![]() |
|
Plagegeister aller Art und deren Bekämpfung: Avira meldet EXP/JAVA.Ternub.GenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
|
![]() | #1 |
| ![]() Avira meldet EXP/JAVA.Ternub.Gen Hallo, bei einem vollständigen Suchlauf meldete Avira AntiVir heute folgenden Fund: Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen Habe diese dann in Quarantäne verschoben...aber wie ich jetzt hier gelesen habe, ist der Trojaner wohl trotzdem noch irgendwie "auf meinem PC aktiv"? Wie bekomme ich ihn entgültig aus meinem PC raus? Mir war zuvor aufgefallen, dass ich vermutlich eine Spammail bekommen habe. (Ich habe eine email von meiner Freundin bekommen, die angeblich aber nichts verschickt hat..?) Vorab noch: Ich kenn mich wirklich nicht wirklich gut aus mit "Computer-Fachbegriffen" ...bin eben ein reiner Anwender... ...und froh wenn mir hier jemand helfen könnte ... Danke, Grüßle, Sandra ---------------------------------------------------------------- Nun habe ich defogger, OTL und GMER runtergeladen und folgende Meldungen bekommen: OTL: OTL logfile created on: 08.07.2012 13:32:56 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Sandra\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,46% Memory free 4,23 Gb Paging File | 2,96 Gb Available in Paging File | 70,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 286,09 Gb Free Space | 64,18% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 10,66 Gb Free Space | 53,32% Space Free | Partition Type: FAT32 Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.08 13:32:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe PRC - [2012.06.07 20:18:15 | 000,373,632 | ---- | M] () -- C:\ProgramData\IBUpdaterService\ibsvc.exe PRC - [2012.05.18 01:21:54 | 000,748,664 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2012.05.04 21:53:20 | 000,351,904 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.24 02:11:55 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.02 16:38:49 | 000,307,824 | ---- | M] (Google Inc.) -- C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2011.09.08 15:55:10 | 000,888,488 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.01.15 14:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2009.04.11 08:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe PRC - [2008.05.29 22:45:06 | 002,580,480 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.4\program\soffice.bin PRC - [2008.05.29 22:45:04 | 002,363,392 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.4\program\soffice.exe PRC - [2007.04.19 15:45:10 | 000,074,672 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\LXCZbmgr.exe PRC - [2007.04.19 15:44:12 | 000,058,288 | ---- | M] (Lexmark International, Inc.) -- C:\Programme\Lexmark 1200 Series\LXCZbmon.exe PRC - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) -- C:\Windows\System32\lxczcoms.exe ========== Modules (No Company Name) ========== MOD - [2008.05.29 22:44:20 | 000,139,264 | ---- | M] () -- C:\Programme\OpenOffice.org 2.4\program\nsldap32v50.dll MOD - [2007.12.19 15:23:10 | 000,292,864 | ---- | M] () -- C:\Programme\OpenOffice.org 2.4\program\libxmlsec.dll MOD - [2007.12.19 15:10:06 | 000,152,064 | ---- | M] () -- C:\Programme\OpenOffice.org 2.4\program\libxslt.dll MOD - [2007.12.19 15:04:24 | 000,828,416 | ---- | M] () -- C:\Programme\OpenOffice.org 2.4\program\libxml2.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.07 20:18:15 | 000,373,632 | ---- | M] () [Auto | Running] -- C:\ProgramData\IBUpdaterService\ibsvc.exe -- (IBUpdaterService) SRV - [2012.05.04 21:53:20 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:55:21 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.01.15 14:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService) SRV - [2008.01.19 09:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2008.01.19 09:33:39 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2007.04.19 15:43:42 | 000,537,520 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxczcoms.exe -- (lxcz_device) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive) DRV - [2012.04.27 10:20:04 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.04.25 00:32:27 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.16 21:17:40 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2011.02.23 