GMER Logfile:
Code:
Alles auswählen Aufklappen ATTFilter
GMER 1.0.15.15640 - hxxp://www.gmer.net
Rootkit scan 2011-05-30 18:19:45
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\000000a9 ST350083 rev.3.AA
Running: f2hlo0cs.exe; Driver: C:\Users\festus\AppData\Local\Temp\pwriipow.sys
---- User code sections - GMER 1.0.15 ----
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!EnableWindow 76B3CD8B 5 Bytes JMP 6DB69884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxParamW 76B610B0 5 Bytes JMP 6DAC15BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxIndirectParamW 76B62EF5 5 Bytes JMP 6DCB590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxParamA 76B78152 5 Bytes JMP 6DCB58AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!DialogBoxIndirectParamA 76B7847D 5 Bytes JMP 6DCB5974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxIndirectA 76B8D4D9 5 Bytes JMP 6DCB5831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxIndirectW 76B8D5D3 5 Bytes JMP 6DCB57B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxExA 76B8D639 5 Bytes JMP 6DCB5754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3736] USER32.dll!MessageBoxExW 76B8D65D 5 Bytes JMP 6DCB56F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] kernel32.dll!CreateThread 7744C90E 5 Bytes JMP 6DB27133 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!CreateDialogParamW 76B372A2 5 Bytes JMP 6DCB5C79 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!GetAsyncKeyState 76B3863C 2 Bytes JMP 6DB0DC09 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!GetAsyncKeyState + 3 76B3863F 2 Bytes [FD, F6]
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!SetWindowsHookExW 76B387AD 5 Bytes JMP 6DB61FE4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!CallNextHookEx 76B38E3B 5 Bytes JMP 6DB87AEF C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!UnhookWindowsHookEx 76B398DB 5 Bytes JMP 6DBAEB70 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!EnableWindow 76B3CD8B 5 Bytes JMP 6DB69884 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DefWindowProcA 76B3DB88 7 Bytes JMP 6DB29345 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!CreateWindowExA 76B3DC2A 2 Bytes JMP 6DB33173 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!CreateWindowExA + 3 76B3DC2D 2 Bytes [FF, F6] {PUSH ESI}
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!CreateWindowExW 76B41305 5 Bytes JMP 6DB8FF57 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!GetKeyState 76B48CB1 5 Bytes JMP 6DB0DAE3 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DefWindowProcW 76B503B4 7 Bytes JMP 6DB87B52 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!IsDialogMessageW 76B50745 5 Bytes JMP 6DCB6406 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!CreateDialogParamA 76B517AA 5 Bytes JMP 6DCB5C41 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!IsDialogMessage 76B51847 5 Bytes JMP 6DCB63DE C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!CreateDialogIndirectParamA 76B526F1 5 Bytes JMP 6DCB5CB1 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!CreateDialogIndirectParamW 76B59A62 5 Bytes JMP 6DCB5CE9 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!SetKeyboardState 76B60987 5 Bytes JMP 6DCB6CCD C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DialogBoxParamW 76B610B0 5 Bytes JMP 6DAC15BB C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DialogBoxIndirectParamW 76B62EF5 5 Bytes JMP 6DCB590F C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!SendInput 76B62F75 5 Bytes JMP 6DCB6C75 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!EndDialog 76B6326E 5 Bytes JMP 6DCB66B2 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!SetCursorPos 76B76FB2 5 Bytes JMP 6DCB6D4E C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DialogBoxParamA 76B78152 5 Bytes JMP 6DCB58AA C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!DialogBoxIndirectParamA 76B7847D 5 Bytes JMP 6DCB5974 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!MessageBoxIndirectA 76B8D4D9 5 Bytes JMP 6DCB5831 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!MessageBoxIndirectW 76B8D5D3 5 Bytes JMP 6DCB57B8 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!MessageBoxExA 76B8D639 5 Bytes JMP 6DCB5754 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!MessageBoxExW 76B8D65D 5 Bytes JMP 6DCB56F0 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] USER32.dll!keybd_event 76B8D972 5 Bytes JMP 6DCB6C32 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] SHELL32.dll!SHRestricted + D95 75EB89A8 4 Bytes [37, 01, 6D, 6F] {AAA ; ADD [EBP+0x6f], EBP}
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] SHELL32.dll!SHRestricted + D9D 75EB89B0 8 Bytes [60, 61, 6C, 6F, E1, F6, 6C, ...] {PUSHA ; POPA ; INSB ; OUTSD ; LOOPZ 0xfffffffffffffffc; INSB ; OUTSD }
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] ole32.dll!OleLoadFromStream 76E01E80 5 Bytes JMP 6DCB6110 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[6100] ole32.dll!CoCreateInstance 76E39F3E 5 Bytes JMP 6DB8B6D4 C:\Windows\system32\IEFRAME.dll (Internet Browser/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
--- --- ---
30.05.2011, 17:21
Baum-Darstellung