|
Plagegeister aller Art und deren Bekämpfung: Problem im FirefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.07.2008, 21:12 | #1 |
| Problem im Firefox Hallo, ich habe einen komischen Eintrag im FF: "hausaufgaben" nistet sich in "Pop-Up-Fenster blockieren" --> Ausnahmen "Grafiken laden" --> Ausnahmen "Warnen, wenn Webseiten versuchen, Add-Ones zu installieren" --> Ausnahmen ein, Er schreibt sich da immer wieder neu rein, "Webseite entfernen" bringt leider gar nichts. Was ist das und woher kommt es und wie werde ich es wieder los? Danke schon jetzt! Alex |
03.07.2008, 21:28 | #3 |
| Problem im Firefox Was ist denn das?
__________________ |
03.07.2008, 21:32 | #4 |
| Problem im Firefox hier die anleitung dazu http://www.trojaner-board.de/51130-a...ijackthis.html und ausserdem bitte noch diese Anleitung abarbeiten http://www.trojaner-board.de/51187-a...i-malware.html |
03.07.2008, 21:35 | #5 |
| Problem im Firefox Ok, danke. |
06.07.2008, 18:49 | #6 |
| Problem im Firefox Hallo, ich habe den GMER-Log gerade gepostet, komme aber hier nicht klar. Darum gebe ich Euch den Link: Thema anzeigen - Problem mit "hausaufgaben" |
06.07.2008, 20:33 | #7 |
| Problem im Firefox kannst Du mit den Anleitungen aus dem Forum nichts anfangen? Lese bitte die anleitungen aus meinem vorigen post und gehe genau nach anleitung vor. wenn Du irgendwo probleme mit dem HijackThis oder Malwarebytes haben solltest, schreibe genau an welcher stelle du hängst |
08.07.2008, 11:33 | #8 |
| Problem im Firefox Entschuldigt, im Moment habe ich nicht viel Zeit. Hier ist schon mal mein LogFile (der Rest kommt später!): Code:
ATTFilter Logfile of Trend Micro HijackThis v2.0.2 Scan saved at 12:23:43, on 08.07.2008 Platform: Windows XP SP2 (WinNT 5.01.2600) MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180) Boot mode: Normal Running processes: C:\WINDOWS\System32\smss.exe C:\WINDOWS\system32\winlogon.exe C:\WINDOWS\system32\services.exe C:\WINDOWS\system32\lsass.exe C:\WINDOWS\system32\svchost.exe C:\WINDOWS\System32\svchost.exe C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe C:\WINDOWS\Explorer.EXE C:\Programme\F-Secure\Common\FSM32.EXE C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Programme\RauchFrei\RauchFrei.exe C:\WINDOWS\system32\spoolsv.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe C:\Programme\F-Secure\BackWeb\7681197\Program\F-Secure Automatic Update.exe C:\Programme\F-Secure\Anti-Virus\FSGK32.EXE C:\Programme\F-Secure\BackWeb\7681197\program\fsbwsys.exe C:\Programme\F-Secure\Common\FSMA32.EXE C:\Programme\F-Secure\Common\FSMB32.EXE C:\Programme\F-Secure\Anti-Virus\fssm32.exe C:\Programme\F-Secure\Common\FCH32.EXE C:\Programme\F-Secure\Common\FAMEH32.EXE C:\Programme\F-Secure\Common\FNRB32.EXE C:\Programme\F-Secure\FWES\Program\fsdfwd.exe C:\Programme\F-Secure\Common\FIH32.EXE C:\Programme\F-Secure\Anti-Virus\fsav32.exe C:\Programme\F-Secure\FSGUI\fsguiexe.exe C:\WINDOWS\system32\devldr32.exe C:\Programme\Mozilla Firefox\firefox.exe C:\Dokumente und Einstellungen\X\Desktop\HiJackThis.exe O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O4 - HKLM\..\Run: [F-Secure Manager] "C:\Programme\F-Secure\Common\FSM32.EXE" /splash O4 - HKLM\..\Run: [F-Secure TNB] "C:\Programme\F-Secure\TNB\TNBUtil.exe" /CHECKALL /WAITFORSW O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_05\bin\jusched.exe O4 - HKLM\..\Run: [avgnt] "C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKCU\..\Run: [SWR3RauchFrei] "C:\Programme\RauchFrei\RauchFrei.exe" O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST') O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST') O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM') O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user') O4 - Global Startup: F-Secure Automatic Update.lnk = C:\Programme\F-Secure\BackWeb\7681197\program\F-Secure Automatic Update.exe O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\j2re1.4.2_05\bin\npjpi142_05.dll O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211107240046 O17 - HKLM\System\CCS\Services\Tcpip\..\{0687B05B-FFB8-4AA4-9FA1-95C834B517F0}: NameServer = 213.191.92.86 62.109.123.7 O17 - HKLM\System\CS1\Services\Tcpip\..\{0687B05B-FFB8-4AA4-9FA1-95C834B517F0}: NameServer = 213.191.92.86 62.109.123.7 O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Programme\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Scheduler (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: Avira AntiVir Personal – Free Antivirus Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: F-Secure Automatic Update (BackWeb Plug-in - 7681197) - BackWeb Technologies Inc. - C:\PROGRA~1\F-Secure\BackWeb\7681197\Program\SERVIC~1.EXE O23 - Service: F-Secure Gatekeeper Handler Starter - F-Secure Corp. - C:\Programme\F-Secure\Anti-Virus\fsgk32st.exe O23 - Service: F-Secure Network Request Broker - F-Secure Corporation - C:\Programme\F-Secure\Common\FNRB32.EXE O23 - Service: fsbwsys - F-Secure Corp. - C:\Programme\F-Secure\BackWeb\7681197\program\fsbwsys.exe O23 - Service: F-Secure Anti-Virus Firewall Daemon (FSDFWD) - F-Secure Corporation - C:\Programme\F-Secure\FWES\Program\fsdfwd.exe O23 - Service: F-Secure Management Agent (FSMA) - F-Secure Corporation - C:\Programme\F-Secure\Common\FSMA32.EXE -- End of file - 5280 bytes |
08.07.2008, 16:21 | #9 |
