Trojaner-Board - Problem verursacht durch Trojan.PWS.Legmir.AD / W32.Ahlem.A@mm ?

Hallo,

ich bekomme seit einigen Tagen bei Ausführen einer a.exe (welche genau: siehe unten) die folgende Fehlermeldung, die laut Windows von einem "bekannten Trojaner" verursacht wird:

a.exe funktioniert nicht mehr

Windows online kann nach einer Lösung für das Problem suchen

Problemdetails:
Problemsignatur:
Problemereignisname: APPCRASH
Anwendungsname: a.exe
Anwendungsversion: 0.0.0.0
Anwendungszeitstempel: 4f9b0ef4
Fehlermodulname: FLDLL234M_nag.dll
Fehlermodulversion: 23.0.2.0
Fehlermodulzeitstempel: 4e4bbf02
Ausnahmecode: c0000005
Ausnahmeoffset: 0031f371
Betriebsystemversion: 6.0.6000.2.0.0.768.2
Gebietsschema-ID: 1031
Zusatzinformation 1: ff81
Zusatzinformation 2: 1a3bac6f453c395653aef32e927e0741
Zusatzinformation 3: ba48
Zusatzinformation 4: e3abccd88c3d017c79703aa3e600bda9

Problembericht (nach clicken auf Ok):
Entfernen des Trojan.PWS.Legmir.AD / W32.Ahlem.A@mm-Virus vom Computer
Dieses Problem wurde durch Trojan.PWS.Legmir.AD / W32.Ahlem.A@mm verursacht, einen bekannten Computervirus.

Um ein weiteres Auftreten des Problems zu vermeiden, installieren Sie eine aktuelle Antiviren- und Antispywareanwendung auf dem Computer, und führen Sie diese aus.

Ich habe daraufhin folgendes unternommen:
1.) Antivir update, vollständigen scan ausgeführt. Kein Fund.
2.) AVG runtergeladen, vollstdg. scan ausgeführt. Kein Fund.
3.) Windows Vista Home Basic 32bit neuinstalliert. Ich habe die Partitionen C und D. D ist die Recovery, sie habe ich nicht neu formatiert, ich habe lediglich den Ordner "cygwin" gelöscht, den ich einmal dort gespeichert hatte. C habe ich formatiert und anschließend Windows neu installiert. Ich weiß nicht, ob dabei Recovery-Daten von D verwendet wurden - auf der verwendeten Betriebssystem-CD steht: "diese DVD ist nicht für die erneute Installation von Programmen oder Treibern gedacht". In D befinden sich die Ordner :
Dell
Programme
sources
Tools.
4.) Neuinstallation von MinGW (enthält Fortran compiler gfortran) und der NAG Fortran Library.
Kompilieren des NAG-Beispielprogramms
hxxp://www.nag.co.uk/numeric/fl/nagdoc_fl23/examples/source/d03ppae.f90
mit gfortran liefert die besagte a.exe und deren Ausführung genannte Trojanermeldung.

5.) Defogger: disable gewählt und die vom Forum benötigten scans durchgeführt.

Ich bin jetzt völlig ratlos. C muss ja sauber sein, da ich neu installiert habe. Der Trojaner könnte eigentlich nur auf D sitzen, oder? Aber wie soll er dann das Problem verursachen :confused: D ist doch nur die Recovery!? Habe leider keinen anderen Rechner an dem ich die a.exe neu erstellen bzw. laufen lassen kann.

Ich würde mich sehr über Eure Hilfe freuen,

:heulen:

Danke & Viele Grüße,
Mara

-----Anhänge-----

Hier die vom Forum benötigten scans:

1.) Malwarebytes-Scan Ergebnis:

Malwarebytes Anti-Malware (Test) 1.61.0.1400

www.malwarebytes.org

Datenbank Version: v2012.04.29.03

Windows Vista x86 NTFS
Internet Explorer 7.0.6000.16982
Mara :: MARA-PC [Administrator]

Schutz: Aktiviert

29.04.2012 16:33:29
mbam-log-2012-04-29 (16-33-29).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 293123
Laufzeit: 2 Stunde(n), 2 Minute(n), 12 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

