| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Win.32/Sirefef.0 - Starker VirenbefallWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
08.11.2011, 09:07
| #31 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Win.32/Sirefef.0 - Starker Virenbefall Ich brauch die beiden Quarantäneordner von Combofix und OTL. Bitte folgendes machen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinflussen! 2.) Ordner MovedFiles in C:\_OTL in eine Datei zippen 3.) Ordner Quarantine in C:\Qoobox in eine Datei zippen 4.) Beide erstellten ZIP-Dateien hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Dateien bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Dateien hier als Anhang in den Thread posten! 5.) Wenns erfolgreich war Bescheid sagen 6.) Erst dann wieder den Virenscanner einschalten
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
08.11.2011, 21:18
| #32 |
 | Win.32/Sirefef.0 - Starker Virenbefall C_OLT ->
__________________Keine Schwierigkeiten, ist hochgeladen. Qoobox -> Kann den Inhalt von C:\Qoobox\BackEnv\* nicht lesen. C:\Qoobox.zip: Konnte Qoobox.zip nicht erstellen. Zugriff verweigert |
|
09.11.2011, 09:37
| #33 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win.32/Sirefef.0 - Starker VirenbefallZitat:
__________________ |
|
09.11.2011, 15:42
| #34 |
| | Win.32/Sirefef.0 - Starker Virenbefall Mein Fehler, entschuldige. Die Datei ist hochgeladen. |
|
10.11.2011, 09:51
| #35 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win.32/Sirefef.0 - Starker Virenbefall Bitte noch mal frische Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2011, 14:24
| #36 |
| | Win.32/Sirefef.0 - Starker Virenbefall GMER -> "Keine Rückmeldung" aswMBR-> Quickscan im Anhang OSAM->OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 10:49:19 on 16.11.2011 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Google Inc. Google Chrome 15.0.874.106 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Bandoo Media, inc" - c:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll "AppInit_DLLs" - "Discordia Limited" - c:\PROGRA~1\Bandoo\BndHook.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".smb" (.smb) - ? - \* (File not found) "AVG Anti-Rootkit" (AVG Anti-Rootkit) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\avgarkt.sys "Avg Anti-Rootkit Clean Driver" (AvgArCln) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\AvgArCln.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\Users\HEIMAN~1\AppData\Local\Temp\catchme.sys (File not found) "cpuz129" (cpuz129) - ? - C:\Users\HEIMAN~1\AppData\Local\Temp\cpuz_x32.sys (File not found) "GDBehave" (GDBehave) - ? - C:\Windows\System32\drivers\GDBehave.sys (File not found) "GDMnIcpt" (GDMnIcpt) - ? - C:\Windows\system32\drivers\MiniIcpt.sys (File not found) "HookCentre" (HookCentre) - "G Data Software AG" - C:\Windows\system32\drivers\HookCentre.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "kbdqqu" (kbdqqu) - ? - C:\Windows\system32\drivers\kbdqqu.sys (File not found) "KMWDFilter" (KMWDFilter) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\Drivers\KMWDFilter.SYS "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SbieDrv" (SbieDrv) - "tzuk" - C:\Program Files\Sandboxie\SbieDrv.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys "XDva349" (XDva349) - "www.wiselogic.co.kr" - C:\Windows\system32\XDva349.sys "XDva359" (XDva359) - "www.wiselogic.co.kr" - C:\Windows\system32\XDva359.sys "XDva385" (XDva385) - "www.wiselogic.co.kr" - C:\Windows\system32\XDva385.sys [Explorer] -----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )----- {EC654325-1273-C2A9-2B7C-45D29BCE68FB} "Deskscapes Class" - "Stardock Corporation" - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll {EC654325-1273-C2A9-2B7C-45D29BCE68FD} "Stardock Vista ControlPanel Extension" - ? - (File not found | COM-object registry key not found) {EC654325-1273-C2A9-2B7C-45D29BCE68FF} "StardockDreamController" - "Stardock" - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {ABC70703-32AF-11d4-90C4-D483A70F4825} "CMenuExtender" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {D22F6E51-BD32-4b7d-A17D-DC89C7FDFF15} "DreamImages Object" - "Stardock" - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamThumbnails.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll {111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll {1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcpltp.dll {A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll {97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - (File not found | COM-object registry key not found) {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - (File not found | COM-object registry key not found) {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - (File not found | COM-object registry key not found) {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - (File not found | COM-object registry key not found) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {EC654325-1273-C2A9-2B7C-45D29BCE68FD} "Stardock Vista ControlPanel Extension" - ? - (File