| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: win32/small.ca virus entdeckt + blue screenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.06.2013, 17:01
| #1 |
| |  win32/small.ca virus entdeckt + blue screen Hi, seit etwa 2 Tagen meldet sich der Blue Screen of Death vermehrt bei mir. Nachdem ich gestern ein paar Windows updates vorgenommen habe, habe ich fest gestellt, dass das Wartungscenter diese Nachricht für mich hatte: "Windows hat Win32/Small.CA, einen bekannten Computervirus, auf ihrem Pc erkannt. " Kein Pfad, nur das er am 4.6. entdeckt wurde, und einmal bewirkt hat, dass der PC nicht mehr ordnungsgemäß funktioniert. Virenscans haben nichts weiter gebracht. Habe defogger benutzt, keine Fehlermeldung erhalten. OTL Code:
ATTFilter OTL logfile created on: 09.06.2013 16:53:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = G:\ Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,25 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 51,43% Memory free 6,49 Gb Paging File | 4,44 Gb Available in Paging File | 68,40% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 170,90 Gb Total Space | 31,18 Gb Free Space | 18,24% Space Free | Partition Type: NTFS Drive D: | 68,97 Gb Total Space | 19,58 Gb Free Space | 28,38% Space Free | Partition Type: NTFS Drive E: | 80,08 Gb Total Space | 22,15 Gb Free Space | 27,66% Space Free | Partition Type: NTFS Drive F: | 294,76 Gb Total Space | 14,46 Gb Free Space | 4,91% Space Free | Partition Type: NTFS Drive G: | 372,61 Gb Total Space | 42,30 Gb Free Space | 11,35% Space Free | Partition Type: NTFS Drive H: | 465,65 Gb Total Space | 46,49 Gb Free Space | 9,98% Space Free | Partition Type: FAT32 Drive J: | 675,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: THE-SWAN | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.06.09 16:38:31 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\OTL.exe PRC - [2013.06.09 16:38:23 | 000,050,477 | ---- | M] () -- G:\Defogger.exe PRC - [2013.05.13 02:55:46 | 000,216,968 | ---- | M] (Google Inc.) -- C:\Users\***\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe PRC - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.01.24 16:17:34 | 001,767,936 | ---- | M] (Last.fm) -- C:\Programme\Last.fm\Last.fm Scrobbler.exe PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2013.01.18 16:21:00 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.11.30 04:55:25 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.08.31 18:06:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.08.31 18:06:10 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.08.31 18:06:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.08.31 18:06:04 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2011.08.01 16:56:42 | 001,821,576 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft IntelliPoint\ipoint.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.07.14 03:14:41 | 000,354,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\StikyNot.exe PRC - [2008.01.22 11:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMIndexStoreSvr.exe PRC - [2008.01.22 11:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Ahead\Lib\NMBgMonitor.exe PRC - [2007.01.01 23:22:02 | 003,739,648 | ---- | M] (Google) -- C:\Users\***\AppData\Roaming\Google\Google Talk\googletalk.exe ========== Modules (No Company Name) ========== MOD - [2013.06.09 16:38:23 | 000,050,477 | ---- | M] () -- G:\Defogger.exe MOD - [2013.06.01 10:24:46 | 016,033,160 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_7_700_202.dll MOD - [2013.05.29 07:27:38 | 000,393,168 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll MOD - [2013.05.29 07:27:35 | 004,051,408 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll MOD - [2013.05.29 07:26:40 | 000,599,504 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\libglesv2.dll MOD - [2013.05.29 07:26:39 | 000,124,368 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\libegl.dll MOD - [2013.05.29 07:26:36 | 001,597,392 | ---- | M] () -- C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ffmpegsumo.dll MOD - [2013.01.28 14:08:56 | 000,087,952 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 14:08:28 | 001,242,512 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2013.01.23 20:54:34 | 000,121,856 | ---- | M] () -- C:\Programme\Last.fm\listener.dll MOD - [2013.01.23 20:54:32 | 000,608,256 | ---- | M] () -- C:\Programme\Last.fm\unicorn.dll MOD - [2013.01.23 20:54:16 | 000,032,768 | ---- | M] () -- C:\Programme\Last.fm\logger.dll MOD - [2013.01.22 14:04:08 | 000,088,576 | ---- | M] () -- C:\Programme\Last.fm\lastfm_fingerprint.dll MOD - [2013.01.22 14:04:06 | 000,354,304 | ---- | M] () -- C:\Programme\Last.fm\lastfm.dll MOD - [2013.01.18 14:01:32 | 001,478,144 | ---- | M] () -- C:\Programme\Last.fm\libsamplerate-0.dll MOD - [2013.01.18 13:37:32 | 002,000,384 | ---- | M] () -- C:\Programme\Last.fm\avcodec-54.dll MOD - [2013.01.18 13:37:32 | 000,302,592 | ---- | M] () -- C:\Programme\Last.fm\avformat-54.dll MOD - [2013.01.18 13:37:32 | 000,286,720 | ---- | M] () -- C:\Programme\Last.fm\avutil-52.dll MOD - [2013.01.18 13:37:32 | 000,140,800 | ---- | M] () -- C:\Programme\Last.fm\swresample-0.dll MOD - [2013.01.18 12:49:56 | 000,182,784 | ---- | M] () -- C:\Programme\Last.fm\plugins\phonon_backend\phonon_vlc.dll MOD - [2013.01.18 12:39:50 | 000,302,592 | ---- | M] () -- C:\Programme\Last.fm\phonon.dll MOD - [2012.10.15 21:28:38 | 002,286,592 | ---- | M] () -- C:\Programme\Last.fm\libvlccore.dll MOD - [2012.10.15 21:28:30 | 000,049,664 | ---- | M] () -- C:\Programme\Last.fm\plugins\audio_output\libaout_directx_plugin.dll MOD - [2012.10.15 21:27:56 | 000,111,616 | ---- | M] () -- C:\Programme\Last.fm\libvlc.dll MOD - [2012.04.28 11:15:28 | 002,320,776 | ---- | M] () -- C:\Programme\Last.fm\libfftw3f-3.dll ========== Services (SafeList) ========== SRV - [2013.02.26 00:22:34 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.08.31 18:06:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.08.31 18:06:05 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.12.15 15:07:17 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- C:\Programme\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - File not found [File_System | On_Demand | Stopped] -- -- (StarOpen) DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2012.08.31 18:06:41 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012.08.31 18:06:41 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012.08.31 18:06:40 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.08.31 18:06:40 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2009.07.27 04:43:18 | 000,058,908 | ---- | M] (PowerISO Computing, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\scdemu.sys -- (SCDEmu) DRV - [2007.03.16 11:11:38 | 000,012,256 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\TBPanel.sys -- (TBPanel) DRV - [2005.08.17 08:46:26 | 000,093,872 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdm.sys -- (sscdmdm) DRV - [2005.08.17 08:46:20 | 000,008,272 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdmdfl.sys -- (sscdmdfl) DRV - [2005.08.17 08:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2B 93 61 25 22 64 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "IMDb" FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.startup.homepage: "hxxp://fanforum.ioff.de/" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.10 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20091209.4 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {D469DA71-A9C6-48f1-B86E-67313AADB588}:3.2.2 FF - prefs.js..extensions.enabledItems: {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.6.7.4 FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.8.2 FF - prefs.js..extensions.enabledItems: {a81bafeb-b6ed-4501-aa17-15a2b3857e56}:3.5 FF - prefs.js..extensions.enabledItems: {74b288e6-77b6-41c7-8138-bb81f4539689}:3.5 FF - prefs.js..extensions.enabledItems: {d3d70bca-2d54-425e-b02c-b7e2f4b07688}:3.5 FF - prefs.js..extensions.enabledItems: {c9c58820-7bd4-11da-a72b-0800200c9a66}:2.20091115 FF - prefs.js..extensions.enabledItems: {c1dffba0-628e-11d9-9669-0800200c9a66}:3.5.0 FF - prefs.js..extensions.enabledItems: {ff356687-aa08-463d-a46c-11c451824939}:4.2.4 FF - prefs.js..extensions.enabledItems: {dd30bf68-268a-4815-ad48-8740b774c764}:4.2.4 FF - prefs.js..keyword.URL: "hxxp://ws1.appswebservice.com/index.php?tpid=10301&ttid=105&st=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_202.