| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Virus vermutlich in Skype LinkWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.04.2013, 20:51
| #1 |
 |  Virus vermutlich in Skype Link Hallo Liebes Trojaner Board . Ich habe auf ein Link geklickt und habe mich wahrscheinlich mit einem Virus infiziert . Die Seite die ich geöffnet hatte , ist nichts gekommen. Bitte um Dringende Hilfe MFG |
|
14.04.2013, 01:04
| #2 |
| /// TB-Ausbilder   | Virus vermutlich in Skype Link Hi,
__________________hast du nicht erst gerade dein System neu aufgesetzt weil du ein krummes E-Mail geöffnet hast?  Wenn du deinen Rechner nach Malware untersuchen lassen willst, dann arbeite bitte diese Anleitung ab und poste die entsprechenden Logfiles.
__________________ |
|
15.04.2013, 20:57
| #3 |
| | Virus vermutlich in Skype Link Hallo
__________________Es tut mir leid das ich gestern nicht mehr geantwortet hatte . Hier sind die log Files . Sorry aber OTL hat mir nur eine Datei gegeben . bei gmer2.1.1.19163 kamm am anfang die meldung : C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. Beim Scann kamm diese Meldung wieder . Und Danach kamm die Meldung also beim Scann C:\Users\julian\ntuser.dat Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird. |
|
15.04.2013, 21:08
| #4 |
| /// TB-Ausbilder | Virus vermutlich in Skype Link Die Logfiles bitte nicht anhängen (das erschwert mir das Auswerten massiv), sondern deren Inhalt direkt innerhalb von Codetags einfügen: [code]Inhalt Logfile[/code]. Nur falls die Logs zu gross sind, dann in ein zip-Archiv (nicht rar!) packen und anhängen.
__________________ cheers, Leo |
|
16.04.2013, 07:20
| #5 |
| | Virus vermutlich in Skype LinkCode:
ATTFilter OTL logfile created on: 15.04.2013 21:33:10 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\julian\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,80 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 71,22% Memory free
7,60 Gb Paging File | 6,33 Gb Available in Paging File | 83,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 297,99 Gb Total Space | 272,65 Gb Free Space | 91,50% Space Free | Partition Type: NTFS
Computer Name: JULIAN-PC | User Name: julian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2013.04.14 12:11:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\julian\Desktop\OTL (2).exe
PRC - [2012.08.18 19:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe
PRC - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
========== Modules (No Company Name) ==========
MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.1.0.24\wincfi39.dll
========== Services (SafeList) ==========
SRV - [2013.04.10 08:56:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.08.18 19:03:20 | 000,143,928 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\ccSvcHst.exe -- (N360)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013.04.12 18:12:27 | 000,231,376 | ---- | M] (TrueCrypt Foundation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2013.04.12 18:08:07 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS -- (SymEvent)
DRV:64bit: - [2012.11.22 20:51:26 | 003,831,808 | ---- | M] (Qualcomm Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2012.08.10 19:26:44 | 000,776,352 | R--- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.sys -- (SRTSP)
DRV:64bit: - [2012.08.07 23:18:20 | 001,132,192 | R--- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.sys -- (SymEFA)
DRV:64bit: - [2012.08.06 19:24:46 | 000,168,096 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.sys -- (ccSet_N360)
DRV:64bit: - [2012.07.27 21:25:32 | 000,493,216 | R--- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.sys -- (SymDS)
DRV:64bit: - [2012.07.27 21:05:22 | 000,224,416 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Ironx64.sys -- (SymIRON)
DRV:64bit: - [2012.07.22 19:34:24 | 000,432,800 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnets.sys -- (SymNetS)
DRV:64bit: - [2012.05.24 23:36:56 | 000,037,496 | R--- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.sys -- (SRTSPX)
DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.10 14:28:18 | 012,311,904 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.08.23 05:12:58 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.02.26 23:32:14 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.12.12 01:48:04 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:33 | 000,389,120 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.04.14 16:45:27 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130415.003\ex64.sys -- (NAVEX15)
DRV - [2013.04.14 16:45:27 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130415.003\eng64.sys -- (NAVENG)
DRV - [2013.04.11 15:41:06 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130412.001\IDSviA64.sys -- (IDSVia64)
DRV - [2013.03.22 02:09:06 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64)
DRV - [2012.08.18 03:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl)
DRV - [2012.08.18 03:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,DefaultNetworkProfile = 12815830
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FF 33 AD E8 99 37 CE 01 [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.04.12 18:08:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.04.15 20:50:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.14 00:17:48 | 000,000,000 | ---D | M]
[2013.04.14 00:18:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\julian\AppData\Roaming\mozilla\Extensions
[2013.04.14 00:19:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\julian\AppData\Roaming\mozilla\Firefox\Profiles\56ltp904.default\extensions
[2013.04.14 00:19:00 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\julian\AppData\Roaming\mozilla\firefox\profiles\56ltp904.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2013.04.14 00:18:52 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\julian\AppData\Roaming\mozilla\firefox\profiles\56ltp904.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.14 00:17:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - Extension: Google Docs = C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.1.0.32_0\
CHR - Extension: Bitdefender QuickScan = C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pdnkcidphdcakpkheohlhocaicfamjie\0.9.9.118_0\
CHR - Extension: Google Mail = C:\Users\julian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.1.0.24\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Eraser] C:\Programme\Eraser\Eraser.exe (The Eraser Project)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKCU..\Run: [TrueCrypt] C:\Program Files\TrueCrypt\TrueCrypt.exe (TrueCrypt Foundation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01F18D0A-DAFE-4135-9A93-5D1B88D1F6F0}: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B5833FF-F0BD-44D6-91F9-7632BCBDE04E}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2013.04.15 21:30:53 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Diagnostics
[2013.04.15 21:26:59 | 000,000,000 | ---D | C] -- C:\hijackthis
[2013.04.14 17:06:37 | 000,000,000 | ---D | C] -- C:\Users\julian\Desktop\Trojaner Board
[2013.04.14 16:18:46 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\julian\Desktop\OTL (2).exe
[2013.04.14 16:11:25 | 000,031,232 | ---- | C] (The OpenVPN Project) -- C:\Windows\SysNative\drivers\tap0901.sys
[2013.04.14 01:07:10 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Apache Friends
[2013.04.14 01:07:02 | 000,000,000 | ---D | C] -- C:\xampp
[2013.04.14 00:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.04.14 00:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.04.14 00:17:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.14 00:06:37 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\uTorrent
[2013.04.13 23:43:11 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Mozilla
[2013.04.13 23:43:11 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Mozilla
