Trojaner-Board
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Brauche Hilfe- Laptop hängt sich andauernd auf (https://www.trojaner-board.de/69722-brauche-hilfe-laptop-haengt-andauernd.html)

steffi1987 09.02.2009 17:53
Das einzige was er mir zeigt ist Toshiba MK825GAS und in der Spalte Value schwankt eszwischen 41 & 42 C° und in der Spalte Min steht 41 c° und bei Max 42C°

mehr steht da nicht auch nix von GPU

MfG

nochdigger 10.02.2009 13:41
Hallo

die Temperaturen sehen eigentlich nicht besonders erhöht aus, versuche bitte mal KIS komplett zu deaktivieren und berichte nochmal.
Wenns daran nicht liegt, weiß ich es leider auch nicht mehr.

MFG

steffi1987 14.02.2009 15:09
Ohne KIS schwanken alle werte zwischen 37 und 38°C aber von gpu und cpu steht immer noch nix da nur das gleiche wie oben

nochdigger 14.02.2009 18:32
Hallo

und wie ist es ohne KIS mit dem eigentlichen Problem?

MFG

steffi1987 15.02.2009 18:57
Ohne KIS war das problem auch nich besser.. Er war insgesamt noch langsamer und die internetseiten haben sich auch extrem langsam aufgebaut..

Ich hab jetzt 2 Benutzerkonten angelegt und die Programme auf beide aufgeteilt, kann das abhilfe schaffen?!

mfg

nochdigger 15.02.2009 22:07
Hallo

zwei Dinge würde ich noch testen wollen

Panda Active Scan
Folgende Seite führt dich durch die Installation: PandaActiveScan2.0 Installation

Drücke auf Jetzt Scannen!

Eine Registrierung ist nicht erforderlich!

Nachdem der Scan abgeschlossen ist drücke auf das Text-Icon Export und speichere das log auf dem Desktop.
Öffne die Datei ActiveScan.txt die sich nun auf deinem Desktop befindet und poste uns den Inhalt.
Catchme - Rootkit detector
Lade dir Catchme.exe runter auf deinen Desktop.
Starte Catchme.exe. Alle anderen Programme sollen geschlossen sein. Mit "Scan" starten.
Falls nach dem Ende des Scans im Fenster Dateien stehen, poste bitte den Inhalt der Logdatei hierher
Sorry, aber wenn auch hier nix weiter gefunden wird, würde ich das System einfach mal neu aufsetzen oder eine Reparaturinstallation durchziehen.

MFG

steffi1987 16.02.2009 12:02
catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

steffi1987 16.02.2009 16:58
;***************************************************************************************************************************************************** ******************************
ANALYSIS: 2009-02-16 15:31:07
PROTECTIONS: 1
MALWARE: 7
SUSPECTS: 0
;***************************************************************************************************************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================== ==============================
Kaspersky Internet Security 7.0.1.325 Yes Yes
;===================================================================================================================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================== ==============================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\XXX\Cookies\XXX@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\XXX\Cookies\XXX@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\XXX\Cookies\XXX@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\XXX\Cookies\XXX@tradedoubler[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\XXX\Cookies\XXX@mediaplex[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\XXX\Cookies\XXX@com[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\XXX\Cookies\XXX@perf.overture[1].txt
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{1A5F71B2-B371-48BF-97A6-0CF826FF9171}\RP236\A0068388.sys
;===================================================================================================================================================== ==============================
SUSPECTS
Sent Location x
;===================================================================================================================================================== ==============================
;===================================================================================================================================================== ==============================
VULNERABILITIES
Id Severity Description x
;===================================================================================================================================================== ==============================
;===================================================================================================================================================== ==============================

nochdigger 16.02.2009 22:06
Hallo

Ein Rootkit in der Systemwiederherstellung gefällt mir nicht, es muss da irgendwie auch hingekommen sein.
Überprüfe bitte dein System mit den Tools von dieser Seite
AntiRootkit Scanner Anleitung - HijackThis.de Support Board
benutze bitte:
Gmer
Sophos
Panda
Trend Micro
poste alle Logs hierher.

MFG

steffi1987 20.02.2009 22:23
So habs endlich geschafft alle programme laufen zu lassen..