not found | COM-object registry key not found) {FA603FF3-D04C-415d-8049-EFE29EEF4B26} "StardockDeskscapes.DreamFile" - ? - (File not found | COM-object registry key not found) {EC654325-1273-C2A9-2B7C-45D29BCE68FF} "StardockDreamController" - "Stardock" - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab {233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\System32\Adobe\Director\swdir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {055FD26D-3A88-4e15-963D-DC8493744B1D} "XTTBPos00 Class" - "IE Toolbar" - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Heimanwender\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "Schnellstartdatei.vbs" - ? - C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Schnellstartdatei.vbs -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\wlangui.exe "BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN "KMCONFIG" - "UASSOFT.COM" - C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe "Bandoo Coordinator" (Bandoo Coordinator) - "Bandoo Media Inc." - C:\PROGRA~1\Bandoo\Bandoo.exe "CyberGhost VPN Client" (CGVPNCliSrvc) - "mobile concepts GmbH" - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - D:\Common\Database\bin\fbserver.exe "FSCLBaseUpdaterService" (FSCLBaseUpdaterService) - ? - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9a488eb75573d)" (gupdate1c9a488eb75573d) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Keyboard And Mouse Communication Service" (KMWDSERVICE) - "UASSOFT.COM" - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Sandboxie Service" (SbieSvc) - "tzuk" - C:\Program Files\Sandboxie\SbieSvc.exe "SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Heimanwender\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe "UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\system32\Helios.scr (File found, but it contains no detailed information) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru |
|
16.11.2011, 16:30
| #37 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win.32/Sirefef.0 - Starker VirenbefallZitat:
Windows neu starten, neue Logs mit OSAM/GMER/aswMBR bitte machen (GMER versuchen)
__________________ Logfiles bitte immer in CODE-Tags posten |
|
16.11.2011, 18:38
| #38 |
| | Win.32/Sirefef.0 - Starker Virenbefall OSAM: OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 16:58:28 on 16.11.2011 OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit Default Browser: Google Inc. Google Chrome 15.0.874.106 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Bandoo Media, inc" - c:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll "AppInit_DLLs" - "Discordia Limited" - c:\PROGRA~1\Bandoo\BndHook.dll [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl "PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AVG Anti-Rootkit" (AVG Anti-Rootkit) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\avgarkt.sys "Avg Anti-Rootkit Clean Driver" (AvgArCln) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\AvgArCln.sys "AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys "catchme" (catchme) - ? - C:\Users\HEIMAN~1\AppData\Local\Temp\catchme.sys (File not found) "cpuz129" (cpuz129) - ? - C:\Users\HEIMAN~1\AppData\Local\Temp\cpuz_x32.sys (File not found) "GDBehave" (GDBehave) - ? - C:\Windows\System32\drivers\GDBehave.sys (File not found) "GDMnIcpt" (GDMnIcpt) - ? - C:\Windows\system32\drivers\MiniIcpt.sys (File not found) "HookCentre" (HookCentre) - "G Data Software AG" - C:\Windows\system32\drivers\HookCentre.sys "IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found) "IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found) "IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found) "KMWDFilter" (KMWDFilter) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\Drivers\KMWDFilter.SYS "Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys "SbieDrv" (SbieDrv) - "tzuk" - C:\Program Files\Sandboxie\SbieDrv.sys "TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys "XDva349" (XDva349) - "www.wiselogic.co.kr" - C:\Windows\system32\XDva349.sys "XDva359" (XDva359) - "www.wiselogic.co.kr" - C:\Windows\system32\XDva359.sys "XDva385" (XDva385) - "www.wiselogic.co.kr" - C:\Windows\system32\XDva385.sys (Disabled) ".smb" (.smb) - ? - \* (File not found) (Disabled) "kbdqqu" (kbdqqu) - ? - C:\Windows\system32\drivers\kbdqqu.sys (File not found) [Explorer] -----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )----- {EC654325-1273-C2A9-2B7C-45D29BCE68FB} "Deskscapes Class" - "Stardock Corporation" - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll {EC654325-1273-C2A9-2B7C-45D29BCE68FD} "Stardock Vista ControlPanel Extension" - ? - (File not found | COM-object registry key not found) {EC654325-1273-C2A9-2B7C-45D29BCE68FF} "StardockDreamController" - "Stardock" - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found) {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll {1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found) {ABC70703-32AF-11d4-90C4-D483A70F4825} "CMenuExtender" - ? - (File not found | COM-object