[2013.04.13 23:34:44 | 000,000,000 | ---D | C] -- C:\Users\julian\Desktop\Tor Browser
[2013.04.13 22:24:02 | 000,000,000 | ---D | C] -- C:\Users\julian\Desktop\mbar
[2013.04.13 22:23:32 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\WinRAR
[2013.04.13 22:23:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.04.13 22:23:29 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2013.04.13 22:23:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinRAR
[2013.04.13 21:43:05 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Malwarebytes
[2013.04.13 21:42:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.13 21:42:46 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.13 21:42:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.13 21:42:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.13 21:42:40 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\QuickScan
[2013.04.13 20:06:09 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Wireshark
[2013.04.13 20:01:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013.04.13 20:01:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinPcap
[2013.04.13 20:01:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wireshark
[2013.04.13 12:33:10 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Process Hacker 2
[2013.04.13 12:32:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
[2013.04.13 12:32:43 | 000,000,000 | ---D | C] -- C:\Program Files\Process Hacker 2
[2013.04.13 00:01:45 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Eraser 6
[2013.04.12 23:58:11 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Wise Registry Cleaner
[2013.04.12 23:57:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Registry Cleaner
[2013.04.12 23:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Wise
[2013.04.12 23:57:44 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Programs
[2013.04.12 23:51:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013.04.12 23:47:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.04.12 23:47:51 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.04.12 23:46:56 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Skype
[2013.04.12 23:46:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.04.12 23:46:31 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.04.12 23:46:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.04.12 23:46:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.04.12 23:45:29 | 000,000,000 | ---D | C] -- C:\Program Files\Eraser
[2013.04.12 23:41:37 | 000,000,000 | R--D | C] -- C:\Sandbox
[2013.04.12 20:57:15 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Vitalwerks
[2013.04.12 20:29:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.04.12 20:29:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.12 20:28:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.04.12 20:14:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.04.12 19:41:01 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.04.12 19:36:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2013.04.12 19:36:43 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Google
[2013.04.12 19:35:18 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Apps
[2013.04.12 19:35:17 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Deployment
[2013.04.12 18:46:07 | 000,000,000 | ---D | C] -- C:\ProgramData\TrueCrypt
[2013.04.12 18:37:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\No-IP
[2013.04.12 18:37:57 | 000,000,000 | ---D | C] -- C:\Users\julian\Desktop\jRAT2.3
[2013.04.12 18:37:56 | 000,000,000 | ---D | C] -- C:\Users\julian\Desktop\jrat 3.2.2
[2013.04.12 18:37:54 | 000,000,000 | ---D | C] -- C:\Users\julian\Desktop\jRAT
[2013.04.12 18:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel
[2013.04.12 18:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel
[2013.04.12 18:17:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs
[2013.04.12 18:17:09 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.04.12 18:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.04.12 18:16:51 | 002,080,120 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll
[2013.04.12 18:16:51 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.04.12 18:16:51 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.04.12 18:16:51 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.04.12 18:16:51 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.04.12 18:16:51 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.04.12 18:16:51 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.04.12 18:16:51 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.04.12 18:16:51 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.04.12 18:16:50 | 007,164,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.04.12 18:16:50 | 000,434,960 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.04.12 18:16:50 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.04.12 18:16:50 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.04.12 18:16:50 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.04.12 18:16:50 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.04.12 18:16:50 | 000,141,584 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.04.12 18:16:50 | 000,124,176 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.04.12 18:16:50 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.04.12 18:16:50 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.04.12 18:16:50 | 000,075,024 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.04.12 18:16:49 | 009,546,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek64.dll
[2013.04.12 18:16:49 | 002,714,720 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.04.12 18:16:49 | 002,028,920 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ64.dll
[2013.04.12 18:16:49 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.04.12 18:16:49 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.04.12 18:16:49 | 000,869,752 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.04.12 18:16:49 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.04.12 18:16:49 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.04.12 18:16:49 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.04.12 18:16:49 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.04.12 18:16:49 | 000,394,616 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.04.12 18:16:49 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.04.12 18:16:48 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.04.12 18:16:48 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.04.12 18:16:48 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.04.12 18:16:48 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.04.12 18:16:48 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.04.12 18:16:48 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.04.12 18:16:48 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.04.12 18:16:48 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.04.12 18:16:48 | 000,110,592 | ---- | C] (Real Sound Lab SIA) -- C:\Windows\SysNative\CONEQMSAPOGUILibrary.dll
[2013.04.12 18:16:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.04.12 18:16:47 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.04.12 18:16:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield
[2013.04.12 18:16:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.04.12 18:16:16 | 000,000,000 | ---D | C] -- C:\Intel
[2013.04.12 18:16:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Qualcomm Atheros
[2013.04.12 18:15:37 | 003,831,808 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\drivers\athrx.sys
[2013.04.12 18:15:37 | 003,831,808 | ---- | C] (Qualcomm Atheros Communications, Inc.) -- C:\Windows\SysNative\athrx.sys
[2013.04.12 18:15:37 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.04.12 18:15:37 | 000,000,000 | ---D | C] -- C:\Windows\Options
[2013.04.12 18:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Qualcomm Atheros
