![]() |
|
Plagegeister aller Art und deren Bekämpfung: Polizeivirus ÖsterreichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() | ![]() Polizeivirus Österreich Hallo liebes Forum-Team! Ich habe mir leider den Polizei-Virus Österreich-Variante eingefangen. Habe leider kein Screen-Shot gemacht konnte aber eine Viren-Datei isolieren. War die Variante mit der Webcam und man soll 100 Euro bezahlen damit der Rechner wieder aufgemacht wird. Verwende Windows 7 32-Bit Version, Virensoftware ist Bullguard. Habe ich gleich auch rüberfahren lassen, fand aber diese Datei nicht als Bedrohung. Nur einige Cookies. Heute hat er mir diese Datei angezeigt und in Quarantäne gestellt. Habe aber leider keine Ahnung was dieser Virus noch so alles geändert hat. Also hier sind mal diese Log-Dateien: Anhang 46930 Code:
ATTFilter OTL logfile created on: 11/26/2012 9:26:48 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Monti23-7\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 42.79% Memory free 5.98 Gb Paging File | 4.07 Gb Available in Paging File | 68.03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 1356.17 Gb Total Space | 1047.43 Gb Free Space | 77.23% Space Free | Partition Type: NTFS Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS Drive E: | 5.41 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF Computer Name: MONTI23-7-PC | User Name: Monti23-7 | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/11/26 20:58:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe PRC - [2012/11/25 23:31:07 | 000,178,528 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe PRC - [2012/11/25 23:30:25 | 000,321,376 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe PRC - [2012/11/25 23:26:51 | 000,304,480 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe PRC - [2012/10/31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe PRC - [2011/10/14 03:31:00 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2011/10/14 03:30:34 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2011/08/04 16:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE PRC - [2011/04/08 15:44:21 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe PRC - [2011/03/14 18:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011/01/20 17:38:20 | 000,174,064 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010/11/07 10:22:00 | 000,286,720 | ---- | M] (Babylon Ltd.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe PRC - [2010/05/21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010/05/21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe ========== Modules (No Company Name) ========== MOD - [2012/11/25 23:31:47 | 000,023,680 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\res\de\BackupShellNamespaceRes.dll MOD - [2012/11/25 23:31:34 | 000,073,568 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll MOD - [2012/11/25 23:30:13 | 000,450,400 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll MOD - [2012/11/18 11:28:21 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll MOD - [2012/11/18 11:27:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll MOD - [2012/11/18 11:26:05 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll MOD - [2012/11/18 11:13:35 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll MOD - [2012/11/18 11:13:25 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll MOD - [2012/11/18 11:13:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll MOD - [2012/11/18 11:13:19 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll MOD - [2012/11/18 11:13:19 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll MOD - [2012/11/18 11:13:09 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll MOD - [2012/11/17 03:44:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll MOD - [2012/11/17 03:44:41 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll MOD - [2012/11/17 03:44:38 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll MOD - [2012/11/17 03:44:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll MOD - [2012/11/17 03:44:17 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll MOD - [2012/11/17 03:44:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll MOD - [2012/11/17 03:44:12 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012/11/17 03:43:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012/11/02 22:12:13 | 000,189,952 | ---- | M] () -- C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromePI.dll MOD - [2012/10/31 23:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll MOD - [2012/10/31 23:15:04 | 012,455,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll MOD - [2012/10/31 23:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll MOD - [2012/10/31 23:13:47 | 000,587,288 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\libglesv2.dll MOD - [2012/10/31 23:13:46 | 000,123,928 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\libegl.dll MOD - [2012/10/31 23:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avutil-51.dll MOD - [2012/10/31 23:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avformat-54.dll MOD - [2012/10/31 23:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll MOD - [2012/02/17 19:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll MOD - [2011/10/13 15:01:00 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll MOD - [2011/06/17 10:51:53 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll MOD - [2010/05/12 14:13:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ========== Services (SafeList) ========== SRV - [2012/11/26 12:12:22 | 000,398,688 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy) SRV - [2012/11/26 12:12:20 | 000,218,976 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain) SRV - [2012/11/25 23:31:37 | 000,060,256 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup) SRV - [2012/11/25 23:31:07 | 000,178,528 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner) SRV - [2012/11/25 23:31:05 | 000,227,168 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan) SRV - [2012/11/25 23:30:25 | 000,321,376 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan) SRV - [2012/11/25 23:26:51 | 000,304,480 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate) SRV - [2012/11/01 20:31:20 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/04/10 00:16:29 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/10/14 03:30:34 