OSAM:
OSAM Logfile: Code:
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 16:58:28 on 16.11.2011
OS: Windows Vista Home Premium Edition Service Pack 1 (Build 6001), 32-bit
Default Browser: Google Inc. Google Chrome 15.0.874.106
Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures
Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries
[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Bandoo Media, inc" - c:\PROGRA~1\WI371A~1\Datamngr\IEBHO.dll
"AppInit_DLLs" - "Discordia Limited" - c:\PROGRA~1\Bandoo\BndHook.dll
[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Software Updater.job" - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl
"PhysX.cpl" - "NVIDIA Corporation" - C:\Windows\system32\PhysX.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"Nero BurnRights" - "Nero AG" - C:\Program Files\Nero\Nero 7\Nero Toolkit\NeroBurnRights.cpl
"QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl
[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"AVG Anti-Rootkit" (AVG Anti-Rootkit) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\avgarkt.sys
"Avg Anti-Rootkit Clean Driver" (AvgArCln) - "GRISOFT, s.r.o." - C:\Windows\System32\DRIVERS\AvgArCln.sys
"AVM Eject" (avmeject) - "AVM Berlin" - C:\Windows\System32\drivers\avmeject.sys
"catchme" (catchme) - ? - C:\Users\HEIMAN~1\AppData\Local\Temp\catchme.sys (File not found)
"cpuz129" (cpuz129) - ? - C:\Users\HEIMAN~1\AppData\Local\Temp\cpuz_x32.sys (File not found)
"GDBehave" (GDBehave) - ? - C:\Windows\System32\drivers\GDBehave.sys (File not found)
"GDMnIcpt" (GDMnIcpt) - ? - C:\Windows\system32\drivers\MiniIcpt.sys (File not found)
"HookCentre" (HookCentre) - "G Data Software AG" - C:\Windows\system32\drivers\HookCentre.sys
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys (File not found)
"KMWDFilter" (KMWDFilter) - "Windows (R) Codename Longhorn DDK provider" - C:\Windows\System32\Drivers\KMWDFilter.SYS
"Lavasoft helper driver" (Lavasoft Kernexplorer) - ? - C:\Program Files\Lavasoft\Ad-Aware\KernExplorer.sys (File not found)
"MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"SbieDrv" (SbieDrv) - "tzuk" - C:\Program Files\Sandboxie\SbieDrv.sys
"TuneUpUtilitiesDrv" (TuneUpUtilitiesDrv) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
"XDva349" (XDva349) - "www.wiselogic.co.kr" - C:\Windows\system32\XDva349.sys
"XDva359" (XDva359) - "www.wiselogic.co.kr" - C:\Windows\system32\XDva359.sys
"XDva385" (XDva385) - "www.wiselogic.co.kr" - C:\Windows\system32\XDva385.sys
(Disabled) ".smb" (.smb) - ? - \* (File not found)
(Disabled) "kbdqqu" (kbdqqu) - ? - C:\Windows\system32\drivers\kbdqqu.sys (File not found)
[Explorer]
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} "DropboxExt" - ? - (File not found | COM-object registry key not found)
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler )-----
{EC654325-1273-C2A9-2B7C-45D29BCE68FB} "Deskscapes Class" - "Stardock Corporation" - C:\Program Files\Stardock\Object Desktop\DeskScapes\deskscapes.dll
{EC654325-1273-C2A9-2B7C-45D29BCE68FD} "Stardock Vista ControlPanel Extension" - ? - (File not found | COM-object registry key not found)
{EC654325-1273-C2A9-2B7C-45D29BCE68FF} "StardockDreamController" - "Stardock" - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? - (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? - (File not found | COM-object registry key not found)
{ABC70703-32AF-11d4-90C4-D483A70F4825} "CMenuExtender" - ? - (File not found | COM-object registry key not found)
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? - (File not found | COM-object registry key not found)
{D22F6E51-BD32-4b7d-A17D-DC89C7FDFF15} "DreamImages Object" - "Stardock" - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamThumbnails.dll
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? - (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found)
{ED6E87C6-8A83-43aa-8208-8DBC8247F4D2} "IntelliType Pro Key Settings Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplkey.dll
{111D8120-25EB-4E1C-A4DF-C9EE5FCA35CB} "IntelliType Pro Scrolling Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwhl.dll
{1825D0FA-5B0C-4e20-A929-3EFD15B6DF71} "IntelliType Pro Touchpad Control Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcpltp.dll
{A2569D1F-4E06-43EC-9825-0088B471BE47} "IntelliType Pro Wireless Control Panel Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplwir.dll
{97FA8AA2-EE77-4FF2-9449-424D8924EF21} "IntelliType Pro Zooming Property Page" - "Microsoft Corporation" - C:\Program Files\Microsoft IntelliType Pro\itcplzm.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - (File not found | COM-object registry key not found)
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? - (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - ? - (File not found | COM-object registry key not found)
{EC654325-1273-C2A9-2B7C-45D29BCE68FD} "Stardock Vista ControlPanel Extension" - ? - (File not found | COM-object registry key not found)
{FA603FF3-D04C-415d-8049-EFE29EEF4B26} "StardockDeskscapes.DreamFile" - ? - (File not found | COM-object registry key not found)
{EC654325-1273-C2A9-2B7C-45D29BCE68FF} "StardockDreamController" - "Stardock" - C:\Program Files\Stardock\Object Desktop\DeskScapes\DreamControl.dll
{4838CD50-7E5D-4811-9B17-C47A85539F28} "TuneUp Disk Space Explorer Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\DseShExt-x86.dll
{4858E7D9-8E12-45a3-B6A3-1CD128C9D403} "TuneUp Shredder Shell Extension" - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\SDShelEx-win32.dll