registry key not found) {0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found) {D22F6E51-BD32-4b7d-A17D-DC89C7FDFF15} "DreamImages Object" - "Stardock" - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamThumbnails.dll {2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll {111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll {1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcpltp.dll {A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll {97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - (File not found | COM-object registry key not found) {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - (File not found | COM-object registry key not found) {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - (File not found | COM-object registry key not found) {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - (File not found | COM-object registry key not found) {F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll {C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found) {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found) {EC654325-1273-C2A9-2B7C-45D29BCE68FD} "Stardock Vista ControlPanel Extension" - ? - (File not found | COM-object registry key not found) {FA603FF3-D04C-415d-8049-EFE29EEF4B26} "StardockDeskscapes.DreamFile" - ? - (File not found | COM-object registry key not found) {EC654325-1273-C2A9-2B7C-45D29BCE68FF} "StardockDreamController" - "Stardock" - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll {4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll {4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll {44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll {da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found) {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab {233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\System32\Adobe\Director\swdir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll {055FD26D-3A88-4e15-963D-DC8493744B1D} "XTTBPos00 Class" - "IE Toolbar" - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Heimanwender\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists) "Schnellstartdatei.vbs" - ? - C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Schnellstartdatei.vbs -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )----- "Userinit" - ? - C:\Users\Heimanwender\AppData\Roaming\appconf32.exe (File is exclusively opened, access blocked | File found, but it contains no detailed information) -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\wlangui.exe "BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN "KMCONFIG" - "UASSOFT.COM" - C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe "Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray "PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll "@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe "@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe "AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe "Bandoo Coordinator" (Bandoo Coordinator) - "Bandoo Media Inc." - C:\PROGRA~1\Bandoo\Bandoo.exe "CyberGhost VPN Client" (CGVPNCliSrvc) - "mobile concepts GmbH" - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - D:\Common\Database\bin\fbserver.exe "FSCLBaseUpdaterService" (FSCLBaseUpdaterService) - ? - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe "Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate1c9a488eb75573d)" (gupdate1c9a488eb75573d) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe "Keyboard And Mouse Communication Service" (KMWDSERVICE) - "UASSOFT.COM" - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe "Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe "nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des "PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information) "Sandboxie Service" (SbieSvc) - "tzuk" - C:\Program Files\Sandboxie\SbieSvc.exe "SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Heimanwender\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe "TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe "UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe [Winlogon] -----( HKCU\Control Panel\Desktop )----- "SCRNSAVE.EXE" - ? - C:\Windows\system32\Helios.scr (File found, but it contains no detailed information) [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru aswMBR: aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software Run date: 2011-11-16 18:26:11 ----------------------------- 18:26:11.121 OS Version: Windows 6.0.6001 Service Pack 1 18:26:11.121 Number of processors: 4 586 0xF0B 18:26:11.121 ComputerName: PAUL-PC UserName: 18:26:40.137 Initialize success 18:26:47.375 AVAST engine defs: 11111501 18:27:21.477 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 18:27:21.477 Disk 0 Vendor: WDC_WD5000AAKS-07YGA0 12.01C02 Size: 476940MB BusType: 3 18:27:23.505 Disk 0 MBR read successfully 18:27:23.505 Disk 0 MBR scan 18:27:23.505 Disk 0 Windows VISTA default MBR code 18:27:23.505 Disk 0 scanning sectors +976771072 18:27:23.599 Disk 0 scanning C:\Windows\system32\drivers 