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: C:\Users\***\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\***\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.03.22 05:39:39 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.31 18:56:51 | 000,000,000 | ---D | M] [2010.02.27 23:22:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.11.19 18:54:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions [2010.02.27 23:35:48 | 000,000,000 | ---D | M] (Session Manager) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30} [2010.02.27 23:35:48 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010.02.27 23:35:48 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{31513E58-F253-47ad-86DB-D5F21E905429} [2010.02.27 23:35:49 | 000,000,000 | ---D | M] (MinimizeToTray) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{3502a070-ea2f-11dd-ba2f-0800200c9a66} [2010.02.27 23:35:49 | 000,000,000 | ---D | M] (iFox Graphite) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689} [2010.02.27 23:35:49 | 000,000,000 | ---D | M] (iFox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56} [2010.02.27 23:35:50 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2010.02.27 23:35:50 | 000,000,000 | ---D | M] (PitchDark) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66} [2010.02.27 23:35:50 | 000,000,000 | ---D | M] (iPox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66} [2010.02.27 23:35:54 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010.02.27 23:35:54 | 000,000,000 | ---D | M] (iFox Smooth) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688} [2010.02.27 23:35:55 | 000,000,000 | ---D | M] (LiveJournal Hook) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{D469DA71-A9C6-48f1-B86E-67313AADB588} [2010.02.27 23:35:55 | 000,000,000 | ---D | M] ("Tab Mix Plus") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{dc572301-7619-498c-a57d-39143191b318} [2010.02.27 23:35:55 | 000,000,000 | ---D | M] (Red Cats (green flavor)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{dd30bf68-268a-4815-ad48-8740b774c764} [2010.02.27 23:35:56 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2010.02.27 23:35:57 | 000,000,000 | ---D | M] (Red Cats (blue flavor)) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{ff356687-aa08-463d-a46c-11c451824939} [2010.02.27 23:35:57 | 000,000,000 | ---D | M] (FireCat LagoonPaws) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{FireCat-da96cdd0-0f65-11d9-9669-0800200c9a66} [2010.02.27 23:35:47 | 000,000,000 | ---D | M] ("Gradient Gray") -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\GradientGray@pumpel.com [2010.02.27 23:35:47 | 000,000,000 | ---D | M] (LiveJournal Addons) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\homo_nudus@livejournal.com [2010.05.02 01:05:02 | 000,000,000 | ---D | M] (CrowdStar Gamebar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\toolbar@ask.com [2010.02.27 23:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions [2010.02.27 23:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\extensions\CVS [2009.08.09 23:39:24 | 000,665,733 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}\chrome\tmp-4.xpi [2009.08.09 23:39:22 | 000,762,510 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}\chrome\tmp-3.xpi [2009.08.09 23:39:31 | 000,612,107 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}\chrome\tmp-8.xpi [2008.02.08 07:47:30 | 000,001,204 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\xpinstall\xpinstallConfirm.css [2008.01.27 19:53:20 | 000,001,812 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}\chrome\mozapps\xpinstall\xpinstallItemGeneric.png [2009.08.09 23:39:27 | 000,750,444 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}\chrome\tmp-5.xpi [2007.03.04 16:36:09 | 000,989,543 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\extensions\GradientGray@pumpel.com\chrome\gradient_gray-1.4-fx.xpi [2012.03.10 08:25:19 | 000,002,511 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\amazon-de.xml [2012.03.10 08:25:19 | 000,000,991 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\ebay-deutschland.xml [2008.06.25 20:11:26 | 000,000,908 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\imdb.xml [2012.03.10 08:25:19 | 000,001,950 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\leo-de-en.xml [2012.03.10 08:25:19 | 000,001,093 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\lostpedia.xml [2012.03.10 08:25:19 | 000,001,076 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\mininova.xml [2008.06.18 21:41:20 | 000,001,108 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\wikipedia-en.xml [2008.05.28 06:43:44 | 000,001,628 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\v8tlj77f.default\searchplugins\youtube.xml [2011.12.01 11:54:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.08.26 19:02:45 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2010.06.24 00:48:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.22 14:12:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.03.06 17:18:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2010.06.24 00:48:57 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010.09.22 14:12:42 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2011.03.06 17:18:46 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Disabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\***\AppData\Local\Google\Chrome\Application\27.0.1453.110\pdf.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npwachk.dll CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: MetaStream 3 Plugin (Enabled) = C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Google Update (Enabled) = C:\Users\***\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Move Media Player 7 (Enabled) = C:\Users\***\AppData\Roaming\Move Networks\plugins\071802000001\npqmp071802000001.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw_1168638.dll CHR - Extension: Google Drive = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\ CHR - Extension: LiveJournal: Add Preview button to new comment form = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpohkinnollkepobbmfompgncblldlbf\1.0_0\ CHR - Extension: Adblock Plus = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4.1_0\ CHR - Extension: Webseiten-Screenshot - Webpage Screenshot = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\ckibcdccnfeookdmbahgiakhnjcddpki\8.0_0\ CHR - Extension: Session Buddy = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\edacconmaakjimmfgnblocblbcdcpbko\3.2.1_0\ CHR - Extension: Stylish = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.1_0\ CHR - Extension: XKit = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\fpfgeeomkfdefkckijiabdbogjkdaecd\7.1.0_0\ CHR - Extension: AdBlock = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.63_0\ CHR - Extension: LJ Account Juggler = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\hilmhfanjaopnpifmelahkepnglhkkeg\3.2.0_0\ CHR - Extension: Die2Nite Map Viewer updater = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjndgoejgacbklpeeiloghkihmijjlnc\1.1_0\ CHR - Extension: LiveJournal Extension = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\jkmfgnboikinlhnaomlhalipemjbmfgi\2.5.10_0\ CHR - Extension: Girls with Slingshots = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\klekabppkloooaiiialimdjlchhjagje\0.4.2_0\ CHR - Extension: AT_PPQ = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\kmcplcebggimminoiheibhndgamccdgl\2_0\ CHR - Extension: Little Alchemy = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\ CHR - Extension: Die2Nite Agent = C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcbnodoolliadkflmgoebfepeehmelnj\1.17_0\ O1 HOSTS File: ([2011.05.16 21:03:33 | 000,000,860 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.) O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Zynga Toolbar) - {7b13ec3e-999a-4b70-b9cb-2617b8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Zynga Toolbar) - {7B13EC3E-999A-4B70-B9CB-2617B8323822} - C:\Programme\Zynga\tbZyng.