Trojaner-Board - Brauche Hilfe- Laptop hängt sich andauernd auf

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - Brauche Hilfe- Laptop hängt sich andauernd auf (https://www.trojaner-board.de/69722-brauche-hilfe-laptop-haengt-andauernd.html)

steffi1987

07.02.2009 15:29

Brauche Hilfe- Laptop hängt sich andauernd auf

Hallo, wie der Titel bereits sagt, hängt sich mein PC andauernd auf. Zudem fährt er auch ab und zu einfach runter ohne ersichtlichen Grund und er ist extrem langsam, sodass ich keine 2 dinge gleichzeitig tun kann..

Hab keine große Ahnung von PC's und bin am verzweifeln..

Bitte helft mir

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:21, on 07.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\WINDOWS\system32\gearsec.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe
C:\Programme\Gemeinsame Dateien\Teleca Shared\Generic.exe
C:\Programme\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\WINDOWS\explorer.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w*w.meinvz.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Programme\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~1\MICROS~2\Office\1031\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - {9E958ACA-8CB9-414B-B5C6-2F044D71F7B2} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1223467417
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - http://static.ak.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - http://as.photoprintit.de/ips-opdata/operator/13666961/activex/IPSUploader4.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - http://gamescenter.sat1.de/online2/chuzzle/popcaploader_v6.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - http://gamescenter.sat1.de/online2/rocket_mania/oberongamesloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D564276-3A60-4856-8867-623A48263262}: NameServer = 139.18.25.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCC6B01F-148F-450E-BEC5-CC44E83D3928}: NameServer = 194.97.173.124 194.97.173.125
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: gearsec - GEAR Software - C:\WINDOWS\system32\gearsec.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 8266 bytes

nochdigger

07.02.2009 16:53

Hallo und :hallo:

Zitat:

Zudem fährt er auch ab und zu einfach runter ohne ersichtlichen Grund...

fährt richtig runter mit "ich melde mich ab" usw. oder startet aus heiterem Himmel einfach neu?

Zitat:

und er ist extrem langsam, sodass ich keine 2 dinge gleichzeitig tun kann..

das kann auch eine ganze Reihe unterschiedlicher Ursachen haben.

Hattest du in letzter Zeit einen Schädlingsbefall?
Wenn ja, was und wo?

Lass bitte erstmal dein System mit dem Ccleaner aufräumen, dann sehen wir weiter.

MFG

steffi1987

08.02.2009 11:17

Hallo,

das runterfahren ist wie ein neustart des rechners.

Durch Kaspersky meldet sich der rechner öfters, ich lasse aber nichts unbekanntes zu. was darüber hinaus an Kaspersky vorbei geht kann ich nicht sagen.

Bereinigung mit CCClaener habe ich durchgeführt, es ist aber nichts auffällig gewesen. Langsam ist der rechner immernoch und das eigentlich der haupstörfaktor bei mir. z.B. mediaplayer starten und beenden nimmt ca. 2 min in anspruch ehe das programm reagiert. oft erhängt er sich auch bei der anwendung solcher "einfachen" programme sodas ich sie durch den task manager beenden muss.

MfG

nochdigger

08.02.2009 11:36

Hallo

OK, dann entfernen wir erstmal offensichtliches

Deinstalliere über Start -> Einstellungen -> Systemsteuerung -> Software alle alten Javaversionen und dir nicht bekannte oder ungenutze Software.

Starte Hijackthis mit der Option - Scan - und hake diese Einträge an

Zitat:

R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Programme\ICQLite\ICQLite.exe (file missing)

klicke nun - fix checked - und beende Hijackthis.
Nach einem Neustart sollten die gefixten Einträge nicht mehr im neuen Log erscheinen.

Überprüfe dein System bitte mit

Zitat:

Silentrunners Logfile

-Lade dir das Tool -> Silentrunners
-Entpacke das Script in einen Ordner deiner Wahl
-Doppelklick auf -> Silent Runners -> Option Supplementary Searches auswählen
-System wird nun überprüft, nach Beendigung wird eine Log-Datei erstellt
(Dein Antiviren-Scanner könnte eine Meldung wegen „bösartigem Script“
erstellen, ignoriere dieses und arbeite weiter!)
-Dann öffne die Silent Runners xxx.txt mit einem Editor und kopiere den gesamten Inhalt ab und füge ihn in einen Beitrag ein.
(Strg+A markieren -> Strg+C kopieren -> Strg+V einfügen)

sowie Malwarebytes und SASW poste alle Logs (auch in mehreren Beiträgen) hierher.