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2010/12/01 18:38:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) ========== Driver Services (SafeList) ========== DRV - [2012/11/25 23:31:47 | 000,020,040 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver) DRV - [2012/11/25 23:31:16 | 000,216,136 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\NSKernel.sys -- (NovaShieldFilterDriver) DRV - [2012/11/25 23:30:49 | 000,308,296 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos) DRV - [2011/10/18 00:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2011/10/14 04:36:14 | 008,852,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2011/10/14 02:52:32 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2011/04/11 14:32:31 | 000,061,152 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\System32\drivers\BdSpy.sys -- (BdSpy) DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/05 03:13:10 | 000,602,728 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010/05/06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010/04/27 17:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc) DRV - [2010/04/27 17:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub) DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a06ed3ee000000000000485d6019665d&tlver=1.4.19.19&ss=1&affID=17395 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKCU\..\SearchScopes,DefaultScope = {4B90DA04-78FE-41DC-867E-8CD2C5E65D0D} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a06ed3ee000000000000485d6019665d&tlver=1.4.19.19&ss=1&affID=17395 IE - HKCU\..\SearchScopes\{4B90DA04-78FE-41DC-867E-8CD2C5E65D0D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/08 15:44:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2012/11/25 23:37:49 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2012/11/25 23:37:48 | 000,000,000 | ---D | M] [2011/04/08 15:41:41 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit) (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - Extension: YouTube = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Babylon Translator = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\ CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\ CHR - Extension: Google Mail = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.) O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.) O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TaskTray] File not found O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation) O4 - Startup: C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation) O4 - Startup: C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/11/26 20:58:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe [2012/11/25 23:32:19 | 000,308,296 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys [2012/11/25 23:31:54 | 000,100,216 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll [2012/11/25 23:31:54 | 000,054,624 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2012/11/25 23:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd [2012/11/25 21:46:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe [2012/11/08 00:10:54 | 000,000,000 | ---D | C] -- C:\Users\Monti23-7\Documents\My Games ========== Files - Modified Within 30 Days ========== [2012/11/26 21:26:17 | 000,000,000 | ---- | M] () -- C:\Users\Monti23-7\defogger_reenable [2012/11/26 21:20:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012/11/26 21:19:54 | 000,302,592 | ---- | M] () -- C:\Users\Monti23-7\Desktop\fhguvvlq.exe [2012/11/26 20:58:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe [2012/11/26 20:58:24 | 000,050,477 | ---- | M] () -- C:\Users\Monti23-7\Desktop\Defogger.exe [2012/11/26 20:51:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012/11/26 20:29:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/11/26 20:15:06 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/11/26 20:15:06 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/11/26 20:11:10 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012/11/26 20:11:10 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012/11/26 20:11:10 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012/11/26 20:11:10 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012/11/26 20:08:27 | 000,000,512 | ---- | M] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD [2012/11/26 20:06:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/11/26 20:06:22 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012/11/25 23:31:47 | 000,020,040 | ---- | M] (NovaShield, Inc.) -- C:\Windows\System32\drivers\NSNetmon.sys [2012/11/25 23:31:37 | 000,054,624 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2012/11/25 23:31:33 | 000,100,216 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll [2012/11/25 23:31:16 | 000,216,136 | ---- | M] (NovaShield, Inc.) -- C:\Windows\System32\drivers\NSKernel.sys [2012/11/25 23:30:49 | 000,308,296 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys [2012/11/25 21:49:25 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012/11/25 21:46:19 | 000,000,792 | ---- | M] () -- C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/11/17 03:43:09 | 000,405,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012/11/07 21:19:33 | 000,000,216 | ---- | M] () -- C:\Users\Monti23-7\Desktop\XCOM Enemy Unknown.url [2012/11/07 20:33:09 | 000,002,775 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk ========== Files Created - No Company Name ========== [2012/11/26 21:26:17 | 000,000,000 | ---- | C] () -- C:\Users\Monti23-7\defogger_reenable [2012/11/26 21:19:52 | 000,302,592 | ---- | C] () -- C:\Users\Monti23-7\Desktop\fhguvvlq.exe [2012/11/26 20:58:22 | 000,050,477 | ---- | C] () -- C:\Users\Monti23-7\Desktop\Defogger.exe [2012/11/26 20:08:27 | 000,000,512 | ---- | C] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD [2012/11/25 21:46:19 | 000,000,792 | ---- | C] () -- C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk [2012/11/25 21:46:18 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012/11/17 03:02:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/17 03:02:00 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/11/07 21:19:33 | 000,000,216 | ---- | C] () -- C:\Users\Monti23-7\Desktop\XCOM Enemy Unknown.url [2012/06/04 21:35:09 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012/06/04 21:35:09 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012/06/04 