73A8D4AD-1BB3-4793-B9BE-1475461927A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7BF84B83-4390-4BEE-9EBF-A03CC08C8D01}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{7DE06240-9FD3-40D3-A9FE-961E3F07ADD0}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{8EFEC7DF-1EAA-475B-BA03-78BC617EBF13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{911C652E-3F8B-41C9-8B82-82C2FF6A668D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9298D418-E790-49E8-9851-99A171C871F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A3AF01F4-B2D3-4379-BD46-7B3DE02F0C02}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A8B59C8B-E749-491E-BDCE-CD08D5F3BC97}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe |
"{ACF1D017-7BA3-4ACF-A4D0-0C8FA8293EB8}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{B05397EF-253A-4C17-971E-671D4FDA56D6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B72F01E4-104E-4514-96BD-90333BF91A42}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{C28F8BDD-DECB-4B29-AD3B-4881118793D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2EEC9B1-C59E-4541-AB31-9055870EF98A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4DBC66A-EA38-42FC-97D2-D41DBB016033}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{C5788EDA-2728-402B-9FBD-35278BDECDC5}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{D1D8D193-C4D5-497C-837F-6ADB61390440}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB75476F-C74A-46CD-A197-8B08F530D13D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DC9D0D27-5044-4666-94C6-E17D347E17E3}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{DD45792A-5249-4807-AE41-4BCC543FE1CA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F1BAA99F-57AA-4732-847B-49B5A83014E6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F9741C4A-6DC1-4B0F-910D-C901B26E9F8B}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe |
"{FA9D6B48-945F-4F0B-8B2A-2D0DF13D5878}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0F9B48B0-F6FA-498B-BB9F-B15A07D7045B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{2397CAB6-F89A-4DE0-90F1-9D256124BECD}C:\program files\sony\vegas pro 9.0\vegsrv90.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegsrv90.exe |
"TCP Query User{444BBF13-5436-4EA9-842B-2FBEFB8E6B3B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{5F9CFE06-B9CC-4C43-A100-68E42B4D22E5}C:\program files\intervideo\dvd7\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd7\windvd.exe |
"TCP Query User{62EF3862-252C-457F-97BF-76DCF04C93D5}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"TCP Query User{6FAC2637-27C9-46E8-8E88-6A21660418C5}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"TCP Query User{86811EB0-BEF8-4794-9E64-6DB8203FD6A7}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{8B1DF195-176E-4640-ADDC-BCE50C95BA57}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{8FF82CB6-D42D-4BCF-81EE-8F7378D8DDF3}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{C3759AE0-05E2-4F38-A9FA-20396BEBBB78}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{0783F262-FDEF-419C-BD87-D04EB3E52584}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{157B05B2-69D3-4B80-A21A-F90EE83826ED}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{22A9A61A-DF76-4364-AC9C-EA5184EF572C}C:\program files\intervideo\dvd7\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd7\windvd.exe |
"UDP Query User{45DF4C3D-F0BD-42D6-A830-8FA192BF60C6}C:\program files\sony\vegas pro 9.0\vegsrv90.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegsrv90.exe |
"UDP Query User{8A614BC0-6137-4A04-AC43-7AFCF1B68557}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{A99983B6-A23A-45BB-A7DF-EE00C6FB5B65}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"UDP Query User{B8141986-5123-4705-A3FE-1EBB11A703DE}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{BB7C15E6-D80B-413D-86DF-BA3F97AD14CF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{C65A6F42-CC0A-4D54-AD7E-6246A6BE40B0}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"UDP Query User{DC58C94A-23CB-4CD5-9B4D-9A8612B5E44A}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A2063BC-CE17-420A-A629-D9D7AE6EC136}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6723E416-88C8-4451-BE53-AEE03DBA4DBA}" = Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"ACDSee Classic" = ACDSee Classic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM_6" = AIM
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Badaboom" = Badaboom 1.2.0.87
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"InterActual Player" = InterActual Player
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full)
"LastFM_is1" = Last.fm Scrobbler 2.1.33
"LJ Comment Stats Wizard_is1" = LJ Comment Stats Wizard 1.7
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.02.1578" = Opera 12.02
"PhotoScape" = PhotoScape
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Semagic" = Semagic (remove only)
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"Vtune_is1" = Vtune 7.6
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Zynga Toolbar" = Zynga Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.06.2013 13:47:14 | Computer Name = The-Swan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RCT3plus.exe, Version: 3.2.8.13,
Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xf0ddc870 ID des fehlerhaften
Prozesses: 0x468 Startzeit der fehlerhaften Anwendung: 0x01ce647033b37dad Pfad der
fehlerhaften Anwendung: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 73e3bf43-d063-11e2-9bec-6cf04971fefe
Error - 08.06.2013 14:07:31 | Computer Name = The-Swan | Source = VSS | ID = 8194
Description =
Error - 08.06.2013 15:56:58 | Computer Name = The-Swan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RCT3plus.exe, Version: 3.2.8.13,
Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: RCT3plus.exe, Version: 3.2.8.13,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0018fd9b ID des fehlerhaften
Prozesses: 0x7e8 Startzeit der fehlerhaften Anwendung: 0x01ce64791bad512a Pfad der
fehlerhaften Anwendung: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Berichtskennung:
938439f5-d075-11e2-9bec-6cf04971fefe
Error - 08.06.2013 16:03:12 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description =
Error - 08.06.2013 16:06:26 | Computer Name = The-Swan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RCT3plus.exe, Version: 3.2.8.13,
Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: RCT3plus.exe, Version: 3.2.8.13,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0018fd9b ID des fehlerhaften
Prozesses: 0x14d4 Startzeit der fehlerhaften Anwendung: 0x01ce648270050e4c Pfad der
fehlerhaften Anwendung: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Berichtskennung:
e5fa6aea-d076-11e2-9bec-6cf04971fefe
Error - 09.06.2013 07:51:28 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description =
Error - 09.06.2013 08:54:33 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description =
Error - 09.06.2013 10:08:16 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description =
Error - 09.06.2013 10:09:03 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description =
Error - 09.06.2013 10:09:07 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description =
[ System Events ]
Error - 08.06.2013 20:09:36 | Computer Name = The-Swan | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Media Player-Netzwerkfreigabedienst erreicht.