2.) DDS.txt
.
DDS (Ver_2011-08-26.01) - NTFSx86
Internet Explorer: 7.0.6000.16982
Run by Mara at 18:53:54 on 2012-04-29
Microsoft® Windows Vista™ Home Basic 6.0.6000.0.1252.49.1031.18.1917.1034 [GMT 2:00]
.
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskeng.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Unlocker\UnlockerAssistant.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Windows\system32\conime.exe
C:\Users\Mara\Downloads\Defogger.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.de/
BHO: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - c:\program files\divx\divx plus web player\ie\divxhtml5\DivXHTML5.dll
TB: QuickStores-Toolbar: {10edb994-47f8-43f7-ae96-f2ea63e9f90f} - mscoree.dll
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [UnlockerAssistant] "c:\program files\unlocker\UnlockerAssistant.exe"
mRun: [DivXUpdate] "c:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
mRun: [Malwarebytes' Anti-Malware] "c:\program files\malwarebytes' anti-malware\mbamgui.exe" /starttray
mRunOnce: [Malwarebytes Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
TCP: DhcpNameServer = 80.69.100.174 80.69.100.198
TCP: Interfaces\{C42502AE-C488-4DA9-A26E-9A26E63137B9} : DhcpNameServer = 80.69.100.174 80.69.100.198
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-4-26 36000]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-4-26 86224]
R2 AntiVirService;Avira Echtzeit Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-4-26 110032]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-4-26 74640]
R2 MBAMService;MBAMService;c:\program files\malwarebytes' anti-malware\mbamservice.exe [2012-4-29 654408]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-4-29 22344]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2012-4-27 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-4-27 253088]
S3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2012-4-27 135664]
.
=============== Created Last 30 ================
.
2012-04-29 14:32:06 -------- d-----w- c:\users\mara\appdata\roaming\Malwarebytes
2012-04-29 14:31:58 -------- d-----w- c:\programdata\Malwarebytes
2012-04-29 14:31:57 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-29 14:31:56 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-04-29 14:00:31 -------- d-----w- c:\users\mara\ssh
2012-04-29 13:58:02 -------- d-----w- c:\users\mara\.x2go
2012-04-29 13:56:38 -------- d-----w- c:\program files\x2goclient
2012-04-28 12:40:55 -------- d-----w- c:\program files\common files\Symantec Shared
2012-04-28 11:16:49 378368 ----a-w- c:\windows\system32\winhttp.dll
2012-04-28 11:15:45 268800 ----a-w- c:\windows\system32\es.dll
2012-04-28 11:14:42 396800 ----a-w- c:\windows\system32\drivers\http.sys
2012-04-28 11:14:42 31232 ----a-w- c:\windows\system32\httpapi.dll
2012-04-28 11:14:42 24064 ----a-w- c:\windows\system32\nshhttp.dll
2012-04-28 01:21:04 622080 ----a-w- c:\windows\system32\icardagt.exe
2012-04-28 01:21:03 97800 ----a-w- c:\windows\system32\infocardapi.dll
2012-04-28 01:21:03 37384 ----a-w- c:\windows\system32\infocardcpl.cpl
2012-04-28 01:21:03 11264 ----a-w- c:\windows\system32\icardres.dll
2012-04-28 01:20:55 105016 ----a-w- c:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2012-04-28 01:20:54 781344 ----a-w- c:\windows\system32\PresentationNative_v0300.dll
2012-04-28 01:20:54 43544 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-04-28 01:20:54 326160 ----a-w- c:\windows\system32\PresentationHost.exe
2012-04-27 20:07:53 -------- d-----w- c:\program files\NAG
2012-04-27 19:39:15 72704 ----a-w- c:\windows\system32\fontsub.dll
2012-04-27 19:39:15 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-04-27 19:39:15 289792 ----a-w- c:\windows\system32\atmfd.dll
2012-04-27 19:39:15 24064 ----a-w- c:\windows\system32\lpk.dll
2012-04-27 19:39:15 156672 ----a-w- c:\windows\system32\t2embed.dll
2012-04-27 19:39:15 10240 ----a-w- c:\windows\system32\dciman32.dll
