Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Polizeivirus Österreich

Polizeivirus Österreich


Plagegeister aller Art und deren Bekämpfung: Polizeivirus Österreich

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 26.11.2012, 22:43   #1
Montezuma32
 
Polizeivirus Österreich - Standard

Polizeivirus Österreich


Hallo liebes Forum-Team!


Ich habe mir leider den Polizei-Virus Österreich-Variante eingefangen. Habe leider kein Screen-Shot gemacht konnte aber eine Viren-Datei isolieren. War die Variante mit der Webcam und man soll 100 Euro bezahlen damit der Rechner wieder aufgemacht wird.

Verwende Windows 7 32-Bit Version, Virensoftware ist Bullguard. Habe ich gleich auch rüberfahren lassen, fand aber diese Datei nicht als Bedrohung. Nur einige Cookies. Heute hat er mir diese Datei angezeigt und in Quarantäne gestellt. Habe aber leider keine Ahnung was dieser Virus noch so alles geändert hat.

Also hier sind mal diese Log-Dateien:

Anhang 46930


Code:
ATTFilter
OTL logfile created on: 11/26/2012 9:26:48 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Monti23-7\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2.99 Gb Total Physical Memory | 1.28 Gb Available Physical Memory | 42.79% Memory free
5.98 Gb Paging File | 4.07 Gb Available in Paging File | 68.03% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 1356.17 Gb Total Space | 1047.43 Gb Free Space | 77.23% Space Free | Partition Type: NTFS
Drive D: | 40.00 Gb Total Space | 21.08 Gb Free Space | 52.71% Space Free | Partition Type: NTFS
Drive E: | 5.41 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: UDF
 