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (CrowdStar Gamebar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript File not found O4 - HKLM..\Run: [NeroFilterCheck] C:\Programme\Common Files\Ahead\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [PWRISOVM.EXE] F:\Games\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] File not found O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG) O4 - HKCU..\Run: [googletalk] C:\Users\***\AppData\Roaming\Google\Google Talk\googletalk.exe (Google) O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe (Microsoft Corporation) O4 - HKCU..\Run: [TBPanel] C:\Program Files\Vtune\TBPanel.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk = File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present O8 - Extra context menu item: Copy to Semagic - C:\Programme\Semagic\copy.htm () O8 - Extra context menu item: Semagic - C:\Programme\Semagic\link.htm () O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46B1D4F9-5B55-4DA4-A35E-500BC5927E31}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2007.10.05 16:21:18 | 000,000,000 | ---D | M] - J:\Autorun -- [ CDFS ] O32 - AutoRun File - [2004.10.05 19:11:42 | 000,180,224 | R--- | M] () - J:\Autorun.exe -- [ CDFS ] O32 - AutoRun File - [2004.08.24 17:57:32 | 000,000,042 | R--- | M] () - J:\Autorun.inf -- [ CDFS ] O33 - MountPoints2\{06d3314d-f02e-11e0-a561-6cf04971fefe}\Shell - "" = AutoRun O33 - MountPoints2\{06d3314d-f02e-11e0-a561-6cf04971fefe}\Shell\AutoRun\command - "" = "K:\WD SmartWare.exe" autoplay=true O33 - MountPoints2\{8e770dc6-23e2-11df-98e8-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8e770dc6-23e2-11df-98e8-806e6f6e6963}\Shell\AutoRun\command - "" = J:\Autorun.exe -- [2004.10.05 19:11:42 | 000,180,224 | R--- | M] () O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\autorun.exe -auto O33 - MountPoints2\K\Shell - "" = AutoRun O33 - MountPoints2\K\Shell\AutoRun\command - "" = K:\autorun.exe -auto O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.06.09 02:58:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan [2013.06.09 00:03:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.06.09 00:03:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2013.06.08 20:10:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Atari [2013.06.08 20:07:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atari [2013.06.07 16:46:47 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\RCT3 [2013.06.06 23:31:05 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Leadertech [2013.06.06 23:22:53 | 000,000,000 | ---D | C] -- C:\Program Files\Atari [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.09 16:49:34 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.06.09 16:31:19 | 000,032,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 16:31:19 | 000,032,960 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.09 16:26:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.09 16:25:55 | 303,090,725 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.06.09 16:25:51 | 2613,694,464 | -HS- | M] () -- C:\hiberfil.sys [2013.06.09 16:02:05 | 000,001,168 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2076165687-2804224095-2318519866-1001UA.job [2013.06.09 00:31:02 | 004,816,496 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.06.08 20:09:30 | 000,001,221 | ---- | M] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk [2013.06.08 20:07:18 | 000,001,179 | ---- | M] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk [2013.06.08 03:02:01 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2076165687-2804224095-2318519866-1001Core.job [2013.06.05 22:03:53 | 000,002,467 | ---- | M] () -- C:\Users\***\Desktop\Chrome.lnk [2013.05.28 22:11:19 | 000,000,132 | ---- | M] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [4 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.09 16:49:34 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.06.09 00:09:11 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.06.09 00:08:22 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.06.08 20:09:30 | 000,001,221 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Product Registration.lnk [2013.06.08 20:07:18 | 000,001,179 | ---- | C] () -- C:\Users\Public\Desktop\RollerCoaster Tycoon 3.lnk [2013.06.07 16:46:03 | 000,002,467 | ---- | C] () -- C:\Users\***\Desktop\Chrome.lnk [2012.07.10 22:49:37 | 000,645,632 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2012.07.10 22:49:37 | 000,240,640 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2012.07.10 22:42:04 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll [2011.05.31 06:15:49 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe GIF Format CS5 Prefs [2010.11.15 03:24:43 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2010.10.22 06:49:39 | 000,000,218 | ---- | C] () -- C:\Users\***\.recently-used.xbel [2010.07.08 00:16:06 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.06.23 23:54:05 | 000,000,132 | ---- | C] () -- C:\Users\***\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.06.22 16:32:13 | 000,001,456 | ---- | C] () -- C:\Users\***\AppData\Local\Adobe Save for Web 12.0 Prefs ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.04.18 18:06:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.purple [2010.02.27 23:42:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\acccore [2010.03.04 16:54:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2013.06.08 20:10:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Atari [2010.03.19 17:15:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canneverbe Limited [2010.09.23 02:03:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.08.14 16:31:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\go [2011.02.22 04:15:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\gtk-2.0 [2010.05.23 16:18:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder [2011.04.24 03:04:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InterVideo [2011.05.16 20:02:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2013.06.06 23:31:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2012.07.31 17:11:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Opera [2012.07.11 01:45:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2013.06.09 02:58:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2011.03.01 18:29:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Rovio [2010.03.14 04:55:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SharePod [2010.06.28 22:37:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Sony [2010.07.26 22:06:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2013.06.06 05:32:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\uTorrent ========== Purity Check ========== < End of report > Extras Code:
ATTFilter OTL Extras logfile created on: 09.06.2013 16:53:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = G:\
Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,25 Gb Total Physical Memory | 1,67 Gb Available Physical Memory | 51,43% Memory free
6,49 Gb Paging File | 4,44 Gb Available in Paging File | 68,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 170,90 Gb Total Space | 31,18 Gb Free Space | 18,24% Space Free | Partition Type: NTFS
Drive D: | 68,97 Gb Total Space | 19,58 Gb Free Space | 28,38% Space Free | Partition Type: NTFS
Drive E: | 80,08 Gb Total Space | 22,15 Gb Free Space | 27,66% Space Free | Partition Type: NTFS
Drive F: | 294,76 Gb Total Space | 14,46 Gb Free Space | 4,91% Space Free | Partition Type: NTFS
Drive G: | 372,61 Gb Total Space | 42,30 Gb Free Space | 11,35% Space Free | Partition Type: NTFS