18:27:36.375 Service scanning 18:27:37.732 Modules scanning 18:27:44.534 Disk 0 trace - called modules: 18:27:44.581 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys nvlddmkm.sys watchdog.sys tcpip.sys NETIO.SYS 18:27:44.581 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85176ac8] 18:27:44.596 3 CLASSPNP.SYS[88360745] -> nt!IofCallDriver -> [0x842ffc10] 18:27:44.596 5 acpi.sys[8823d6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x841dcba0] 18:27:47.077 AVAST engine scan C:\Windows 18:27:54.440 AVAST engine scan C:\Windows\system32 18:30:53.247 AVAST engine scan C:\Windows\system32\drivers 18:31:14.822 AVAST engine scan C:\Users\Heimanwender 18:34:48.292 Disk 0 MBR has been saved successfully to "C:\Users\Heimanwender\Desktop\MBR.dat" 18:34:48.308 The log file has been saved successfully to "C:\Users\Heimanwender\Desktop\aswMBR3.txt" GMER: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-16 18:13:46
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAKS-07YGA0 rev.12.01C02
Running: s1crcviz.exe; Driver: C:\Users\HEIMAN~1\AppData\Local\Temp\kwtdapod.sys
---- System - GMER 1.0.15 ----
Code 87068C4C ZwTraceEvent
Code 87068C4B NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!NtTraceEvent 82073FD0 5 Bytes JMP 87068C50
PAGE ntoskrnl.exe!NtRequestPort + 2 821FAC15 5 Bytes JMP 87068CF0
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 2 82252ECE 5 Bytes JMP 87068E30
PAGE ntoskrnl.exe!NtRequestWaitReplyPort + 2 82255F23 5 Bytes JMP 87068D90
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E008340, 0x39DB57, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\wuauclt.exe[584] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 00BD0354
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtCreateFile + 6 77727C7E 4 Bytes [28, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtCreateFile + B 77727C83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtMapViewOfSection + 6 777283CE 1 Byte [28]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtMapViewOfSection + 6 777283CE 4 Bytes [28, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtMapViewOfSection + B 777283D3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenFile + 6 7772845E 4 Bytes [68, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenFile + B 77728463 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcess + 6 777284DE 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcess + B 777284E3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcessToken + 6 777284EE 4 Bytes CALL 76728AF4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcessToken + B 777284F3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcessTokenEx + 6 777284FE 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcessTokenEx + B 77728503 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThread + 6 7772854E 4 Bytes [68, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThread + B 77728553 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThreadToken + 6 7772855E 4 Bytes [68, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThreadToken + B 77728563 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThreadTokenEx + 6 7772856E 4 Bytes CALL 76728B75 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThreadTokenEx + B 77728573 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtQueryAttributesFile + 6 777285FE 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtQueryAttributesFile + B 77728603 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtQueryFullAttributesFile + 6 777286AE 4 Bytes CALL 76728CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtQueryFullAttributesFile + B 777286B3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtSetInformationFile + 6 77728B8E 4 Bytes [28, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtSetInformationFile + B 77728B93 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtSetInformationThread + 6 77728BDE 4 Bytes [28, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtSetInformationThread + B 77728BE3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 1 Byte [68]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 4 Bytes [68, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtUnmapViewOfSection + B 77728E83 1 Byte [E2]
.text C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe[808] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 003D0354