MFG

steffi1987

08.02.2009 15:50

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:46:41, on 08.02.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16762)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
C:\Programme\Java\jre1.5.0\bin\jusched.exe
C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://w*w.meinvz.net/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = h**p://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = h**p://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = h**p://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = h**p://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [PadTouch] C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe
O4 - HKLM\..\Run: [AVP] "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.5.0\bin\jusched.exe
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [NBJ] "C:\Programme\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: wkcalrem.LNK = C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~1\MICROS~2\Office\1031\phdintl.dll/phdContext.htm
O8 - Extra context menu item: Hinzufügen zu Kaspersky Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ie_banner_deny.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.5.0\bin\npjpi150.dll
O9 - Extra button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll
O9 - Extra button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra 'Tools' menuitem: Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\INetRepl.dll
O9 - Extra button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra button: eBay - {9E958ACA-8CB9-414B-B5C6-2F044D71F7B2} - C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe (HKCU)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - h**p://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1223467417
O16 - DPF: {6E5E167B-1566-4316-B27F-0DDAB3484CF7} (Image Uploader Control) - h**p://static.ak.studivz.net/photouploader/ImageUploader4.cab
O16 - DPF: {AE2B937E-EA7D-4A8D-888C-B68D7F72A3C4} (IPSUploader4 Control) - h**p://as.photoprintit.de/ips-opdata/operator/13666961/activex/IPSUploader4.cab
O16 - DPF: {DF780F87-FF2B-4DF8-92D0-73DB16A1543A} (PopCapLoader Object) - h**p://gamescenter.sat1.de/online2/chuzzle/popcaploader_v6.cab
O16 - DPF: {E1342154-4889-42B5-BEF6-19237577048F} (OberongamesLoader Object) - h**p://gamescenter.sat1.de/online2/rocket_mania/oberongamesloader.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{2D564276-3A60-4856-8867-623A48263262}: NameServer = 139.18.25.3
O17 - HKLM\System\CCS\Services\Tcpip\..\{DCC6B01F-148F-450E-BEC5-CC44E83D3928}: NameServer = 194.97.173.124 194.97.173.125
O20 - AppInit_DLLs: C:\PROGRA~1\KASPER~1\KASPER~1.0\adialhk.dll
O23 - Service: Kaspersky Internet Security 7.0 (AVP) - Kaspersky Lab - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe
O23 - Service: ConfigFree Service (CFSvcs) - TOSHIBA CORPORATION - C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE

--
End of file - 7151 bytes

Was ist denn eigentlich dieses gamescenter.sat1??

steffi1987

08.02.2009 15:58

"Silent Runners.vbs", revision 59, http://www.silentrunners.org/
Operating System: Windows XP
Output limited to non-default values, except where indicated by "{++}"

Startup items buried in registry:
---------------------------------

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\ {++}
"H/PC Connection Agent" = ""C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE"" [MS]
"studNET-Autologin" = "(empty string)" [file not found]
"ctfmon.exe" = "C:\WINDOWS\system32\ctfmon.exe" [MS]
"swg" = "C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" ["Google Inc."]
"NBJ" = ""C:\Programme\Ahead\Nero BackItUp\NBJ.exe"" ["Ahead Software AG"]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ {++}
"IgfxTray" = "C:\WINDOWS\system32\igfxtray.exe" ["Intel Corporation"]
"HotKeysCmds" = "C:\WINDOWS\system32\hkcmd.exe" ["Intel Corporation"]
"PadTouch" = "C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe" ["TOSHIBA"]
"AVP" = ""C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe"" ["Kaspersky Lab"]
"KernelFaultCheck" = "C:\WINDOWS\system32\dumprep 0 -k"
"SunJavaUpdateSched" = "C:\Programme\Java\jre1.5.0\bin\jusched.exe" ["Sun Microsystems, Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\
{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Adobe PDF Reader"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll" ["Adobe Systems Incorporated"]
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\(Default) = (no title provided)
-> {HKLM...CLSID} = "Google Toolbar Notifier BHO"
\InProcServer32\(Default) = "C:\Programme\Google\GoogleToolbarNotifier\3.1.807.1746\swg.dll" ["Google Inc."]