| Problem im Firefox Hier ist mein "Malewarebytes"-Ergebnis. Komisch, es hat nichts gefunden... Malwarebytes' Anti-Malware 1.20 Datenbank Version: 931 Windows 5.1.2600 Service Pack 2 17:17:40 08.07.2008 mbam-log-7-8-2008 (17-17-40).txt Scan Art: Komplett Scan (C:\|) Objekte gescannt: 51391 Scan Dauer: 25 minute(s), 55 second(s) Infizierte Speicher Prozesse: 0 Infizierte Speicher Module: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Datei Objekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicher Prozesse: (Keine Malware Objekte gefunden) Infizierte Speicher Module: (Keine Malware Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine Malware Objekte gefunden) Infizierte Registrierungswerte: (Keine Malware Objekte gefunden) Infizierte Datei Objekte der Registrierung: (Keine Malware Objekte gefunden) Infizierte Verzeichnisse: (Keine Malware Objekte gefunden) Infizierte Dateien: (Keine Malware Objekte gefunden) |
09.07.2008, 12:26 | #11 |
| Problem im Firefox GMER sah eigentlich unuffällig aus und hatte keine roten Einträge. Ich kann leider keinen Screenshot machen. Unter "Ausnahmen" steht "hausaufgaben" und "blockiert". Ja, die Logs sind vollständig ---- System - GMER 1.0.14 ---- Code \WINDOWS\System32\drivers\fsndis5.sys (F-Secure Network Interceptor/F-Secure Corporation) IoCreateDevice ---- User code sections - GMER 1.0.14 ---- .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!StrStrW + FFE28DAA 7C9D2175 260 Bytes [ BD, EF, 77, DE, 82, EF, 77, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!StrStrW + FFE28EAF 7C9D227A 1 Byte [ 00 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!StrStrW + FFE28EB1 7C9D227C 584 Bytes [ 85, F1, D3, 77, 04, 06, D6, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!StrStrW + FFE290FA 7C9D24C5 383 Bytes [ 01, D4, 77, 6E, B4, D1, 77, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!StrStrW + FFE2927A 7C9D2645 168 Bytes [ 85, D3, 77, 9F, 01, D2, 77, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFree + 1C2 7C9F2AC3 274 Bytes [ 53, 48, 46, 69, 6E, 64, 5F, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFree + 2D5 7C9F2BD6 118 Bytes [ 53, 48, 47, 65, 74, 46, 69, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFree + 34C 7C9F2C4D 16 Bytes [ 53, 48, 47, 65, 74, 46, 6F, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFree + 35D 7C9F2C5E 94 Bytes [ 53, 48, 47, 65, 74, 49, 63, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFree + 3BC 7C9F2CBD 62 Bytes [ 53, 48, 47, 65, 74, 4E, 65, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHLoadOLE + C0 7C9F30BD 48 Bytes [ 53, 48, 53, 68, 65, 6C, 6C, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHLoadOLE + F1 7C9F30EE 117 Bytes [ 53, 48, 53, 74, 61, 72, 74, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHLoadOLE + 167 7C9F3164 217 Bytes [ 53, 48, 56, 61, 6C, 69, 64, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILClone + 9 7C9F323E 386 Bytes [ 53, 68, 65, 53, 65, 74, 43, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILClone + 18C 7C9F33C1 165 Bytes [ 74, 72, 43, 68, 72, 49, 41, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILClone + 232 7C9F3467 72 Bytes [ 53, 74, 72, 52, 43, 68, 72, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILCloneFirst + 12 7C9F34B0 218 Bytes [ 53, 74, 72, 53, 74, 72, 57, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILCombine + 3C 7C9F358B 68 Bytes [ 68, 49, 73, 52, 65, 6C, 61, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILCombine + 81 7C9F35D0 56 Bytes [ 55, 8B, EC, FF, 75, 08, 6A, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILCombine + BD 7C9F360C 67 Bytes [ 8B, FF, 55, 8B, EC, 53, 57, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILCombine + 101 7C9F3650 21 Bytes [ 00, 00, 8B, F8, 39, 1D, E4, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILCombine + 117 7C9F3666 116 Bytes [ 15, 68, 1A, 9D, 7C, 5E, 8B, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetDesktopFolder + 64 7C9F3C02 4 Bytes [ 80, 89, 7D, 0C ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetDesktopFolder + 69 7C9F3C07 1 Byte [ 15 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetDesktopFolder + 6B 7C9F3C09 18 Bytes [ 1B, 9D, 7C, FF, 75, 10, 8D, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetDesktopFolder + 7E 7C9F3C1C 57 Bytes [ F8, 50, 53, FF, 75, 08, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetDesktopFolder + B8 7C9F3C56 29 Bytes [ 8B, C7, 5F, 5E, C9, C2, 0C, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHRestricted + 1 7C9F4590 45 Bytes JMP 7097D097 .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHRestricted + 31 7C9F45C0 63 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHRestricted + 71 7C9F4600 21 Bytes [ 00, 8B, 45, 0C, C9, C2, 08, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHRestricted + 87 7C9F4616 22 Bytes [ 8B, C1, 8D, 50, 04, C7, 00, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHRestricted + 9E 7C9F462D 12 Bytes [ 00, 0F, 85, 90, 8C, 00, 00, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILRemoveLastID + 12 7C9F4EE6 26 Bytes [ 5F, 5E, 8B, C3, 5B, 5D, C2, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILRemoveLastID + 2D 7C9F4F01 10 Bytes [ 00, 73, 00, 65, 00, 44, 00, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILRemoveLastID + 38 7C9F4F0C 45 Bytes [ 6B, 00, 74, 00, 6F, 00, 70, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILRemoveLastID + 66 7C9F4F3A 13 Bytes [ 63, 00, 79, 00, 4C, 00, 4D, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILRemoveLastID + 74 7C9F4F48 27 Bytes [ 68, 00, 61, 00, 76, 00, 69, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSetSettings + 19 7C9F50F6 12 Bytes [ 45, 00, 76, 00, 65, 00, 6E, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSetSettings + 26 7C9F5103 4 Bytes [ 00, 49, 00, 6E ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSetSettings + 2B 7C9F5108 7 Bytes [ 68, 00, 65, 00, 72, 00, 69 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSetSettings + 33 7C9F5110 47 Bytes [ 74, 00, 43, 00, 6F, 00, 6E, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSetSettings + 63 7C9F5140 19 Bytes [ 62, 00, 56, 00, 69, 00, 65, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCLSIDFromString + 66 7C9F5546 51 Bytes [ 