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtCreateFile + 6 77727C7E 4 Bytes [28, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtCreateFile + B 77727C83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtMapViewOfSection + 6 777283CE 1 Byte [28]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtMapViewOfSection + 6 777283CE 4 Bytes [28, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtMapViewOfSection + B 777283D3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenFile + 6 7772845E 4 Bytes [68, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenFile + B 77728463 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcess + 6 777284DE 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcess + B 777284E3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcessToken + 6 777284EE 4 Bytes CALL 76728AF4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcessToken + B 777284F3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcessTokenEx + 6 777284FE 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcessTokenEx + B 77728503 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThread + 6 7772854E 4 Bytes [68, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThread + B 77728553 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThreadToken + 6 7772855E 4 Bytes [68, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThreadToken + B 77728563 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThreadTokenEx + 6 7772856E 4 Bytes CALL 76728B75 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThreadTokenEx + B 77728573 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtQueryAttributesFile + 6 777285FE 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtQueryAttributesFile + B 77728603 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtQueryFullAttributesFile + 6 777286AE 4 Bytes CALL 76728CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtQueryFullAttributesFile + B 777286B3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtSetInformationFile + 6 77728B8E 4 Bytes [28, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtSetInformationFile + B 77728B93 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtSetInformationThread + 6 77728BDE 4 Bytes [28, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtSetInformationThread + B 77728BE3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 1 Byte [68]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 4 Bytes [68, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtUnmapViewOfSection + B 77728E83 1 Byte [E2]
.text C:\Windows\System32\mobsync.exe[1740] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 00200354
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtCreateFile + 6 77727C7E 4 Bytes [28, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtCreateFile + B 77727C83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtMapViewOfSection + 6 777283CE 1 Byte [28]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtMapViewOfSection + 6 777283CE 4 Bytes [28, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtMapViewOfSection + B 777283D3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenFile + 6 7772845E 4 Bytes [68, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenFile + B 77728463 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcess + 6 777284DE 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcess + B 777284E3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessToken + 6 777284EE 4 Bytes CALL 76728AF4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessToken + B 777284F3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessTokenEx + 6 777284FE 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessTokenEx + B 77728503 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThread + 6 7772854E 4 Bytes [68, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThread + B 77728553 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadToken + 6 7772855E 4 Bytes [68, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadToken + B 77728563 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadTokenEx + 6 7772856E 4 Bytes CALL 76728B75 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadTokenEx + B 77728573 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryAttributesFile + 6 777285FE 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryAttributesFile + B 77728603 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryFullAttributesFile + 6 777286AE 4 Bytes CALL 76728CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryFullAttributesFile + B 777286B3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationFile + 6 77728B8E 4 Bytes [28, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationFile + B 77728B93 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationThread + 6 77728BDE 4 Bytes [28, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationThread + B 77728BE3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 1 Byte [68]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 4 Bytes [68, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtUnmapViewOfSection + B 77728E83 1 Byte [E2]
.text C:\Windows\RtHDVCpl.exe[2008] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 002B0354
.text C:\Program Files\Trust\Trust R-Series Mouse\KMConfig.exe[2200] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 00490354
.text C:\Windows\System32\rundll32.exe[2304] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 008E0354
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2336] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 01D50354
.text C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe[2372] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 00340354
.text ...