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\
"{42071714-76d4-11d1-8b24-00a0c9068ff3}" = "CPL-Erweiterung für Anzeigeverschiebung"
-> {HKLM...CLSID} = "CPL-Erweiterung für Anzeigeverschiebung"
\InProcServer32\(Default) = "deskpan.dll" [file not found]
"{88895560-9AA2-1069-930E-00AA0030EBC8}" = "Erweiterung für HyperTerminal-Icons"
-> {HKLM...CLSID} = "HyperTerminal Icon Ext"
\InProcServer32\(Default) = "C:\WINDOWS\system32\hticons.dll" ["Hilgraeve, Inc."]
"{2F603045-309F-11CF-9774-0020AFD0CFF6}" = "Synaptics Control Panel"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Synaptics\SynTP\SynTPCpl.dll" ["Synaptics, Inc."]
"{42042206-2D85-11D3-8CFF-005004838597}" = "Microsoft Office HTML Icon Handler"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\msohev.dll" [MS]
"{2F5AC606-70CF-461C-BFE1-6063670C3484}" = "Display CPL Extension"
-> {HKLM...CLSID} = "DisplayCplExt Class"
\InProcServer32\(Default) = "C:\Programme\Toshiba\TouchED\TouchED.DLL" ["TOSHIBA Inc."]
"{cc86590a-b60a-48e6-996b-41d25ed39a1e}" = "Portable Media Devices Menu"
-> {HKLM...CLSID} = "Portable Media Devices Menu"
\InProcServer32\(Default) = "C:\WINDOWS\system32\Audiodev.dll" [MS]
"{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4}" = "Shell Extensions for RealOne Player"
-> {HKLM...CLSID} = "RealOne Player Context Menu Class"
\InProcServer32\(Default) = "C:\Programme\Real\RealPlayer\rpshell.dll" ["RealNetworks, Inc."]
"{73B24247-042E-4EF5-ADC2-42F62E6FD654}" = "ICQ Lite Shell Extension"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
"{0006F045-0000-0000-C000-000000000046}" = "Microsoft Outlook Custom Icon Handler"
-> {HKLM...CLSID} = "Outlook-Dateisymbolerweiterung"
\InProcServer32\(Default) = "C:\Programme\Microsoft Office\Office10\OLKFSTUB.DLL" [MS]
"{2E9D3540-211C-11d0-A5F2-00A0248C37BE}" = "Nero Shell Extension Property Sheet"
-> {HKLM...CLSID} = "Nero Shell Extension Property Sheet"
\InProcServer32\(Default) = "C:\Programme\ahead\Nero\neroshx.dll" [file not found]
"{85E0B171-04FA-11D1-B7DA-00A0C90348D6}" = "Statistik für Web-Anti-Virus"
-> {HKLM...CLSID} = "Statistik für Web-Anti-Virus"
\InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]
"{23170F69-40C1-278A-1000-000100020000}" = "7-Zip Shell Extension"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Dokumente und Einstellungen\XXX\Desktop\wichtige programme\7-Zip\7-zip.dll" ["Igor Pavlov"]

HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\
<<!>> igfxcui\DLLName = "igfxsrvc.dll" ["Intel Corporation"]
<<!>> klogon\DLLName = "C:\WINDOWS\system32\klogon.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\PROTOCOLS\Filter\
<<!>> text/xml\CLSID = "{807553E5-5146-11D5-A672-00B0D022E945}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL" [MS]

HKLM\SOFTWARE\Classes\Folder\shellex\ColumnHandlers\
{F9DB5320-233E-11D1-9F84-707F02C10627}\(Default) = "PDF Column Info"
-> {HKLM...CLSID} = "PDF Shell Extension"
\InProcServer32\(Default) = "C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll" ["Adobe Systems, Inc."]