[2013.04.12 18:14:54 | 000,000,000 | ---D | C] -- C:\Users\julian\Desktop\Treiber
[2013.04.12 18:13:00 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\TrueCrypt
[2013.04.12 18:12:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TrueCrypt
[2013.04.12 18:12:27 | 000,231,376 | ---- | C] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013.04.12 18:12:14 | 000,000,000 | ---D | C] -- C:\Program Files\TrueCrypt
[2013.04.12 18:08:07 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.04.12 18:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013.04.12 18:08:07 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013.04.12 18:07:45 | 001,132,192 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.sys
[2013.04.12 18:07:45 | 000,776,352 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.sys
[2013.04.12 18:07:45 | 000,493,216 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.sys
[2013.04.12 18:07:45 | 000,432,800 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnets.sys
[2013.04.12 18:07:45 | 000,224,416 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Ironx64.sys
[2013.04.12 18:07:45 | 000,037,496 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.sys
[2013.04.12 18:07:45 | 000,023,448 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymELAM.sys
[2013.04.12 18:07:44 | 000,168,096 | R--- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.sys
[2013.04.12 18:07:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64
[2013.04.12 18:07:27 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\drivers\N360x64\1401000.018
[2013.04.12 18:07:26 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013.04.12 18:07:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013.04.12 18:07:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2013.04.12 18:05:51 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2013.04.12 18:05:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013.04.12 18:03:45 | 000,000,000 | R--D | C] -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.04.12 18:03:45 | 000,000,000 | R--D | C] -- C:\Users\julian\Searches
[2013.04.12 18:03:45 | 000,000,000 | R--D | C] -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.04.12 18:03:27 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Identities
[2013.04.12 18:03:19 | 000,000,000 | R--D | C] -- C:\Users\julian\Contacts
[2013.04.12 18:03:16 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\VirtualStore
[2013.04.12 18:02:50 | 000,000,000 | --SD | C] -- C:\Users\julian\AppData\Roaming\Microsoft
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Videos
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Saved Games
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Pictures
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Music
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Links
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Favorites
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Downloads
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Documents
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\Desktop
[2013.04.12 18:02:50 | 000,000,000 | R--D | C] -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Vorlagen
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\AppData\Local\Verlauf
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\AppData\Local\Temporary Internet Files
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Startmenü
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\SendTo
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Recent
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Netzwerkumgebung
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Lokale Einstellungen
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Documents\Eigene Videos
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Documents\Eigene Musik
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Eigene Dateien
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Documents\Eigene Bilder
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Druckumgebung
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Cookies
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\AppData\Local\Anwendungsdaten
[2013.04.12 18:02:50 | 000,000,000 | -HSD | C] -- C:\Users\julian\Anwendungsdaten
[2013.04.12 18:02:50 | 000,000,000 | -H-D | C] -- C:\Users\julian\AppData
[2013.04.12 18:02:50 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Temp
[2013.04.12 18:02:50 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Local\Microsoft
[2013.04.12 18:02:50 | 000,000,000 | ---D | C] -- C:\Users\julian\AppData\Roaming\Media Center Programs
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.04.12 18:02:37 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.04.12 17:58:11 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.04.12 17:55:58 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.04.12 17:55:01 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.04.12 10:50:57 | 000,000,000 | ---D | C] -- C:\Windows\Panther
[2013.04.12 10:50:28 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\OEM
========== Files - Modified Within 30 Days ==========
[2013.04.15 21:30:18 | 000,000,000 | ---- | M] () -- C:\Users\julian\defogger_reenable
[2013.04.15 21:14:02 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.15 20:58:11 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 20:58:11 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.15 20:49:35 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.15 20:49:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.15 20:49:11 | 3061,190,656 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.14 22:05:29 | 003,085,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.14 22:05:29 | 000,684,954 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat
[2013.04.14 22:05:29 | 000,680,010 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat
[2013.04.14 22:05:29 | 000,643,866 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.14 22:05:29 | 000,607,190 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.14 22:05:29 | 000,127,070 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat
[2013.04.14 22:05:29 | 000,126,394 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.14 22:05:29 | 000,124,006 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat
[2013.04.14 22:05:29 | 000,103,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.14 16:13:34 | 002,134,031 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Cat.DB
[2013.04.14 12:11:51 | 000,377,856 | ---- | M] () -- C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe
[2013.04.14 12:11:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\julian\Desktop\OTL (2).exe
[2013.04.14 02:12:06 | 000,001,398 | ---- | M] () -- C:\Windows\Sandboxie.ini
[2013.04.14 01:46:03 | 005,334,340 | ---- | M] () -- C:\Users\julian\host 192.168.2.106 and udp port 56515
[2013.04.14 01:42:16 | 000,101,452 | ---- | M] () -- C:\Users\julian\host 192.168.2.106 and udp port 555
[2013.04.14 01:39:57 | 000,000,344 | ---- | M] () -- C:\Users\julian\host 192.168.2.105 and udp port 555
[2013.04.14 01:37:26 | 000,000,344 | ---- | M] () -- C:\Users\julian\192.168.2.105 and udp port 555
[2013.04.14 01:30:47 | 001,706,746 | ---- | M] () -- C:\Users\julian\Desktop\jRAT3.2.3_4.zip
[2013.04.14 01:07:12 | 000,000,614 | ---- | M] () -- C:\Users\julian\Desktop\XAMPP Control Panel.lnk
[2013.04.14 00:17:56 | 000,001,147 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.13 21:42:49 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.13 20:05:40 | 000,000,344 | ---- | M] () -- C:\Users\julian\192.168.2.105 and udp 999
[2013.04.13 12:32:48 | 000,001,841 | ---- | M] () -- C:\Users\julian\Desktop\Process Hacker 2.lnk
[2013.04.12 23:57:54 | 000,001,227 | ---- | M] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2013.04.12 23:53:58 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\VT20130115.021