08:27:00 | 010,468,360 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2007.09.10 20:17:40 | 001,035,168 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD) DRV - [2007.04.03 10:43:28 | 001,131,136 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2006.11.02 09:36:43 | 002,028,032 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\atikmdag.sys -- (R300) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.net/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100346&babsrc=SP_ss&mntrId=2a21be62000000000000000000000000 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE429 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Lexmark 1200 Series] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [lxczbmgr.exe] C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe (Lexmark International, Inc.) O4 - HKLM..\Run: [MSConfig] C:\Windows\System32\msconfig.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - Startup: C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EA879F20-483F-4559-B750-6C7C0D8B5A24}: NameServer = 217.0.43.129 217.0.43.145 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Sandra\Pictures\2011\2011-04-04 Sandras Geburtstag\Originals\2011-03-26 10-28-41_0015.JPG O24 - Desktop BackupWallPaper: C:\Users\Sandra\Pictures\2011\2011-04-04 Sandras Geburtstag\Originals\2011-03-26 10-28-41_0015.JPG O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0c8e73f3-7885-11e0-a4a5-001d9261d782}\Shell - "" = AutoRun O33 - MountPoints2\{0c8e73f3-7885-11e0-a4a5-001d9261d782}\Shell\AutoRun\command - "" = H:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.07.08 13:31:58 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe [2012.07.08 12:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2012.06.25 08:31:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun ========== Files - Modified Within 30 Days ========== [2012.07.08 13:32:40 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe [2012.07.08 13:30:26 | 000,000,000 | ---- | M] () -- C:\Users\Sandra\defogger_reenable [2012.07.08 13:27:50 | 000,050,477 | ---- | M] () -- C:\Users\Sandra\Desktop\Defogger.exe [2012.07.08 13:18:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.08 12:53:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.07.08 12:40:13 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.08 12:40:12 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.08 12:18:35 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.08 10:49:01 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.08 10:49:01 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.08 10:49:01 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.08 10:49:01 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.08 10:39:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.08 10:39:52 | 2146,738,176 | -HS- | M] () -- C:\hiberfil.sys [2012.07.07 22:17:39 | 000,026,639 | ---- | M] () -- C:\Users\Sandra\Documents\Gewinnspiele online 1.ods [2012.07.07 18:25:26 | 002,328,201 | ---- | M] () -- C:\Users\Sandra\Desktop\Nesquik.pdf [2012.06.30 11:04:05 | 000,508,558 | ---- | M] () -- C:\Users\Sandra\Desktop\Gedicht1.jpg [2012.06.17 20:01:40 | 000,246,024 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.13 13:54:32 | 000,053,163 | ---- | M] () -- C:\Users\Sandra\Desktop\Freundebuch.odp [2012.06.12 07:20:49 | 001,175,165 | ---- | M] () -- C:\Users\Sandra\Desktop\Akkordeon Mitgliedschaft.jpg ========== Files Created - No Company Name ========== [2012.07.08 13:30:26 | 000,000,000 | ---- | C] () -- C:\Users\Sandra\defogger_reenable [2012.07.08 13:27:50 | 000,050,477 | ---- | C] () -- C:\Users\Sandra\Desktop\Defogger.exe [2012.07.07 18:25:26 | 002,328,201 | ---- | C] () -- C:\Users\Sandra\Desktop\Nesquik.pdf [2012.06.30 11:04:05 | 000,508,558 | ---- | C] () -- C:\Users\Sandra\Desktop\Gedicht1.jpg [2012.06.13 11:28:47 | 000,053,163 | ---- | C] () -- C:\Users\Sandra\Desktop\Freundebuch.odp [2012.06.12 07:20:49 | 001,175,165 | ---- | C] () -- C:\Users\Sandra\Desktop\Akkordeon Mitgliedschaft.jpg [2011.10.17 12:07:59 | 000,000,118 | ---- | C] () -- C:\Windows\System32\MRT.INI [2011.05.15 15:15:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.05.14 18:43:40 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.05.14 