Computer Name: MONTI23-7-PC | User Name: Monti23-7 | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/11/26 20:58:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe
PRC - [2012/11/25 23:31:07 | 000,178,528 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe
PRC - [2012/11/25 23:30:25 | 000,321,376 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe
PRC - [2012/11/25 23:26:51 | 000,304,480 | ---- | M] (BullGuard Ltd.) -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe
PRC - [2012/10/31 23:15:08 | 001,242,136 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/10/14 03:31:00 | 000,417,792 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2011/10/14 03:30:34 | 000,176,128 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2011/08/04 16:06:12 | 001,612,920 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011/04/08 15:44:21 | 000,273,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\Update\realsched.exe
PRC - [2011/03/14 18:09:00 | 002,565,520 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011/01/20 17:38:20 | 000,174,064 | ---- | M] (Panasonic Corporation) -- C:\Program Files\Common Files\Panasonic\PHOTOfunSTUDIO AutoStart\AutoStartupService.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/11/07 10:22:00 | 000,286,720 | ---- | M] (Babylon Ltd.) -- C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe
PRC - [2010/05/21 00:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2010/05/21 00:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010/03/04 04:16:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/11/25 23:31:47 | 000,023,680 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\res\de\BackupShellNamespaceRes.dll
MOD - [2012/11/25 23:31:34 | 000,073,568 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\zlib1.dll
MOD - [2012/11/25 23:30:13 | 000,450,400 | ---- | M] () -- C:\Program Files\BullGuard Ltd\BullGuard\LibXml2.dll
MOD - [2012/11/18 11:28:21 | 000,240,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\9f7b241c4cff24e6d0b554efb60aa8be\WindowsFormsIntegration.ni.dll
MOD - [2012/11/18 11:27:21 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\239d84cfdb9de9730c1efb43840ef2eb\System.Core.ni.dll
MOD - [2012/11/18 11:26:05 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\3a7eb7595728baf4078ec5f97b44180c\IAStorUtil.ni.dll
MOD - [2012/11/18 11:13:35 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\7c4de95aa433eb8d81a81caf805947a8\PresentationFramework.Aero.ni.dll
MOD - [2012/11/18 11:13:25 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\03cfab5534482e8fc313ead6edc19100\System.Web.ni.dll
MOD - [2012/11/18 11:13:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\413288993ff690e8251d2dbe32bee01f\System.Runtime.Remoting.ni.dll
MOD - [2012/11/18 11:13:19 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\3d4e9d4f6c945d6d3b7d423fdb6bd274\System.Data.ni.dll
MOD - [2012/11/18 11:13:19 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\4d7a457d9f9adcce4d201119b5179c29\System.Transactions.ni.dll
MOD - [2012/11/18 11:13:09 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\1ec80905a71750be50dfc7981ad5ae28\PresentationFramework.ni.dll
MOD - [2012/11/17 03:44:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012/11/17 03:44:41 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012/11/17 03:44:38 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\53d6d827964619285771ed72332d3659\PresentationCore.ni.dll
MOD - [2012/11/17 03:44:25 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\b311b783e1efaa9527f4c2c9680c44d1\WindowsBase.ni.dll
MOD - [2012/11/17 03:44:17 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012/11/17 03:44:13 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012/11/17 03:44:12 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012/11/17 03:43:53 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012/11/02 22:12:13 | 000,189,952 | ---- | M] () -- C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\BabylonChromePI.dll
MOD - [2012/10/31 23:15:05 | 000,460,312 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
MOD - [2012/10/31 23:15:04 | 012,455,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
MOD - [2012/10/31 23:15:02 | 004,007,448 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
MOD - [2012/10/31 23:13:47 | 000,587,288 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\libglesv2.dll
MOD - [2012/10/31 23:13:46 | 000,123,928 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\libegl.dll
MOD - [2012/10/31 23:13:35 | 000,156,712 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avutil-51.dll
MOD - [2012/10/31 23:13:34 | 000,274,984 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avformat-54.dll
MOD - [2012/10/31 23:13:32 | 002,168,360 | ---- | M] () -- C:\Program Files\Google\Chrome\Application\23.0.1271.64\avcodec-54.dll
MOD - [2012/02/17 19:55:35 | 000,166,912 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
MOD - [2011/10/13 15:01:00 | 000,369,152 | ---- | M] () -- C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll
MOD - [2011/06/17 10:51:53 | 000,296,816 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Data.SqlServerCe\3.5.1.0__89845dcd8080cc91\System.Data.SqlServerCe.dll
MOD - [2010/11/13 01:02:22 | 000,434,176 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010/11/13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/11/05 02:59:41 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll
MOD - [2010/11/05 02:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2010/05/12 14:13:05 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2010/05/04 15:36:28 | 000,970,752 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll
MOD - [2009/11/02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009/06/10 22:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012/11/26 12:12:22 | 000,398,688 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2012/11/26 12:12:20 | 000,218,976 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2012/11/25 23:31:37 | 000,060,256 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup)
SRV - [2012/11/25 23:31:07 | 000,178,528 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2012/11/25 23:31:05 | 000,227,168 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2012/11/25 23:30:25 | 000,321,376 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV - [2012/11/25 23:26:51 | 000,304,480 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2012/11/01 20:31:20 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/07/13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/04/10 00:16:29 | 000,253,600 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2011/10/14 03:30:34 | 000,176,128 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2010/12/01 18:38:57 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010/03/04 04:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/07/24 11:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2012/11/25 23:31:47 | 000,020,040 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV - [2012/11/25 23:31:16 | 000,216,136 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV - [2012/11/25 23:30:49 | 000,308,296 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos)
DRV - [2011/10/18 00:40:44 | 000,085,520 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2011/10/14 04:36:14 | 008,852,992 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2011/10/14 02:52:32 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2011/04/11 14:32:31 | 000,061,152 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\System32\drivers\BdSpy.sys -- (BdSpy)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/05 03:13:10 | 000,602,728 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2010/05/06 10:21:42 | 000,108,560 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010/04/27 17:28:46 | 000,146,568 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2010/04/27 17:27:50 | 000,064,904 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2009/07/14 00:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a06ed3ee000000000000485d6019665d&tlver=1.4.19.19&ss=1&affID=17395
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com
IE - HKCU\..\SearchScopes,DefaultScope = {4B90DA04-78FE-41DC-867E-8CD2C5E65D0D}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}: "URL" = hxxp://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=a06ed3ee000000000000485d6019665d&tlver=1.4.19.19&ss=1&affID=17395
IE - HKCU\..\SearchScopes\{4B90DA04-78FE-41DC-867E-8CD2C5E65D0D}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNA_enDE393
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/04/08 15:44:42 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2012/11/25 23:37:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2012/11/25 23:37:48 | 000,000,000 | ---D | M]
 