[2013.04.12 23:49:34 | 000,019,478 | ---- | M] () -- C:\Users\julian\Documents\ccleaner backup vom scann.reg
[2013.04.12 23:47:54 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.12 23:46:32 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.04.12 23:45:35 | 000,001,747 | ---- | M] () -- C:\Users\Public\Desktop\Eraser.lnk
[2013.04.12 23:40:46 | 000,000,914 | ---- | M] () -- C:\Users\julian\Desktop\Sandboxie Web Browser.lnk
[2013.04.12 20:14:54 | 000,002,255 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.12 18:21:32 | 000,015,970 | ---- | M] () -- C:\Windows\SysNative\results.xml
[2013.04.12 18:12:32 | 000,000,875 | ---- | M] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013.04.12 18:12:27 | 000,231,376 | ---- | M] (TrueCrypt Foundation) -- C:\Windows\SysNative\drivers\truecrypt.sys
[2013.04.12 18:08:07 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.04.12 18:08:07 | 000,007,466 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.04.12 18:08:07 | 000,000,855 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.04.12 18:08:00 | 000,002,409 | ---- | M] () -- C:\Users\julian\Desktop\Norton 360.lnk
[2013.04.12 18:04:37 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.04.12 18:00:51 | 000,274,464 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.12 17:59:30 | 000,052,953 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.04.12 17:59:30 | 000,052,953 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.01 19:45:22 | 209,715,200 | ---- | M] () -- C:\Users\julian\Desktop\Diesimpsons.flv
[2013.03.28 12:57:32 | 524,288,000 | ---- | M] () -- C:\Users\julian\Desktop\drivercontainer
========== Files Created - No Company Name ==========
[2013.04.15 21:30:18 | 000,000,000 | ---- | C] () -- C:\Users\julian\defogger_reenable
[2013.04.14 16:18:46 | 000,377,856 | ---- | C] () -- C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe
[2013.04.14 01:44:09 | 005,334,340 | ---- | C] () -- C:\Users\julian\host 192.168.2.106 and udp port 56515
[2013.04.14 01:40:13 | 000,101,452 | ---- | C] () -- C:\Users\julian\host 192.168.2.106 and udp port 555
[2013.04.14 01:39:40 | 000,000,344 | ---- | C] () -- C:\Users\julian\host 192.168.2.105 and udp port 555
[2013.04.14 01:37:22 | 000,000,344 | ---- | C] () -- C:\Users\julian\192.168.2.105 and udp port 555
[2013.04.14 01:30:50 | 001,706,746 | ---- | C] () -- C:\Users\julian\Desktop\jRAT3.2.3_4.zip
[2013.04.14 01:07:11 | 000,000,614 | ---- | C] () -- C:\Users\julian\Desktop\XAMPP Control Panel.lnk
[2013.04.14 00:17:56 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.04.14 00:17:52 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.04.13 21:42:49 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.13 20:05:19 | 000,000,344 | ---- | C] () -- C:\Users\julian\192.168.2.105 and udp 999
[2013.04.13 20:01:22 | 000,001,740 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
[2013.04.13 12:32:47 | 000,001,841 | ---- | C] () -- C:\Users\julian\Desktop\Process Hacker 2.lnk
[2013.04.12 23:57:54 | 000,001,227 | ---- | C] () -- C:\Users\Public\Desktop\Wise Registry Cleaner.lnk
[2013.04.12 23:54:55 | 000,014,818 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\VT20130115.021
[2013.04.12 23:49:24 | 000,019,478 | ---- | C] () -- C:\Users\julian\Documents\ccleaner backup vom scann.reg
[2013.04.12 23:47:53 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2013.04.12 23:46:32 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.04.12 23:45:34 | 000,001,759 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Eraser.lnk
[2013.04.12 23:45:34 | 000,001,747 | ---- | C] () -- C:\Users\Public\Desktop\Eraser.lnk
[2013.04.12 23:41:02 | 000,000,914 | ---- | C] () -- C:\Users\julian\Desktop\Sandboxie Web Browser.lnk
[2013.04.12 23:41:00 | 000,001,398 | ---- | C] () -- C:\Windows\Sandboxie.ini
[2013.04.12 20:14:53 | 000,002,255 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.12 20:09:57 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.12 20:09:54 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.12 18:21:32 | 000,015,970 | ---- | C] () -- C:\Windows\SysNative\results.xml
[2013.04.12 18:16:50 | 000,378,949 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.04.12 18:15:38 | 000,523,828 | ---- | C] () -- C:\Windows\SysNative\netathrx.inf
[2013.04.12 18:15:37 | 000,078,369 | ---- | C] () -- C:\Windows\SysNative\athrextx.cat
[2013.04.12 18:12:32 | 000,000,875 | ---- | C] () -- C:\Users\Public\Desktop\TrueCrypt.lnk
[2013.04.12 18:08:11 | 002,134,031 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Cat.DB
[2013.04.12 18:08:07 | 000,007,466 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.04.12 18:08:07 | 000,000,855 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.04.12 18:08:00 | 000,002,409 | ---- | C] () -- C:\Users\julian\Desktop\Norton 360.lnk
[2013.04.12 18:07:38 | 000,003,434 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA.inf
[2013.04.12 18:07:38 | 000,002,851 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS.inf
[2013.04.12 18:07:38 | 000,001,440 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymNet.inf
[2013.04.12 18:07:38 | 000,001,436 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.inf
[2013.04.12 18:07:38 | 000,001,418 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.inf
[2013.04.12 18:07:38 | 000,000,996 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symELAM.inf
[2013.04.12 18:07:38 | 000,000,854 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.inf
[2013.04.12 18:07:38 | 000,000,767 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\Iron.inf
[2013.04.12 18:07:27 | 000,009,670 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymELAM64.cat
[2013.04.12 18:07:27 | 000,008,942 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymVTcer.dat
[2013.04.12 18:07:27 | 000,007,611 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\ccSetx64.cat
[2013.04.12 18:07:27 | 000,007,605 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtspx64.cat
[2013.04.12 18:07:27 | 000,007,603 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymEFA64.cat
[2013.04.12 18:07:27 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\symnet64.cat
[2013.04.12 18:07:27 | 000,007,601 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\srtsp64.cat
[2013.04.12 18:07:27 | 000,007,597 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\SymDS64.cat
[2013.04.12 18:07:27 | 000,007,593 | R--- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\iron.cat
[2013.04.12 18:07:27 | 000,000,172 | ---- | C] () -- C:\Windows\SysNative\drivers\N360x64\1401000.018\isolate.ini
[2013.04.12 18:06:28 | 524,288,000 | ---- | C] () -- C:\Users\julian\Desktop\drivercontainer
[2013.04.12 18:06:10 | 209,715,200 | ---- | C] () -- C:\Users\julian\Desktop\Diesimpsons.flv
[2013.04.12 18:04:37 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.04.12 18:03:57 | 000,001,405 | ---- | C] () -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2013.04.12 18:03:48 | 000,001,439 | ---- | C] () -- C:\Users\julian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.04.12 17:59:22 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.04.12 17:59:12 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.04.12 17:55:01 | 3061,190,656 | -HS- | C] () -- C:\hiberfil.sys
[2012.01.10 14:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012.01.10 14:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012.01.10 14:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012.01.10 13:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
========== ZeroAccess Check ==========
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.02.18 10:07:44 | 014,163,456 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.02.18 09:34:01 | 012,867,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2013.04.13 12:33:10 | 000,000,000 | ---D | M] -- C:\Users\julian\AppData\Roaming\Process Hacker 2
[2013.04.15 21:29:17 | 000,000,000 | ---D | M] -- C:\Users\julian\AppData\Roaming\QuickScan