2012-04-27 19:36:39 61440 ----a-w- c:\windows\system32\winipsec.dll
2012-04-27 19:36:39 361984 ----a-w- c:\windows\system32\IPSECSVC.DLL
2012-04-27 19:36:39 28672 ----a-w- c:\windows\system32\FwRemoteSvr.dll
2012-04-27 19:36:38 272896 ----a-w- c:\windows\system32\polstore.dll
2012-04-27 19:36:14 84992 ----a-w- c:\windows\system32\drivers\srvnet.sys
2012-04-27 19:36:14 306688 ----a-w- c:\windows\system32\drivers\srv.sys
2012-04-27 19:35:48 707072 ----a-w- c:\program files\common files\system\wab32.dll
2012-04-27 19:35:48 41984 ----a-w- c:\program files\windows mail\wabimp.dll
2012-04-27 19:35:48 39424 ----a-w- c:\windows\system32\ACCTRES.dll
2012-04-27 19:35:48 1098752 ----a-w- c:\program files\common files\system\wab32res.dll
2012-04-27 19:35:47 87040 ----a-w- c:\windows\system32\msoert2.dll
2012-04-27 19:35:47 2836992 ----a-w- c:\program files\windows mail\MSOERES.dll
2012-04-27 19:35:47 205824 ----a-w- c:\windows\system32\msoeacct.dll
2012-04-27 19:35:46 1614848 ----a-w- c:\program files\windows mail\msoe.dll
2012-04-27 19:35:43 397312 ----a-w- c:\program files\windows mail\WinMail.exe
2012-04-27 19:35:42 81408 ----a-w- c:\program files\windows mail\oeimport.dll
2012-04-27 19:35:42 24064 ----a-w- c:\program files\common files\system\DirectDB.dll
2012-04-27 19:34:56 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2012-04-27 19:34:56 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2012-04-27 19:34:56 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2012-04-27 19:34:56 19968 ----a-w- c:\windows\system32\ARP.EXE
2012-04-27 19:34:56 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2012-04-27 19:34:56 15360 ----a-w- c:\windows\system32\netevent.dll
2012-04-27 19:34:56 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2012-04-27 19:34:56 103936 ----a-w- c:\windows\system32\netiohlp.dll
2012-04-27 19:34:56 10240 ----a-w- c:\windows\system32\finger.exe
2012-04-27 19:34:09 194560 ----a-w- c:\windows\system32\WebClnt.dll
2012-04-27 19:34:09 110080 ----a-w- c:\windows\system32\drivers\mrxdav.sys
2012-04-27 19:33:49 123904 ----a-w- c:\windows\system32\L2SecHC.dll
2012-04-27 19:33:48 47104 ----a-w- c:\windows\system32\wlanapi.dll
2012-04-27 19:33:47 67584 ----a-w- c:\windows\system32\wlanhlp.dll
2012-04-27 19:33:47 502272 ----a-w- c:\windows\system32\wlansvc.dll
2012-04-27 19:33:47 297984 ----a-w- c:\windows\system32\wlansec.dll
2012-04-27 19:33:47 290816 ----a-w- c:\windows\system32\wlanmsm.dll
2012-04-27 19:33:12 2048 ----a-w- c:\windows\system32\msxml3r.dll
2012-04-27 19:33:12 1260032 ----a-w- c:\windows\system32\msxml3.dll
2012-04-27 19:33:11 2048 ----a-w- c:\windows\system32\msxml6r.dll
2012-04-27 19:33:11 1406464 ----a-w- c:\windows\system32\msxml6.dll
2012-04-27 19:32:38 216576 ----a-w- c:\windows\system32\msv1_0.dll
2012-04-27 19:32:09 211968 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2012-04-27 19:32:08 58368 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2012-04-27 19:32:08 102400 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2012-04-27 19:31:51 49664 ----a-w- c:\windows\system32\csrsrv.dll
2012-04-27 19:31:51 376320 ----a-w- c:\windows\system32\winsrv.dll
2012-04-27 19:31:33 98816 ----a-w- c:\windows\system32\mfps.dll
2012-04-27 19:31:33 2855424 ----a-w- c:\windows\system32\mf.dll
2012-04-27 19:31:32 52736 ----a-w- c:\windows\system32\rrinstaller.exe
2012-04-27 19:31:32 24576 ----a-w- c:\windows\system32\mfpmp.exe
2012-04-27 19:31:32 2048 ----a-w- c:\windows\system32\mferror.dll
2012-04-27 19:30:57 3502480 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-04-27 19:30:57 3468168 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-27 19:29:56 434176 ----a-w- c:\windows\system32\vbscript.dll
2012-04-27 19:29:32 71680 ----a-w- c:\windows\system32\atl.dll
2012-04-27 19:29:11 297472 ----a-w- c:\windows\system32\gdi32.dll
2012-04-27 19:28:52 500736 ----a-w- c:\windows\system32\msdtcprx.dll