Drive H: | 465,65 Gb Total Space | 46,49 Gb Free Space | 9,98% Space Free | Partition Type: FAT32
Drive J: | 675,23 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: THE-SWAN | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0897427C-004F-4017-923D-19414DAC12C0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{0C1D3967-0DE9-47F9-8EFA-7D4AACC3B9E9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{26654C1F-912D-4F04-81AD-24B56CE32985}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2A79667F-7E70-4E10-A69E-6393B1696A75}" = rport=445 | protocol=6 | dir=out | app=system |
"{2CB9E7CD-AEA7-4B3D-8B6C-5B499C95E49A}" = lport=137 | protocol=17 | dir=in | app=system |
"{2EFA8DC6-2AD0-408A-AD70-841E26928356}" = rport=138 | protocol=17 | dir=out | app=system |
"{38E472D5-37B5-4F94-8FA9-57B4E233FBE8}" = lport=10243 | protocol=6 | dir=in | app=system |
"{42FEFF08-A7D2-4411-A3FC-A20EDDA225A7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47366416-F55D-4CA1-ADA6-C78BEE9B1D12}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4FC62578-E360-4EAB-A735-FF7F89F91788}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4FEA1F31-581A-4510-A300-B8538ABDBA8A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{500E24A1-038F-438A-8244-C1202ED1DA47}" = lport=445 | protocol=6 | dir=in | app=system |
"{53486B89-E11A-48FB-9DD6-47C450ADAB02}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{64ED1788-67B2-4339-B171-E30B6A69D7EB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66BF6BAE-437F-4BD4-869F-8077C2874003}" = rport=139 | protocol=6 | dir=out | app=system |
"{6A85D9DF-5167-4436-B8D5-5808813C7082}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6AEB4A5B-19D0-484C-AC6B-2A7DEE31A74C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7FEE47A6-4DB9-4015-8142-D39037665FF6}" = lport=138 | protocol=17 | dir=in | app=system |
"{8E002564-B93B-4F3D-AE14-4761BB027302}" = lport=139 | protocol=6 | dir=in | app=system |
"{8EE141DF-32FC-478B-8818-5889A5312F6E}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D0E0669A-C77F-4FEA-8E0D-2F78D74AADD0}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D1444F4E-8D96-420A-9263-7EDA2FD7B749}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{FFCAF0D6-3A26-4383-A483-4190F7D7C67C}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09A22307-937B-4D5B-A87B-DF095E625E15}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{1180EE62-3207-4795-ABCD-0DA982D2CE92}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{15B9471F-201F-4F17-B3C9-CE758580E11B}" = protocol=17 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{1D31505D-28AF-439F-8EAC-4D841CCCAC89}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe |
"{2FDC4C6F-BE3D-44E7-8AA8-B573EF82DD68}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{358D8386-5325-4AB2-8363-32DB585F0669}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{3BBF2B9F-F874-4FAE-AEE2-644072B5FCBB}" = protocol=17 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{3D306EE8-3B90-4653-99B3-740C2E8554D8}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{47E9D71A-34EE-473C-8968-4376F5FA920B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4EFF8904-A72A-4C96-983B-5BC5D98172CC}" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"{55D09581-B6A4-41F8-B12A-9915AF5A0859}" = protocol=6 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"{56744841-0DB4-49BF-B48B-2D00D2FBBD3D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5B501B3F-0FB7-4CF3-8F4A-15A4676CDA16}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe |
"{5FFFA5EE-C711-4B58-8B8A-ADE514AC1784}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{66FA6626-29D4-4B72-8CC2-8346559093F9}" = protocol=6 | dir=out | app=system |
"{6BFE3C09-798A-4F8C-BB79-3B9A6B20E4AA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6F3221B5-B4D0-49AD-BDC8-38745FB865D7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{6FC594E6-FA94-4417-9841-88754C7D1B59}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{7176027C-CE17-40CC-8839-C5D5008E7003}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{71C14B36-7A07-460E-A7CD-1BDC7DBD77E7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{73A8D4AD-1BB3-4793-B9BE-1475461927A4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{7BF84B83-4390-4BEE-9EBF-A03CC08C8D01}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{7DE06240-9FD3-40D3-A9FE-961E3F07ADD0}" = protocol=6 | dir=in | app=c:\program files\dragon age\daoriginslauncher.exe |
"{8EFEC7DF-1EAA-475B-BA03-78BC617EBF13}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{911C652E-3F8B-41C9-8B82-82C2FF6A668D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9298D418-E790-49E8-9851-99A171C871F7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A3AF01F4-B2D3-4379-BD46-7B3DE02F0C02}" = dir=in | app=c:\program files\itunes\itunes.exe |
"{A8B59C8B-E749-491E-BDCE-CD08D5F3BC97}" = protocol=6 | dir=in | app=c:\program files\dragon age 2\dragonage2launcher.exe |
"{ACF1D017-7BA3-4ACF-A4D0-0C8FA8293EB8}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{B05397EF-253A-4C17-971E-671D4FDA56D6}" = dir=in | app=c:\program files\windows live\messenger\wlcsdk.exe |
"{B72F01E4-104E-4514-96BD-90333BF91A42}" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"{C28F8BDD-DECB-4B29-AD3B-4881118793D9}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{C2EEC9B1-C59E-4541-AB31-9055870EF98A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{C4DBC66A-EA38-42FC-97D2-D41DBB016033}" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{C5788EDA-2728-402B-9FBD-35278BDECDC5}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{D1D8D193-C4D5-497C-837F-6ADB61390440}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{DB75476F-C74A-46CD-A197-8B08F530D13D}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{DC9D0D27-5044-4666-94C6-E17D347E17E3}" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"{DD45792A-5249-4807-AE41-4BCC543FE1CA}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{F1BAA99F-57AA-4732-847B-49B5A83014E6}" = protocol=6 | dir=in | app=c:\program files\common files\aol\loader\aolload.exe |
"{F9741C4A-6DC1-4B0F-910D-C901B26E9F8B}" = protocol=17 | dir=in | app=c:\program files\dragon age 2\bin_ship\dragonage2.exe |
"{FA9D6B48-945F-4F0B-8B2A-2D0DF13D5878}" = protocol=17 | dir=in | app=c:\program files\utorrent\utorrent.exe |
"TCP Query User{0F9B48B0-F6FA-498B-BB9F-B15A07D7045B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{2397CAB6-F89A-4DE0-90F1-9D256124BECD}C:\program files\sony\vegas pro 9.0\vegsrv90.exe" = protocol=6 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegsrv90.exe |
"TCP Query User{444BBF13-5436-4EA9-842B-2FBEFB8E6B3B}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{5F9CFE06-B9CC-4C43-A100-68E42B4D22E5}C:\program files\intervideo\dvd7\windvd.exe" = protocol=6 | dir=in | app=c:\program files\intervideo\dvd7\windvd.exe |
"TCP Query User{62EF3862-252C-457F-97BF-76DCF04C93D5}C:\program files\pidgin\pidgin.exe" = protocol=6 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"TCP Query User{6FAC2637-27C9-46E8-8E88-6A21660418C5}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=6 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"TCP Query User{86811EB0-BEF8-4794-9E64-6DB8203FD6A7}C:\program files\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files\winamp\winamp.exe |
"TCP Query User{8B1DF195-176E-4640-ADDC-BCE50C95BA57}C:\program files\aim6\aim6.exe" = protocol=6 | dir=in | app=c:\program files\aim6\aim6.exe |
"TCP Query User{8FF82CB6-D42D-4BCF-81EE-8F7378D8DDF3}C:\program files\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"TCP Query User{C3759AE0-05E2-4F38-A9FA-20396BEBBB78}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=6 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{0783F262-FDEF-419C-BD87-D04EB3E52584}C:\program files\nero\nero 7\nero home\nerohome.exe" = protocol=17 | dir=in | app=c:\program files\nero\nero 7\nero home\nerohome.exe |
"UDP Query User{157B05B2-69D3-4B80-A21A-F90EE83826ED}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{22A9A61A-DF76-4364-AC9C-EA5184EF572C}C:\program files\intervideo\dvd7\windvd.exe" = protocol=17 | dir=in | app=c:\program files\intervideo\dvd7\windvd.exe |