{44440D00-FF19-4AFC-B765-9A0970567D97} "TuneUp Theme Extension" - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? - (File not found | COM-object registry key not found)
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Program Files\WinRAR\rarext.dll
[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
{D0C0F75C-683A-4390-A791-1ACFD5599AB8} "Oberon Flash Game Host" - "Oberon Media, Inc." - C:\Windows\Downloaded Program Files\OberonGameHost.dll / hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\System32\Adobe\Director\swdir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"ICQ7.2" - "ICQ, LLC." - C:\Program Files\ICQ7.2\ICQ.exe
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll
{055FD26D-3A88-4e15-963D-DC8493744B1D} "XTTBPos00 Class" - "IE Toolbar" - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
"Dropbox.lnk" - "Dropbox, Inc." - C:\Users\Heimanwender\AppData\Roaming\Dropbox\bin\Dropbox.exe (Shortcut exists | File exists)
"Schnellstartdatei.vbs" - ? - C:\Users\Heimanwender\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Schnellstartdatei.vbs
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon )-----
"Userinit" - ? - C:\Users\Heimanwender\AppData\Roaming\appconf32.exe (File is exclusively opened, access blocked | File found, but it contains no detailed information)
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"AVMWlanClient" - "AVM Berlin" - C:\Program Files\avmwlanstick\wlangui.exe
"BrMfcWnd" - "Brother Industries, Ltd." - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe /AUTORUN
"KMCONFIG" - "UASSOFT.COM" - C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe KMConfig.exe
"Malwarebytes' Anti-Malware" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
"PaperPort PTD" - "Nuance Communications, Inc." - "C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe"
[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"@%SystemRoot%\System32\uxtuneup.dll,-4096" (UxTuneUp) - "TuneUp Software" - C:\Windows\System32\uxtuneup.dll
"@C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1" (TuneUp.Defrag) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
"@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100" (WPFFontCache_v0400) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
"AVM WLAN Connection Service" (AVM WLAN Connection Service) - "AVM Berlin" - C:\Program Files\avmwlanstick\WlanNetService.exe
"Bandoo Coordinator" (Bandoo Coordinator) - "Bandoo Media Inc." - C:\PROGRA~1\Bandoo\Bandoo.exe
"CyberGhost VPN Client" (CGVPNCliSrvc) - "mobile concepts GmbH" - C:\Program Files\S.A.D\CyberGhost VPN\CGVPNCliService.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - D:\Common\Database\bin\fbserver.exe
"FSCLBaseUpdaterService" (FSCLBaseUpdaterService) - ? - C:\Program Files\Fujitsu Siemens Computers\FSCLounge\FSCWBaseUpdaterService\2\FSCWBaseUpdaterService.exe
"Fujitsu Siemens Computers Diagnostic Testhandler" (TestHandler) - "Fujitsu Siemens Computers" - C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1c9a488eb75573d)" (gupdate1c9a488eb75573d) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Keyboard And Mouse Communication Service" (KMWDSERVICE) - "UASSOFT.COM" - C:\Program Files\Trust\Trust R-Series Mouse\KMWDSrv.exe
"Machine Debug Manager" (MDM) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
"MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
"Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
"nProtect GameGuard Service" (npggsvc) - "INCA Internet Co., Ltd." - C:\Windows\system32\GameMon.des
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe (File found, but it contains no detailed information)
"Sandboxie Service" (SbieSvc) - "tzuk" - C:\Program Files\Sandboxie\SbieSvc.exe
"SearchAnonymizer" (SearchAnonymizer) - ? - C:\Users\Heimanwender\AppData\Roaming\OCS\SM\SearchAnonymizerHelper.exe
"TuneUp Utilities Service" (TuneUp.UtilitiesSvc) - "TuneUp Software" - C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
"UPnPService" (UPnPService) - "Magix AG" - C:\Program Files\Common Files\MAGIX Shared\UPnPService\UPnPService.exe
[Winlogon]
-----( HKCU\Control Panel\Desktop )-----
"SCRNSAVE.EXE" - ? - C:\Windows\system32\Helios.scr (File found, but it contains no detailed information)
[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll
===[ Logfile end ]=========================================[ Logfile end ]===
--- --- ---
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
aswMBR:
aswMBR version 0.9.8.986 Copyright(c) 2011 AVAST Software
Run date: 2011-11-16 18:26:11
-----------------------------
18:26:11.121 OS Version: Windows 6.0.6001 Service Pack 1
18:26:11.121 Number of processors: 4 586 0xF0B
18:26:11.121 ComputerName: PAUL-PC UserName:
18:26:40.137 Initialize success
18:26:47.375 AVAST engine defs: 11111501
18:27:21.477 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2
18:27:21.477 Disk 0 Vendor: WDC_WD5000AAKS-07YGA0 12.01C02 Size: 476940MB BusType: 3
18:27:23.505 Disk 0 MBR read successfully
18:27:23.505 Disk 0 MBR scan
18:27:23.505 Disk 0 Windows VISTA default MBR code
18:27:23.505 Disk 0 scanning sectors +976771072
18:27:23.599 Disk 0 scanning C:\Windows\system32\drivers
18:27:36.375 Service scanning
18:27:37.732 Modules scanning
18:27:44.534 Disk 0 trace - called modules:
18:27:44.581 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll ataport.SYS intelide.sys PCIIDEX.SYS atapi.sys dxgkrnl.sys nvlddmkm.sys watchdog.sys tcpip.sys NETIO.SYS
18:27:44.581 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85176ac8]
