![]() |
|
Plagegeister aller Art und deren Bekämpfung: Smart-MalwareWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() ![]() | ![]() Smart-Malware Hallo, ich habe folgendes Problem: Mein Rechner wurde mit der S.M.A.R.T. - Malware infiziert und ich wurde aufgefordert einen Scan mit Smart zu starten. Gleichzeitig verschwanden sämtliche Symbole auf meinem Desktop und nur noch der Papierkorb und die "Smart"-Verknüpfung waren noch vorhanden. Diesen Scan habe ich zunächst nicht durchgeführt, da ich mir sicher war, opfer einer Schadsoftware zu sein. Darauf hin habe ich versucht über google eine Lösung für das Problem zu finden und bin auf einen Link von "Spyhunter4" gestossen. Dieses Programm habe ich dann installiert und in folge dessen einen Scan durchgeführt. Als der Scan abgeschlossen war wurde ich aufgefordert die Vollversion für 29.90€ freizuschalten was ich dummerweise auch tat. Mir wurde dann mitgeteilt, dass meine Kreditkarte mit 71€ belastet wurde. Dies kam mir sehr spanisch vor und bin darauf gestossen, dass dies ebenfalls schädliche malware ist. Zunächst meine Frage... Kann ich die Abbuchung von meiner Kreditkarte verweigern bzw. soll ich diese gleich sperren lassen? Da ich meine persönlichen Daten auch angeben musste stellt sich mir ebenfalls die Frage ob mein E-Mail Kto. noch sicher ist. hier die geforderten Datenlogs . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT .DDS Logfile: Code:
ATTFilter DDS (Ver_2011-08-26.01) . Microsoft® Windows Vista™ Home Premium Boot Device: \Device\HarddiskVolume2 Install Date: 24.12.2007 18:16:17 System Uptime: 03.04.2012 18:28:57 (0 hours ago) . Motherboard: FUJITSU SIEMENS | | F40 Processor: Intel(R) Core(TM)2 Duo CPU T7700 @ 2.40GHz | U2E1 | 2401/mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 148 GiB total, 71,997 GiB free. D: is FIXED (NTFS) - 73 GiB total, 72,974 GiB free. E: is CDROM (CDFS) . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . . ==== Installed Programs ====================== . Update for Microsoft Office 2007 (KB2508958) Activation Assistant for the 2007 Microsoft Office suites Adobe Flash Player 10 ActiveX Adobe Flash Player 11 Plugin Adobe Reader 8.1.6 - Deutsch Adobe Shockwave Player 11.5 Avira Free Antivirus Big Fish Games Center (remove only) Big Fish Games Sudoku (remove only) Compatibility Pack für 2007 Office System ConvertHelper 2.2 DHTML Editing Component eJay House 6 Reloaded FirstSteps Diagnostics Free Video to MP3 Converter version 4.2.14 FSCLounge GEAR driver installer Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595) Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484) Intel® Turbo Memory und Intel® Matrix Storage Manager Java Auto Updater Java(TM) 6 Update 24 Java(TM) 6 Update 7 Luxor Amun Rising (remove only) Mahjong Towers Eternity EU (remove only) McAfee Security Scan Plus Microsoft .NET Framework 1.1 Microsoft .NET Framework 1.1 German Language Pack Microsoft .NET Framework 1.1 Security Update (KB2656353) Microsoft .NET Framework 1.1 Security Update (KB979906) Microsoft .NET Framework 3.5 Language Pack SP1 - deu Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 4 Client Profile Microsoft Office 2007 Service Pack 3 (SP3) Microsoft Office Excel MUI (German) 2007 Microsoft Office File Validation Add-In Microsoft Office Home and Student 2007 Microsoft Office OneNote MUI (German) 2007 Microsoft Office PowerPoint MUI (German) 2007 Microsoft Office PowerPoint Viewer 2007 (German) Microsoft Office Proof (English) 2007 Microsoft Office Proof (French) 2007 Microsoft Office Proof (German) 2007 Microsoft Office Proof (Italian) 2007 Microsoft Office Proofing (German) 2007 Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) Microsoft Office Shared MUI (German) 2007 Microsoft Office Word MUI (German) 2007 Microsoft Silverlight Microsoft Text-to-Speech Engine 4.0 (English) Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Visual J# .NET Redistributable Package 1.1 Microsoft Works Motorola SM56 Data Fax Modem Mozilla Firefox 11.0 (x86 de) MSXML 4.0 SP2 (KB941833) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Mystery Case Files - Prime Suspects (remove only) Nero 7 Essentials neroxml NVIDIA Drivers OpenOffice.org Installer 1.0 OSDInstall PhotoScape PixiePack Codec Pack PowerDV PVSonyDll Realtek High Definition Audio Driver Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424) Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition Skype™ 4.2 Spelling Dictionaries Support For Adobe Reader 8 SpyHunter Uninstall 1.0.0.1 Update für Microsoft Office Excel 2007 Help (KB963678) Update