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtCreateFile + 6 77727C7E 4 Bytes [28, 00, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtCreateFile + B 77727C83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtMapViewOfSection + 6 777283CE 1 Byte [28]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtMapViewOfSection + 6 777283CE 4 Bytes [28, 03, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtMapViewOfSection + B 777283D3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenFile + 6 7772845E 4 Bytes [68, 00, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenFile + B 77728463 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcess + 6 777284DE 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcess + B 777284E3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessToken + 6 777284EE 4 Bytes CALL 76729AF4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessToken + B 777284F3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessTokenEx + 6 777284FE 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessTokenEx + B 77728503 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThread + 6 7772854E 4 Bytes [68, 01, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThread + B 77728553 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadToken + 6 7772855E 4 Bytes [68, 02, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadToken + B 77728563 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadTokenEx + 6 7772856E 4 Bytes CALL 76729B75 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadTokenEx + B 77728573 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryAttributesFile + 6 777285FE 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryAttributesFile + B 77728603 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryFullAttributesFile + 6 777286AE 4 Bytes CALL 76729CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryFullAttributesFile + B 777286B3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationFile + 6 77728B8E 4 Bytes [28, 01, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationFile + B 77728B93 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationThread + 6 77728BDE 4 Bytes [28, 02, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationThread + B 77728BE3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 1 Byte [68]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 4 Bytes [68, 03, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtUnmapViewOfSection + B 77728E83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + 6 77727C7E 4 Bytes [28, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + B 77727C83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + 6 777283CE 1 Byte [28]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + 6 777283CE 4 Bytes [28, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + B 777283D3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + 6 7772845E 4 Bytes [68, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + B 77728463 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + 6 777284DE 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + B 777284E3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessToken + 6 777284EE 4 Bytes CALL 76728AF4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessToken + B 777284F3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + 6 777284FE 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + B 77728503 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + 6 7772854E 4 Bytes [68, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + B 77728553 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + 6 7772855E 4 Bytes [68, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + B 77728563 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadTokenEx + 6 7772856E 4 Bytes CALL 76728B75 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadTokenEx + B 77728573 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + 6 777285FE 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + B 77728603 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryFullAttributesFile + 6 777286AE 4 Bytes CALL 76728CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryFullAttributesFile + B 777286B3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + 6 77728B8E 4 Bytes [28, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + B 77728B93 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + 6 77728BDE 4 Bytes [28, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + B 77728BE3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 1 Byte [68]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 4 Bytes [68, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + B 77728E83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtCreateFile + 6 77727C7E 4 Bytes [28, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtCreateFile + B 77727C83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtMapViewOfSection + 6 777283CE 1 Byte [28]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtMapViewOfSection + 6 777283CE 4 Bytes [28, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtMapViewOfSection + B 777283D3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenFile + 6 7772845E 4 Bytes [68, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenFile + B 77728463 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcess + 6 777284DE 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcess + B 777284E3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcessToken + 6 777284EE 4 Bytes CALL 76728AF4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcessToken + B 777284F3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcessTokenEx + 6 777284FE 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcessTokenEx + B 77728503 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThread + 6 7772854E 4 Bytes [68, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThread + B 77728553 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThreadToken + 6 7772855E 4 Bytes [68, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThreadToken + B 77728563 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThreadTokenEx + 6 7772856E 4 Bytes CALL 76728B75 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThreadTokenEx + B 77728573 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtQueryAttributesFile + 6 777285FE 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtQueryAttributesFile + B 77728603 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtQueryFullAttributesFile + 6 777286AE 4 Bytes CALL 76728CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtQueryFullAttributesFile + B 777286B3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtSetInformationFile + 6 77728B8E 4 Bytes [28, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtSetInformationFile + B 77728B93 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtSetInformationThread + 6 77728BDE 4 Bytes [28, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtSetInformationThread + B 77728BE3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 1 Byte [68]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 4 Bytes [68, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtUnmapViewOfSection + B 77728E83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateFile + 6 77727C7E 4 Bytes [28, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateFile + B 77727C83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection + 6 777283CE 1 Byte [28]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection + 6 777283CE 4 Bytes [28, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection + B 777283D3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenFile + 6 7772845E 4 Bytes [68, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenFile + B 77728463 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcess + 6 777284DE 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcess + B 777284E3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessToken + 6 777284EE 4 Bytes CALL 76728AF4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessToken + B 777284F3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessTokenEx + 6 777284FE 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessTokenEx + B 77728503 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThread + 6 7772854E 4 Bytes [68, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThread + B 77728553 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadToken + 6 7772855E 4 Bytes [68, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadToken + B 77728563 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadTokenEx + 6 7772856E 4 Bytes CALL 76728B75 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadTokenEx + B 77728573 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryAttributesFile + 6 777285FE 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryAttributesFile + B 77728603 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryFullAttributesFile + 6 777286AE 4 Bytes CALL 76728CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryFullAttributesFile + B 777286B3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationFile + 6 77728B8E 4 Bytes [28, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationFile + B 77728B93 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationThread + 6 77728BDE 4 Bytes [28, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationThread + B 77728BE3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 1 Byte [68]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 4 Bytes [68, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtUnmapViewOfSection + B 77728E83 1 Byte [E2]
.text C:\Windows\system32\NOTEPAD.EXE[4032] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 00120354
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E98864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73ED9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E9B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E8FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E97A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E8EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73ECB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73E9BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E90756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E906BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E871B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73F1D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73EB7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E8E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E8697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E869A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E92475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
---- EOF - GMER 1.0.15 ----
|
|
16.11.2011, 20:15
| #39 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win.32/Sirefef.0 - Starker Virenbefall Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!! Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2011, 11:23
| #40 |