21:35:08 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012/06/04 21:35:08 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2012/05/30 17:54:32 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT [2012/02/01 18:33:38 | 000,491,520 | ---- | C] () -- C:\Windows\System32\xvid.dll [2011/10/13 14:53:18 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll [2011/10/13 14:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll [2011/07/25 23:22:30 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/07/21 14:45:34 | 000,000,000 | ---- | C] () -- C:\Users\Monti23-7\AppData\Local\{5A8C793E-48C2-4D39-A1FC-75CD8ABCBDE9} [2011/06/17 10:57:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini [2011/06/17 10:57:16 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat [2011/06/17 10:57:16 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2011/06/17 10:57:16 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2011/06/17 10:57:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat [2011/06/17 10:57:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2011/06/17 10:57:16 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2011/06/17 10:57:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2011/06/17 10:57:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2011/06/17 10:57:16 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2011/06/17 10:57:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2011/06/17 10:57:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2011/06/17 10:57:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2011/06/17 10:57:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2011/06/17 10:57:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2011/06/17 10:57:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2011/06/17 10:57:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2011/06/17 10:57:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2011/06/17 10:57:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2011/03/27 23:42:34 | 000,000,237 | ---- | C] () -- C:\Windows\RomeTW.ini ========== ZeroAccess Check ========== [2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011/02/27 20:01:12 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\BullGuard [2012/05/09 21:09:34 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\Canon [2011/07/25 22:17:49 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\CD-LabelPrint [2010/12/15 19:20:35 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\OpenOffice.org [2011/02/27 20:01:12 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\Software Inspection Library [2011/03/23 19:59:53 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\The Creative Assembly [2010/12/12 00:09:15 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\TS3Client ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-11-26 21:56:17 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.51.0 Running: fhguvvlq.exe; Driver: C:\Users\MONTI2~1\AppData\Local\Temp\pwdiruoc.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82C3EA49 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82C784D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x91826000, 0x3B80E5, 0xE8000020] ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Real\RealPlayer\Update\realsched.exe[368] kernel32.dll!SetUnhandledExceptionFilter 7769F4FB 5 Bytes [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtCreateFile + 6 77A355CE 4 Bytes [28, 98, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtCreateFile + B 77A355D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + 6 77A35C2E 4 Bytes [28, 9B, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + B 77A35C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenFile + 6 77A35CDE 4 Bytes [68, 98, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenFile + B 77A35CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcess + 6 77A35D8E 4 Bytes [A8, 99, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcess + B 77A35D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessToken + B 77A35DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessTokenEx + 6 77A35DAE 4 Bytes [A8, 9A, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessTokenEx + B 77A35DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThread + 6 77A35E0E 4 Bytes [68, 99, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThread + B 77A35E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadToken + 6 77A35E1E 4 Bytes [68, 9A, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadToken + B 77A35E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadTokenEx + B 77A35E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryAttributesFile + 6 77A35F3E 4 Bytes [A8, 98, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryAttributesFile + B 77A35F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryFullAttributesFile + B 77A35FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationFile + 6 77A3663E 4 Bytes [28, 99, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationFile + B 77A36643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationThread + 6 77A3669E 4 Bytes [28, 9A, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationThread + B 77A366A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + 6 77A369BE 4 Bytes [68, 9B, C3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + B 77A369C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtCreateFile + 6 77A355CE 4 Bytes [28, 88, 12, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtCreateFile + B 77A355D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtMapViewOfSection + 6 77A35C2E 4 Bytes [28, 8B, 12, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtMapViewOfSection + B 77A35C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenFile + 6 77A35CDE 4 Bytes [68, 88, 12, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenFile + B 77A35CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcess + 6 77A35D8E 4 Bytes [A8, 89, 12, 00] {TEST AL, 0x89; ADC AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcess + B 77A35D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcessToken + B 77A35DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcessTokenEx + 6 77A35DAE 4 Bytes [A8, 8A, 12, 00] {TEST AL, 0x8a; ADC AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcessTokenEx + B 77A35DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThread + 6 77A35E0E 4 Bytes [68, 89, 12, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThread + B 77A35E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThreadToken + 6 77A35E1E 4 Bytes [68, 8A, 12, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThreadToken + B 77A35E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThreadTokenEx + B 77A35E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtQueryAttributesFile + 6 77A35F3E 4 Bytes [A8, 88, 12, 00] {TEST AL, 0x88; ADC AL, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtQueryAttributesFile + B 77A35F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtQueryFullAttributesFile + B 77A35FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationFile + 6 77A3663E 4 Bytes [28, 89, 12, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationFile + B 77A36643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationThread + 6 77A3669E 4 Bytes [28, 8A, 12, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationThread + B 77A366A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtUnmapViewOfSection + 6 77A369BE 4 Bytes [68, 8B, 12, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtUnmapViewOfSection + B 77A369C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtCreateFile + 6 77A355CE 4 Bytes [28, 5C, 8E, 00] {SUB [ESI+ECX*4+0x0], BL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtCreateFile + B 77A355D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtMapViewOfSection + 6 77A35C2E 4 Bytes [28, 5F, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtMapViewOfSection + B 77A35C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenFile + 6 77A35CDE 4 Bytes [68, 5C, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenFile + B 77A35CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcess + 6 77A35D8E 4 Bytes [A8, 5D, 8E, 00] {TEST AL, 0x5d; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcess + B 77A35D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcessToken + B 77A35DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcessTokenEx + 6 77A35DAE 4 Bytes [A8, 5E, 8E, 00] {TEST AL, 0x5e; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcessTokenEx + B 77A35DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThread + 6 77A35E0E 4 Bytes [68, 5D, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThread + B 77A35E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThreadToken + 6 77A35E1E 4 Bytes [68, 5E, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThreadToken + B 77A35E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThreadTokenEx + B 77A35E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtQueryAttributesFile + 6 77A35F3E 4 Bytes [A8, 5C, 8E, 00] {TEST AL, 0x5c; MOV ES, [EAX]} .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtQueryAttributesFile + B 77A35F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtQueryFullAttributesFile + B 77A35FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationFile + 6 77A3663E 4 Bytes [28, 5D, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationFile + B 77A36643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationThread + 6 77A3669E 4 Bytes [28, 5E, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationThread + B 77A366A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtUnmapViewOfSection + 6 77A369BE 4 Bytes [68, 5F, 8E, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtUnmapViewOfSection + B 77A369C3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + 6 77A355CE 4 Bytes [28, E0, D3, 00] {SUB AL, AH; ROL DWORD [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + B 77A355D3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + 6 77A35C2E 4 Bytes [28, E3, D3, 00] {SUB BL, AH; ROL DWORD [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + B 77A35C33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + 6 77A35CDE 4 Bytes [68, E0, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + B 77A35CE3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + 6 77A35D8E 4 Bytes [A8, E1, D3, 00] {TEST AL, 0xe1; ROL DWORD [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + B 77A35D93 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessToken + B 77A35DA3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + 6 77A35DAE 4 Bytes [A8, E2, D3, 00] {TEST AL, 0xe2; ROL DWORD [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + B 77A35DB3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + 6 77A35E0E 4 Bytes [68, E1, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + B 77A35E13 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + 6 77A35E1E 4 Bytes [68, E2, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + B 77A35E23 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadTokenEx + B 77A35E33 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + 6 77A35F3E 4 Bytes [A8, E0, D3, 00] {TEST AL, 0xe0; ROL DWORD [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + B 77A35F43 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryFullAttributesFile + B 77A35FF3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + 6 77A3663E 4 Bytes [28, E1, D3, 00] {SUB CL, AH; ROL DWORD [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + B 77A36643 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + 6 77A3669E 4 Bytes [28, E2, D3, 00] {SUB DL, AH; ROL DWORD [EAX], CL} .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + B 77A366A3 1 Byte [E2] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + 6 77A369BE 4 Bytes [68, E3, D3, 00] .text C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + B 77A369C3 1 Byte [E2] ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000045 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Tcp NSNetmon.sys (NovaShield Kernel Module /NovaShield, Inc.) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume5 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\tdx \Device\Udp NSNetmon.sys (NovaShield Kernel Module /NovaShield, Inc.) AttachedDevice \Driver\tdx \Device\RawIp NSNetmon.sys (NovaShield Kernel Module /NovaShield, Inc.) ---- EOF - GMER 1.0.15 ---- |
Themen zu Polizeivirus Österreich |
adobe, adobe flash player, autorun, babylontoolbar, bho, canon, defender, downloader, euro, explorer, firefox, flash player, format, google, harddisk, home, homepage, logfile, lsass.exe, microsoft, ntdll.dll, object, plug-in, realtek, registry, scan, software, udp, windows |