2012-04-27 19:28:52 30208 ----a-w- c:\windows\system32\xolehlp.dll
2012-04-27 19:28:34 156160 ----a-w- c:\windows\system32\wkssvc.dll
2012-04-27 19:28:13 36352 ----a-w- c:\windows\system32\tsgqec.dll
2012-04-27 19:28:13 1871872 ----a-w- c:\windows\system32\mstscax.dll
2012-04-27 19:28:13 116736 ----a-w- c:\windows\system32\aaclient.dll
2012-04-27 19:27:46 303616 ----a-w- c:\windows\system32\wmpeffects.dll
2012-04-27 19:27:12 414208 ----a-w- c:\windows\system32\msscp.dll
2012-04-27 19:26:57 392192 ----a-w- c:\windows\system32\FirewallAPI.dll
2012-04-27 19:26:56 86016 ----a-w- c:\windows\system32\icfupgd.dll
2012-04-27 19:26:56 63488 ----a-w- c:\windows\system32\drivers\mpsdrv.sys
2012-04-27 19:26:56 396800 ----a-w- c:\windows\system32\MPSSVC.dll
2012-04-27 19:26:56 16896 ----a-w- c:\windows\system32\wfapigp.dll
2012-04-27 19:26:55 61952 ----a-w- c:\windows\system32\cmifw.dll
2012-04-27 19:26:02 150016 ----a-w- c:\program files\movie maker\MOVIEMK.exe
2012-04-27 19:26:01 23040 ----a-w- c:\program files\movie maker\WMM2EXT.dll
2012-04-27 19:26:01 10922496 ----a-w- c:\program files\movie maker\MOVIEMK.dll
2012-04-27 19:26:00 195072 ----a-w- c:\program files\movie maker\WMM2AE.dll
2012-04-27 15:37:38 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{c614630c-80da-4e70-bc55-ebb53e9fa1cf}\mpengine.dll
2012-04-27 15:28:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-04-27 15:26:33 696832 ----a-w- c:\windows\system32\localspl.dll
2012-04-27 15:25:07 104448 ----a-w- c:\windows\system32\DWWIN.EXE
2012-04-27 15:23:44 2923520 ----a-w- c:\windows\explorer.exe
2012-04-27 15:21:57 72704 ----a-w- c:\windows\system32\secur32.dll
2012-04-27 15:21:57 494592 ----a-w- c:\windows\system32\kerberos.dll
2012-04-27 15:21:57 408136 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2012-04-27 15:21:57 175104 ----a-w- c:\windows\system32\wdigest.dll
2012-04-27 15:21:56 7680 ----a-w- c:\windows\system32\lsass.exe
2012-04-27 15:21:56 1233920 ----a-w- c:\windows\system32\lsasrv.dll
2012-04-27 15:21:55 272384 ----a-w- c:\windows\system32\schannel.dll
2012-04-27 15:21:08 24064 ----a-w- c:\windows\system32\netcfg.exe
2012-04-27 15:19:59 4093440 ----a-w- c:\windows\system32\NlsLexicons004c.dll
2012-04-27 15:16:11 1585664 ----a-w- c:\windows\system32\setupapi.dll
2012-04-27 15:14:14 549888 ----a-w- c:\windows\system32\rpcss.dll
2012-04-27 15:14:13 654336 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2012-04-27 15:14:13 24576 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2012-04-27 15:14:12 614912 ----a-w- c:\windows\system32\wbem\fastprox.dll
2012-04-27 15:14:12 501760 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2012-04-27 15:14:12 247296 ----a-w- c:\windows\system32\wbem\WmiPrvSE.exe
2012-04-27 15:14:12 130560 ----a-w- c:\windows\system32\wbem\WmiDcPrv.dll
2012-04-27 15:14:11 53248 ----a-w- c:\windows\system32\iasads.dll
2012-04-27 15:14:11 37888 ----a-w- c:\windows\system32\iasdatastore.dll
2012-04-27 15:14:10 97280 ----a-w- c:\windows\system32\iasrecst.dll
2012-04-27 15:14:10 158720 ----a-w- c:\windows\system32\sdohlp.dll
2012-04-27 15:13:25 62464 ----a-w- c:\windows\system32\l3codeca.acm
2012-04-27 15:13:25 220672 ----a-w- c:\windows\system32\l3codecp.acm
2012-04-27 15:12:05 25088 ----a-w- c:\windows\system32\drivers\tunnel.sys
2012-04-27 15:12:05 179712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-04-27 15:12:05 15360 ----a-w- c:\windows\system32\drivers\TUNMP.SYS
2012-04-27 15:12:04 815104 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-27 15:12:04 22016 ----a-w- c:\windows\system32\netiougc.exe
2012-04-27 15:12:04 213592 ----a-w- c:\windows\system32\drivers\netio.sys
2012-04-27 15:12:04 167424 ----a-w- c:\windows\system32\tcpipcfg.dll
2012-04-27 15:11:21 454656 ----a-w- c:\program files\common files\system\msadc\msadce.dll
2012-04-27 15:10:43 9728 ----a-w- c:\windows\system32\LAPRXY.DLL