"UDP Query User{45DF4C3D-F0BD-42D6-A830-8FA192BF60C6}C:\program files\sony\vegas pro 9.0\vegsrv90.exe" = protocol=17 | dir=in | app=c:\program files\sony\vegas pro 9.0\vegsrv90.exe |
"UDP Query User{8A614BC0-6137-4A04-AC43-7AFCF1B68557}C:\program files\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"UDP Query User{A99983B6-A23A-45BB-A7DF-EE00C6FB5B65}C:\program files\dragon age\bin_ship\daorigins.exe" = protocol=17 | dir=in | app=c:\program files\dragon age\bin_ship\daorigins.exe |
"UDP Query User{B8141986-5123-4705-A3FE-1EBB11A703DE}C:\program files\aim6\aim6.exe" = protocol=17 | dir=in | app=c:\program files\aim6\aim6.exe |
"UDP Query User{BB7C15E6-D80B-413D-86DF-BA3F97AD14CF}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{C65A6F42-CC0A-4D54-AD7E-6246A6BE40B0}C:\program files\pidgin\pidgin.exe" = protocol=17 | dir=in | app=c:\program files\pidgin\pidgin.exe |
"UDP Query User{DC58C94A-23CB-4CD5-9B4D-9A8612B5E44A}C:\program files\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files\winamp\winamp.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A2063BC-CE17-420A-A629-D9D7AE6EC136}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{6723E416-88C8-4451-BE53-AEE03DBA4DBA}" = Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90885A82-9673-49EA-AB39-AF776639C67C}" = InterVideo WinDVD 7
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{942E5031-2BD6-4C1B-918C-C8A1CBAE7B8C}" = Microsoft IntelliPoint 8.2
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EFD8F0-08DE-48DB-B922-A2EBAB711031}" = Nero 7 Essentials
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B0069CFA-5BB9-4C03-B1C6-89CE290E5AFE}" = HP Update
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Click to Call with Skype
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F2E23139-3404-4E3C-9855-7724415D62A5}" = Dragon Age II
"ACDSee Classic" = ACDSee Classic
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"AIM_6" = AIM
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"Avira AntiVir Desktop" = Avira Free Antivirus
"Badaboom" = Badaboom 1.2.0.87
"CDex" = CDex - Open Source Digital Audio CD Extractor
"CDisplay_is1" = CDisplay 1.8
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CTDVDAudio Plugin" = Creative DVD Audio Plugin for Audigy Series
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.50
"InterActual Player" = InterActual Player
"JDownloader" = JDownloader
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.8.0 (Full)
"LastFM_is1" = Last.fm Scrobbler 2.1.33
"LJ Comment Stats Wizard_is1" = LJ Comment Stats Wizard 1.7
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Opera 12.02.1578" = Opera 12.02
"PhotoScape" = PhotoScape
"Pidgin" = Pidgin
"PowerISO" = PowerISO
"RollerCoaster Tycoon 3_is1" = RollerCoaster Tycoon 3
"Semagic" = Semagic (remove only)
"uTorrent" = µTorrent
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.11
"Vtune_is1" = Vtune 7.6
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver
"Xvid Video Codec 1.3.2" = Xvid Video Codec
"Zynga Toolbar" = Zynga Toolbar
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Game Organizer" = EasyBits GO
"Google Chrome" = Google Chrome
"Move Media Player" = Move Media Player
"Winamp Detect" = Winamp Erkennungs-Plug-in
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.06.2013 13:47:14 | Computer Name = The-Swan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RCT3plus.exe, Version: 3.2.8.13,
Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0xf0ddc870 ID des fehlerhaften
Prozesses: 0x468 Startzeit der fehlerhaften Anwendung: 0x01ce647033b37dad Pfad der
fehlerhaften Anwendung: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Pfad
des fehlerhaften Moduls: unknown Berichtskennung: 73e3bf43-d063-11e2-9bec-6cf04971fefe
Error - 08.06.2013 14:07:31 | Computer Name = The-Swan | Source = VSS | ID = 8194
Description =
Error - 08.06.2013 15:56:58 | Computer Name = The-Swan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RCT3plus.exe, Version: 3.2.8.13,
Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: RCT3plus.exe, Version: 3.2.8.13,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0018fd9b ID des fehlerhaften
Prozesses: 0x7e8 Startzeit der fehlerhaften Anwendung: 0x01ce64791bad512a Pfad der
fehlerhaften Anwendung: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Berichtskennung:
938439f5-d075-11e2-9bec-6cf04971fefe
Error - 08.06.2013 16:03:12 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description =
Error - 08.06.2013 16:06:26 | Computer Name = The-Swan | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RCT3plus.exe, Version: 3.2.8.13,
Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: RCT3plus.exe, Version: 3.2.8.13,
Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0018fd9b ID des fehlerhaften
Prozesses: 0x14d4 Startzeit der fehlerhaften Anwendung: 0x01ce648270050e4c Pfad der
fehlerhaften Anwendung: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Pfad
des fehlerhaften Moduls: C:\Program Files\Atari\RollerCoaster Tycoon 3\RCT3plus.exe
Berichtskennung:
e5fa6aea-d076-11e2-9bec-6cf04971fefe
Error - 09.06.2013 07:51:28 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description =
Error - 09.06.2013 08:54:33 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description =
Error - 09.06.2013 10:08:16 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description =
Error - 09.06.2013 10:09:03 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description =
Error - 09.06.2013 10:09:07 | Computer Name = The-Swan | Source = Chrome | ID = 1
Description =
[ System Events ]
Error - 08.06.2013 20:09:36 | Computer Name = The-Swan | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Media Player-Netzwerkfreigabedienst erreicht.
Error - 08.06.2013 20:09:36 | Computer Name = The-Swan | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Media Player-Netzwerkfreigabedienst" wurde aufgrund
folgenden Fehlers nicht gestartet: %%1053
Error - 08.06.2013 21:30:39 | Computer Name = The-Swan | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 08.06.2013 21:30:39 | Computer Name = The-Swan | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 08.06.2013 21:30:39 | Computer Name = The-Swan | Source = DCOM | ID = 10005
Description =
Error - 08.06.2013 21:31:36 | Computer Name = The-Swan | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 09.06.2013 10:15:34 | Computer Name = The-Swan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?06.?2013 um 16:14:20 unerwartet heruntergefahren.
Error - 09.06.2013 10:15:39 | Computer Name = THE-SWAN | Source = BugCheck | ID = 1001
Description =
Error - 09.06.2013 10:26:02 | Computer Name = The-Swan | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?06.?2013 um 16:24:24 unerwartet heruntergefahren.
Error - 09.06.2013 10:26:07 | Computer Name = THE-SWAN | Source = BugCheck | ID = 1001
Description =
< End of report >
gmer Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-06-09 17:46:19
Windows 6.1.7601 Service Pack 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-6 SAMSUNG_HD503HI rev.1AJ100E4 465,76GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ANGELI~1\AppData\Local\Temp\fgdcipow.sys
---- System - GMER 2.1 ----
SSDT 97653D36 ZwCreateSection
SSDT 97653D40 ZwRequestWaitReplyPort
SSDT 97653D3B ZwSetContextThread
SSDT 97653D45 ZwSetSecurityObject
SSDT 97653D4A ZwSystemDebugControl
SSDT 97653CD7 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E8FA09 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82EC91F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82ED034C 4 Bytes [36, 3D, 65, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82ED06A8 4 Bytes [40, 3D, 65, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82ED06EC 4 Bytes [3B, 3D, 65, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82ED0768 4 Bytes [45, 3D, 65, 97]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82ED07BC 4 Bytes [4A, 3D, 65, 97]
.text ...