18:27:44.596 3 CLASSPNP.SYS[88360745] -> nt!IofCallDriver -> [0x842ffc10]
18:27:44.596 5 acpi.sys[8823d6a0] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-2[0x841dcba0]
18:27:47.077 AVAST engine scan C:\Windows
18:27:54.440 AVAST engine scan C:\Windows\system32
18:30:53.247 AVAST engine scan C:\Windows\system32\drivers
18:31:14.822 AVAST engine scan C:\Users\Heimanwender
18:34:48.292 Disk 0 MBR has been saved successfully to "C:\Users\Heimanwender\Desktop\MBR.dat"
18:34:48.308 The log file has been saved successfully to "C:\Users\Heimanwender\Desktop\aswMBR3.txt"
GMER:
GMER Logfile: Code:
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2011-11-16 18:13:46
Windows 6.0.6001 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-2 WDC_WD5000AAKS-07YGA0 rev.12.01C02
Running: s1crcviz.exe; Driver: C:\Users\HEIMAN~1\AppData\Local\Temp\kwtdapod.sys
---- System - GMER 1.0.15 ----
Code 87068C4C ZwTraceEvent
Code 87068C4B NtTraceEvent
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!NtTraceEvent 82073FD0 5 Bytes JMP 87068C50
PAGE ntoskrnl.exe!NtRequestPort + 2 821FAC15 5 Bytes JMP 87068CF0
PAGE ntoskrnl.exe!ZwAlpcSendWaitReceivePort + 2 82252ECE 5 Bytes JMP 87068E30
PAGE ntoskrnl.exe!NtRequestWaitReplyPort + 2 82255F23 5 Bytes JMP 87068D90
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E008340, 0x39DB57, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
.text C:\Windows\system32\wuauclt.exe[584] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 00BD0354
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtCreateFile + 6 77727C7E 4 Bytes [28, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtCreateFile + B 77727C83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtMapViewOfSection + 6 777283CE 1 Byte [28]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtMapViewOfSection + 6 777283CE 4 Bytes [28, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtMapViewOfSection + B 777283D3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenFile + 6 7772845E 4 Bytes [68, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenFile + B 77728463 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcess + 6 777284DE 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcess + B 777284E3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcessToken + 6 777284EE 4 Bytes CALL 76728AF4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcessToken + B 777284F3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcessTokenEx + 6 777284FE 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenProcessTokenEx + B 77728503 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThread + 6 7772854E 4 Bytes [68, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThread + B 77728553 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThreadToken + 6 7772855E 4 Bytes [68, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThreadToken + B 77728563 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThreadTokenEx + 6 7772856E 4 Bytes CALL 76728B75 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtOpenThreadTokenEx + B 77728573 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtQueryAttributesFile + 6 777285FE 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtQueryAttributesFile + B 77728603 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtQueryFullAttributesFile + 6 777286AE 4 Bytes CALL 76728CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtQueryFullAttributesFile + B 777286B3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtSetInformationFile + 6 77728B8E 4 Bytes [28, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtSetInformationFile + B 77728B93 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtSetInformationThread + 6 77728BDE 4 Bytes [28, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtSetInformationThread + B 77728BE3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 1 Byte [68]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 4 Bytes [68, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] ntdll.dll!NtUnmapViewOfSection + B 77728E83 1 Byte [E2]
.text C:\Program Files\Trust\Trust R-Series Mouse\StartAutorun.exe[808] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 003D0354
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtCreateFile + 6 77727C7E 4 Bytes [28, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtCreateFile + B 77727C83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtMapViewOfSection + 6 777283CE 1 Byte [28]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtMapViewOfSection + 6 777283CE 4 Bytes [28, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtMapViewOfSection + B 777283D3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenFile + 6 7772845E 4 Bytes [68, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenFile + B 77728463 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcess + 6 777284DE 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcess + B 777284E3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcessToken + 6 777284EE 4 Bytes CALL 76728AF4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcessToken + B 777284F3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcessTokenEx + 6 777284FE 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenProcessTokenEx + B 77728503 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThread + 6 7772854E 4 Bytes [68, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThread + B 77728553 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThreadToken + 6 7772855E 4 Bytes [68, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThreadToken + B 77728563 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThreadTokenEx + 6 7772856E 4 Bytes CALL 76728B75 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtOpenThreadTokenEx + B 77728573 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtQueryAttributesFile + 6 777285FE 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtQueryAttributesFile + B 77728603 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtQueryFullAttributesFile + 6 777286AE 4 Bytes CALL 76728CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtQueryFullAttributesFile + B 777286B3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtSetInformationFile + 6 77728B8E 4 Bytes [28, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtSetInformationFile + B 77728B93 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtSetInformationThread + 6 77728BDE 4 Bytes [28, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtSetInformationThread + B 77728BE3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 1 Byte [68]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 4 Bytes [68, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] ntdll.dll!NtUnmapViewOfSection + B 77728E83 1 Byte [E2]
.text C:\Windows\System32\mobsync.exe[1740] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 00200354
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtCreateFile + 6 77727C7E 4 Bytes [28, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtCreateFile + B 77727C83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtMapViewOfSection + 6 777283CE 1 Byte [28]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtMapViewOfSection + 6 777283CE 4 Bytes [28, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtMapViewOfSection + B 777283D3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenFile + 6 7772845E 4 Bytes [68, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenFile + B 77728463 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcess + 6 777284DE 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcess + B 777284E3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessToken + 6 777284EE 4 Bytes CALL 76728AF4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessToken + B 777284F3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessTokenEx + 6 777284FE 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenProcessTokenEx + B 77728503 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThread + 6 7772854E 4 Bytes [68, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThread + B 77728553 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadToken + 6 7772855E 4 Bytes [68, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadToken + B 77728563 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadTokenEx + 6 7772856E 4 Bytes CALL 76728B75 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtOpenThreadTokenEx + B 77728573 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryAttributesFile + 6 777285FE 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryAttributesFile + B 77728603 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryFullAttributesFile + 6 777286AE 4 Bytes CALL 76728CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtQueryFullAttributesFile + B 777286B3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationFile + 6 77728B8E 4 Bytes [28, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationFile + B 77728B93 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationThread + 6 77728BDE 4 Bytes [28, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtSetInformationThread + B 77728BE3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 1 Byte [68]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 4 Bytes [68, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] ntdll.dll!NtUnmapViewOfSection + B 77728E83 1 Byte [E2]
.text C:\Windows\RtHDVCpl.exe[2008] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 002B0354
.text C:\Program Files\Trust\Trust R-Series Mouse\KMConfig.exe[2200] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 00490354
.text C:\Windows\System32\rundll32.exe[2304] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 008E0354
.text C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe[2336] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 01D50354
.text C:\Program Files\Trust\Trust R-Series Mouse\KMProcess.exe[2372] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 00340354
.text ...
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtCreateFile + 6 77727C7E 4 Bytes [28, 00, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtCreateFile + B 77727C83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtMapViewOfSection + 6 777283CE 1 Byte [28]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtMapViewOfSection + 6 777283CE 4 Bytes [28, 03, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtMapViewOfSection + B 777283D3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenFile + 6 7772845E 4 Bytes [68, 00, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenFile + B 77728463 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcess + 6 777284DE 4 Bytes [A8, 01, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcess + B 777284E3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessToken + 6 777284EE 4 Bytes CALL 76729AF4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessToken + B 777284F3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessTokenEx + 6 777284FE 4 Bytes [A8, 02, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenProcessTokenEx + B 77728503 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThread + 6 7772854E 4 Bytes [68, 01, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThread + B 77728553 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadToken + 6 7772855E 4 Bytes [68, 02, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadToken + B 77728563 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadTokenEx + 6 7772856E 4 Bytes CALL 76729B75 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtOpenThreadTokenEx + B 77728573 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryAttributesFile + 6 777285FE 4 Bytes [A8, 00, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryAttributesFile + B 77728603 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryFullAttributesFile + 6 777286AE 4 Bytes CALL 76729CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtQueryFullAttributesFile + B 777286B3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationFile + 6 77728B8E 4 Bytes [28, 01, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationFile + B 77728B93 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationThread + 6 77728BDE 4 Bytes [28, 02, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtSetInformationThread + B 77728BE3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 1 Byte [68]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 4 Bytes [68, 03, 16, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] ntdll.dll!NtUnmapViewOfSection + B 77728E83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + 6 77727C7E 4 Bytes [28, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtCreateFile + B 77727C83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + 6 777283CE 1 Byte [28]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + 6 777283CE 4 Bytes [28, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtMapViewOfSection + B 777283D3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + 6 7772845E 4 Bytes [68, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenFile + B 77728463 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + 6 777284DE 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcess + B 777284E3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessToken + 6 777284EE 4 Bytes CALL 76728AF4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessToken + B 777284F3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + 6 777284FE 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenProcessTokenEx + B 77728503 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + 6 7772854E 4 Bytes [68, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThread + B 77728553 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + 6 7772855E 4 Bytes [68, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadToken + B 77728563 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadTokenEx + 6 7772856E 4 Bytes CALL 76728B75 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtOpenThreadTokenEx + B 77728573 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + 6 777285FE 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryAttributesFile + B 77728603 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryFullAttributesFile + 6 777286AE 4 Bytes CALL 76728CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtQueryFullAttributesFile + B 777286B3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + 6 77728B8E 4 Bytes [28, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationFile + B 77728B93 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + 6 77728BDE 4 Bytes [28, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtSetInformationThread + B 77728BE3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 1 Byte [68]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 4 Bytes [68, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] ntdll.dll!NtUnmapViewOfSection + B 77728E83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtCreateFile + 6 77727C7E 4 Bytes [28, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtCreateFile + B 77727C83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtMapViewOfSection + 6 777283CE 1 Byte [28]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtMapViewOfSection + 6 777283CE 4 Bytes [28, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtMapViewOfSection + B 777283D3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenFile + 6 7772845E 4 Bytes [68, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenFile + B 77728463 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcess + 6 777284DE 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcess + B 777284E3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcessToken + 6 777284EE 4 Bytes CALL 76728AF4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcessToken + B 777284F3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcessTokenEx + 6 777284FE 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenProcessTokenEx + B 77728503 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThread + 6 7772854E 4 Bytes [68, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThread + B 77728553 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThreadToken + 6 7772855E 4 Bytes [68, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThreadToken + B 77728563 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThreadTokenEx + 6 7772856E 4 Bytes CALL 76728B75 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtOpenThreadTokenEx + B 77728573 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtQueryAttributesFile + 6 777285FE 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtQueryAttributesFile + B 77728603 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtQueryFullAttributesFile + 6 777286AE 4 Bytes CALL 76728CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtQueryFullAttributesFile + B 777286B3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtSetInformationFile + 6 77728B8E 4 Bytes [28, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtSetInformationFile + B 77728B93 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtSetInformationThread + 6 77728BDE 4 Bytes [28, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtSetInformationThread + B 77728BE3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 1 Byte [68]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 4 Bytes [68, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] ntdll.dll!NtUnmapViewOfSection + B 77728E83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateFile + 6 77727C7E 4 Bytes [28, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtCreateFile + B 77727C83 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection + 6 777283CE 1 Byte [28]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection + 6 777283CE 4 Bytes [28, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtMapViewOfSection + B 777283D3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenFile + 6 7772845E 4 Bytes [68, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenFile + B 77728463 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcess + 6 777284DE 4 Bytes [A8, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcess + B 777284E3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessToken + 6 777284EE 4 Bytes CALL 76728AF4 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessToken + B 777284F3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessTokenEx + 6 777284FE 4 Bytes [A8, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenProcessTokenEx + B 77728503 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThread + 6 7772854E 4 Bytes [68, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThread + B 77728553 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadToken + 6 7772855E 4 Bytes [68, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadToken + B 77728563 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadTokenEx + 6 7772856E 4 Bytes CALL 76728B75 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtOpenThreadTokenEx + B 77728573 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryAttributesFile + 6 777285FE 4 Bytes [A8, 00, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryAttributesFile + B 77728603 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryFullAttributesFile + 6 777286AE 4 Bytes CALL 76728CB3 C:\Windows\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtQueryFullAttributesFile + B 777286B3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationFile + 6 77728B8E 4 Bytes [28, 01, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationFile + B 77728B93 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationThread + 6 77728BDE 4 Bytes [28, 02, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtSetInformationThread + B 77728BE3 1 Byte [E2]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 1 Byte [68]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtUnmapViewOfSection + 6 77728E7E 4 Bytes [68, 03, 06, 00]
.text C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] ntdll.dll!NtUnmapViewOfSection + B 77728E83 1 Byte [E2]
.text C:\Windows\system32\NOTEPAD.EXE[4032] ntdll.dll!NtClose 77727BB8 5 Bytes JMP 00120354
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73E98864] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73ED9855] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73E9B984] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73E8FB47] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73E97A29] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73E8EA65] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73ECB12D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73E9BC4A] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73E90756] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73E906BD] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73E871B3] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73F1D9E0] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73EB7329] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73E8E109] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73E8697E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73E869A9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[12] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73E92475] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6001.18551_none_9e7a1850c9c1b3dc\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[652] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1504] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[1844] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[2964] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3788] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3892] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
IAT C:\Users\Heimanwender\AppData\Local\Google\Chrome\Application\chrome.exe[3940] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateNamedPipeW] 00010010
---- EOF - GMER 1.0.15 ----
--- --- --- |
aswMBR.exe und speichere die Datei auf deinem Desktop.