70, 00, 53, 00, 63, 00, 72, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCLSIDFromString + 9A 7C9F557A 104 Bytes [ 75, 00, 6E, 00, 64, 00, 50, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCLSIDFromString + 104 7C9F55E4 60 Bytes [ 08, 00, 00, 00, 10, 58, 9D, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCLSIDFromString + 141 7C9F5621 49 Bytes [ 01, 00, 00, 10, 58, 9D, 7C, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCLSIDFromString + 173 7C9F5653 24 Bytes [ 00, 10, 58, 9D, 7C, E0, 56, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFindLastID + 2A 7C9F56D5 13 Bytes [ 00, 00, 01, 10, 58, 9D, 7C, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFindLastID + 38 7C9F56E3 107 Bytes [ 02, 10, 58, 9D, 7C, 38, 55, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFindLastID + A4 7C9F574F 79 Bytes [ 40, 10, 58, 9D, 7C, 20, 54, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFindLastID + F5 7C9F57A0 109 Bytes [ 09, 00, 00, 40, 10, 58, 9D, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFindLastID + 164 7C9F580F 46 Bytes [ 40, 00, 53, 9D, 7C, B0, 51, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHParseDisplayName + 1B 7C9F6872 111 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHParseDisplayName + 8B 7C9F68E2 2 Bytes [ 21, 00 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHParseDisplayName + 8F 7C9F68E6 19 Bytes [ 3B, C7, 5F, 0F, 85, FD, 24, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHParseDisplayName + A3 7C9F68FA 63 Bytes [ C0, 75, 03, 8D, 46, 20, 5E, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHParseDisplayName + E4 7C9F693B 66 Bytes [ 45, 0C, 5D, C2, 0C, 00, 90, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHILCreateFromPath + 6C 7C9F6E93 31 Bytes [ C5, BC, 7C, 89, 45, FC, 8B, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHILCreateFromPath + 8C 7C9F6EB3 27 Bytes CALL 7C9F6E58 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHILCreateFromPath + A8 7C9F6ECF 46 Bytes [ 00, 00, 8B, D8, 8B, 4D, FC, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHILCreateFromPath + D8 7C9F6EFF 32 Bytes [ 8B, 45, 14, 53, 8B, 5D, 08, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHILCreateFromPath + F9 7C9F6F20 69 Bytes [ 00, 8D, BD, E4, FB, FF, FF, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILCreateFromPath 7C9F6FBF 74 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILCreateFromPath + 4B 7C9F700A 87 Bytes [ 45, 0C, 57, 8B, F1, 50, 8D, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILCreateFromPath + A3 7C9F7062 101 Bytes [ 33, C0, 8B, 4D, FC, 5F, 5E, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILCreateFromPath + 109 7C9F70C8 49 Bytes [ 50, 56, 89, 85, D8, FD, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILCreateFromPath + 13B 7C9F70FA 25 Bytes CALL 7C9F6FC3 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFileInfoW + 12 7C9F78BF 138 Bytes [ 7D, 14, 8B, F0, 89, 7D, 0C, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFileInfoW + 9D 7C9F794A 2 Bytes [ 5D, 14 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFileInfoW + A0 7C9F794D 58 Bytes [ 45, E4, 8B, 45, 18, 56, 8B, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFileInfoW + DC 7C9F7989 18 Bytes [ FF, 75, D8, 8B, 46, 18, 8B, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFileInfoW + EF 7C9F799C 5 Bytes [ 57, 0C, 8B, F8, 85 ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHFree + 16 7C9F7AA0 12 Bytes [ 75, C0, 50, FF, 51, 0C, 8B, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHFree + 23 7C9F7AAD 54 Bytes [ 75, C4, 8D, 45, D0, FF, 75, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHFree + 5A 7C9F7AE4 67 Bytes [ 8B, FF, 55, 8B, EC, 83, EC, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHFree + 9E 7C9F7B28 177 Bytes [ 50, 8D, 45, F4, 50, 53, 8D, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHFree + 150 7C9F7BDA 12 Bytes [ 75, 20, FF, 75, 08, FF, 75, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSpecialFolderPathW + 10 7C9F7F1E 89 Bytes [ 64, 00, 69, 00, 6E, 00, 67, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSpecialFolderPathW + 6A 7C9F7F78 4 Bytes [ 66, C7, 03, 19 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSpecialFolderPathW + 6F 7C9F7F7D 25 Bytes [ C6, 43, 02, 2F, 75, 14, 8D, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSpecialFolderPathW + 89 7C9F7F97 31 Bytes [ 33, FF, 8B, 4D, FC, 8B, C7, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSpecialFolderPathW + AB 7C9F7FB9 15 Bytes [ C3, 90, 90, 90, 90, 90, 8B, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFolderPathW + E 7C9F869C 5 Bytes [ FF, 75, 08, E8, 59 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFolderPathW + 14 7C9F86A2 100 Bytes [ 00, 00, 85, C0, 75, 41, 8B, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFolderPathW + 79 7C9F8707 10 Bytes [ 00, A1, 08, C5, BC, 7C, 83, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFolderPathW + 85 7C9F8713 6 Bytes [ 00, 56, 89, 45, FC, 8B ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFolderPathW + 8C 7C9F871A 23 Bytes [ 08, 57, 50, 8B, F9, E8, 17, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFolderLocation + 28 7C9F9829 35 Bytes [ 83, BD, EC, FD, FF, FF, 02, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFolderLocation + 4C 7C9F984D 43 Bytes [ 00, 33, DB, 66, 39, 1E, 0F, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFolderLocation + 79 7C9F987A 84 Bytes CALL 7C9F091D C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSpecialFolderLocation + 4C 7C9F98CF 13 Bytes [ 85, FC, FD, FF, FF, 50, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSpecialFolderLocation + 5A 7C9F98DD 4 Bytes [ B5, EC, FD, FF ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSpecialFolderLocation + 5F 7C9F98E2 1 Byte [ 8D ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSpecialFolderLocation + 61 7C9F98E4 5 Bytes [ FC, FD, FF, FF, 50 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSpecialFolderLocation + 67 7C9F98EA 11 Bytes [ 15, 7C, 20, 9D, 7C, 83, BD, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILIsEqual + 11 7C9F9A7D 5 Bytes [ 0C, 8D, 8D, DC, FD ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILIsEqual + 17 7C9F9A83 40 Bytes CALL 7C9F9A85 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILIsEqual + 40 7C9F9AAC 25 Bytes [ 5F, 5E, 5B, 74, 0C, FF, B5, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILIsEqual + 5A 7C9F9AC6 8 Bytes CALL 7C9F0920 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILIsEqual + 63 7C9F9ACF 4 Bytes [ 90, 90, 90, 90 ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetPathFromIDListW + 15 7C9F9D91 6 Bytes [ C5, BC, 7C, 89, 45, FC ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetPathFromIDListW + 1C 7C9F9D98 44 Bytes [ 45, 08, 50, 6A, 07, 8D, 45, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetPathFromIDListW + 49 7C9F9DC5 44 Bytes [ 85, C0, 0F, 85, 19, B1, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetPathFromIDListW + 76 7C9F9DF2 31 Bytes CALL 7C9F9A1E C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetPathFromIDListW + 96 7C9F9E12 29 Bytes [ C0, 0F, 84, 7C, 6E, 02, 00, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!RealDriveType + 1E 7C9F9E9C 23 Bytes [ 34, 50, FF, 76, 14, E8, 63, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DriveType 7C9F9EB6 24 Bytes [ 90, 90, 8B, FF, 55, 8B, EC, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DriveType + 19 7C9F9ECF 18 Bytes [ 76, 04, FF, 75, 0C, 53, E8, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DriveType + 2C 7C9F9EE2 69 Bytes [ 74, 2C, 6A, 00, 8D, 45, 0C, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DriveType + 72 7C9F9F28 10 Bytes [ FF, 55, 8B, EC, 8B, 45, 0C, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DriveType + 7D 7C9F9F33 29 Bytes [ 7F, 0F, 87, CF, 5D, 06, 00, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!IsNetDrive + B 7C9FA04A 151 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!IsNetDrive + A4 7C9FA0E3 3 Bytes [ 8B, FF, 55 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!IsNetDrive + A8 7C9FA0E7 122 Bytes [ EC, 51, 83, 65, FC, 00, 53, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!IsNetDrive + 123 7C9FA162 24 Bytes [ C7, 5F, 5E, C9, C3, 90, 90, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!IsNetDrive + 13C 7C9FA17B 1 Byte [ 00 ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllGetClassObject + 3C 7C9FADA4 91 Bytes [ C5, BC, 7C, 56, 8B, 75, 0C, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllGetClassObject + 98 7C9FAE00 16 Bytes [ B5, E0, FD, FF, FF, E8, 64, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllGetClassObject + A9 7C9FAE11 55 Bytes [ 85, E0, FD, FF, FF, 8D, 95, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllGetClassObject + E1 7C9FAE49 56 Bytes [ 8B, 85, E0, FD, FF, FF, 8B, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllGetClassObject + 11A 7C9FAE82 3 Bytes [ EC, 83, EC ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCoCreateInstance + 2 7C9FAFF2 11 Bytes CALL 7C9FB4F4 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCoCreateInstance + F 7C9FAFFF 37 Bytes [ FC, 66, F7, D8, 5F, 5E, 5B, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCoCreateInstance + 37 7C9FB027 19 Bytes CALL 7C9F3A80 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCoCreateInstance + 4B 7C9FB03B 5 Bytes [ 90, 90, 90, 90, 8B ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCoCreateInstance + 51 7C9FB041 30 Bytes [ 55, 8B, EC, 81, EC, 14, 02, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Shell_GetImageLists + 5E 7C9FB158 32 Bytes [ C9, C2, 10, 00, 90, 90, 90, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Shell_GetImageLists + 80 7C9FB17A 49 Bytes [ 00, 53, 8B, 5D, 18, 56, 8B, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHBindToParent + 27 7C9FB1AC 45 Bytes [ 00, 8D, 85, F4, F5, FF, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHBindToParent + 55 7C9FB1DA 107 Bytes [ FF, C9, C2, 18, 00, 33, C0, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHBindToParent + C1 7C9FB246 67 Bytes [ C4, FF, FF, 8D, 85, E4, FD, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHBindToParent + 105 7C9FB28A 29 Bytes [ 8B, 55, 10, A1, 08, C5, BC, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHBindToParent + 123 7C9FB2A8 106 Bytes [ 08, 51, 33, FF, 50, 57, 89, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHSimpleIDListFromPath 7C9FB4F4 3 Bytes [ 90, 90, 90 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHSimpleIDListFromPath + 4 7C9FB4F8 47 Bytes [ FF, 55, 8B, EC, 56, 8B, 75, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHSimpleIDListFromPath + 34 7C9FB528 10 Bytes [ C6, 5E, 5D, C2, 08, 00, 90, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHSimpleIDListFromPath + 3F 7C9FB533 62 Bytes [ 8B, FF, 55, 8B, EC, 81, EC, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathIsSlowW + 25 7C9FB572 29 Bytes [ FF, C9, C2, 08, 00, 90, 90, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathIsSlowW + 43 7C9FB590 30 Bytes [ 8B, F1, 47, 83, BE, A4, 00, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathIsSlowW + 62 7C9FB5AF 107 Bytes [ FF, 8D, 85, EC, FD, FF, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathIsSlowW + CE 7C9FB61B 170 Bytes [ 55, 8B, EC, 56, 8B, 75, 08, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathIsSlowW + 179 7C9FB6C6 20 Bytes [ C7, 06, 80, 7A, 9D, 7C, 74, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILIsParent + A2 7C9FB7B9 116 Bytes [ 4D, 10, 56, 8B, 75, 0C, 8B, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFindChild + 57 7C9FB82E 5 Bytes [ C6, 5E, 5D, C2, 0C ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFindChild + 5D 7C9FB834 8 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFindChild + 66 7C9FB83D 10 Bytes [ EC, 56, 57, 68, 98, 04, 00, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFindChild + 71 7C9FB848 12 Bytes [ FF, FF, 85, C0, 59, 74, 44, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILFindChild + 7E 7C9FB855 7 Bytes [ 75, 0C, FF, 75, 08, E8, 8F ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotifyRegister + 13 7C9FE90C 38 Bytes [ 83, 7B, 34, 00, 74, 0C, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotifyRegister + 3A 7C9FE933 54 Bytes [ 80, 74, 17, 5F, 5E, 5B, 5D, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotifyRegister + 71 7C9FE96A 13 Bytes [ 07, 33, C0, 5E, 5D, C2, 08, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotifyRegister + 7F 7C9FE978 83 Bytes CALL 7C9F4659 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotifyRegister + D3 7C9FE9CC 42 Bytes [ 4B, FF, FF, 85, C0, 59, 74, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Shell_MergeMenus + 4 7C9FF77B 5 Bytes [ 75, 08, 83, 7E, 08 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Shell_MergeMenus + A 7C9FF781 49 Bytes [ 74, 1B, 8D, 45, 14, 50, 6A, ... ] . |
09.07.2008, 12:27 | #12 |
| Problem im Firefox text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Shell_MergeMenus + 3C 7C9FF7B3 1 Byte [ F4 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Shell_MergeMenus + 40 7C9FF7B7 1 Byte [ 50 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Shell_MergeMenus + 42 7C9FF7B9 2 Bytes [ 76, BD ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCreateShellFolderView + 11 7CA0067F 37 Bytes CALL 7C9FCD0D C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCreateShellFolderView + 37 7CA006A5 302 Bytes [ A8, 20, 0F, 85, 84, 53, 05, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCreateShellFolderView + 167 7CA007D5 41 Bytes [ B8, 05, 40, 00, 80, 74, 30, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCreateShellFolderView + 191 7CA007FF 5 Bytes [ 75, 10, FF, 75, 0C ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCreateShellFolderView + 198 7CA00806 54 Bytes [ 08, 50, FF, 51, 1C, 5B, 5E, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Shell_GetCachedImageIndex + 23 7CA06AFA 24 Bytes [ C9, C2, 10, 00, 90, 90, 90, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Shell_GetCachedImageIndex + 3C 7CA06B13 31 Bytes [ 06, 8B, D9, 57, 8D, 7B, 7C, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Shell_GetCachedImageIndex + 5C 7CA06B33 130 Bytes [ 55, 8B, EC, 81, EC, 28, 01, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Shell_GetCachedImageIndex + DF 7CA06BB6 1 Byte [ 61 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Shell_GetCachedImageIndex + E1 7CA06BB8 1 Byte [ 6E ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHMapIDListToImageListIndexAsync + B1 7CA07377 18 Bytes [ 55, 8B, EC, 8B, 45, 08, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHMapIDListToImageListIndexAsync + C6 7CA0738C 5 Bytes [ 8B, FF, 55, 8B, EC ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHMapIDListToImageListIndexAsync + CC 7CA07392 49 Bytes [ 45, 08, 56, 57, 8B, 7D, 10, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHMapIDListToImageListIndexAsync + FE 7CA073C4 41 Bytes CALL 7C9F6B73 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHMapIDListToImageListIndexAsync + 128 7CA073EE 61 Bytes [ C8, 23, 4D, 0C, 3B, C8, 0F, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHMapPIDLToSystemImageListIndex + B 7CA07E84 3 Bytes [ C2, 5F, 05 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHMapPIDLToSystemImageListIndex + F 7CA07E88 1 Byte [ 8B ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 11 7CA07E8A 77 Bytes CALL 061D3B9E .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHMapPIDLToSystemImageListIndex + 5F 7CA07ED8 65 Bytes [ 0F, 84, 9A, 45, 05, 00, 8B, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHMapPIDLToSystemImageListIndex + A1 7CA07F1A 48 Bytes [ FF, 55, 8B, EC, 8D, 81, 64, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHDefExtractIconW + 2 7CA0997A 29 Bytes JMP 7CA098F4 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHDefExtractIconW + 20 7CA09998 25 Bytes [ 55, 8B, EC, 83, EC, 40, 8B, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHDefExtractIconW + 3A 7CA099B2 30 Bytes [ 84, AE, 1B, 00, 00, 56, 57, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHDefExtractIconW + 59 7CA099D1 108 Bytes [ 1E, 05, 00, 8D, 45, 0C, 50, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHExtractIconsW + 15 7CA09A3E 10 Bytes [ FF, 43, 83, C7, 1C, 3B, 5E, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHExtractIconsW + 20 7CA09A49 23 Bytes [ 76, 38, 68, 02, 00, 00, 80, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHExtractIconsW + 39 7CA09A62 4 Bytes CALL 7CA09838 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHExtractIconsW + 3E 7CA09A67 53 Bytes [ FF, 83, 7E, 3C, 00, 5B, 74, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHExtractIconsW + 75 7CA09A9E 3 Bytes [ 90, 90, 90 ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllGetVersion + 6 7CA0A619 56 Bytes [ 08, 50, FF, 51, 08, FF, 75, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllGetVersion + 3F 7CA0A652 66 Bytes CALL 7C9F5F71 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllGetVersion + 82 7CA0A695 19 Bytes [ 07, 80, EB, E0, 90, 90, 90, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllGetVersion + 96 7CA0A6A9 30 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllGetVersion + B5 7CA0A6C8 45 Bytes [ FF, 15, 0C, 13, 9D, 7C, 83, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotification_Unlock + 24 7CA0A752 23 Bytes [ 8B, 75, 10, F7, C6, 10, 00, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotification_Unlock + 3C 7CA0A76A 90 Bytes [ 15, 56, 53, FF, B5, EC, FD, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotification_Unlock + 97 7CA0A7C5 33 Bytes [ FF, 89, 85, E4, FD, FF, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotification_Unlock + BA 7CA0A7E8 2 Bytes [ 85, C0 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotification_Unlock + BD 7CA0A7EB 3 Bytes [ 85, D3, 4A ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotify + 1B 7CA0AC42 64 Bytes [ 90, 90, 90, 90, 90, 90, 84, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotify + 5D 7CA0AC84 41 Bytes [ D0, 9C, A0, 7C, B4, 9C, A0, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotify + 87 7CA0ACAE 4 Bytes [ 31, 00, 33, 00 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotify + 8C 7CA0ACB3 34 Bytes [ 00, 66, 00, 70, 00, 69, 00, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotify + AF 7CA0ACD6 7 Bytes [ 69, 00, 63, 00, 6F, 00, 6E ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILSaveToStream + 9D 7CA0C403 57 Bytes [ 46, 54, 50, FF, D7, 8B, 8E, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILSaveToStream + D7 7CA0C43D 111 Bytes [ F1, 6A, 00, FF, 36, FF, 15, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILSaveToStream + 147 7CA0C4AD 42 Bytes [ 46, 08, 85, C0, 74, 0B, 50, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILSaveToStream + 172 7CA0C4D8 42 Bytes [ 15, A0, 1C, 9D, 7C, 85, C0, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILSaveToStream + 19D 7CA0C503 15 Bytes [ FF, 90, 90, 90, 90, 90, 83, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCloneSpecialIDList + 2C 7CA0D669 19 Bytes [ 90, 90, 90, 90, 8B, FF, 55, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCloneSpecialIDList + 40 7CA0D67D 16 Bytes [ 00, FF, 75, 08, 8B, F1, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCloneSpecialIDList + 51 7CA0D68E 28 Bytes [ 42, 83, 7E, 54, 00, 75, 0A, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCloneSpecialIDList + 6E 7CA0D6AB 38 Bytes [ 51, 18, 8B, F8, 85, FF, 7C, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHCloneSpecialIDList + 95 7CA0D6D2 75 Bytes [ C7, 5F, 5E, C9, C2, 04, 00, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathIsExe + 23 7CA0DB6B 18 Bytes [ 85, B0, FB, FF, FF, 83, C0, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathIsExe + 36 7CA0DB7E 14 Bytes [ FF, 85, C0, 0F, 85, 46, E4, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathIsExe + 45 7CA0DB8D 19 Bytes CALL 7CA0DBA4 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathIsExe + 5C 7CA0DBA4 115 Bytes [ 90, 8B, FF, 55, 8B, EC, 6A, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathIsExe + D0 7CA0DC18 17 Bytes [ 59, 9D, 7C, FF, B5, B4, FB, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!IsLFNDrive + 23 7CA0DE8C 9 Bytes [ 85, C0, 74, 1E, 8B, 45, F8, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!IsLFNDrive + 2E 7CA0DE97 3 Bytes [ AA, F1, 00 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!IsLFNDrive + 32 7CA0DE9B 96 Bytes [ 8D, 48, 04, 6A, 01, E8, F1, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!IsLFNDrive + 93 7CA0DEFC 48 Bytes [ 15, 68, 13, 9D, 7C, E9, 04, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!IsLFNDrive + C4 7CA0DF2D 45 Bytes JMP 7CA053AA C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHAddToRecentDocs + 4B 7CA0E774 5 Bytes [ FF, 8B, CE, E8, 0A ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHAddToRecentDocs + 52 7CA0E77B 5 Bytes [ 00, E9, 52, F6, FF ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHAddToRecentDocs + 58 7CA0E781 117 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHAddToRecentDocs + CE 7CA0E7F7 129 Bytes [ 75, 10, FF, 75, FC, E8, D6, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHAddToRecentDocs + 150 7CA0E879 95 Bytes [ 59, 33, C0, EB, F1, 8B, 75, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Win32DeleteFile 7CA0EE68 115 Bytes [ 90, 8B, FF, 55, 8B, EC, 81, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Win32DeleteFile + 74 7CA0EEDC 22 Bytes [ 4D, FC, 5F, 5E, 5B, E8, 3A, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Win32DeleteFile + 8B 7CA0EEF3 83 Bytes [ EC, 56, 57, 6A, 01, 33, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Win32DeleteFile + E0 7CA0EF48 23 Bytes [ 00, 8B, F8, F7, C7, 00, 20, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!Win32DeleteFile + F8 7CA0EF60 43 Bytes [ 90, E4, 00, 00, 00, 85, C0, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathYetAnotherMakeUniqueName + 2 7CA0F22E 152 Bytes [ 7C, 65, 53, FF, 15, 8C, 1A, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathYetAnotherMakeUniqueName + 9B 7CA0F2C7 10 Bytes [ 15, A0, 1A, 9D, 7C, 33, C0, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathYetAnotherMakeUniqueName + A7 7CA0F2D3 76 Bytes [ 33, C0, EB, F8, 90, 90, 90, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathYetAnotherMakeUniqueName + F6 7CA0F322 2 Bytes [ 5F, 5E ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathYetAnotherMakeUniqueName + FA 7CA0F326 1 Byte [ 15 ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathCleanupSpec + 79 7CA0F488 11 Bytes [ FF, 15, 00, 13, 9D, 7C, 57, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathCleanupSpec + 85 7CA0F494 66 Bytes CALL 7CA0F679 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetNewLinkInfoW + 2A 7CA0F4D7 11 Bytes [ B5, DC, FD, FF, FF, 8B, F8, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetNewLinkInfoW + 36 7CA0F4E3 4 Bytes [ 89, 85, E0, FD ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetNewLinkInfoW + 3C 7CA0F4E9 1 Byte [ 8D ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetNewLinkInfoW + 3E 