---- User code sections - GMER 2.1 ----
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, D8, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, DB, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, D8, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, D9, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, DA, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, D9, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, DA, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, D8, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, D9, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, DA, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, DB, 5E, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[2772] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, 70, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, 73, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, 70, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, 71, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, 72, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, 71, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, 72, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, 70, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, 71, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, 72, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, 73, 4F, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5296] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, 7C, 49, 00] {SUB [ECX+ECX*2+0x0], BH}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, 7F, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, 7C, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, 7D, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, 7E, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, 7D, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, 7E, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, 7C, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, 7D, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, 7E, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, 7F, 49, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5724] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, C0, 7D, 00] {SUB AL, AL; JGE 0x4}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, C3, 7D, 00] {SUB BL, AL; JGE 0x4}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, C0, 7D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, C1, 7D, 00] {TEST AL, 0xc1; JGE 0x4}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, C2, 7D, 00] {TEST AL, 0xc2; JGE 0x4}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, C1, 7D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, C2, 7D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, C0, 7D, 00] {TEST AL, 0xc0; JGE 0x4}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, C1, 7D, 00] {SUB CL, AL; JGE 0x4}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, C2, 7D, 00] {SUB DL, AL; JGE 0x4}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, C3, 7D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5772] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, BC, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, BF, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, BC, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, BD, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, BE, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, BD, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, BE, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, BC, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, BD, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, BE, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, BF, C3, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5844] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, 24, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, 27, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, 24, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, 25, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, 26, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, 25, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, 26, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, 24, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, 25, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, 26, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, 27, 3D, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5884] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, 18, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, 1B, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, 18, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, 19, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, 1A, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, 19, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, 1A, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, 18, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, 19, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, 1A, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, 1B, AB, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5896] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, F4, B6, 00] {SUB AH, DH; MOV DH, 0x0}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, F7, B6, 00] {SUB BH, DH; MOV DH, 0x0}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, F4, B6, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, F5, B6, 00] {TEST AL, 0xf5; MOV DH, 0x0}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, F6, B6, 00] {TEST AL, 0xf6; MOV DH, 0x0}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, F5, B6, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, F6, B6, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, F4, B6, 00] {TEST AL, 0xf4; MOV DH, 0x0}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, F5, B6, 00] {SUB CH, DH; MOV DH, 0x0}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, F6, B6, 00] {SUB DH, DH; MOV DH, 0x0}
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, F7, B6, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5912] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtCreateFile + 6 77DB55CE 4 Bytes [28, 1C, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtCreateFile + B 77DB55D3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtMapViewOfSection + 6 77DB5C2E 4 Bytes [28, 1F, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtMapViewOfSection + B 77DB5C33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenFile + 6 77DB5CDE 4 Bytes [68, 1C, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenFile + B 77DB5CE3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcess + 6 77DB5D8E 4 Bytes [A8, 1D, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcess + B 77DB5D93 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessToken + B 77DB5DA3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessTokenEx + 6 77DB5DAE 4 Bytes [A8, 1E, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenProcessTokenEx + B 77DB5DB3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThread + 6 77DB5E0E 4 Bytes [68, 1D, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThread + B 77DB5E13 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadToken + 6 77DB5E1E 4 Bytes [68, 1E, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadToken + B 77DB5E23 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtOpenThreadTokenEx + B 77DB5E33 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryAttributesFile + 6 77DB5F3E 4 Bytes [A8, 1C, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryAttributesFile + B 77DB5F43 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtQueryFullAttributesFile + B 77DB5FF3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationFile + 6 77DB663E 4 Bytes [28, 1D, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationFile + B 77DB6643 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationThread + 6 77DB669E 4 Bytes [28, 1E, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtSetInformationThread + B 77DB66A3 1 Byte [E2]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtUnmapViewOfSection + 6 77DB69BE 4 Bytes [68, 1F, 41, 00]
.text C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe[5924] ntdll.dll!NtUnmapViewOfSection + B 77DB69C3 1 Byte [E2]
---- Devices - GMER 2.1 ----
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0015832e74b5
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0015832e74b5 (not active ControlSet)
---- EOF - GMER 2.1 ----
Wäre um jegliche Hilfe dankbar. |
|
09.06.2013, 17:11
| #2 |
| /// TB-Ausbilder  | win32/small.ca virus entdeckt + blue screen!! Hinweis an Mitlesende !! Dieses Thema und die Anweisungen sind nur für diesen speziellen Fall gedacht. Sie könnten andere Computer schwer beschädigen. Öffnet bitte euer eigenes Thema.  Ich werde dir bei deinem Problem helfen. Die Bereinigung funktioniert nur, wenn du dich an die folgenden Regeln hälst:  Bitte lesen:Regeln für die Bereinigung
Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen
Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
|
09.06.2013, 17:54
| #3 |
| | win32/small.ca virus entdeckt + blue screen Danke für das Willkommen, und die schnelle Hilfe.
__________________Hab alles soweit gemacht, und keine Probleme dabei gehabt. Logs: Adw Cleaner Code:
ATTFilter # AdwCleaner v2.303 - Datei am 09/06/2013 um 18:36:06 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (32 bits)
# Benutzer : *** - THE-SWAN
# Bootmodus : Normal
# Ausgeführt unter : G:\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Program Files\Conduit
Ordner Gelöscht : C:\Program Files\Viewpoint
Ordner Gelöscht : C:\ProgramData\Viewpoint
Ordner Gelöscht : C:\Users\***\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\v8tlj77f.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtl.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AxMetaStream.MetaStreamCtlSecondary.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2438727
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\MetaStream
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{03F998B2-0E00-11D3-A498-00104B6EB52E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components\{1B00725B-C455-4DE6-BFB6-AD540AD427CD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\ViewpointMediaPlayer
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@viewpoint.com/VMP
Schlüssel Gelöscht : HKLM\Software\Viewpoint
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16483
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v3.0.19 (en-US)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\v8tlj77f.default\prefs.js
Gelöscht : user_pref("extensions.asktb.cbid", "QQ");
Gelöscht : user_pref("extensions.asktb.default-channel-url-mask", "hxxp://www.ask.com/web?q={query}&o={o}&l={l}[...]