[2013.04.14 04:03:18 | 000,000,000 | ---D | M] -- C:\Users\julian\AppData\Roaming\TrueCrypt
[2013.04.14 00:13:52 | 000,000,000 | ---D | M] -- C:\Users\julian\AppData\Roaming\uTorrent
[2013.04.13 20:06:09 | 000,000,000 | ---D | M] -- C:\Users\julian\AppData\Roaming\Wireshark
[2013.04.12 23:59:12 | 000,000,000 | ---D | M] -- C:\Users\julian\AppData\Roaming\Wise Registry Cleaner
========== Purity Check ==========
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-15 21:50:19
Windows 6.1.7600 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM321HI rev.2AJ10002 298,09GB
Running: gmer_2.1.19163 (2).exe; Driver: C:\Users\julian\AppData\Local\Temp\uxdiqpod.sys
---- User code sections - GMER 2.1 ----
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 000000010025091c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 0000000100250048
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 00000001002502ee
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 00000001002504b2
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 00000001002509fe
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 0000000100250ae0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [D9, 88]
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 000000010025012a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 0000000100250758
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 0000000100250676
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 00000001002503d0
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 0000000100250594
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 000000010025083a
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 000000010025020c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 0000000100250f52
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 0000000100320210
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 0000000100320048
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff894ca9d1}
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 0000000100250ca6
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 00000001003203d8
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 000000010032012c
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 00000001003202f4
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 0000000100250e6e
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 0000000100320762
.text C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[2692] C:\Windows\syswow64\urlmon.dll!URLOpenPullStreamW + 69 0000000075255723 7 bytes JMP 000000010032059e
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 000000010010091c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 0000000100100048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 00000001001002ee
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 00000001001004b2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 00000001001009fe
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 0000000100100ae0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [D9, 88]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 000000010010012a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 0000000100100758
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 0000000100100676
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 00000001001003d0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 0000000100100594
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 000000010010083a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 000000010010020c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 00000001001104bc
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 0000000100100f52
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 0000000100110210
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 0000000100110048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff892ba9d1}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 0000000100100ca6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 00000001001103d8
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 000000010011012c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 00000001001102f4
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 0000000100100e6e
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4300] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75]
.text ... * 2
? C:\Windows\system32\mssprxy.dll [4300] entry point in ".rdata" section 00000000748771e6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007728f941 7 bytes {MOV EDX, 0x2f0628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007728fb85 7 bytes {MOV EDX, 0x2f0668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007728fbb5 7 bytes {MOV EDX, 0x2f05a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007728fbcd 7 bytes {MOV EDX, 0x2f0528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007728fbe5 7 bytes {MOV EDX, 0x2f0728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007728fc15 7 bytes {MOV EDX, 0x2f0768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 000000010066091c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007728fc95 7 bytes {MOV EDX, 0x2f06e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007728fcad 7 bytes {MOV EDX, 0x2f06a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007728fcf9 7 bytes {MOV EDX, 0x2f0468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 0000000100660048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007728fdf1 7 bytes {MOV EDX, 0x2f04a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 00000001006602ee
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 00000001006604b2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 00000001006609fe
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 0000000100660ae0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 000000010063004c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [3A, 89]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077290049 7 bytes {MOV EDX, 0x2f0428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 000000010066012a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 0000000100660758
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 0000000100660676
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 00000001006603d0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077291055 7 bytes {MOV EDX, 0x2f05e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772910cd 7 bytes {MOV EDX, 0x2f0568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772912d1 7 bytes {MOV EDX, 0x2f04e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 0000000100660594
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 000000010066083a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 000000010066020c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 00000001006704bc
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 0000000100660f52
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 0000000100670210
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 0000000100670048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff8981a9d1}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 0000000100660ca6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 00000001006703d8
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 000000010067012c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 00000001006702f4
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 0000000100660e6e