18:43:39 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.05.03 11:50:29 | 000,413,696 | ---- | C] () -- C:\Windows\System32\lxczutil.dll [2011.05.03 11:50:29 | 000,413,696 | ---- | C] ( ) -- C:\Windows\System32\lxczinpa.dll [2011.05.03 11:50:29 | 000,397,312 | ---- | C] ( ) -- C:\Windows\System32\lxcziesc.dll [2011.05.03 11:50:29 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\LXCZhcp.dll [2011.05.03 11:50:29 | 000,274,432 | ---- | C] () -- C:\Windows\System32\LXCZinst.dll [2011.05.03 11:50:28 | 001,224,704 | ---- | C] ( ) -- C:\Windows\System32\lxczserv.dll [2011.05.03 11:50:28 | 000,991,232 | ---- | C] ( ) -- C:\Windows\System32\lxczusb1.dll [2011.05.03 11:50:28 | 000,696,320 | ---- | C] ( ) -- C:\Windows\System32\lxczhbn3.dll [2011.05.03 11:50:28 | 000,643,072 | ---- | C] ( ) -- C:\Windows\System32\lxczpmui.dll [2011.05.03 11:50:28 | 000,585,728 | ---- | C] ( ) -- C:\Windows\System32\lxczlmpm.dll [2011.05.03 11:50:28 | 000,385,968 | ---- | C] ( ) -- C:\Windows\System32\lxczih.exe [2011.05.03 11:50:28 | 000,163,840 | ---- | C] ( ) -- C:\Windows\System32\lxczprox.dll [2011.05.03 11:50:28 | 000,094,208 | ---- | C] ( ) -- C:\Windows\System32\lxczpplc.dll [2011.05.03 11:50:27 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxczcomc.dll [2011.05.03 11:50:27 | 000,537,520 | ---- | C] ( ) -- C:\Windows\System32\lxczcoms.exe [2011.05.03 11:50:27 | 000,421,888 | ---- | C] ( ) -- C:\Windows\System32\lxczcomm.dll [2011.05.03 11:50:27 | 000,381,872 | ---- | C] ( ) -- C:\Windows\System32\lxczcfg.exe [2011.05.02 10:16:03 | 000,000,232 | ---- | C] () -- C:\Windows\lexstat.ini [2011.04.28 18:54:04 | 000,130,560 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.28 18:44:01 | 000,000,680 | ---- | C] () -- C:\Users\Sandra\AppData\Local\d3d9caps.dat ========== LOP Check ========== [2012.06.07 20:19:02 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Babylon [2012.01.03 00:52:05 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Canon [2011.12.05 07:34:23 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2011.04.29 21:38:04 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\fotobuch.de AG [2011.12.18 22:15:59 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\PhotoScape [2012.07.08 10:38:49 | 000,032,514 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > -------------------------------------------------------------------- Extras OTL Extras logfile created on: 08.07.2012 13:32:56 - Run 1 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Sandra\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 0,91 Gb Available Physical Memory | 45,46% Memory free 4,23 Gb Paging File | 2,96 Gb Available in Paging File | 70,07% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,76 Gb Total Space | 286,09 Gb Free Space | 64,18% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 10,66 Gb Free Space | 53,32% Space Free | Partition Type: FAT32 Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [CEWE FOTOSCHAU] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\CEWE FOTOSCHAU.exe" -d "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [Mein CEWE FOTOBUCH] -- "C:\Program Files\CEWE COLOR\Mein CEWE FOTOBUCH\Mein CEWE FOTOBUCH.exe" "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{23F66941-68F4-4FDE-ABC8-FC3D91C816A9}" = rport=3702 | protocol=17 | dir=out | app=%systemroot%\system32\netproj.exe | "{8DF2F874-4885-4782-94F2-FE22D3AAF14A}" = rport=5357 | protocol=6 | dir=out | app=system | "{9819EE5A-F01F-4356-B222-29FBA9DF353F}" = lport=3702 | protocol=17 | dir=in | app=%systemroot%\system32\netproj.exe | "{9F5352E2-324A-4B71-8B35-B8AAF292FE11}" = rport=5358 | protocol=6 | dir=out | app=system | "{CAFD99C0-9DB5-49AA-841E-A108EA8D77EB}" = lport=5357 | protocol=6 | dir=in | app=system | "{F7449B9E-471E-4E92-AE36-0A33236514AF}" = lport=5358 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{44C9529C-9261-4C21-972E-D122F58C958A}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe | "{672593DC-E6FF-4B83-8E4C-6BEE6EC40ABD}" = protocol=6 | dir=in | app=c:\windows\system32\lxczcoms.exe | "{7ED2ADEA-D3F2-4173-B397-24863B0A2402}" = protocol=6 | dir=in | app=%systemroot%\system32\netproj.exe | "{9E4A545B-44C5-4A20-A44B-065623DB16F9}" = protocol=17 | dir=in | app=c:\windows\system32\lxczcoms.exe | "{C4563E82-6657-4C0A-A8C7-D2FDAFD3F19A}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxczpswx.exe | "{DF7E1197-83CE-4BDB-8738-C050F4C8CF3D}" = protocol=6 | dir=out | app=%systemroot%\system32\netproj.