[2011/04/08 15:41:41 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=MDNA&bmod=MDNA
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Babylon Chrome Plugin (Enabled) = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.4_0\BabylonChromePI.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.6 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.9 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility for IJ (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Babylon Translator = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhkplhfnhceodhffomolpfigojocbpcb\1.8_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.3\
CHR - Extension: Google Mail = C:\Users\Monti23-7\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009/06/10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll (Babylon Ltd.)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TaskTray]  File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk = C:\ProgramData\lsass.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html File not found
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIE.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\BGLsp.dll (BullGuard Ltd.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{732048A9-7E8D-428F-9AF3-D5BE1F66BC7A}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9A295CD5-A244-421C-A8EF-9E3A343737CB}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/26 20:58:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe
[2012/11/25 23:32:19 | 000,308,296 | ---- | C] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys
[2012/11/25 23:31:54 | 000,100,216 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll
[2012/11/25 23:31:54 | 000,054,624 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll
[2012/11/25 23:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\BullGuard Ltd
[2012/11/25 21:46:17 | 000,044,544 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\lsass.exe
[2012/11/08 00:10:54 | 000,000,000 | ---D | C] -- C:\Users\Monti23-7\Documents\My Games
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/26 21:26:17 | 000,000,000 | ---- | M] () -- C:\Users\Monti23-7\defogger_reenable
[2012/11/26 21:20:00 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/26 21:19:54 | 000,302,592 | ---- | M] () -- C:\Users\Monti23-7\Desktop\fhguvvlq.exe
[2012/11/26 20:58:44 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Monti23-7\Desktop\OTL.exe
[2012/11/26 20:58:24 | 000,050,477 | ---- | M] () -- C:\Users\Monti23-7\Desktop\Defogger.exe
[2012/11/26 20:51:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/26 20:29:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/11/26 20:15:06 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/26 20:15:06 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/26 20:11:10 | 000,653,928 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/11/26 20:11:10 | 000,615,810 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/26 20:11:10 | 000,129,800 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/11/26 20:11:10 | 000,106,190 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/26 20:08:27 | 000,000,512 | ---- | M] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2012/11/26 20:06:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/26 20:06:22 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/25 23:31:47 | 000,020,040 | ---- | M] (NovaShield, Inc.) -- C:\Windows\System32\drivers\NSNetmon.sys
[2012/11/25 23:31:37 | 000,054,624 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll
[2012/11/25 23:31:33 | 000,100,216 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll
[2012/11/25 23:31:16 | 000,216,136 | ---- | M] (NovaShield, Inc.) -- C:\Windows\System32\drivers\NSKernel.sys
[2012/11/25 23:30:49 | 000,308,296 | ---- | M] (BitDefender S.R.L.) -- C:\Windows\System32\drivers\Trufos.sys
[2012/11/25 21:49:25 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/11/25 21:46:19 | 000,000,792 | ---- | M] () -- C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/11/17 03:43:09 | 000,405,144 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/11/07 21:19:33 | 000,000,216 | ---- | M] () -- C:\Users\Monti23-7\Desktop\XCOM Enemy Unknown.url
[2012/11/07 20:33:09 | 000,002,775 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
 