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4852] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007728f941 7 bytes {MOV EDX, 0x58ce28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007728fb85 7 bytes {MOV EDX, 0x58ce68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007728fbb5 7 bytes {MOV EDX, 0x58cda8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007728fbcd 7 bytes {MOV EDX, 0x58cd28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007728fbe5 7 bytes {MOV EDX, 0x58cf28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007728fc15 7 bytes {MOV EDX, 0x58cf68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 00000001006b091c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007728fc95 7 bytes {MOV EDX, 0x58cee8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007728fcad 7 bytes {MOV EDX, 0x58cea8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007728fcf9 7 bytes {MOV EDX, 0x58cc68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 00000001006b0048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007728fdf1 7 bytes {MOV EDX, 0x58cca8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 00000001006b02ee
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 00000001006b04b2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 00000001006b09fe
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 00000001006b0ae0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 000000010069004c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [40, 89]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077290049 7 bytes {MOV EDX, 0x58cc28; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 00000001006b012a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 00000001006b0758
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 00000001006b0676
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 00000001006b03d0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077291055 7 bytes {MOV EDX, 0x58cde8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772910cd 7 bytes {MOV EDX, 0x58cd68; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772912d1 7 bytes {MOV EDX, 0x58cce8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 00000001006b0594
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 00000001006b083a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 00000001006b020c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 00000001006c04bc
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 00000001006b0f52
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 00000001006c0210
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 00000001006c0048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff8986a9d1}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 00000001006b0ca6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 00000001006c03d8
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 00000001006c012c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 00000001006c02f4
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 00000001006b0e6e
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[4904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007728f941 7 bytes {MOV EDX, 0x2ff628; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007728fb85 7 bytes {MOV EDX, 0x2ff668; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007728fbb5 7 bytes {MOV EDX, 0x2ff5a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007728fbcd 7 bytes {MOV EDX, 0x2ff528; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007728fbe5 7 bytes {MOV EDX, 0x2ff728; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007728fc15 7 bytes {MOV EDX, 0x2ff768; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 000000010037091c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007728fc95 7 bytes {MOV EDX, 0x2ff6e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007728fcad 7 bytes {MOV EDX, 0x2ff6a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007728fcf9 7 bytes {MOV EDX, 0x2ff468; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 0000000100370048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007728fdf1 7 bytes {MOV EDX, 0x2ff4a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 00000001003702ee
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 00000001003704b2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 00000001003709fe
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 0000000100370ae0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 000000010035004c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [0C, 89]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077290049 7 bytes {MOV EDX, 0x2ff428; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 000000010037012a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 0000000100370758
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 0000000100370676
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 00000001003703d0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077291055 7 bytes {MOV EDX, 0x2ff5e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772910cd 7 bytes {MOV EDX, 0x2ff568; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772912d1 7 bytes {MOV EDX, 0x2ff4e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 0000000100370594
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 000000010037083a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 000000010037020c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 00000001003804bc
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 0000000100370f52
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 0000000100380210
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 0000000100380048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff8952a9d1}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 0000000100370ca6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 00000001003803d8
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 000000010038012c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 00000001003802f4
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 0000000100370e6e
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 000000010009091c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 0000000100090048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 00000001000902ee
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 00000001000904b2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 00000001000909fe
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 0000000100090ae0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 000000010002004c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [D9, 88]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 000000010009012a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 0000000100090758
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 0000000100090676
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 00000001000903d0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 0000000100090594
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 000000010009083a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 000000010009020c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 00000001000a04bc
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 0000000100090f52
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 00000001000a0210
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 00000001000a0048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff8924a9d1}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 0000000100090ca6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 00000001000a03d8
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 00000001000a012c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 00000001000a02f4
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 0000000100090e6e
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75]
.text ... * 2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[2904] C:\Windows\syswow64\urlmon.dll!URLOpenPullStreamW + 69 0000000075255723 7 bytes JMP 00000001000a0680