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33 "{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component "{3248F0A8-6813-11D6-A77B-00B0D0160040}" = Java(TM) 6 Update 4 "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{43721D86-16D1-46BF-8353-37CD82333BC3}" = OpenOffice.org 2.4 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{6474E823-3AB2-FFE2-08B2-D1AF0DA1AAA7}" = myphotobook.de "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "7-Zip" = 7-Zip 9.20 "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Avira AntiVir Desktop" = Avira Free Antivirus "CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX "Canon MOV Decoder" = Canon MOV Decoder "Canon MOV Encoder" = Canon MOV Encoder "de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = myphotobook.de "DPP" = Canon Utilities Digital Photo Professional 3.10 "EOS Sample Music" = Canon Utilities EOS Sample Music "EOS Utility" = Canon Utilities EOS Utility "EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX "Lexmark 1200 Series" = Lexmark 1200 Series "McAfee Security Scan" = McAfee Security Scan Plus "Mein CEWE FOTOBUCH" = Mein CEWE FOTOBUCH "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX "MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube "MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin "NVIDIA Drivers" = NVIDIA Drivers "PhotoScape" = PhotoScape "PhotoStitch" = Canon Utilities PhotoStitch "PIXresizer_is1" = PIXresizer "Recuva" = Recuva "Updater Service" = Updater Service "ZoomBrowser EX" = Canon Utilities ZoomBrowser EX "ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 20.06.2012 03:26:44 | Computer Name = Sandra-PC | Source = RasClient | ID = 20227 Description = Error - 20.06.2012 03:27:11 | Computer Name = Sandra-PC | Source = RasClient | ID = 20227 Description = Error - 20.06.2012 03:27:52 | Computer Name = Sandra-PC | Source = RasClient | ID = 20227 Description = Error - 20.06.2012 14:55:23 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16446, Zeitstempel 0x4fb57c8f, fehlerhaftes Modul AVIRAB~1.DLL, Version 3.0.0.1000, Zeitstempel 0x4fb9bbff, Ausnahmecode 0xc0000005, Fehleroffset 0x00014a6a, Prozess-ID 0xd48, Anwendungsstartzeit 01cd4f15f521fe11. Error - 21.06.2012 15:52:32 | Computer Name = Sandra-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16446 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: f10 Anfangszeit: 01cd4fd94d411817 Zeitpunkt der Beendigung: 0 Error - 23.06.2012 15:15:00 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16446, Zeitstempel 0x4fb57c8f, fehlerhaftes Modul AVIRAB~1.DLL, Version 3.0.0.1000, Zeitstempel 0x4fb9bbff, Ausnahmecode 0xc0000005, Fehleroffset 0x00014a6a, Prozess-ID 0x9fc, Anwendungsstartzeit 01cd5173cb286520. Error - 23.06.2012 15:17:48 | Computer Name = Sandra-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16446 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 13c0 Anfangszeit: 01cd51747d9a1ca8 Zeitpunkt der Beendigung: 0 Error - 02.07.2012 15:15:39 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000 Description = Fehlerhafte Anwendung iexplore.exe, Version 9.0.8112.16446, Zeitstempel 0x4fb57c8f, fehlerhaftes Modul MSHTML.dll, Version 9.0.8112.16446, Zeitstempel 0x4fb58407, Ausnahmecode 0xc0000005, Fehleroffset 0x0041f030, Prozess-ID 0x1680, Anwendungsstartzeit 01cd588612014720. Error - 03.07.2012 09:10:10 | Computer Name = Sandra-PC | Source = RasClient | ID = 20227 Description = Error - 04.07.2012 08:44:45 | Computer Name = Sandra-PC | Source = Application Hang | ID = 1002 Description = Programm iexplore.exe, Version 9.0.8112.16446 arbeitet nicht mehr mit Windows zusammen und wurde beendet. Überprüfen Sie den Problemverlauf im Applet "Lösungen für Probleme" in der Systemsteuerung, um nach weiteren Informationen über das Problem zu suchen. Prozess-ID: 10e8 Anfangszeit: 01cd59e206c335f0 Zeitpunkt der Beendigung: 68 [ Media Center Events ] Error - 08.04.2012 06:17:54 | Computer Name = Sandra-PC | Source = ehRecvr | ID = 4 Description = [ System Events ] Error - 24.06.2012 04:42:02 | Computer Name = Sandra-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 24.06.2012 04:42:02 | Computer Name = Sandra-PC | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 24.06.2012 04:42:02 | Computer Name = Sandra-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 24.06.2012 04:42:02 | Computer Name = Sandra-PC | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 24.06.2012 04:42:02 | Computer Name = Sandra-PC | Source = Microsoft-Windows-Servicing | ID = 4375 Description = Error - 24.06.2012 04:42:02 | Computer Name = Sandra-PC | Source = Microsoft-Windows-Servicing | ID = 4385 Description = Error - 08.07.2012 04:43:53 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7009 Description = Error - 08.07.2012 04:43:53 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7000 Description = Error - 08.07.2012 04:45:26 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7011 Description = Error - 08.07.2012 04:47:18 | Computer Name = Sandra-PC | Source = Service Control Manager | ID = 7022 Description = < End of report > -------------------------------------------------------- gmer.txt GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-07-08 17:02:42 Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-4 WDC_WD5000AACS-00ZUB0 rev.01.01B01 Running: v9ws0zld.exe; Driver: C:\Users\Sandra\AppData\Local\Temp\uwdiqpob.sys ---- System - GMER 1.0.15 ---- SSDT 8A1D340E ZwCreateSection SSDT 8A1D3418 ZwRequestWaitReplyPort SSDT 8A1D3413 ZwSetContextThread SSDT 8A1D341D ZwSetSecurityObject SSDT 8A1D3422 ZwSystemDebugControl SSDT 8A1D33AF ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!KeSetEvent + 215 81CBE8D8 4 Bytes [0E, 34, 1D, 8A] .text ntkrnlpa.exe!KeSetEvent + 539 81CBEBFC 4 Bytes [18, 34, 1D, 8A] .text ntkrnlpa.exe!KeSetEvent + 56D 81CBEC30 4 Bytes [13, 34, 1D, 8A] .text ntkrnlpa.exe!KeSetEvent + 5D1 81CBEC94 4 Bytes CALL 9F000A1A .text ntkrnlpa.exe!KeSetEvent + 619 81CBECDC 4 Bytes [22, 34, 1D, 8A] .text ... ---- User code sections - GMER 1.0.15 ---- .text C:\Program Files\Internet Explorer\iexplore.exe[1744] kernel32.dll!CreateThread 756ACB2E 5 Bytes JMP 710B75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateDialogParamW 758972A2 5 Bytes JMP 712490F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!GetAsyncKeyState 7589863C 5 Bytes JMP 7109DEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!SetWindowsHookExW 758987AD 5 Bytes JMP 710F25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CallNextHookEx 75898E3B 5 Bytes JMP 71117FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!UnhookWindowsHookEx 758998DB 5 Bytes JMP 7113ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!EnableWindow 7589CD8B 5 Bytes JMP 710F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DefWindowProcA 7589DB88 7 Bytes JMP 710B97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateWindowExA 7589DC2A 5 Bytes JMP 710C362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateWindowExW 758A1305 5 Bytes JMP 711203B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!GetKeyState 758A8CB1 5 Bytes JMP 7109DD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DefWindowProcW 758B03B4 7 Bytes JMP 71118042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!IsDialogMessageW 758B0745 5 Bytes JMP 71249855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateDialogParamA 758B17AA 5 Bytes JMP 712490B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!IsDialogMessage 758B1847 5 Bytes JMP 7124982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateDialogIndirectParamA 758B26F1 5 Bytes JMP 71249128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!CreateDialogIndirectParamW 758B9A62 5 Bytes JMP 71249160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!SetKeyboardState 758C0987 5 Bytes JMP 7124A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DialogBoxParamW 758C10B0 5 Bytes JMP 7105187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DialogBoxIndirectParamW 758C2EF5 5 Bytes JMP 71248D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!SendInput 758C2F75 5 Bytes JMP 7124A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!EndDialog 758C326E 5 Bytes JMP 71249B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!SetCursorPos 758D6FB2 