Gelöscht : user_pref("extensions.asktb.fresh-install", false);
Gelöscht : user_pref("extensions.asktb.l", "dis");
Gelöscht : user_pref("extensions.asktb.last-config-req", "1272755112903");
Gelöscht : user_pref("extensions.asktb.locale", "en_US");
Gelöscht : user_pref("extensions.asktb.o", "16225");
Gelöscht : user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
Gelöscht : user_pref("extensions.asktb.qsrc", "2871");
Gelöscht : user_pref("extensions.asktb.r", "4");
Gelöscht : user_pref("extensions.asktb.search-suggestions-enabled", true);
Gelöscht : user_pref("icqtoolbar.installsource", "1");
Gelöscht : user_pref("icqtoolbar.skip_default_search", "yes");
-\\ Google Chrome v27.0.1453.110
Datei : C:\Users\***\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
-\\ Opera v12.2.1578.0
Datei : C:\Users\***\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [8874 octets] - [09/06/2013 18:36:06]
########## EOF - C:\AdwCleaner[S1].txt - [8934 octets] ##########
DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16483 BrowserJavaVersion: 10.9.2
Run by *** at 18:44:59 on 2013-06-09
#Option MBR scan is disabled.
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.3323.1876 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\IoctlSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
F:\Games\PowerISO\PWRISOVM.EXE
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Users\***\AppData\Local\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\Program Files\Vtune\TBPANEL.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\conhost.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\System32\StikyNot.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\SearchProtocolHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Users\***\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - <orphaned>
BHO: Windows Live Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [Google Update] "c:\users\***\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [AdobeBridge] <no file>
mRun: [NWEReboot] <no file>
StartupFolder: c:\users\angeli~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\produc~1.lnk - c:\users\***\appdata\local\temp\is-1ds3i.tmp\ATR1.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Copy to Semagic - c:\program files\semagic\copy.htm
IE: Semagic - c:\program files\semagic\link.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{46B1D4F9-5B55-4DA4-A35E-500BC5927E31} : DHCPNameServer = 192.168.2.1
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\***\appdata\roaming\mozilla\firefox\profiles\v8tlj77f.default\
FF - prefs.js: browser.search.selectedEngine - IMDb
FF - prefs.js: browser.startup.homepage - hxxp://fanforum.ioff.de/
FF - prefs.js: keyword.URL - hxxp://ws1.appswebservice.com/index.php?tpid=10301&ttid=105&st=
FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_09.dll
FF - plugin: c:\program files\java\jre7\bin\npoji610.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npwachk.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll
FF - plugin: c:\program files\windows live\photo gallery\NPWLPG.dll
FF - plugin: c:\programme\adobe\acrobat 7.0\reader\browser\nppdf32.dll
FF - plugin: c:\programme\divx\divx web player\npdivx32.dll
FF - plugin: c:\programme\quicktime\plugins\npqtplugin.dll
FF - plugin: c:\programme\quicktime\plugins\npqtplugin2.dll
FF - plugin: c:\programme\quicktime\plugins\npqtplugin3.dll
FF - plugin: c:\programme\quicktime\plugins\npqtplugin4.dll
FF - plugin: c:\programme\quicktime\plugins\npqtplugin5.dll
FF - plugin: c:\programme\quicktime\plugins\npqtplugin6.dll
FF - plugin: c:\programme\quicktime\plugins\npqtplugin7.dll
FF - plugin: c:\programme\real\realplayer\netscape6\nppl3260.dll
FF - plugin: c:\programme\real\realplayer\netscape6\nprjplug.dll
FF - plugin: c:\programme\real\realplayer\netscape6\nprpjplug.dll
FF - plugin: c:\users\***\appdata\local\google\update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: c:\users\***\appdata\roaming\move networks\plugins\071802000001\npqmp071802000001.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1165635.dll
FF - plugin: c:\windows\system32\adobe\director\np32dsw_1168638.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_5_502_135.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npwmsdrm.dll
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: FlashGot: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34} - %profile%\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - Ext: Red Cats (blue flavor): {ff356687-aa08-463d-a46c-11c451824939} - %profile%\extensions\{ff356687-aa08-463d-a46c-11c451824939}
FF - Ext: Red Cats (green flavor): {dd30bf68-268a-4815-ad48-8740b774c764} - %profile%\extensions\{dd30bf68-268a-4815-ad48-8740b774c764}
FF - Ext: iFox Graphite: {74b288e6-77b6-41c7-8138-bb81f4539689} - %profile%\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
FF - Ext: iFox Graphite: {74b288e6-77b6-41c7-8138-bb81f4539689} - %profile%\extensions\{74b288e6-77b6-41c7-8138-bb81f4539689}
FF - Ext: iFox: {a81bafeb-b6ed-4501-aa17-15a2b3857e56} - %profile%\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
FF - Ext: iFox: {a81bafeb-b6ed-4501-aa17-15a2b3857e56} - %profile%\extensions\{a81bafeb-b6ed-4501-aa17-15a2b3857e56}
FF - Ext: PitchDark: {c1dffba0-628e-11d9-9669-0800200c9a66} - %profile%\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
FF - Ext: iPox: {c9c58820-7bd4-11da-a72b-0800200c9a66} - %profile%\extensions\{c9c58820-7bd4-11da-a72b-0800200c9a66}
FF - Ext: iFox Smooth: {d3d70bca-2d54-425e-b02c-b7e2f4b07688} - %profile%\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
FF - Ext: iFox Smooth: {d3d70bca-2d54-425e-b02c-b7e2f4b07688} - %profile%\extensions\{d3d70bca-2d54-425e-b02c-b7e2f4b07688}
FF - Ext: Tab Mix Plus: {dc572301-7619-498c-a57d-39143191b318} - %profile%\extensions\{dc572301-7619-498c-a57d-39143191b318}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Session Manager: {1280606b-2510-4fe0-97ef-9b5a22eafe30} - %profile%\extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}
FF - Ext: LiveJournal Hook: {D469DA71-A9C6-48f1-B86E-67313AADB588} - %profile%\extensions\{D469DA71-A9C6-48f1-B86E-67313AADB588}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-8-31 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-8-31 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-8-31 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2010-2-28 83392]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2013-1-18 383264]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2009-3-2 139776]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;c:\program files\dragon age\bin_ship\daupdatersvc.service.exe [2011-12-1 25832]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2011-3-8 15872]
S3 SwitchBoard;SwitchBoard;c:\program files\common files\adobe\switchboard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2011-3-8 52224]
.
=============== Created Last 30 ================
.
2013-06-09 00:58:48 -------- d-----w- c:\users\***\appdata\roaming\QuickScan
2013-06-08 22:22:32 34304 ----a-w- c:\windows\system32\atmlib.dll
2013-06-08 22:22:32 295424 ----a-w- c:\windows\system32\atmfd.dll
2013-06-08 22:16:06 2557728 ----a-w- c:\windows\system32\nvsvcr.dll
2013-06-08 22:13:01 768512 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2013-06-08 22:13:01 420864 ----a-w- c:\windows\system32\vbscript.dll
2013-06-08 22:13:01 149632 ----a-w- c:\program files\internet explorer\sqmapi.dll
2013-06-08 22:13:00 194048 ----a-w- c:\program files\internet explorer\IEShims.dll
2013-06-08 22:09:07 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-06-08 22:09:07 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-06-08 22:09:07 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-06-08 22:08:24 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-06-08 22:08:24 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-06-08 22:08:24 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-06-08 22:08:23 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-06-08 22:08:23 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-06-08 22:08:22 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-06-08 22:08:22 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-06-08 22:06:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-08 21:59:59 69632 ----a-w- c:\windows\system32\smss.exe
2013-06-08 21:58:48 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-06-08 21:55:25 47104 ----a-w- c:\windows\system32\appinfo.dll
2013-06-08 21:55:25 1796096 ----a-w- c:\windows\system32\authui.dll
2013-06-08 21:55:25 101720 ----a-w- c:\windows\system32\consent.exe
2013-06-08 18:10:43 -------- d-----w- c:\users\***\appdata\roaming\Atari
2013-06-06 21:22:53 -------- d-----w- c:\program files\Atari
.