2012-04-27 15:10:43 223232 ----a-w- c:\windows\system32\WMASF.DLL
2012-04-27 15:10:43 2048 ----a-w- c:\windows\system32\asferror.dll
2012-04-27 15:10:09 293376 ----a-w- c:\windows\system32\browserchoice.exe
2012-04-27 15:09:20 25600 ----a-w- c:\windows\system32\amxread.dll
2012-04-27 15:09:20 14848 ----a-w- c:\windows\system32\apilogen.dll
2012-04-27 15:08:40 37376 ----a-w- c:\windows\system32\printcom.dll
2012-04-27 15:08:39 441856 ----a-w- c:\windows\system32\win32spl.dll
2012-04-27 15:07:55 2031104 ----a-w- c:\windows\system32\win32k.sys
2012-04-27 15:07:35 -------- d-----w- c:\programdata\Symantec
2012-04-27 15:07:22 -------- d-----w- c:\programdata\Norton
2012-04-27 15:07:09 -------- d-----w- c:\programdata\NortonInstaller
2012-04-27 15:03:20 66048 ----a-w- c:\program files\windows sidebar\sbdrop.dll
2012-04-27 15:03:20 1232896 ----a-w- c:\program files\windows sidebar\sidebar.exe
2012-04-27 15:03:20 11776 ----a-w- c:\windows\system32\sbunattend.exe
2012-04-27 15:01:06 83968 ----a-w- c:\windows\system32\dnsrslvr.dll
2012-04-27 15:01:05 24576 ----a-w- c:\windows\system32\dnscacheugc.exe
2012-04-27 14:40:59 96760 ----a-w- c:\windows\system32\dfshim.dll
2012-04-27 14:40:58 41984 ----a-w- c:\windows\system32\netfxperf.dll
2012-04-27 14:40:56 83968 ----a-w- c:\windows\system32\mscories.dll
2012-04-27 14:40:56 282112 ----a-w- c:\windows\system32\mscoree.dll
2012-04-27 14:40:56 158720 ----a-w- c:\windows\system32\mscorier.dll
2012-04-27 14:25:03 94720 ----a-w- c:\windows\system32\logagent.exe
2012-04-27 14:25:02 996352 ----a-w- c:\windows\system32\WMNetMgr.dll
2012-04-27 14:24:30 765952 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll
2012-04-27 14:24:19 84480 ----a-w- c:\windows\system32\INETRES.dll
2012-04-27 14:24:18 737792 ----a-w- c:\windows\system32\inetcomm.dll
2012-04-27 14:23:58 60928 ----a-w- c:\windows\system32\msasn1.dll
2012-04-27 14:23:38 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-27 14:23:38 152576 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-27 14:23:38 12800 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-27 14:23:23 788992 ----a-w- c:\windows\system32\rpcrt4.dll
2012-04-27 14:23:02 130048 ----a-w- c:\windows\system32\drivers\srv2.sys
2012-04-27 14:22:41 274432 ----a-w- c:\windows\system32\raschap.dll
2012-04-27 14:22:40 232960 ----a-w- c:\windows\system32\rastls.dll
2012-04-27 14:22:19 321536 ----a-w- c:\windows\system32\WSDApi.dll
2012-04-27 14:21:57 633856 ----a-w- c:\windows\system32\user32.dll
2012-04-27 14:21:16 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2012-04-27 14:21:16 22528 ----a-w- c:\windows\system32\msyuv.dll
2012-04-27 14:21:16 1327616 ----a-w- c:\windows\system32\quartz.dll
2012-04-27 14:21:16 11776 ----a-w- c:\windows\system32\tsbyuv.dll
2012-04-27 14:21:15 88576 ----a-w- c:\windows\system32\avifil32.dll
2012-04-27 14:21:15 82944 ----a-w- c:\windows\system32\mciavi32.dll
2012-04-27 14:21:15 65024 ----a-w- c:\windows\system32\avicap32.dll
2012-04-27 14:21:15 31232 ----a-w- c:\windows\system32\msvidc32.dll
2012-04-27 14:21:15 13312 ----a-w- c:\windows\system32\msrle32.dll
2012-04-27 14:21:15 123904 ----a-w- c:\windows\system32\msvfw32.dll
2012-04-27 14:20:36 750080 ----a-w- c:\windows\system32\qmgr.dll
2012-04-27 14:20:13 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2012-04-27 12:55:29 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-27 12:55:29 418464 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-04-27 12:10:11 -------- d-----w- c:\users\mara\appdata\local\DDMSettings
2012-04-27 12:04:48 -------- d-----w- c:\program files\common files\PX Storage Engine
2012-04-27 12:04:22 -------- d-----w- c:\program files\common files\DivX Shared
2012-04-27 12:03:50 -------- d-----w- c:\users\mara\appdata\local\Google
2012-04-27 12:03:18 -------- d-----w- c:\program files\DivX
2012-04-27 12:02:50 -------- d-----w- c:\programdata\DivX