5 Bytes JMP 7124A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DialogBoxParamA 758D8152 5 Bytes JMP 71248D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!DialogBoxIndirectParamA 758D847D 5 Bytes JMP 71248DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!MessageBoxIndirectA 758ED4D9 5 Bytes JMP 71248CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!MessageBoxIndirectW 758ED5D3 5 Bytes JMP 71248C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!MessageBoxExA 758ED639 5 Bytes JMP 71248BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!MessageBoxExW 758ED65D 5 Bytes JMP 71248B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] USER32.dll!keybd_event 758ED972 5 Bytes JMP 7124A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[1744] SHELL32.dll!SHRestricted + D95 761E89A8 4 Bytes [CF, 01, A9, 6F] .text C:\Program Files\Internet Explorer\iexplore.exe[1744] SHELL32.dll!SHRestricted + D9D 761E89B0 8 Bytes [E0, 61, A8, 6F, 79, F7, A8, ...] {LOOPNZ 0x63; TEST AL, 0x6f; JNS 0xfffffffffffffffd; TEST AL, 0x6f} .text C:\Program Files\Internet Explorer\iexplore.exe[1744] ole32.dll!OleLoadFromStream 75761E80 5 Bytes JMP 7124955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] kernel32.dll!CreateThread 756ACB2E 5 Bytes JMP 710B75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!CreateDialogParamW 758972A2 5 Bytes JMP 712490F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!GetAsyncKeyState 7589863C 5 Bytes JMP 7109DEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!SetWindowsHookExW 758987AD 5 Bytes JMP 710F25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!CallNextHookEx 75898E3B 5 Bytes JMP 71117FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!UnhookWindowsHookEx 758998DB 5 Bytes JMP 7113ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!EnableWindow 7589CD8B 5 Bytes JMP 710F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!DefWindowProcA 7589DB88 7 Bytes JMP 710B97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!CreateWindowExA 7589DC2A 5 Bytes JMP 710C362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!CreateWindowExW 758A1305 5 Bytes JMP 711203B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!GetKeyState 758A8CB1 5 Bytes JMP 7109DD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!DefWindowProcW 758B03B4 7 Bytes JMP 71118042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!IsDialogMessageW 758B0745 5 Bytes JMP 71249855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!CreateDialogParamA 758B17AA 5 Bytes JMP 712490B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!IsDialogMessage 758B1847 5 Bytes JMP 7124982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!CreateDialogIndirectParamA 758B26F1 5 Bytes JMP 71249128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!CreateDialogIndirectParamW 758B9A62 5 Bytes JMP 71249160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!SetKeyboardState 758C0987 5 Bytes JMP 7124A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!DialogBoxParamW 758C10B0 5 Bytes JMP 7105187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!DialogBoxIndirectParamW 758C2EF5 5 Bytes JMP 71248D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!SendInput 758C2F75 5 Bytes JMP 7124A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!EndDialog 758C326E 5 Bytes JMP 71249B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!SetCursorPos 758D6FB2 5 Bytes JMP 7124A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!DialogBoxParamA 758D8152 5 Bytes JMP 71248D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!DialogBoxIndirectParamA 758D847D 5 Bytes JMP 71248DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!MessageBoxIndirectA 758ED4D9 5 Bytes JMP 71248CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!MessageBoxIndirectW 758ED5D3 5 Bytes JMP 71248C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!MessageBoxExA 758ED639 5 Bytes JMP 71248BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!MessageBoxExW 758ED65D 5 Bytes JMP 71248B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] USER32.dll!keybd_event 758ED972 5 Bytes JMP 7124A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2280] SHELL32.dll!SHRestricted + D95 761E89A8 4 Bytes [CF, 01, A9, 6F] .text