HKLM\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Dokumente und Einstellungen\XXX\Desktop\wichtige programme\7-Zip\7-zip.dll" ["Igor Pavlov"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\
7-Zip\(Default) = "{23170F69-40C1-278A-1000-000100020000}"
-> {HKLM...CLSID} = "7-Zip Shell Extension"
\InProcServer32\(Default) = "C:\Dokumente und Einstellungen\XXX\Desktop\wichtige programme\7-Zip\7-zip.dll" ["Igor Pavlov"]
ICQLiteMenu\(Default) = "{73B24247-042E-4EF5-ADC2-42F62E6FD654}"
-> {HKLM...CLSID} = "MCLiteShellExt Class"
\InProcServer32\(Default) = "C:\Programme\ICQLite\ICQLiteShell.dll" [empty string]

HKLM\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\
Kaspersky Anti-Virus\(Default) = "{dd230880-495a-11d1-b064-008048ec2fc5}"
-> {HKLM...CLSID} = (no title provided)
\InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\ShellEx.dll" ["Kaspersky Lab"]

Group Policies {policy setting}:
--------------------------------

Note: detected settings may not have any effect.

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\

"shutdownwithoutlogon" = (REG_DWORD) dword:0x00000001
{Shutdown: Allow system to be shut down without having to log on}

"undockwithoutlogon" = (REG_DWORD) dword:0x00000001
{Devices: Allow undock without having to log on}

Active Desktop and Wallpaper:
-----------------------------

Active Desktop may be enabled at this entry:
HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellState

Displayed if Active Desktop enabled and wallpaper not set by Group Policy:
HKCU\Software\Microsoft\Internet Explorer\Desktop\General\
"Wallpaper" = "C:\WINDOWS\system32\config\systemprofile\Desktop\HONDA PIC.PNG"

Displayed if Active Desktop disabled and wallpaper not set by Group Policy:
HKCU\Control Panel\Desktop\
"Wallpaper" = "C:\Dokumente und Einstellungen\XXX\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp"

Windows Portable Device AutoPlay Handlers
-----------------------------------------

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\AutoplayHandlers\Handlers\

IviDVDEventHandler\
"Provider" = "InterVideo WinDVD"
"InvokeProgID" = "Ivi.MediaFile"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\Ivi.MediaFile\shell\play\command\(Default) = "C:\Programme\InterVideo\WinDVD\WinDVD.exe %1" ["InterVideo Inc."]

IviVideoCameraArrival\
"Provider" = "WinDVD Creator"
"ProgID" = "Shell.HWEventHandlerShellExecute"
"InitCmdLine" = ""C:\Programme\InterVideo\WCreator2\WCreator.exe" --capture"
HKLM\SOFTWARE\Classes\Shell.HWEventHandlerShellExecute\CLSID\(Default) = "{FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}"
-> {HKLM...CLSID} = "ShellExecute HW Event Handler"
\LocalServer32\(Default) = "rundll32.exe shell32.dll,SHCreateLocalServerRunDll {FFB8655F-81B9-4fce-B89C-9A6BA76D13E7}" [MS]

NeroAutoPlay2AudioToNeroDigital\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_AudioToNeroDigital"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_AudioToNeroDigital\command\(Default) = "C:\Programme\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2CDAudio\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_CDAudio"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_CDAudio\command\(Default) = "C:\Programme\Ahead\nero\nero.exe /New:AudioCD /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2CopyCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_CopyCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_CopyCD\command\(Default) = "C:\Programme\Ahead\nero\nero.exe /Dialog:DiscCopy /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2DataDisc\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_DataDisc"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_DataDisc\command\(Default) = "C:\Programme\Ahead\nero\nero.exe /New:ISODisc /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2LaunchNeroStartSmart\
"Provider" = "Nero StartSmart"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "HandleCDBurningOnArrival_LaunchNeroStartSmart"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\HandleCDBurningOnArrival_LaunchNeroStartSmart\command\(Default) = "C:\Programme\Ahead\Nero StartSmart\NeroStartSmart.exe /AutoPlay /Drive:%L" ["Ahead Software AG"]

NeroAutoPlay2RipCD\
"Provider" = "Nero Burning ROM"
"InvokeProgID" = "Nero.AutoPlay2"
"InvokeVerb" = "PlayCDAudioOnArrival_RipCD"
HKLM\SOFTWARE\Classes\Nero.AutoPlay2\shell\PlayCDAudioOnArrival_RipCD\command\(Default) = "C:\Programme\Ahead\nero\nero.exe /Dialog:SaveTracks /Drive:%L" ["Ahead Software AG"]

RPCDBurningOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.CDBurn.6"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\RealPlayer.CDBurn.6\shell\open\command\(Default) = "C:\Programme\Real\RealPlayer\RealPlay.exe /burn "%1"" ["RealNetworks, Inc."]