========== Files Created - No Company Name ==========
 
[2012/11/26 21:26:17 | 000,000,000 | ---- | C] () -- C:\Users\Monti23-7\defogger_reenable
[2012/11/26 21:19:52 | 000,302,592 | ---- | C] () -- C:\Users\Monti23-7\Desktop\fhguvvlq.exe
[2012/11/26 20:58:22 | 000,050,477 | ---- | C] () -- C:\Users\Monti23-7\Desktop\Defogger.exe
[2012/11/26 20:08:27 | 000,000,512 | ---- | C] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
[2012/11/25 21:46:19 | 000,000,792 | ---- | C] () -- C:\Users\Monti23-7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
[2012/11/25 21:46:18 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012/11/17 03:02:56 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/17 03:02:00 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/07 21:19:33 | 000,000,216 | ---- | C] () -- C:\Users\Monti23-7\Desktop\XCOM Enemy Unknown.url
[2012/06/04 21:35:09 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012/06/04 21:35:09 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012/06/04 21:35:08 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012/06/04 21:35:08 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012/05/30 17:54:32 | 000,272,629 | ---- | C] () -- C:\Windows\System32\drivers\RTAIODAT.DAT
[2012/02/01 18:33:38 | 000,491,520 | ---- | C] () -- C:\Windows\System32\xvid.dll
[2011/10/13 14:53:18 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OpenVideo.dll
[2011/10/13 14:53:02 | 000,056,832 | ---- | C] () -- C:\Windows\System32\OVDecoder.dll
[2011/07/25 23:22:30 | 000,000,900 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011/07/21 14:45:34 | 000,000,000 | ---- | C] () -- C:\Users\Monti23-7\AppData\Local\{5A8C793E-48C2-4D39-A1FC-75CD8ABCBDE9}
[2011/06/17 10:57:17 | 000,000,097 | ---- | C] () -- C:\Windows\System32\PICSDK.ini
[2011/06/17 10:57:16 | 000,111,932 | ---- | C] () -- C:\Windows\System32\EPPICPrinterDB.dat
[2011/06/17 10:57:16 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat
[2011/06/17 10:57:16 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat
[2011/06/17 10:57:16 | 000,026,154 | ---- | C] () -- C:\Windows\System32\EPPICPattern1.dat
[2011/06/17 10:57:16 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat
[2011/06/17 10:57:16 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat
[2011/06/17 10:57:16 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat
[2011/06/17 10:57:16 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat
[2011/06/17 10:57:16 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat
[2011/06/17 10:57:16 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat
[2011/06/17 10:57:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat
[2011/06/17 10:57:16 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat
[2011/06/17 10:57:16 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat
[2011/06/17 10:57:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat
[2011/06/17 10:57:16 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat
[2011/06/17 10:57:16 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat
[2011/06/17 10:57:16 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat
[2011/06/17 10:57:16 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat
[2011/03/27 23:42:34 | 000,000,237 | ---- | C] () -- C:\Windows\RomeTW.ini
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2011/02/27 20:01:12 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\BullGuard
[2012/05/09 21:09:34 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\Canon
[2011/07/25 22:17:49 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\CD-LabelPrint
[2010/12/15 19:20:35 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\OpenOffice.org
[2011/02/27 20:01:12 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\Software Inspection Library
[2011/03/23 19:59:53 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\The Creative Assembly
[2010/12/12 00:09:15 | 000,000,000 | ---D | M] -- C:\Users\Monti23-7\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 

< End of report >
Anhang 46931

Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-26 21:56:17
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD15 rev.51.0
Running: fhguvvlq.exe; Driver: C:\Users\MONTI2~1\AppData\Local\Temp\pwdiruoc.sys