Error - 08.06.2013 20:09:36 | Computer Name = The-Swan | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
Error - 08.06.2013 21:30:39 | Computer Name = The-Swan | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 08.06.2013 21:30:39 | Computer Name = The-Swan | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 08.06.2013 21:30:39 | Computer Name = The-Swan | Source = DCOM | ID = 10005
Description =
Error - 08.06.2013 21:31:36 | Computer Name = The-Swan | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 09.06.2013 10:15:34 | Computer Name = The-Swan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?06.?2013 um 16:14:20 unerwartet heruntergefahren.
Error - 09.06.2013 10:15:39 | Computer Name = THE-SWAN | Source = BugCheck | ID = 1001
Description =
Error - 09.06.2013 10:26:02 | Computer Name = The-Swan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?06.?2013 um 16:24:24 unerwartet heruntergefahren.
Error - 09.06.2013 10:26:07 | Computer Name = THE-SWAN | Source = BugCheck | ID = 1001
Description =
< End of report >
gmer Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-09 17:46:19
Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-6 SAMSUNG_HD503HI rev.1AJ100E4 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ANGELI~1\AppData\Local\Temp\fgdcipow.sys
---- System - GMER 2.1 ----
SSDT 97653D36 ZwCreateSection
SSDT 97653D40 ZwRequestWaitReplyPort
SSDT 97653D3B ZwSetContextThread
SSDT 97653D45 ZwSetSecurityObject
SSDT 97653D4A ZwSystemDebugControl
SSDT 97653CD7 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E8FA09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC91F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82ED034C 4 Bytes [36, 3D, 65, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82ED06A8 4 Bytes [40, 3D, 65, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82ED06EC 4 Bytes [3B, 3D, 65, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82ED0768 4 Bytes [45, 3D, 65, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82ED07BC 4 Bytes [4A, 3D, 65, 97]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, D8, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, DB, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, D8, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, D9, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, DA, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, D9, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, DA, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, D8, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, D9, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, DA, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, DB, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, 70, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, 73, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, 70, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, 71, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, 72, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, 71, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, 72, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, 70, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, 71, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, 72, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, 73, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, 7C, 49, 00] {SUB [ECX+ECX*2+0x0], BH}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, 7F, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, 7C, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, 7D, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, 7E, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, 7D, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, 7E, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, 7C, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, 7D, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, 7E, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, 7F, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, C0, 7D, 00] {SUB AL, AL; JGE 0x4}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, C3, 7D, 00] {SUB BL, AL; JGE 0x4}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, C0, 7D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, C1, 7D, 00] {TEST AL, 0xc1; JGE 0x4}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, C2, 7D, 00] {TEST AL, 0xc2; JGE 0x4}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, C1, 7D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, C2, 7D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, C0, 7D, 00] {TEST AL, 0xc0; JGE 0x4}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, C1, 7D, 00] {SUB CL, AL; JGE 0x4}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, C2, 7D, 00] {SUB DL, AL; JGE 0x4}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, C3, 7D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, BC, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, BF, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, BC, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, BD, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, BE, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, BD, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, BE, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, BC, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, BD, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, BE, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, BF, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, 24, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, 27, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, 24, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, 25, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, 26, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, 25, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, 26, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, 24, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, 25, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, 26, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, 27, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, 18, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, 1B, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, 18, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, 19, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, 1A, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, 19, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, 1A, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, 18, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, 19, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, 1A, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, 1B, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, F4, B6, 00] {SUB AH, DH; MOV DH, 0x0}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, F7, B6, 00] {SUB BH, DH; MOV DH, 0x0}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, F4, B6, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, F5, B6, 00] {TEST AL, 0xf5; MOV DH, 0x0}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, F6, B6, 00] {TEST AL, 0xf6; MOV DH, 0x0}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, F5, B6, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, F6, B6, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, F4, B6, 00] {TEST AL, 0xf4; MOV DH, 0x0}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, F5, B6, 00] {SUB CH, DH; MOV DH, 0x0}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, F6, B6, 00] {SUB DH, DH; MOV DH, 0x0}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, F7, B6, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, 1C, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, 1F, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, 1C, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, 1D, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, 1E, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, 1D, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, 1E, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, 1C, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, 1D, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, 1E, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, 1F, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015832e74b5
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015832e74b5 (not active ControlSet)
---- EOF - GMER 2.1 ----
Wäre um jegliche Hilfe dankbar. |
| Themen zu win32/small.ca virus entdeckt + blue screen |
| adblock, antivir, autorun, avira, bho, bonjour, defender, desktop, error, fehlermeldung, firefox, flash player, format, google, hijack, install.exe, logfile, ntdll.dll, plug-in, poweriso, registry, rundll, security, software, svchost.exe, udp, updates, virus, windows, windows updates, wrapper |
Baum-Darstellung