RPDeviceOnArrival\
"Provider" = "RealPlayer"
"ProgID" = "RealPlayer.HWEventHandler"
HKLM\SOFTWARE\Classes\RealPlayer.HWEventHandler\CLSID\(Default) = "{67E76F1D-BDE2-4052-913C-2752366192D2}"
-> {HKLM...CLSID} = "RealNetworks Scheduler"
\LocalServer32\(Default) = ""C:\Programme\Gemeinsame Dateien\Real\Update_OB\realsched.exe" -autoplay" ["RealNetworks, Inc."]

RPPlayCDAudioOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AudioCD.6"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\RealPlayer.AudioCD.6\shell\play\command\(Default) = "C:\Programme\Real\RealPlayer\RealPlay.exe /play %1 " ["RealNetworks, Inc."]

RPPlayDVDMovieOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.DVD.6"
"InvokeVerb" = "play"
HKLM\SOFTWARE\Classes\RealPlayer.DVD.6\shell\play\command\(Default) = "C:\Programme\Real\RealPlayer\RealPlay.exe /dvd %1 " ["RealNetworks, Inc."]

RPPlayMediaOnArrival\
"Provider" = "RealPlayer"
"InvokeProgID" = "RealPlayer.AutoPlay.6"
"InvokeVerb" = "open"
HKLM\SOFTWARE\Classes\RealPlayer.AutoPlay.6\shell\open\command\(Default) = "C:\Programme\Real\RealPlayer\RealPlay.exe /autoplay "%1"" ["RealNetworks, Inc."]

Startup items in "XXX" & "All Users" startup folders:
------------------------------------------------------

C:\Dokumente und Einstellungen\XXX\Startmenü\Programme\Autostart
"wkcalrem" -> shortcut to: "C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe" ["Microsoft® Corporation"]

Winsock2 Service Provider DLLs:
-------------------------------

Namespace Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\NameSpace_Catalog5\Catalog_Entries\ {++}
000000000001\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]
000000000002\LibraryPath = "%SystemRoot%\System32\winrnr.dll" [MS]
000000000003\LibraryPath = "%SystemRoot%\System32\mswsock.dll" [MS]

Transport Service Providers

HKLM\SYSTEM\CurrentControlSet\Services\Winsock2\Parameters\Protocol_Catalog9\Catalog_Entries\ {++}
0000000000##\PackedCatalogItem (contains) DLL [Company Name], (at) ## range:
%SystemRoot%\system32\mswsock.dll [MS], 01 - 03, 06 - 19
%SystemRoot%\system32\rsvpsp.dll [MS], 04 - 05

Toolbars, Explorer Bars, Extensions:
------------------------------------

Toolbars

HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\
"{855F3B16-6D32-4FE6-8A56-BBB695989046}"
-> {HKLM...CLSID} = "ICQ Toolbar"
\InProcServer32\(Default) = "C:\PROGRA~1\ICQTOO~1\toolbaru.dll" [file not found]

Explorer Bars

HKLM\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars\

HKLM\SOFTWARE\Classes\CLSID\{85E0B171-04FA-11D1-B7DA-00A0C90348D6}\(Default) = "Statistik für Web-Anti-Virus"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\SCIEPlgn.dll" ["Kaspersky Lab"]

HKLM\SOFTWARE\Classes\CLSID\{FF059E31-CC5A-4E2E-BF3B-96E929D65503}\(Default) = "&Recherchieren"
Implemented Categories\{00021493-0000-0000-C000-000000000046}\ [vertical bar]
InProcServer32\(Default) = "C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL" [MS]

Extensions (Tools menu items, main toolbar menu buttons)