2012-04-27 01:08:50 6734704 ----a-w- c:\programdata\microsoft\windows defender\definition updates\backup\mpengine.dll
2012-04-27 01:08:34 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-04-27 00:24:32 -------- d-----w- c:\users\mara\appdata\roaming\QuickStoresToolbar
2012-04-27 00:24:31 -------- d-----w- c:\program files\Unlocker
2012-04-26 20:53:37 -------- d-----w- C:\MinGW
2012-04-26 20:51:37 -------- d-----w- c:\windows\Panther
2012-04-26 20:51:21 -------- d-sh--w- C:\Boot
2012-04-26 20:51:03 -------- d-----w- c:\windows\system32\OEM
2012-04-26 20:40:17 -------- d-----w- c:\users\mara\appdata\roaming\Avira
2012-04-26 20:34:23 74640 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-04-26 20:34:23 36000 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-04-26 20:34:21 -------- d-----w- c:\programdata\Avira
2012-04-26 20:34:21 -------- d-----w- c:\program files\Avira
2012-04-26 20:23:25 171520 ----a-w- c:\windows\system32\wintrust.dll
2012-04-26 20:23:06 97792 ----a-w- c:\windows\system32\cabview.dll
2012-04-26 20:16:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2012-04-26 20:16:15 87552 ----a-w- c:\windows\system32\wudriver.dll
2012-04-26 20:15:51 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-04-26 20:15:51 171608 ----a-w- c:\windows\system32\wuwebv.dll
2012-04-26 20:14:54 45056 ----a-r- c:\users\mara\appdata\roaming\microsoft\installer\{42929f0f-ce14-47af-9fc7-ff297a603021}\NewShortcut1_42929F0FCE1447AF9FC7FF297A603021_1.exe
2012-04-26 20:14:48 -------- d-----w- c:\windows\system32\vmm32
2012-04-26 20:14:48 -------- d-----w- c:\program files\Dell
2012-04-26 20:14:26 -------- d-sh--w- c:\windows\Installer
2012-04-26 20:02:51 -------- d-sh--we C:\Programme
2012-04-26 20:02:51 -------- d-sh--we c:\programdata\Vorlagen
2012-04-26 20:02:51 -------- d-sh--we c:\programdata\Startmenü
2012-04-26 20:02:51 -------- d-sh--we c:\programdata\Favoriten
2012-04-26 20:02:51 -------- d-sh--we c:\programdata\Dokumente
2012-04-26 20:02:51 -------- d-sh--we c:\programdata\Anwendungsdaten
2012-04-26 20:02:51 -------- d-sh--we c:\program files\Gemeinsame Dateien
2012-04-26 20:02:51 -------- d-sh--we C:\Dokumente und Einstellungen
2012-04-26 19:54:19 -------- d-----w- c:\windows\system32\catroot2
.
==================== Find3M ====================
.
2012-04-28 11:14:43 45056 ----a-w- c:\windows\system32\drivers\de-de\http.sys.mui
2012-04-27 19:38:09 72704 ----a-w- c:\windows\system32\admparse.dll
2012-04-27 19:38:08 832512 ----a-w- c:\windows\system32\wininet.dll
2012-04-27 19:38:08 52736 ----a-w- c:\windows\apppatch\iebrshim.dll
2012-04-27 19:38:04 389120 ----a-w- c:\windows\system32\html.iec
2012-04-27 19:38:03 78336 ----a-w- c:\windows\system32\ieencode.dll
2012-04-27 19:38:03 48128 ----a-w- c:\windows\system32\mshtmler.dll
2012-04-27 19:38:02 1383424 ----a-w- c:\windows\system32\mshtml.tlb
2012-04-27 19:37:59 1830912 ----a-w- c:\windows\system32\inetcpl.cpl
2012-04-27 19:37:57 26624 ----a-w- c:\windows\system32\ieUnatt.exe
2012-04-27 19:37:55 56320 ----a-w- c:\windows\system32\iesetup.dll
2012-04-27 15:19:59 3419136 ----a-w- c:\windows\system32\NlsLexicons004a.dll
2012-04-27 15:15:52 6144 ----a-w- c:\windows\system32\drivers\de-de\sermouse.sys.mui
2012-04-27 15:09:20 40960 ----a-w- c:\windows\apppatch\apihex86.dll
2012-04-27 15:05:51 14848 ----a-w- c:\windows\system32\wshrm.dll
2012-04-27 15:05:51 113664 ----a-w- c:\windows\system32\drivers\rmcast.sys
2012-04-27 15:05:07 8147968 ----a-w- c:\windows\system32\wmploc.DLL
2012-04-27 15:05:06 7680 ----a-w- c:\windows\system32\spwmp.dll
2012-04-27 15:05:05 4096 ----a-w- c:\windows\system32\msdxm.ocx
2012-04-27 15:05:05 4096 ----a-w- c:\windows\system32\dxmasf.dll
2012-04-27 15:05:01 43520 ----a-w- c:\windows\system32\msdxm.tlb
2012-04-27 15:05:01 313344 ----a-w- c:\windows\system32\wmpdxm.dll
2012-04-27 15:05:01 18432 ----a-w- c:\windows\system32\amcompat.tlb
.
============= FINISH: 18:55:32,59 ===============