7CA0F4EB 2 Bytes [ F0, FD ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetNewLinkInfoW + 42 7CA0F4EF 75 Bytes [ 50, FF, B5, EC, FD, FF, FF, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!StrStrIW + D 7CA0FB18 181 Bytes [ 75, 08, FF, 15, A0, 1A, 9D, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!StrStrIW + C3 7CA0FBCE 25 Bytes [ 53, 8D, 45, FC, 50, FF, 75, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!StrStrIW + DD 7CA0FBE8 3 Bytes [ 46, 1C, 8B ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!StrStrIW + E1 7CA0FBEC 26 Bytes [ 53, FF, 75, FC, FF, 75, 10, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!StrStrIW + FC 7CA0FC07 50 Bytes CALL 7CA0FC3C C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotifyDeregister + 16 7CA0FCD5 7 Bytes [ B5, D8, F7, FF, FF, 53, FF ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotifyDeregister + 1E 7CA0FCDD 159 Bytes [ 18, 85, C0, 0F, 8D, D8, 00, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotifyDeregister + BE 7CA0FD7D 4 Bytes [ 85, C0, 7C, 2B ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotifyDeregister + C3 7CA0FD82 7 Bytes [ 55, 10, 8B, 45, FC, 8B, 08 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotifyDeregister + CB 7CA0FD8A 37 Bytes [ E2, 01, F6, DA, 1B, D2, 81, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllCanUnloadNow + 76 7CA1162F 31 Bytes [ 00, 83, 4D, F8, FF, 8D, 45, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllCanUnloadNow + 97 7CA11650 30 Bytes [ 00, 89, 7D, F4, 89, 7D, FC, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllCanUnloadNow + B6 7CA1166F 14 Bytes [ 01, 6A, 01, FF, 50, 14, E9, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllCanUnloadNow + C5 7CA1167E 46 Bytes [ 90, 8B, FF, 55, 8B, EC, 51, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!DllCanUnloadNow + F4 7CA116AD 31 Bytes [ 5B, C9, C3, 90, 90, 90, 90, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetMalloc + 2 7CA11FE6 92 Bytes [ 50, 10, 85, C0, 0F, 8C, 31, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetMalloc + 5F 7CA12043 51 Bytes JMP 7CA11C85 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetMalloc + 94 7CA12078 5 Bytes [ 9D, 7C, 2B, F9, C1 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetMalloc + 9A 7CA1207E 27 Bytes [ 02, 03, F1, 8B, 16, 03, D9, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetMalloc + B6 7CA1209A 49 Bytes [ 9D, 7C, 85, D2, 89, 45, FC, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFileInfo + B 7CA136EF 1 Byte [ 8D ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFileInfo + D 7CA136F1 31 Bytes [ F8, 50, FF, 75, F8, 53, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFileInfo + 2D 7CA13711 56 Bytes [ 15, 8C, 1A, 9D, 7C, 8D, 74, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFileInfo + 66 7CA1374A 32 Bytes [ 15, E4, 20, 9D, 7C, 8D, 45, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetFileInfo + 87 7CA1376B 6 Bytes [ 15, 28, 19, 9D, 7C, 8B ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetImageList + 3E 7CA13AB7 35 Bytes CALL 7C9F3A80 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetImageList + 62 7CA13ADB 318 Bytes [ FD, FF, FF, 50, FF, 15, F8, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetImageList + 1A1 7CA13C1A 48 Bytes [ 88, 98, 02, 00, 00, 89, 4D, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetImageList + 1D2 7CA13C4B 62 Bytes [ 00, 3B, CA, 0F, 85, 54, FA, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetImageList + 211 7CA13C8A 8 Bytes [ C9, C2, 08, 00, 90, 90, 90, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotification_Lock + 2 7CA18B23 24 Bytes [ 15, F0, 18, 9D, 7C, 85, C0, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotification_Lock + 1B 7CA18B3C 44 Bytes [ EC, FD, FF, FF, 0F, 8C, 7F, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotification_Lock + 48 7CA18B69 54 Bytes [ 57, 68, 7D, 00, 00, 40, 8B, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotification_Lock + 7F 7CA18BA0 39 Bytes [ F6, 87, 59, 06, 00, 00, 02, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHChangeNotification_Lock + A7 7CA18BC8 116 Bytes [ F0, 3B, F3, 0F, 8C, 8D, 00, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILLoadFromStream + 1F 7CA19F90 103 Bytes CALL 7CA0068E C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILLoadFromStream + 87 7CA19FF8 9 Bytes [ 0F, 84, 28, BC, 03, 00, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILLoadFromStream + 91 7CA1A002 52 Bytes CALL 7C9FFFB8 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILLoadFromStream + C6 7CA1A037 75 Bytes [ 00, 8B, 4E, 14, 6A, 02, 68, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ILLoadFromStream + 112 7CA1A083 23 Bytes [ 80, 8E, 11, 02, 00, 00, 04, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetDataFromIDListW + 25 7CA1A324 42 Bytes CALL 7C9F968E C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetDataFromIDListW + 50 7CA1A34F 59 Bytes [ 85, F4, FD, FF, FF, 50, 8D, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetDataFromIDListW + 8D 7CA1A38C 27 Bytes [ 01, E4, FD, FF, 50, 68, 00, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetDataFromIDListW + A9 7CA1A3A8 25 Bytes [ FF, FF, 90, 90, 90, 90, 90, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetDataFromIDListW + C3 7CA1A3C2 8 Bytes [ 18, 83, 7D, 0C, 00, 8D, 04, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetRealIDL + 96 7CA1B0BB 37 Bytes [ 00, 89, 85, F0, FD, FF, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetRealIDL + BC 7CA1B0E1 43 Bytes [ 56, 8B, 75, 14, 83, 26, 00, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetRealIDL + E8 7CA1B10D 40 Bytes [ 75, 10, 8D, 55, 08, 52, 6A, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetRealIDL + 111 7CA1B136 11 Bytes JMP 7CA0C4E5 