für Microsoft Office Powerpoint 2007 Help (KB963669) Update für Microsoft Office Word 2007 Help (KB963665) Update for 2007 Microsoft Office System (KB967642) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft Office 2007 suites (KB2596651) 32-Bit Edition Update for Microsoft Office 2007 suites (KB2596789) 32-Bit Edition Update for Microsoft Office Excel 2007 (KB2596596) 32-Bit Edition Virtual Villagers (remove only) WebCam Winamp Winamp Detector Plug-in Winamp Toolbar for Internet Explorer Windows Media Player Firefox Plugin . ==== End Of File =========================== . DDS (Ver_2011-08-26.01) - NTFSx86 Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 1.6.0_24 Run by Dennis Schmid at 18:45:18 on 2012-04-03 Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.2046.1051 [GMT 2:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\PROGRA~1\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE C:\Windows\system32\nvvsvc.exe C:\Windows\system32\svchost.exe -k rpcss C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\nvvsvc.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\svchost.exe -k bthsvcs C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskeng.exe C:\Windows\system32\IoctlSvc.exe C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Program Files\CyberLink\Shared Files\RichVideo.exe C:\Windows\system32\svchost.exe -k imgsvc C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe C:\Windows\System32\svchost.exe -k WerSvcGroup C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Program Files\C&E\OSD\osd.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\ehome\ehtray.exe C:\Program Files\Skype\Phone\Skype.exe C:\Program Files\Windows Media Player\wmpnscfg.exe C:\Program Files\McAfee Security Scan\2.0.181\SSScheduler.exe C:\Windows\ehome\ehmsas.exe C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\Macromed\Flash\FlashUtil10e.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\conime.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe C:\Windows\system32\DllHost.exe . ============== Pseudo HJT Report =============== . uStart Page = BHO: Adobe PDF Reader: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll BHO: SSVHelper Class: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe" uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe mRun: [RtHDVCpl] c:\program files\realtek\audio\hda\RtHDVCpl.exe mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 8.0\reader\Reader_sl.exe" mRun: [OSD] c:\program files\c&e\osd\osd.exe mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min StartupFolder: c:\users\dennis~1\appdata\roaming\micros~1\windows\startm~1\programs\startup\onenot~1.lnk - c:\program files\microsoft office\office12\ONENOTEM.EXE StartupFolder: c:\users\dennis schmid\appdata\roaming\microsoft\windows\start menu\programs\startup\OneNote Inhaltsverzeichnis.onetoc2 StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee security scan\2.0.181\SSScheduler.exe mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0) mPolicies-system: EnableUIADesktopToggle = 0 (0x0) IE: &Winamp Toolbar Search - c:\programdata\winamp toolbar\ietoolbar\resources\en-us\local\search.html IE: Nach Microsoft E&xel exportieren - c:\progra~1\micros~2\office12\EXCEL.EXE/3000 IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~2\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~2\office12\REFIEBAR.DLL DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab TCP: DhcpNameServer = 192.168.0.1 TCP: Interfaces\{E5A52F4E-5D1C-4313-BE1F-83AF8DE3C015} : DhcpNameServer = 192.168.0.1 TCP: Interfaces\{F311ACA8-8973-4405-8378-AB7C9A0BC48E} : DhcpNameServer = 192.168.0.1 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL mASetup: {9C450606-ED24-4958-92BA-B8940C99D441} - c:\program files\pixiepack codec pack\InstallerHelper.exe . ================= FIREFOX =================== . FF - ProfilePath - c:\users\dennis schmid\appdata\roaming\mozilla\firefox\profiles\1sxjnydl.default\ FF - prefs.js: browser.search.defaulturl - FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/?ref=home FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll FF - plugin: c:\program files\microsoft silverlight\4.1.10111.0\npctrlui.dll FF - plugin: c:\program files\mozilla firefox\plugins\npdeployJava1.dll FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_2_202_228.dll . ============= SERVICES / DRIVERS =============== . R0 iaNvStor;Intel(R) Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2007-10-24 208896] R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2007-10-24 