3.) Attach.txt
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft® Windows Vista™ Home Basic
Boot Device: \Device\HarddiskVolume3
Install Date: 26.04.2012 21:57:42
System Uptime: 29.04.2012 13:41:33 (5 hours ago)
.
Motherboard: Dell Inc. | | 0WY383
Processor: Mobile AMD Sempron(tm) Processor 3600+ | Socket M2/S1G1 | 1800/200mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 64 GiB total, 38,304 GiB free.
D: is FIXED (NTFS) - 10 GiB total, 4,283 GiB free.
E: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID:
Description: Netzwerkcontroller
Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000B1028&REV_01\4&108F1F71&0&0030
Manufacturer:
Name: Netzwerkcontroller
PNP Device ID: PCI\VEN_14E4&DEV_4315&SUBSYS_000B1028&REV_01\4&108F1F71&0&0030
Service:
.
Class GUID:
Description: Basissystemgerät
Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_022A1028&REV_12\4&B216F0A&0&09A4
Manufacturer:
Name: Basissystemgerät
PNP Device ID: PCI\VEN_1180&DEV_0843&SUBSYS_022A1028&REV_12\4&B216F0A&0&09A4
Service:
.
==== System Restore Points ===================
.
.
==== Installed Programs ======================
.
Adobe Flash Player 11 ActiveX
Avira Free Antivirus
Dell Resource CD
DivX-Setup
Google Chrome
Google Update Helper
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Malwarebytes Anti-Malware Version 1.61.0.1400
Microsoft .NET Framework 3.5 SP1
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
MinGW-Get version 0.3-alpha-2.1
NAG Fortran Library (FLDLL234ML) Mark 23
QuickStores-Toolbar 1.1.0
Unlocker 1.9.1
VC80CRTRedist - 8.0.50727.6195
.
==== End Of File ===========================