---- Kernel code sections - GMER 1.0.15 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                             82C3EA49 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                               82C784D2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           C:\Windows\system32\DRIVERS\atikmdag.sys                                                             section is writeable [0x91826000, 0x3B80E5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Real\RealPlayer\Update\realsched.exe[368] kernel32.dll!SetUnhandledExceptionFilter  7769F4FB 5 Bytes  [33, C0, C2, 04, 00] {XOR EAX, EAX; RET 0x4}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtCreateFile + 6               77A355CE 4 Bytes  [28, 98, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtCreateFile + B               77A355D3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + 6         77A35C2E 4 Bytes  [28, 9B, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtMapViewOfSection + B         77A35C33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenFile + 6                 77A35CDE 4 Bytes  [68, 98, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenFile + B                 77A35CE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcess + 6              77A35D8E 4 Bytes  [A8, 99, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcess + B              77A35D93 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessToken + B         77A35DA3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessTokenEx + 6       77A35DAE 4 Bytes  [A8, 9A, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenProcessTokenEx + B       77A35DB3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThread + 6               77A35E0E 4 Bytes  [68, 99, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThread + B               77A35E13 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadToken + 6          77A35E1E 4 Bytes  [68, 9A, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadToken + B          77A35E23 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtOpenThreadTokenEx + B        77A35E33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryAttributesFile + 6      77A35F3E 4 Bytes  [A8, 98, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryAttributesFile + B      77A35F43 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtQueryFullAttributesFile + B  77A35FF3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationFile + 6       77A3663E 4 Bytes  [28, 99, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationFile + B       77A36643 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationThread + 6     77A3669E 4 Bytes  [28, 9A, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtSetInformationThread + B     77A366A3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + 6       77A369BE 4 Bytes  [68, 9B, C3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4476] ntdll.dll!NtUnmapViewOfSection + B       77A369C3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtCreateFile + 6               77A355CE 4 Bytes  [28, 88, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtCreateFile + B               77A355D3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtMapViewOfSection + 6         77A35C2E 4 Bytes  [28, 8B, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtMapViewOfSection + B         77A35C33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenFile + 6                 77A35CDE 4 Bytes  [68, 88, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenFile + B                 77A35CE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcess + 6              77A35D8E 4 Bytes  [A8, 89, 12, 00] {TEST AL, 0x89; ADC AL, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcess + B              77A35D93 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcessToken + B         77A35DA3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcessTokenEx + 6       77A35DAE 4 Bytes  [A8, 8A, 12, 00] {TEST AL, 0x8a; ADC AL, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenProcessTokenEx + B       77A35DB3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThread + 6               77A35E0E 4 Bytes  [68, 89, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThread + B               77A35E13 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThreadToken + 6          77A35E1E 4 Bytes  [68, 8A, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThreadToken + B          77A35E23 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtOpenThreadTokenEx + B        77A35E33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtQueryAttributesFile + 6      77A35F3E 4 Bytes  [A8, 88, 12, 00] {TEST AL, 0x88; ADC AL, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtQueryAttributesFile + B      77A35F43 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtQueryFullAttributesFile + B  77A35FF3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationFile + 6       77A3663E 4 Bytes  [28, 89, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationFile + B       77A36643 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationThread + 6     77A3669E 4 Bytes  [28, 8A, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtSetInformationThread + B     77A366A3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtUnmapViewOfSection + 6       77A369BE 4 Bytes  [68, 8B, 12, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4536] ntdll.dll!NtUnmapViewOfSection + B       77A369C3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtCreateFile + 6               77A355CE 4 Bytes  [28, 5C, 8E, 00] {SUB [ESI+ECX*4+0x0], BL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtCreateFile + B               77A355D3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtMapViewOfSection + 6         77A35C2E 4 Bytes  [28, 5F, 8E, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtMapViewOfSection + B         77A35C33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenFile + 6                 77A35CDE 4 Bytes  [68, 5C, 8E, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenFile + B                 77A35CE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcess + 6              77A35D8E 4 Bytes  [A8, 5D, 8E, 00] {TEST AL, 0x5d; MOV ES, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcess + B              77A35D93 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcessToken + B         77A35DA3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcessTokenEx + 6       77A35DAE 4 Bytes  [A8, 5E, 8E, 00] {TEST AL, 0x5e; MOV ES, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenProcessTokenEx + B       77A35DB3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThread + 6               77A35E0E 4 Bytes  [68, 5D, 8E, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThread + B               77A35E13 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThreadToken + 6          77A35E1E 4 Bytes  [68, 5E, 8E, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThreadToken + B          77A35E23 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtOpenThreadTokenEx + B        77A35E33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtQueryAttributesFile + 6      77A35F3E 4 Bytes  [A8, 5C, 8E, 00] {TEST AL, 0x5c; MOV ES, [EAX]}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtQueryAttributesFile + B      77A35F43 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtQueryFullAttributesFile + B  77A35FF3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationFile + 6       77A3663E 4 Bytes  [28, 5D, 8E, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationFile + B       77A36643 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationThread + 6     77A3669E 4 Bytes  [28, 5E, 8E, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtSetInformationThread + B     77A366A3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtUnmapViewOfSection + 6       77A369BE 4 Bytes  [68, 5F, 8E, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[4548] ntdll.dll!NtUnmapViewOfSection + B       77A369C3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + 6               77A355CE 4 Bytes  [28, E0, D3, 00] {SUB AL, AH; ROL DWORD [EAX], CL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtCreateFile + B               77A355D3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + 6         77A35C2E 4 Bytes  [28, E3, D3, 00] {SUB BL, AH; ROL DWORD [EAX], CL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtMapViewOfSection + B         77A35C33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + 6                 77A35CDE 4 Bytes  [68, E0, D3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenFile + B                 77A35CE3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + 6              77A35D8E 4 Bytes  [A8, E1, D3, 00] {TEST AL, 0xe1; ROL DWORD [EAX], CL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcess + B              77A35D93 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessToken + B         77A35DA3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + 6       77A35DAE 4 Bytes  [A8, E2, D3, 00] {TEST AL, 0xe2; ROL DWORD [EAX], CL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenProcessTokenEx + B       77A35DB3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + 6               77A35E0E 4 Bytes  [68, E1, D3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThread + B               77A35E13 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + 6          77A35E1E 4 Bytes  [68, E2, D3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadToken + B          77A35E23 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtOpenThreadTokenEx + B        77A35E33 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + 6      77A35F3E 4 Bytes  [A8, E0, D3, 00] {TEST AL, 0xe0; ROL DWORD [EAX], CL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryAttributesFile + B      77A35F43 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtQueryFullAttributesFile + B  77A35FF3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + 6       77A3663E 4 Bytes  [28, E1, D3, 00] {SUB CL, AH; ROL DWORD [EAX], CL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationFile + B       77A36643 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + 6     77A3669E 4 Bytes  [28, E2, D3, 00] {SUB DL, AH; ROL DWORD [EAX], CL}
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtSetInformationThread + B     77A366A3 1 Byte  [E2]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + 6       77A369BE 4 Bytes  [68, E3, D3, 00]
.text           C:\Program Files\Google\Chrome\Application\chrome.exe[5168] ntdll.dll!NtUnmapViewOfSection + B       77A369C3 1 Byte  [E2]