210224] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2011-10-21 36000] R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2011-10-21 86224] R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2011-10-21 110032] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2011-10-21 74640] R2 FontCache;Windows-Dienst für Schriftartencache;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2010-5-14 21504] R2 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~1\enigma~1\spyhun~1\SH4SER~1.EXE [2012-1-18 737184] R3 esgiguard;esgiguard;c:\program files\enigma software group\spyhunter\esgiguard.sys [2011-5-6 13904] R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2007-10-24 46592] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-3 253600] S3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\mcafee security scan\2.0.181\McCHSvc.exe [2010-1-15 227232] S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504] . =============== Created Last 30 ================ . 2012-04-03 15:25:47 110080 ----a-r- c:\users\dennis schmid\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconF7A21AF7.exe 2012-04-03 15:25:47 110080 ----a-r- c:\users\dennis schmid\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconD7F16134.exe 2012-04-03 15:25:47 110080 ----a-r- c:\users\dennis schmid\appdata\roaming\microsoft\installer\{4e0c6314-a8b8-4026-ac15-084e8b63afb5}\IconCF33A0CE.exe 2012-04-03 15:25:43 -------- d-----w- C:\sh4ldr 2012-04-03 15:25:43 -------- d-----w- c:\program files\Enigma Software Group 2012-04-03 15:24:54 -------- d-----w- c:\windows\4E0C6314A8B84026AC15084E8B63AFB5.TMP 2012-04-03 15:24:52 -------- d-----w- c:\program files\common files\Wise Installation Wizard 2012-04-03 14:31:42 6582328 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{6df98453-988c-460a-affc-d06eb5319541}\mpengine.dll 2012-04-03 14:20:15 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-03-20 09:39:13 592824 ----a-w- c:\program files\mozilla firefox\gkmedias.dll 2012-03-20 09:39:13 44472 ----a-w- c:\program files\mozilla firefox\mozglue.dll 2012-03-13 18:49:12 683008 ----a-w- c:\windows\system32\d2d1.dll 2012-03-13 18:49:12 219648 ----a-w- c:\windows\system32\d3d10_1core.dll 2012-03-13 18:49:12 160768 ----a-w- c:\windows\system32\d3d10_1.dll 2012-03-13 18:49:12 1172480 ----a-w- c:\windows\system32\d3d10warp.dll 2012-03-13 18:49:12 1068544 ----a-w- c:\windows\system32\DWrite.dll 2012-03-13 18:49:08 2044416 ----a-w- c:\windows\system32\win32k.sys 2012-03-13 18:48:03 2409784 ----a-w- c:\program files\windows mail\OESpamFilter.dat 2012-03-13 18:47:46 613376 ----a-w- c:\windows\system32\rdpencom.dll 2012-03-13 18:47:46 180736 ----a-w- c:\windows\system32\drivers\rdpwd.sys . ==================== Find3M ==================== . 2012-04-03 14:20:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-02-23 08:18:36 237072 ------w- c:\windows\system32\MpSigStub.exe . ============= FINISH: 18:45:45,49 =============== GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-04-03 19:20:33 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 WDC_WD25 rev.01.0 Running: gj84k6u8.exe; Driver: C:\Users\DENNIS~1\AppData\Local\Temp\ffkoapoc.sys ---- System - GMER 1.0.15 ---- SSDT \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys ZwCreateSection [0xA1598700] SSDT 9075E4B0 ZwRequestWaitReplyPort SSDT 9075E4AB ZwSetContextThread SSDT 9075E4B5 ZwSetSecurityObject SSDT 9075E4BA ZwSystemDebugControl SSDT 9075E447 ZwTerminateProcess INT 0x52 ? 904032D0 INT 0x61 ? 90435A50 INT 0x71 ? 90435CD0 INT 0x82 ? 90403050 INT 0xB3 ? 90403CD0 ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 215 822C7998 4 Bytes [00, 87, 59, A1] .text ntkrnlpa.exe!KeSetEvent + 539 822C7CBC 4 Bytes [B0, E4, 75, 90] {MOV AL, 0xe4; JNZ 0xffffffffffffff94} .text ntkrnlpa.exe!KeSetEvent + 56D 822C7CF0 4 Bytes [AB, E4, 75, 90] {STOSD ; IN AL, 0x75; NOP } .text ntkrnlpa.exe!KeSetEvent + 5D1 822C7D54 4 Bytes [B5, E4, 75, 90] {MOV CH, 0xe4; JNZ 0xffffffffffffff94} .text ntkrnlpa.exe!KeSetEvent + 619 822C7D9C 4 Bytes [BA, E4, 75, 90] .text ... ? C:\Users\DENNIS~1\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. ! ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[3204] kernel32.dll!CreateThread 7739CB2E 5 Bytes JMP 6F6B7303 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!CreateDialogParamW 774372A2 5 Bytes JMP 6F8466A0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!GetAsyncKeyState 7743863C 5 Bytes JMP 6F69DD8D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!SetWindowsHookExW 774387AD 5 Bytes JMP 6F6F2194 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!CallNextHookEx 77438E3B 5 Bytes JMP 6F717BAF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!UnhookWindowsHookEx 774398DB 5 Bytes JMP 6F73EB00 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!EnableWindow 7743CD8B 5 Bytes JMP 6F6F9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!DefWindowProcA 7743DB88 7 Bytes JMP 6F6B952D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!CreateWindowExA 7743DC2A 5 Bytes JMP 6F6C3363 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!CreateWindowExW 77441305 5 Bytes JMP 6F71FF87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!GetKeyState 77448CB1 5 Bytes JMP 6F69DC67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!DefWindowProcW 774503B4 7 Bytes JMP 6F717C12 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!IsDialogMessageW 77450745 5 Bytes JMP 6F846E05 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!CreateDialogParamA 774517AA 5 Bytes JMP 6F846668 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!IsDialogMessage 77451847 2 Bytes JMP 6F846DDD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!IsDialogMessage + 3 7745184A 2 Bytes [3F, F8] {AAS ; CLC } .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!CreateDialogIndirectParamA 774526F1 5 Bytes JMP 6F8466D8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!CreateDialogIndirectParamW 77459A62 5 Bytes JMP 6F846710 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!SetKeyboardState 77460987 5 Bytes JMP 6F8476D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!DialogBoxParamW 774610B0 5 Bytes JMP 6F65170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!DialogBoxIndirectParamW 77462EF5 5 Bytes JMP 6F846336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!SendInput 77462F75 5 Bytes JMP 6F847679 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!EndDialog 7746326E 5 Bytes JMP 6F8470B4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!SetCursorPos 77476FB2 5 Bytes JMP 6F847752 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!DialogBoxParamA 77478152 5 Bytes JMP 6F8462D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!DialogBoxIndirectParamA 7747847D 5 Bytes JMP 6F84639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!MessageBoxIndirectA 7748D4D9 5 Bytes JMP 6F846258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!MessageBoxIndirectW 7748D5D3 5 Bytes JMP 6F8461DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!MessageBoxExA 7748D639 5 Bytes JMP 6F84617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!MessageBoxExW 7748D65D 5 Bytes JMP 6F846117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] USER32.dll!keybd_event 7748D972 5 Bytes JMP 6F847636 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3204] SHELL32.dll!SHRestricted + D95 763D89A8 4 Bytes [CF, 01, C4, 69] .text C:\Program Files\Internet Explorer\iexplore.exe[3204] SHELL32.dll!SHRestricted + D9D 763D89B0 8 Bytes [E0, 61, C3, 69, 79, F7, C3, ...] .text C:\Program Files\Internet Explorer\iexplore.exe[3204] ole32.dll!OleLoadFromStream 76E91E80 5 Bytes JMP 6F846B0F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5024] USER32.dll!EnableWindow 7743CD8B 5 Bytes JMP 6F6F9A14 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5024] USER32.dll!DialogBoxParamW 774610B0 5 Bytes JMP 6F65170B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5024] USER32.dll!DialogBoxIndirectParamW 77462EF5 5 Bytes JMP 6F846336 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5024] USER32.dll!DialogBoxParamA 77478152 5 Bytes JMP 6F8462D1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5024] USER32.dll!DialogBoxIndirectParamA 7747847D 5 Bytes JMP 6F84639B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5024] USER32.dll!MessageBoxIndirectA 7748D4D9 5 Bytes JMP 6F846258 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5024] USER32.dll!MessageBoxIndirectW 7748D5D3 5 Bytes JMP 6F8461DF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5024] USER32.dll!MessageBoxExA 7748D639 5 Bytes JMP 6F84617B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[5024] USER32.dll!MessageBoxExW 7748D65D 5 Bytes JMP 6F846117 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Geändert von DennisS (03.04.2012 um 18:56 Uhr) |
Themen zu Smart-Malware |
antispyware, converter, cpu, defender, desktop, e-mail, enigma, excel, firefox, flash player, fontcache, google, helper, home, installation, internet, karte, kreditkarte, malware, mp3, office 2007, problem, programm, rundll, s.m.a.r.t., scan, security, security scan, security update, svchost.exe, temp, windows |