3.) gmer.txt
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-04-29 19:57:40
Windows 6.0.6000 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 FUJITSU_MHZ2080BH_G2 rev.00850009
Running: dl97wqit.exe; Driver: C:\Users\Mara\AppData\Local\Temp\kxtdypow.sys

---- System - GMER 1.0.15 ----

SSDT 8A47A77C ZwClose
SSDT 8A47A786 ZwCreateSection
SSDT 8A47A777 ZwDuplicateObject
SSDT 8A47A718 ZwOpenProcess
SSDT 8A47A71D ZwOpenThread
SSDT 8A47A790 ZwRequestWaitReplyPort
SSDT 8A47A78B ZwSetContextThread
SSDT 8A47A795 ZwSetSecurityObject
SSDT 8A47A79A ZwSystemDebugControl
SSDT 8A47A727 ZwTerminateProcess

---- Kernel code sections - GMER 1.0.15 ----

? C:\Users\Mara\AppData\Local\Temp\mbr.sys Das System kann die angegebene Datei nicht finden. !

---- User code sections - GMER 1.0.15 ----

.text C:\Windows\Explorer.EXE[364] SHELL32.dll!SHFileOperationW 763B8B3D 5 Bytes JMP 10001102 C:\Program Files\Unlocker\UnlockerHook.dll
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtCreateFile + 6 772DF41A 4 Bytes [28, 00, 38, 00] {SUB [EAX], AL; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtCreateFile + B 772DF41F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtMapViewOfSection + 6 772DFB6A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtMapViewOfSection + 6 772DFB6A 4 Bytes [28, 03, 38, 00] {SUB [EBX], AL; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtMapViewOfSection + B 772DFB6F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenFile + 6 772DFBFA 4 Bytes [68, 00, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenFile + B 772DFBFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcess + 6 772DFC7A 4 Bytes [A8, 01, 38, 00] {TEST AL, 0x1; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcess + B 772DFC7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcessToken + B 772DFC8F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcessTokenEx + 6 772DFC9A 4 Bytes [A8, 02, 38, 00] {TEST AL, 0x2; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenProcessTokenEx + B 772DFC9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThread + 6 772DFCEA 4 Bytes [68, 01, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThread + B 772DFCEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThreadToken + 6 772DFCFA 4 Bytes [68, 02, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThreadToken + B 772DFCFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtOpenThreadTokenEx + B 772DFD0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtQueryAttributesFile + 6 772DFD9A 4 Bytes [A8, 00, 38, 00] {TEST AL, 0x0; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtQueryAttributesFile + B 772DFD9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtQueryFullAttributesFile + B 772DFE4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtSetInformationFile + 6 772E036A 4 Bytes [28, 01, 38, 00] {SUB [ECX], AL; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtSetInformationFile + B 772E036F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtSetInformationThread + 6 772E03BA 4 Bytes [28, 02, 38, 00] {SUB [EDX], AL; CMP [EAX], AL}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtSetInformationThread + B 772E03BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtUnmapViewOfSection + 6 772E065A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtUnmapViewOfSection + 6 772E065A 4 Bytes [68, 03, 38, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[2600] ntdll.dll!NtUnmapViewOfSection + B 772E065F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtCreateFile + 6 772DF41A 4 Bytes [28, 00, 09, 00] {SUB [EAX], AL; OR [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtCreateFile + B 772DF41F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtMapViewOfSection + 6 772DFB6A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtMapViewOfSection + 6 772DFB6A 4 Bytes [28, 03, 09, 00] {SUB [EBX], AL; OR [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtMapViewOfSection + B 772DFB6F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenFile + 6 772DFBFA 4 Bytes [68, 00, 09, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenFile + B 772DFBFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcess + 6 772DFC7A 4 Bytes [A8, 01, 09, 00] {TEST AL, 0x1; OR [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcess + B 772DFC7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcessToken + B 772DFC8F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcessTokenEx + 6 772DFC9A 4 Bytes [A8, 02, 09, 00] {TEST AL, 0x2; OR [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenProcessTokenEx + B 772DFC9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThread + 6 772DFCEA 4 Bytes [68, 01, 09, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThread + B 772DFCEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThreadToken + 6 772DFCFA 4 Bytes [68, 02, 09, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThreadToken + B 772DFCFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtOpenThreadTokenEx + B 772DFD0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtQueryAttributesFile + 6 772DFD9A 4 Bytes [A8, 00, 09, 00] {TEST AL, 0x0; OR [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtQueryAttributesFile + B 772DFD9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtQueryFullAttributesFile + B 772DFE4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationFile + 6 772E036A 4 Bytes [28, 01, 09, 00] {SUB [ECX], AL; OR [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationFile + B 772E036F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationThread + 6 772E03BA 4 Bytes [28, 02, 09, 00] {SUB [EDX], AL; OR [EAX], EAX}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtSetInformationThread + B 772E03BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtUnmapViewOfSection + 6 772E065A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtUnmapViewOfSection + 6 772E065A 4 Bytes [68, 03, 09, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3208] ntdll.dll!NtUnmapViewOfSection + B 772E065F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtCreateFile + 6 772DF41A 4 Bytes [28, 00, 33, 00] {SUB [EAX], AL; XOR EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtCreateFile + B 772DF41F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtMapViewOfSection + 6 772DFB6A 1 Byte [28]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtMapViewOfSection + 6 772DFB6A 4 Bytes [28, 03, 33, 00] {SUB [EBX], AL; XOR EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtMapViewOfSection + B 772DFB6F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenFile + 6 772DFBFA 4 Bytes [68, 00, 33, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenFile + B 772DFBFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenProcess + 6 772DFC7A 4 Bytes [A8, 01, 33, 00] {TEST AL, 0x1; XOR EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenProcess + B 772DFC7F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenProcessToken + B 772DFC8F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenProcessTokenEx + 6 772DFC9A 4 Bytes [A8, 02, 33, 00] {TEST AL, 0x2; XOR EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenProcessTokenEx + B 772DFC9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenThread + 6 772DFCEA 4 Bytes [68, 01, 33, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenThread + B 772DFCEF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenThreadToken + 6 772DFCFA 4 Bytes [68, 02, 33, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenThreadToken + B 772DFCFF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtOpenThreadTokenEx + B 772DFD0F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtQueryAttributesFile + 6 772DFD9A 4 Bytes [A8, 00, 33, 00] {TEST AL, 0x0; XOR EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtQueryAttributesFile + B 772DFD9F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtQueryFullAttributesFile + B 772DFE4F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtSetInformationFile + 6 772E036A 4 Bytes [28, 01, 33, 00] {SUB [ECX], AL; XOR EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtSetInformationFile + B 772E036F 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtSetInformationThread + 6 772E03BA 4 Bytes [28, 02, 33, 00] {SUB [EDX], AL; XOR EAX, [EAX]}
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtSetInformationThread + B 772E03BF 1 Byte [E2]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtUnmapViewOfSection + 6 772E065A 1 Byte [68]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtUnmapViewOfSection + 6 772E065A 4 Bytes [68, 03, 33, 00]
.text C:\Program Files\Google\Chrome\Application\chrome.exe[3268] ntdll.dll!NtUnmapViewOfSection + B 772E065F 1 Byte [E2]

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----