C:\Program Files\Internet Explorer\iexplore.exe[2280] SHELL32.dll!SHRestricted + D9D 761E89B0 8 Bytes [E0, 61, A8, 6F, 79, F7, A8, ...] {LOOPNZ 0x63; TEST AL, 0x6f; JNS 0xfffffffffffffffd; TEST AL, 0x6f} .text C:\Program Files\Internet Explorer\iexplore.exe[2280] ole32.dll!OleLoadFromStream 75761E80 5 Bytes JMP 7124955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] kernel32.dll!CreateThread 756ACB2E 5 Bytes JMP 710B75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CreateDialogParamW 758972A2 5 Bytes JMP 712490F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!GetAsyncKeyState 7589863C 5 Bytes JMP 7109DEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!SetWindowsHookExW 758987AD 5 Bytes JMP 710F25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CallNextHookEx 75898E3B 5 Bytes JMP 71117FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!UnhookWindowsHookEx 758998DB 5 Bytes JMP 7113ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!EnableWindow 7589CD8B 5 Bytes JMP 710F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DefWindowProcA 7589DB88 7 Bytes JMP 710B97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CreateWindowExA 7589DC2A 5 Bytes JMP 710C362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CreateWindowExW 758A1305 5 Bytes JMP 711203B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!GetKeyState 758A8CB1 5 Bytes JMP 7109DD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DefWindowProcW 758B03B4 7 Bytes JMP 71118042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!IsDialogMessageW 758B0745 5 Bytes JMP 71249855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CreateDialogParamA 758B17AA 5 Bytes JMP 712490B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!IsDialogMessage 758B1847 5 Bytes JMP 7124982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CreateDialogIndirectParamA 758B26F1 5 Bytes JMP 71249128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!CreateDialogIndirectParamW 758B9A62 5 Bytes JMP 71249160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!SetKeyboardState 758C0987 5 Bytes JMP 7124A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DialogBoxParamW 758C10B0 5 Bytes JMP 7105187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DialogBoxIndirectParamW 758C2EF5 5 Bytes JMP 71248D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!SendInput 758C2F75 5 Bytes JMP 7124A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!EndDialog 758C326E 5 Bytes JMP 71249B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!SetCursorPos 758D6FB2 5 Bytes JMP 7124A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DialogBoxParamA 758D8152 5 Bytes JMP 71248D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!DialogBoxIndirectParamA 758D847D 5 Bytes JMP 71248DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!MessageBoxIndirectA 758ED4D9 5 Bytes JMP 71248CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!MessageBoxIndirectW 758ED5D3 5 Bytes JMP 71248C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!MessageBoxExA 758ED639 5 Bytes JMP 71248BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!MessageBoxExW 758ED65D 5 Bytes JMP 71248B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] USER32.dll!keybd_event 758ED972 5 Bytes JMP 7124A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2448] SHELL32.dll!SHRestricted + D95 761E89A8 4 Bytes [CF, 01, A9, 6F] .text C:\Program Files\Internet Explorer\iexplore.exe[2448] SHELL32.dll!SHRestricted + D9D 761E89B0 8 Bytes [E0, 61, A8, 6F, 79, F7, A8, ...] {LOOPNZ 0x63; TEST AL, 0x6f; JNS 0xfffffffffffffffd; TEST AL, 0x6f} .text C:\Program Files\Internet Explorer\iexplore.exe[2448] ole32.dll!OleLoadFromStream 75761E80 5 Bytes JMP 7124955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!EnableWindow 7589CD8B 5 Bytes JMP 710F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxParamW 758C10B0 5 Bytes JMP 7105187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxIndirectParamW 758C2EF5 5 Bytes JMP 71248D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxParamA 758D8152 5 Bytes JMP 71248D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!DialogBoxIndirectParamA 758D847D 5 Bytes JMP 71248DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxIndirectA 758ED4D9 5 Bytes JMP 71248CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxIndirectW 758ED5D3 5 Bytes JMP 71248C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxExA 758ED639 5 Bytes JMP 71248BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[2872] USER32.dll!MessageBoxExW 758ED65D 5 Bytes JMP 71248B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] kernel32.dll!CreateThread 756ACB2E 5 Bytes JMP 710B75CB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CreateDialogParamW 758972A2 5 Bytes JMP 712490F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!GetAsyncKeyState 7589863C 5 Bytes JMP 7109DEAD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!SetWindowsHookExW 758987AD 5 Bytes JMP 710F25AC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CallNextHookEx 75898E3B 5 Bytes JMP 71117FDF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!UnhookWindowsHookEx 758998DB 5 Bytes JMP 7113ECE0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!EnableWindow 7589CD8B 5 Bytes JMP 710F9EAC C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DefWindowProcA 7589DB88 7 Bytes JMP 710B97F5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CreateWindowExA 7589DC2A 5 Bytes JMP 710C362B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CreateWindowExW 758A1305 5 Bytes JMP 711203B7 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!GetKeyState 758A8CB1 5 Bytes JMP 7109DD87 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DefWindowProcW 758B03B4 7 Bytes JMP 71118042 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!IsDialogMessageW 758B0745 5 Bytes JMP 71249855 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CreateDialogParamA 758B17AA 5 Bytes JMP 712490B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!IsDialogMessage 758B1847 5 Bytes JMP 7124982D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CreateDialogIndirectParamA 758B26F1 5 Bytes JMP 71249128 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!CreateDialogIndirectParamW 758B9A62 5 Bytes JMP 71249160 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!SetKeyboardState 758C0987 5 Bytes JMP 7124A11D C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxParamW 758C10B0 5 Bytes JMP 7105187B C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxIndirectParamW 758C2EF5 5 Bytes JMP 71248D86 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!SendInput 758C2F75 5 Bytes JMP 7124A0C5 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!EndDialog 758C326E 5 Bytes JMP 71249B01 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!SetCursorPos 758D6FB2 5 Bytes JMP 7124A19E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxParamA 758D8152 5 Bytes JMP 71248D21 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!DialogBoxIndirectParamA 758D847D 5 Bytes JMP 71248DEB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxIndirectA 758ED4D9 5 Bytes JMP 71248CA8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxIndirectW 758ED5D3 5 Bytes JMP 71248C2F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxExA 758ED639 5 Bytes JMP 71248BCB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!MessageBoxExW 758ED65D 5 Bytes JMP 71248B67 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] USER32.dll!keybd_event 758ED972 5 Bytes JMP 7124A082 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) .text C:\Program Files\Internet Explorer\iexplore.exe[3820] SHELL32.dll!SHRestricted + D95 761E89A8 4 Bytes [CF, 01, A9, 6F] .text C:\Program Files\Internet Explorer\iexplore.exe[3820] SHELL32.dll!SHRestricted + D9D 761E89B0 8 Bytes [E0, 61, A8, 6F, 79, F7, A8, ...] {LOOPNZ 0x63; TEST AL, 0x6f; JNS 0xfffffffffffffffd; TEST AL, 0x6f} .text C:\Program Files\Internet Explorer\iexplore.exe[3820] ole32.dll!OleLoadFromStream 75761E80 5 Bytes JMP 7124955F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation) ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- |
Themen zu Avira meldet EXP/JAVA.Ternub.Gen |
7-zip, adobe, antivir, autorun, avira, avira searchfree toolbar, bho, defender, email, error, explorer, firefox, flash player, format, google, helper, home, ibupdaterservice, install.exe, logfile, nvidia, opera, plug-in, recuva, registry, rundll, scan, searchscopes, security, software, trojaner, vista |