==================== Find3M ====================
.
2013-06-01 08:24:47 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-01 08:24:46 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-04-13 04:45:16 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45:29 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18:40 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18:40 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14:06 2347520 ----a-w- c:\windows\system32\win32k.sys
2013-04-04 22:11:34 1800704 ----a-w- c:\windows\system32\jscript9.dll
2013-04-04 22:02:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-04 22:02:17 1129472 ----a-w- c:\windows\system32\wininet.dll
2013-04-04 21:58:51 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-19 05:04:13 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-03-19 05:04:10 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 04:53:27 186368 ----a-w- c:\windows\system32\wwansvc.dll
2013-03-19 04:48:45 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 03:33:33 40960 ----a-w- c:\windows\system32\wwanprotdim.dll
.
============= FINISH: 18:46:03,31 ===============
--- --- --- Attach Code:
ATTFilter .
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Ultimate
Boot Device: \Device\HarddiskVolume3
Install Date: 27.02.2010 22:00:50
System Uptime: 09.06.2013 18:38:57 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. | | P55M-UD2
Processor: Intel(R) Core(TM) i5 CPU 750 @ 2.67GHz | Socket 1156 | 2368/133mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 171 GiB total, 31,422 GiB free.
D: is FIXED (NTFS) - 69 GiB total, 19,576 GiB free.
E: is FIXED (NTFS) - 80 GiB total, 22,147 GiB free.
F: is FIXED (NTFS) - 295 GiB total, 14,462 GiB free.
G: is FIXED (NTFS) - 373 GiB total, 42,3 GiB free.
H: is FIXED (FAT32) - 466 GiB total, 46,491 GiB free.
I: is Removable
J: is CDROM (CDFS)
K: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP91: 06.06.2013 23:29:42 - DirectX wurde installiert
RP93: 08.06.2013 20:07:34 - DirectX wurde installiert
RP94: 09.06.2013 00:00:25 - Windows Update
RP95: 09.06.2013 01:04:30 - Windows Update
RP96: 09.06.2013 18:19:54 - Removed Java(TM) 6 Update 24
.
==== Installed Programs ======================
.
ACDSee Classic
Adobe AIR
Adobe Community Help
Adobe Flash Player 10 ActiveX
Adobe Flash Player 11 Plugin
Adobe Media Player
Adobe Photoshop CS
Adobe Photoshop CS5
Adobe Shockwave Player 11.6
AIM
Amazon MP3-Downloader 1.0.5
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Avira Free Antivirus
Badaboom 1.2.0.87
Bonjour
CDex - Open Source Digital Audio CD Extractor
CDisplay 1.8
Click to Call with Skype
Creative DVD Audio Plugin for Audigy Series
Dragon Age II
Dragon Age: Origins
EasyBits GO
EVEREST Ultimate Edition v5.50
Google Chrome
Google Talk (remove only)
HiJackThis
HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
HP Deskjet 1000 J110 series Hilfe
HP Update
InterActual Player
InterVideo WinDVD 7
iTunes
Java 7 Update 9
Java Auto Updater
JavaFX 2.1.1
JDownloader
K-Lite Codec Pack 8.8.0 (Full)
Last.fm Scrobbler 2.1.33
LJ Comment Stats Wizard 1.7
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft IntelliPoint 8.2
Microsoft Silverlight
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Microsoft_VC80_ATL_x86
Microsoft_VC80_CRT_x86
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFCLOC_x86
Microsoft_VC90_ATL_x86
Microsoft_VC90_CRT_x86
Microsoft_VC90_MFC_x86
Move Media Player
Mozilla Firefox (3.0.19)
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Nero 7 Essentials
neroxml
NVIDIA 3D Vision Treiber 311.06
NVIDIA Display Control Panel
NVIDIA Grafiktreiber 311.06
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Stereoscopic 3D Driver
NVIDIA Systemsteuerung 311.06
NVIDIA Update 1.11.3
NVIDIA Update Components
Opera 12.02
PDF Settings CS5
PhotoScape
Pidgin
PowerISO
PVSonyDll
QuickTime
RollerCoaster Tycoon 3
Semagic (remove only)
Skype™ 5.10
Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
swMSM
VLC media player 1.1.11
Vtune 7.6
Winamp
Winamp Erkennungs-Plug-in
Windows Live-Uploadtool
Windows Live Anmelde-Assistent
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Fotogalerie
Windows Live Messenger
Windows Live Movie Maker
Windows Live Sync
WinRAR archiver
Xvid Video Codec
.
==== End Of File ===========================
|
|
09.06.2013, 17:58
| #4 |
| /// TB-Ausbilder | win32/small.ca virus entdeckt + blue screen Also hier sieht man nichts... Hinweis: Der Scan kann sehr lange (einige Stunden) dauern! 
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
09.06.2013, 21:19
| #5 |
| | win32/small.ca virus entdeckt + blue screen Nach 3 stündigem Scan konnte kein Threat entdeckt werden. |
|
10.06.2013, 21:33
| #6 |
| /// TB-Ausbilder | win32/small.ca virus entdeckt + blue screen Prima!  Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Schritt 2: ESET deinstallieren (Optional)
Abschließend noch Tipps zu folgenden Themen:
Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
 Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ --> win32/small.ca virus entdeckt + blue screen |
|
10.06.2013, 22:33
| #7 |
| | win32/small.ca virus entdeckt + blue screen Danke für die Hilfe!  Ich hab bisher Avira benutzt, werde aber zu Avast wechseln. Eine Frage hätt ich noch. Und zwar hat sich delfix bei "Stelle die Systemeinstellungen wieder her" aufgehängt. Ich hab einige Zeit gewartet, aber es hat sich nichts getan, weswegen ich dann abbrechen musste. Könnte das schlimme Auswirkungen haben oder sollte ich mir da keine Gedanken machen? |
|
11.06.2013, 12:56
| #8 |
| /// TB-Ausbilder | win32/small.ca virus entdeckt + blue screen Nein das Werkzeug setzt nur ein paar Einstellungen die während der Bereinigung gemacht wurden zurück.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
11.06.2013, 13:10
| #9 |
| | win32/small.ca virus entdeckt + blue screen Okay, danke. Ich schätze das war's dann auch schon. Pc läuft wieder einwandfrei, keine blue screen probs mehr. (so weit ich's sagen kann) von daher... herzlichen Dank für die prompte Hilfe! |
|
11.06.2013, 17:32
| #10 |
| /// TB-Ausbilder | win32/small.ca virus entdeckt + blue screen Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: Lob, Kritik und Wünsche - Trojaner-Board
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu win32/small.ca virus entdeckt + blue screen |
| adblock, antivir, autorun, avira, bho, bonjour, defender, desktop, error, fehlermeldung, firefox, flash player, format, google, hijack, install.exe, logfile, ntdll.dll, plug-in, poweriso, registry, rundll, security, software, svchost.exe, udp, updates, virus, windows, windows updates, wrapper |
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