Sophos, Trend Micro und Panda haben nichtf´s gefunden..

nur gmer hat mir nen ewig langes logfile ausgespuckt:

Hab das mal auf mehrere teile aufgeteilt weil es sonst zu groß is:


GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-18 11:33:28
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xEE8BE370]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwConnectPort [0xEE8BC420]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateKey [0xEE8AF7A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xEE8BE0A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xEE8BE210]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xEE8BEE70]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xEE8BE940]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xEE8BF7B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteKey [0xEE8AF8A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteValueKey [0xEE8AF920]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xEE8BE510]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xEE8AF9B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xEE8AFA60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xEE8AFB10]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xEE8AFB90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xEE8BBFD0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey [0xEE8B0590]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xEE8AFBB0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xEE8AFC80]
SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xF7511030]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xEE8AFD60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xEE8BDE90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xEE8BECA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xEE8AFE30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xEE8AFEE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xEE8BF460]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xEE8AFF90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwReplaceKey [0xEE8B0040]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRequestWaitReplyPort [0xEE8BCA00]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRestoreKey [0xEE8B00D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xEE8BF760]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xEE8B02D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xEE8BFAE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xEE8C00A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xEE8B0360]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xEE8BAC20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSystemInformation [0xEE8BEB20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetValueKey [0xEE8B0400]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xEE8BF710]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xEE8BC2E0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xEE8BF300]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xEE8B0550]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xEE8BE3D0]

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + 1D0 804E282C 12 Bytes [ D0, BF, 8B, EE, 90, 05, 8B, ... ]
.text ntoskrnl.exe!IoIsOperationSynchronous 804E875A 5 Bytes JMP EE8C09C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512919 5 Bytes JMP EE8C04C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
? C:\WINDOWS\system32\195.tmp

steffi1987 20.02.2009 22:32
---- User code sections - GMER 1.0.14 ----

? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[204] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[204] USER32.dll!AlignRects + FFFA5598 7E362A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe[272] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\ctfmon.exe[376] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\Explorer.EXE[412] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\Explorer.EXE[412] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\Explorer.EXE[412] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
.text C:\WINDOWS\Explorer.EXE[412] SHELL32.dll!StrStrW + FFE2C0A4 7E678AD0 3 Bytes [ 70, 04, 40 ]
? C:\WINDOWS\system32\DVDRAMSV.exe[536] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe[716] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[808] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\csrss.exe[880] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\winlogon.exe[904] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Messenger\msmsgs.exe[924] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Messenger\msmsgs.exe[924] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Programme\Messenger\msmsgs.exe[924] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\WINDOWS\system32\services.exe[948] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\lsass.exe[960] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\lsass.exe[960] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\lsass.exe[960] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\WINDOWS\system32\wdfmgr.exe[1000] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1120] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1172] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1172] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1172] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1276] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1276] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1276] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\WINDOWS\system32\igfxtray.exe[1528] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\igfxtray.exe[1528] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\igfxtray.exe[1528] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\WINDOWS\system32\hkcmd.exe[1536] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\hkcmd.exe[1536] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS

steffi1987 20.02.2009 22:35
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!StrStrW + FFE286FC 7E675128 3 Bytes [ F0, 00, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!StrStrW + FFE28708 7E675134 3 Bytes [ 60, 01, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!StrStrW + FFE2A5AC 7E676FD8 3 Bytes [ 00, 04, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!StrStrW + FFE2A6C4 7E6770F0 3 Bytes [ 70, 04, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!StrStrW + FFE2A774 7E6771A0 3 Bytes [ C0, 05, EA ]
.text ...
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!DllGetClassObject + 50B 7E6A2DC4 3 Bytes [ 90, 03, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!DllGetClassObject + 52B 7E6A2DE4 3 Bytes [ 20, 03, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!DllGetClassObject + 563 7E6A2E1C 3 Bytes [ B0, 02, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!ILLoadFromStream + BA2 7E6B74D8 3 Bytes [ 60, 08, EA ]
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1552] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1552] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1552] USER32.dll!AlignRects + FFFA5598 7E362A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1552] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\Programme\Java\jre1.5.0\bin\jusched.exe[1568] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE[1576] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE[1576] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE[1576] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\ctfmon.exe[1600] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\ctfmon.exe[1600] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\ctfmon.exe[1600] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1616] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1616] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1616] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe[1660] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\hkcmd.exe[1676] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\hkcmd.exe[1676] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\LEXBCES.EXE[1764] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\spoolsv.exe[1800] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\LEXPPS.EXE[1808] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\alg.exe[2148] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\winlogon.exe[2188] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[2204] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\SMSC\SetIcon.exe[2392] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\csrss.exe[2708] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch;
? C:\Programme\Java\jre1.5.0\bin\jusched.exe[2876] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!StrStrW + FFE286FC 7E675128 3 Bytes [ F0, 00, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!StrStrW + FFE28708 7E675134 3 Bytes [ 60, 01, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!StrStrW + FFE2A5AC 7E676FD8 3 Bytes [ 00, 04, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!StrStrW + FFE2A6C4 7E6770F0 3 Bytes [ 70, 04, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!StrStrW + FFE2A774 7E6771A0 3 Bytes [ C0, 05, EA ]
.text ...
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!DllGetClassObject + 50B 7E6A2DC4 3 Bytes [ 90, 03, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!DllGetClassObject + 52B 7E6A2DE4 3 Bytes [ 20, 03, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!DllGetClassObject + 563 7E6A2E1C 3 Bytes [ B0, 02, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!ILLoadFromStream + BA2 7E6B74D8 3 Bytes [ 60, 08, EA ]
? C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS