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetRealIDL + 11D 7CA1B142 23 Bytes [ 55, 8B, EC, 51, 53, 8B, 5D, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!CommandLineToArgvW + 59 7CA1C1C4 10 Bytes [ CE, FF, 50, 14, 8B, C7, 5F, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!CommandLineToArgvW + 64 7CA1C1CF 9 Bytes [ 00, 90, 90, 90, 90, 90, 8B, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!CommandLineToArgvW + 6E 7CA1C1D9 8 Bytes [ EC, 56, 8B, F1, E8, 19, 00, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!CommandLineToArgvW + 77 7CA1C1E2 19 Bytes [ F6, 45, 08, 01, 74, 07, 56, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!CommandLineToArgvW + 8B 7CA1C1F6 34 Bytes [ 90, 90, 90, 90, 90, 8B, FF, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathResolve + 5D 7CA1D37A 9 Bytes [ FF, 15, 1C, 18, 9D, 7C, 85, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathResolve + 67 7CA1D384 6 Bytes [ D8, 0F, 84, 29, 01, 00 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!PathResolve + 6E 7CA1D38B 277 Bytes [ 8B, 08, 8D, 55, EC, 52, 50, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!FindExecutableW + 2 7CA1D4A1 37 Bytes [ 75, 0C, 68, B4, E0, 9D, 7C, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!FindExecutableW + 28 7CA1D4C7 62 Bytes [ 75, 0C, 8B, 45, 08, 83, C0, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!FindExecutableW + 67 7CA1D506 6 Bytes [ 68, 20, E1, 9D, 7C, 57 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!FindExecutableW + 6E 7CA1D50D 62 Bytes CALL 7C9FBE95 C:\WINDOWS\system32\SHELL32.dll (Allgemeine Windows-Shell-DLL/Microsoft Corporation) .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!FindExecutableW + AD 7CA1D54C 71 Bytes [ 6A, 20, 8D, 45, DC, 50, E8, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHGetSettings + 32 7CA1D5F0 12 Bytes [ D0, 8B, 08, 50, FF, 51, 08, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteExW 7CA1D5FE 3 Bytes [ 90, 90, 90 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteExW + 4 7CA1D602 109 Bytes [ FF, 55, 8B, EC, 56, 57, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteExW + 72 7CA1D670 39 Bytes [ 48, 0C, 8B, D1, 57, C1, E9, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteExW + 9B 7CA1D699 3 Bytes [ 90, 90, 90 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteExW + 9F 7CA1D69D 37 Bytes [ FF, 55, 8B, EC, 56, 68, 48, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteEx + F 7CA1FB2B 48 Bytes [ 55, 8B, EC, 81, EC, 90, 00, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteEx + 40 7CA1FB5C 4 Bytes [ FF, FF, 51, 8D ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteEx + 45 7CA1FB61 2 Bytes [ 7C, FF ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteEx + 49 7CA1FB65 19 Bytes [ 51, 6A, 04, 50, 6A, 01, FF, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteEx + 5D 7CA1FB79 79 Bytes [ FF, FF, 74, 11, 6A, 01, 57, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteA + 94 7CA1FED8 56 Bytes [ 53, 00, 68, 00, 65, 00, 6C, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteA + D1 7CA1FF15 405 Bytes [ 8B, FF, 55, 8B, EC, FF, 75, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteA + 267 7CA200AB 246 Bytes [ 00, 56, FF, 75, 0C, E8, 81, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteA + 35E 7CA201A2 68 Bytes [ A1, 08, C5, BC, 7C, 89, 45, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!ShellExecuteA + 3A3 7CA201E7 24 Bytes [ 15, 40, 1D, 9D, 7C, 85, C0, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHTestTokenMembership + 3A 7CA21BB7 42 Bytes [ 68, 41, 01, 00, 00, 68, AC, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHTestTokenMembership + 65 7CA21BE2 56 Bytes [ 66, 3B, C3, 66, A3, 48, 18, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHTestTokenMembership + 9E 7CA21C1B 35 Bytes [ FF, 15, 1C, 18, 9D, 7C, 5E, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHTestTokenMembership + C2 7CA21C3F 4 Bytes [ 15, 10, 17, 9D ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!SHTestTokenMembership + C7 7CA21C44 15 Bytes [ 3B, C6, 74, 11, 68, 48, 7F, ... ] .text ... .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!OpenRegStream + 14 7CA220E2 31 Bytes [ 50, 68, 28, 11, A2, 7C, 8D, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!OpenRegStream + 34 7CA22102 14 Bytes [ 53, 50, 68, 00, 00, 00, 80, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!OpenRegStream + 43 7CA22111 4 Bytes [ 85, 14, 08, 00 ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!OpenRegStream + 48 7CA22116 27 Bytes [ 66, 89, 1E, 8B, 4D, FC, 5F, ... ] .text C:\WINDOWS\system32\winlogon.exe[876] SHELL32.dll!OpenRegStream + 64 7CA22132 97 Bytes [ 63, 00, 61, 00, 74, 00, 69, ... ] .text ... |
10.07.2008, 18:46 | #13 |
| Problem im Firefox Braucht ihr nochwas? |
10.07.2008, 19:28 | #14 |
| Problem im Firefox naja mit GMER log kann ich nicht soviel anfangen. sieht unvollständig aus. und ausserdem glaube ich nicht, dass es sich um ein Rootkit handelt. hast Du SUPERAntiSpyware drüber laufen lassen? eventuell davor im firefox deine add-ons überprüfen und gegebenfalls deinstallieren oder am besten bookmarks sichern und den FF komplett deinstallieren. danach nochmal einen Onlinescan, Malwarebytes und SuperAntiSpyware |
11.07.2008, 09:37 | #15 |
| Problem im Firefox Den FF habe ich in der alten Version (2.0.0.1.5) neu installiert, und alles blieb beim Alten. Nun habe ich den FF in neuer Version (3.0.) drauf. Es ist ziemlich gewöhnungsbedürftig, aber das Problem ist endlich behoben. Vielen Dank allen hier, die mir geholfen haben!! |
Themen zu Problem im Firefox |
blockieren, crazy, eintrag, entferne, entfernen, firefox, grafiken, immer wieder, installiere, installieren, komische, komischen, laden, neu, problem, versuche, warnen, webseite, webseiten |