| | Win.32/Sirefef.0 - Starker Virenbefall Malwarebytes: Datenbank Version: 8178 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19088 16.11.2011 23:14:45 mbam-log-2011-11-16 (23-14-30).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 285215 Laufzeit: 2 Stunde(n), 28 Minute(n), 55 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 2 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 1 Infizierte Verzeichnisse: 0 Infizierte Dateien: 5 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_CLASSES_ROOT\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> No action taken. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> No action taken. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Malware.Gen) -> Bad: (C:\Users\Heimanwender\AppData\Roaming\appconf32.exe) Good: () -> No action taken. Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\Users\heimanwender\AppData\Roaming\appconf32.exe (Malware.Gen) -> No action taken. c:\Users\heimanwender\AppData\Roaming\acroiehelpe.dll (Trojan.Banker) -> No action taken. c:\Users\Gast\documents\downloads\installer_supertux_3_0_deutsch_deutsch.exe (PUP.SmsPay.pns) -> No action taken. c:\Users\Gast\documents\downloads\unconfirmed 14534.download (PUP.SmsPay.pns) -> No action taken. c:\Users\heimanwender\AppData\LocalLow\Sun\Java\deployment\cache\6.0\19\49696ed3-36ff0a2a (Malware.Gen) -> No action taken. und Malwarebytes' Anti-Malware 1.51.2.1300 www.malwarebytes.org Datenbank Version: 8178 Windows 6.0.6001 Service Pack 1 Internet Explorer 8.0.6001.19088 17.11.2011 11:14:52 mbam-log-2011-11-17 (11-14-52).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 473027 Laufzeit: 2 Stunde(n), 50 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 6 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 1 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Office\Word\Addins\HostOL.MailAnim (Adware.Hotbar) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> Quarantined and deleted successfully. Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: c:\program files\icqtoolbar\toolbaru.dll (Trojan.BHO) -> Quarantined and deleted successfully. |
|
17.11.2011, 13:42
| #41 |
| | Win.32/Sirefef.0 - Starker Virenbefall SUPERAntiSpyware erkennt insgesamt 726 schädliche Dateien, die sich alle auf meine Cookies beziehen, auch wenn es sich dabei um Websites handelt, die sich von dieser nicht unterscheiden. Auch wenn ich die Meinung der Gefährlichkeit, was der Besuch dieser gewöhnlichen Internetseiten nicht teile, bin ich den Anweisungen des Programms, was die Entfernung anbetrifft, gefolgt. Die Logdatei enthält nahezu jede Internetseite, die ich den vergangen Tagen besucht habe. Ich hoffe es ist möglich zu respektieren, dass ich diese aus privaten Gründen nicht veröffentlichen möchte. Trotzdem ein kleiner Ausschnitt, um einen Eindruck von der Art der Fehler gewinnen zu können: Adware.Tracking Cookie C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Cookies\heimanwender@accounts.google[1].txt [ /accounts.google ] C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Cookies\heimanwender@ad.yieldmanager[1].txt [ /ad.yieldmanager ] -> yieldmanager habe ich beispielsweise nie besucht, da es schon von meinem Browser als gefährlich eingestuft wird. Warum ist so etwas trotzdem in den Cookies vermerkt? C:\SANDBOX\HEIMANWENDER\DEFAULTBOX\USER\CURRENT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] .axelspringer.122.2o7.net [ www.elitepvpers.de [ C:\SANDBOX\HEIMANWENDER\DEFAULTBOX\USER\CURRENT\APPDATA\LOCAL\GOOGLE\CHROME\USER DATA\DEFAULT\COOKIES ] DATA\DEFAULT\COOKIES ] .webmasterplan.com [ C:\USERS\GAST\APPDATA\LOCAL\GOOGLE\CHROME\USER |
|
17.11.2011, 13:58
| #42 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win.32/Sirefef.0 - Starker Virenbefall Also ich weiß nicht ob das so eine gute Idee bei dem Rechner war zu bereinigen  MBAM hatte doch noch einige fiese Kandidaten gefunden obwohl das nur noch Kontrollscans waren - normalerweise findet man max. noch harmlose/isolierte Überreste oder Cookies bei den Kontrollscans. Wie läuft der Rechner denn mittlerweile? 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2011, 14:03
| #43 |
| | Win.32/Sirefef.0 - Starker Virenbefall Das hört sich ja gar nicht gut an  Der Rechner läuft stabil und ohne Einschränkungen. Ich habe keinen zeitlichen Vergleich vorgenommen, aber ich meine, dass sich der Startvorgang beschleunigt hat. Momentan bin ich ohne Antivirprogramm unterwegs, aber dessen Funktionalität konnte ja nach den ersten Bereinigungsversuchen wieder hergestellt werden. Seitdem die Firewall und das Antivirprogramm also in ihrer Aktivität nicht mehr beschränkt wurden, konnte ich nicht feststellen, dass ich infiziert wäre, auch wenn das ja offensichtlich der Fall ist/gewesen ist. |
|
17.11.2011, 15:59
| #44 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Win.32/Sirefef.0 - Starker Virenbefall Ok, wenn der Rechner deiner Meinung nach wieder ok ist, dann kannste ihn ja so lassen. Dann wären wir durch!  Die Programme, die hier zum Einsatz kamen, können alle wieder runter. CF kann über Start, Ausführen mit combofix /uninstall entfernt werden. Melde dich falls es da Fehlermeldungen zu gibt. Malwarebytes zu behalten ist kein Fehler. Kannst ja 1x im Monat damit scannen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP: Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Anleitung Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers, hier der direkte Downloadlink: Mozilla und andere Browser => http://filepony.de/?q=Flash+Player Internet Explorer => http://fpdownload.adobe.com/get/flas..._player_ax.exe Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein Sicherheitsrisiko, daher solltest Du die alten Versionen löschen (falls vorhanden, am besten mit JavaRa) und auf die neuste aktualisieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.11.2011, 16:11
| #45 |
| | Win.32/Sirefef.0 - Starker Virenbefall Das hört man gerne. Aber bevor ich in Euphorie verfalle: Der Rechner war für mich seit der ersten Bereinigung augenscheinlich nicht mehr infiziert. Die letzten Überprüfungen haben jedoch gezeigt, dass nach wie vor schädliche Dateien, auch wenn ich von deren Aktivitäten keine Auswirkungen feststellen konnte, vorhanden waren. Von daher ist hauptsächlich nicht meine Meinung, sondern deine interessant, um letztlich sagen zu können, ob der Rechner wieder gesäubert ist. Was meinst du, ist die derzeitige Situation auf meinem Rechner zufriedenstellend? |
|
| Themen zu Win.32/Sirefef.0 - Starker Virenbefall |
| ad-aware, avg, avira, befall, bereit, betriebssystem, blue, dienst, eset, folge, forum, free, gdata, gelöscht, infizierte, manager, nicht sicher, nicht starten, online, reagiert, scan, scanner, security, sirefef, starker virenbefall, task manager, treiber, trojaner, virenbefal, win.32/sirefef.0, windows |
Linear-Darstellung