steffi1987 20.02.2009 22:44
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!StrStrW + FFE286FC 7E675128 3 Bytes [ F0, 00, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!StrStrW + FFE28708 7E675134 3 Bytes [ 60, 01, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!StrStrW + FFE2A5AC 7E676FD8 3 Bytes [ 30, 0D, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!StrStrW + FFE2A694 7E6770C0 4 Bytes [ A0, 0D, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!StrStrW + FFE2A6A8 7E6770D4 4 Bytes [ 10, 0E, F0, 01 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!SHFree + 11E 7E69AA08 4 Bytes [ 20, 0A, F0, 01 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!ILFree + 7C 7E69AB68 4 Bytes [ F0, 0E, F0, 01 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!ILFindChild + 3D4 7E6A18C0 4 Bytes [ 30, 06, F0, 01 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!ILFindChild + A50 7E6A1F3C 4 Bytes [ D0, 01, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!DllGetClassObject + 50B 7E6A2DC4 3 Bytes [ 20, 03, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!DllGetClassObject + 52B 7E6A2DE4 3 Bytes [ B0, 02, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!DllGetClassObject + 563 7E6A2E1C 3 Bytes [ 40, 02, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!DllGetVersion + 241 7E6AFC44 4 Bytes [ 60, 01, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!DllGetVersion + 2BD 7E6AFCC0 4 Bytes [ 60, 0F, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!SHGetImageList + B23 7E6B0A4C 4 Bytes [ 80, 0E, F0, 01 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!SHTestTokenMembership + E5 7E6B5644 4 Bytes [ 10, 00, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!ILLoadFromStream + 9EA 7E6B7320 4 Bytes [ 60, 08, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!ILLoadFromStream + BA2 7E6B74D8 3 Bytes [ 50, 05, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!ILLoadFromStream + CB2 7E6B75E8 3 Bytes [ D0, 08, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!PathProcessCommand + C5D 7E6BF0E8 4 Bytes [ 80, 0E, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!StrStrIW + 1F5 7E6E135C 4 Bytes [ 80, 00, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!SHGetRealIDL + 633B 7E6EF0EC 4 Bytes [ F0, 0E, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 185C9 7E79F058 4 Bytes [ D0, 01, F8, 02 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 185E5 7E79F074 4 Bytes [ 60, 01, F8, 02 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 18631 7E79F0C0 4 Bytes [ F0, 00, F8, 02 ]
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3444] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3444] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3444] USER32.dll!AlignRects + FFFA5598 7E362A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3444] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\DOKUME~1\Sven\LOKALE~1\Temp\Temporäres Verzeichnis 2 für gmer114.zip\gmer.exe[3788] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\DOKUME~1\Sven\LOKALE~1\Temp\Temporäres Verzeichnis 2 für gmer114.zip\gmer.exe[3788] C:\WINDOWS\system32\USER32.DLL time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 85744530
IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 85744530
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\usbccgp.sys[NTOSKRNL.EXE!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\usbprint.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\HIDCLASS.SYS[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\kbdhid.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\mouhid.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\System32\Drivers\Fastfat.SYS[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice]85744400

steffi1987 20.02.2009 22:52
So nachdem ich jetzt alle einzeln reingestellt hab, hab ich mitbekomm das man auch datein anhängen kann..

steffi1987 20.02.2009 23:01
Teil 1 von sehr vielen


Alle Zeitangaben in WEZ +1. Es ist jetzt 01:53 Uhr.
Seite 2 von 3 1 2 3
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131