---- Devices - GMER 1.0.15 ----

Device          \Driver\ACPI_HAL \Device\00000045                                                                    halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)

AttachedDevice  \Driver\tdx \Device\Tcp                                                                              NSNetmon.sys (NovaShield Kernel Module  /NovaShield, Inc.)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume6                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume7                                                               fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice  \Driver\tdx \Device\Udp                                                                              NSNetmon.sys (NovaShield Kernel Module  /NovaShield, Inc.)
AttachedDevice  \Driver\tdx \Device\RawIp                                                                            NSNetmon.sys (NovaShield Kernel Module  /NovaShield, Inc.)

---- EOF - GMER 1.0.15 ----
Eine Extra.txt hab ich nicht bekommen.

 

Themen zu Polizeivirus Österreich
adobe, adobe flash player, autorun, babylontoolbar, bho, canon, defender, downloader, euro, explorer, firefox, flash player, format, google, harddisk, home, homepage, logfile, lsass.exe, microsoft, ntdll.dll, object, plug-in, realtek, registry, scan, software, udp, windows


« System Progressive Protection (Virus/Wurm) | Windows-Verschlüsselungstrojaner »


Ähnliche Themen: Polizeivirus Österreich


  1. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 10.06.2013 (13)
  2. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (17)
  3. Polizeivirus Österreich
    Alles rund um Windows - 30.03.2013 (1)
  4. Polizeivirus Österreich
    Log-Analyse und Auswertung - 07.02.2013 (9)
  5. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (3)
  6. polizeivirus! österreich
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (10)
  7. Polizeivirus (Österreich)
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (2)
  8. Polizeivirus Österreich, 20.08.12
    Log-Analyse und Auswertung - 05.10.2012 (4)
  9. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 22.09.2012 (23)
  10. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 14.09.2012 (11)
  11. Polizeivirus österreich
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  12. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (4)
  13. Polizeivirus Österreich...
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (14)
  14. Polizeivirus Österreich
    Log-Analyse und Auswertung - 02.09.2012 (13)
  15. Polizeivirus Österreich, 20.08.12
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (2)
  16. Polizeivirus Österreich vom 2.8.12
    Log-Analyse und Auswertung - 16.08.2012 (49)
  17. Polizeivirus Österreich
    Plagegeister aller Art und deren Bekämpfung - 13.08.2012 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Polizeivirus Österreich - Hallo liebes Forum-Team! Ich habe mir leider den Polizei-Virus Österreich-Variante eingefangen. Habe leider kein Screen-Shot gemacht konnte aber eine Viren-Datei isolieren. War die Variante mit der Webcam und man soll - Polizeivirus Österreich...
Archiv
Du betrachtest: Polizeivirus Österreich auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131