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007728f941 7 bytes {MOV EDX, 0xbcd228; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007728fb85 7 bytes {MOV EDX, 0xbcd268; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007728fbb5 7 bytes {MOV EDX, 0xbcd1a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007728fbcd 7 bytes {MOV EDX, 0xbcd128; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007728fbe5 7 bytes {MOV EDX, 0xbcd328; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007728fc15 7 bytes {MOV EDX, 0xbcd368; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 0000000100cf091c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007728fc95 7 bytes {MOV EDX, 0xbcd2e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007728fcad 7 bytes {MOV EDX, 0xbcd2a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007728fcf9 7 bytes {MOV EDX, 0xbcd068; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 0000000100cf0048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007728fdf1 7 bytes {MOV EDX, 0xbcd0a8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 0000000100cf02ee
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 0000000100cf04b2
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 0000000100cf09fe
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 0000000100cf0ae0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 0000000100c9004c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [A0, 89]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077290049 7 bytes {MOV EDX, 0xbcd028; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 0000000100cf012a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 0000000100cf0758
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 0000000100cf0676
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 0000000100cf03d0
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 0000000077291055 7 bytes {MOV EDX, 0xbcd1e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 00000000772910cd 7 bytes {MOV EDX, 0xbcd168; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 00000000772912d1 7 bytes {MOV EDX, 0xbcd0e8; JMP RDX}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 0000000100cf0594
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 0000000100cf083a
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 0000000100cf020c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 0000000100d004bc
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 0000000100cf0f52
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 0000000100d00210
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 0000000100d00048
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff89eaa9d1}
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 0000000100cf0ca6
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 0000000100d003d8
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 0000000100d0012c
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 0000000100d002f4
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 0000000100cf0e6e
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000075601465 2 bytes [60, 75]
.text C:\Program Files (x86)\Google\Chrome\Application\chrome.exe[1864] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000756014bb 2 bytes [60, 75]
.text ... * 2
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007728fc40 5 bytes JMP 00000001004f091c
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007728fda4 5 bytes JMP 00000001004f0048
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007728fe38 5 bytes JMP 00000001004f02ee
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 000000007728ff94 5 bytes JMP 00000001004f04b2
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 000000007728ffc8 5 bytes JMP 00000001004f09fe
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 000000007728fff8 5 bytes JMP 00000001004f0ae0
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077290014 2 bytes JMP 000000010002004c
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread + 3 0000000077290017 2 bytes [D9, 88]
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007729072c 5 bytes JMP 00000001004f012a
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007729081c 5 bytes JMP 00000001004f0758
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 0000000077290834 5 bytes JMP 00000001004f0676
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077290d84 5 bytes JMP 00000001004f03d0
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 00000000772918b0 5 bytes JMP 00000001004f0594
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077291b74 5 bytes JMP 00000001004f083a
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077291d00 5 bytes JMP 00000001004f020c
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076e5524f 7 bytes JMP 00000001004f0f52
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076e553d0 7 bytes JMP 0000000100500210
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076e55677 1 byte JMP 0000000100500048
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076e55679 5 bytes {JMP 0xffffffff896aa9d1}
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076e5589a 7 bytes JMP 00000001004f0ca6
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076e55a1d 7 bytes JMP 00000001005003d8
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076e55c9b 7 bytes JMP 000000010050012c
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076e55d87 7 bytes JMP 00000001005002f4
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076e57240 7 bytes JMP 00000001004f0e6e
.text C:\Users\julian\Desktop\gmer_2.1.19163 (2).exe[2660] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 00000000753615ea 7 bytes JMP 00000001005004bc
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Danke das sie mir helfen . |
|
16.04.2013, 11:07
| #6 |
| /// TB-Ausbilder | Virus vermutlich in Skype Link Hi, bis hierhin kann ich nichts sehen.. Warum denkst du denn, dass du infiziert bist? Hast du Virenmeldungen bekommen? Oder bemerkst du ungewöhnliche Symptome?
__________________ --> Virus vermutlich in Skype Link |
|
16.04.2013, 12:27
| #7 |
| | Virus vermutlich in Skype Link Ok danke . Glaube letztens lief mein Virenschutz 2 mal . Wie kann mann eigentlich bei euch im board helfer werden? |
|
16.04.2013, 12:54
| #8 | |
| /// TB-Ausbilder | Virus vermutlich in Skype Link Hi, Zitat:
Dann machen wir noch eine Kontrolle: Schritt 1
Code:
ATTFilter :commands
[emptytemp]
Schritt 2 Downloade dir bitte Malwarebytes Anti-Malware .
Schritt 3 Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
Schritt 4 Downloade dir bitte SecurityCheck (Link 2).
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
16.04.2013, 16:57
| #9 |
| | Virus vermutlich in Skype Link Hallo nochmals bedanke ich mir für ihre Hilfe !! Malwarebytes hat nichts gefunden . eset online scanner schon aber nur mein rat . Log von OTL Code:
ATTFilter Error: Unable to interpret <OTL Logfile: checkup log Code:
ATTFilter Results of screen317's Security Check version 0.99.62 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Norton 360 Online WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Wise Registry Cleaner 7.67 Java 7 Update 17 Mozilla Firefox (20.0.1) Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.16.06 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 julian :: JULIAN-PC [Administrator] 16.04.2013 16:13:21 mbam-log-2013-04-16 (16-13-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 204504 Laufzeit: 2 Minute(n), 20 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
16.04.2013, 17:40
| #10 |
| /// TB-Ausbilder | Virus vermutlich in Skype Link Hi, der OTL-Fix hat nicht ganz geklappt, du hast dort das alte OTL-Log in die Textbox eingefügt und nicht meinen kurzen Befehl. Und es fehlt noch ein Service Pack! Schritt 1
Code:
ATTFilter :commands
[emptytemp]
Schritt 2
Schritt 3 Überprüfe dann mit diesem Plugin-Check, ob alle deine verwendeten Software-Versionen aktuell sind und update sie anderenfalls. Schritt 4
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
|
16.04.2013, 20:19
| #11 |
| | Virus vermutlich in Skype Link ok werde ich morgen tun . |
|
16.04.2013, 20:29
| #12 |
| /// TB-Ausbilder | Virus vermutlich in Skype Link Alles klar.
__________________ cheers, Leo |
|
17.04.2013, 14:43
| #13 |
| | Virus vermutlich in Skype Link Hallo nochmals Windows Update ist noch am Herunterladen bzw werde ich heute Abend tun. Hier sind die logs: Code:
ATTFilter Results of screen317's Security Check version 0.99.62 Windows 7 x64 (UAC is enabled) Out of date service pack!! Internet Explorer 8 Out of date! ``````````````Antivirus/Firewall Check:`````````````` Norton 360 Online WMI entry may not exist for antivirus; attempting automatic update. `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.75.0.1300 Wise Registry Cleaner 7.67 Java 7 Update 17 Mozilla Firefox (20.0.1) Google Chrome 26.0.1410.64 ````````Process Check: objlist.exe by Laurent```````` Norton ccSvcHst.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Code:
ATTFilter All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: julian
->Temp folder emptied: 12676 bytes
->Temporary Internet Files folder emptied: 2281136 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 4517517 bytes
->Google Chrome cache emptied: 197226855 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 169928 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 4187780 bytes
Total Files Cleaned = 199,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 04172013_152848
Files\Folders moved on Reboot...
C:\Users\julian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Nochmals vielen Dank für alles |
|
17.04.2013, 15:14
| #14 | |
| /// TB-Ausbilder | Virus vermutlich in Skype Link Hi, die Windows Updates sollten dann noch gemacht werden: Das Service Pack 1 und der Internet Explorer 10 müssen drauf. Zitat:
Sobald alle Windows Updates eingespielt sind, kannst du aufräumen: Cleanup Zum Schluss werden wir jetzt noch unsere Tools (inklusive der Quarantäne-Ordner) wegräumen, die verseuchten Systemwiederherstellungspunkte löschen und alle Einstellungen wieder herrichten. Auch diese Schritte sind noch wichtig und sollten in der angegebenen Reihenfolge ausgeführt werden.
>> OK << Wir sind durch, deine Logs sehen für mich im Moment sauber aus.  Ich habe dir nachfolgend ein paar Hinweise und Tipps zusammengestellt, die dazu beitragen sollen, dass du in Zukunft unsere Hilfe nicht mehr brauchen wirst. Bitte gib mir danach noch eine kurze Rückmeldung, wenn auch von deiner Seite keine Probleme oder Fragen mehr offen sind, damit ich dieses Thema als erledigt betrachten kann. Epilog: Tipps, Dos & Don'ts  Aktualität von System und SoftwareDas Betriebsystem Windows muss zwingend immer auf dem neusten Stand sein. Stelle sicher, dass die automatischen Updates aktiviert sind:
Auch die installierte Software sollte immer in der aktuellsten Version vorliegen. Speziell gilt das für den Browser, Java, Flash-Player und PDF-Reader, denn bekannte Sicherheitslücken in deren alten Versionen werden dazu ausgenutzt, um beim blossen Besuch einer präparierten Website per Drive-by Download Malware zu installieren. Das kann sogar auf normalerweise legitimen Websites geschehen, wenn es einem Angreifer gelungen ist, seinen Code in die Seite einzuschleusen, und ist deshalb relativ unberechenbar.
Sicherheits-SoftwareEine Bemerkung vorneweg: Jede Softwarelösung hat ihre Schwächen. Die gesamte Verantwortung für die Sicherheit auf Software zu übertragen und einen Rundum-Schutz zu erwarten, wäre eine gefährliche Illusion. Bei unbedachtem oder bewusst risikoreichem Verhalten wird auch das beste Programm früher oder später seinen Dienst versagen (z.B. ein Virenscanner, der eine verseuchte Datei nicht erkennt). Trotzdem ist entsprechende Software natürlich wichtig und hilft dir in Kombination mit einem gut gewarteten (up-to-date) System und durchdachtem Verhalten, deinen Rechner sauber zu halten.
Es liegt in der Natur der Sache, dass die am weitesten verbreitete Anwendungs-Software auch am häufigsten von Malware-Autoren attackiert wird. Es kann daher bereits einen kleinen Sicherheitsgewinn darstellen, wenn man alternative Software (z.B. einen alternativen PDF Reader) benutzt. Anstelle des Internet Explorers kann man beispielsweise den Mozilla Firefox einsetzen, für welchen es zwei nützliche Addons zur Empfehlung gibt:
(Un-)Sicheres Verhalten im InternetNebst unbemerkten Drive-by Installationen wird Malware aber auch oft mehr oder weniger aktiv vom Benutzer selbst installiert. Der Besuch zwielichtiger Websites kann bereits Risiken bergen. Und Downloads aus dubiosen Quellen sind immer russisches Roulette. Auch wenn der Virenscanner im Moment darin keine Bedrohung erkennt, muss das nichts bedeuten.
Oft wird auch versucht, den Benutzer mit mehr oder weniger trickreichen Methoden dazu zu bringen, eine für ihn verhängnisvolle Handlung selbst auszuführen (Überbegriff Social Engineering).
Nervige Adware (Werbung) und unnötige Toolbars werden auch meist durch den Benutzer selbst mitinstalliert.
Allgemeine HinweiseAbschliessend noch ein paar grundsätzliche Bemerkungen:
Wenn du möchtest, kannst du das Forum mit einer kleinen Spende unterstützen. Es bleibt mir nur noch, dir unbeschwertes und sicheres Surfen zu wünschen und dass wir uns hier so bald nicht wiedersehen. 
__________________ cheers, Leo |
|
17.04.2013, 18:07
| #15 |
| | Virus vermutlich in Skype Link Vielen vielen lieben dank |
|
| Themen zu Virus vermutlich in Skype Link |
| board, dringende, geklickt, infiziert, link, link geklickt, nichts, seite, skype, troja, trojaner, trojaner board, vermutlich, virus, wahrscheinlich |
Textbox.
Linear-Darstellung