HKCU\Software\Microsoft\Internet Explorer\Extensions\
{9E958ACA-8CB9-414B-B5C6-2F044D71F7B2}\
"ButtonText" = "eBay"
"Exec" = "C:\Programme\Internet Explorer\Signup\ToshibaGotoEbay.exe" [null data]

HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions\
{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\
"MenuText" = "Sun Java Konsole"
"CLSIDExtension" = "{08B0E5C0-4FCB-11CF-AAA5-00401C608501}"

{1F460357-8A94-4D71-9CA3-AA4ACF32ED8E}\
"ButtonText" = "Statistik für Web-Anti-Virus"

{2EAF5BB1-070F-11D3-9307-00C04FAE2D4F}\
"ButtonText" = "Mobilen Favoriten erstellen"
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\Programme\Microsoft ActiveSync\INetRepl.dll" [MS]

{2EAF5BB2-070F-11D3-9307-00C04FAE2D4F}\
"MenuText" = "Mobilen Favoriten erstellen..."
"CLSIDExtension" = "{2EAF5BB0-070F-11D3-9307-00C04FAE2D4F}"
-> {HKLM...CLSID} = "Create Mobile Favorite"
\InProcServer32\(Default) = "C:\Programme\Microsoft ActiveSync\INetRepl.dll" [MS]

{92780B25-18CC-41C8-B9BE-3C9C571A8263}\
"ButtonText" = "Recherchieren"

{E2E2DD38-D088-4134-82B7-F2BA38496583}\
"MenuText" = "@xpsp3res.dll,-20001"
"Exec" = "%windir%\Network Diagnostic\xpnetdiag.exe" [MS]

{E59EB121-F339-4851-A3BA-FE49C35617C2}\
"ButtonText" = "ICQ6"
"MenuText" = "ICQ6"
"Exec" = "C:\Programme\ICQ6\ICQ.exe" ["ICQ, Inc."]

{FB5F1910-F110-11D2-BB9E-00C04F795683}\
"ButtonText" = "Messenger"
"MenuText" = "Windows Messenger"
"Exec" = "C:\Programme\Messenger\msmsgs.exe" [MS]

Running Services (Display Name, Service Name, Path {Service DLL}):
------------------------------------------------------------------

ConfigFree Service, CFSvcs, "C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe" ["TOSHIBA CORPORATION"]
DVD-RAM_Service, DVD-RAM_Service, "C:\WINDOWS\system32\DVDRAMSV.exe" ["Matsushita Electric Industrial Co., Ltd."]
Google Updater Service, gusvc, ""C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe"" ["Google"]
Kaspersky Internet Security 7.0, AVP, ""C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe" -r" ["Kaspersky Lab"]
LexBce Server, LexBceS, "C:\WINDOWS\system32\LEXBCES.EXE" ["Lexmark International, Inc."]
Windows User Mode Driver Framework, UMWdf, "C:\WINDOWS\system32\wdfmgr.exe" [MS]

Print Monitors:
---------------

HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors\
Lexmark Network Port\Driver = "LEXLMPM.DLL" ["Lexmark International, Inc."]

---------- (launch time: 2009-02-08 15:53:14)
<<!>>: Suspicious data at a malware launch point.

+ This report excludes default entries except where indicated.
+ To see *everywhere* the script checks and *everything* it finds,
launch it from a command prompt or a shortcut with the -all parameter.
+ To search all directories of local fixed drives for DESKTOP.INI
DLL launch points, use the -supp parameter or answer "No" at the
first message box and "Yes" at the second message box.
---------- (total run time: 55 seconds, including 16 seconds for message boxes)

nochdigger

08.02.2009 17:01

Hallo

bis hierher kann ich nix aufregendes entdecken, nochmal zu meiner Frage

Zitat:

Zitat von nochdigger

Hattest du in letzter Zeit einen Schädlingsbefall?
Wenn ja, was und wo?

Lass bitte noch die zwei genannten Programme laufen.

MFG

steffi1987

08.02.2009 18:18

Malwarebytes' Anti-Malware 1.33
Datenbank Version: 1738
Windows 5.1.2600 Service Pack 3

08.02.2009 18:15:44
mbam-log-2009-02-08 (18-15-44).txt

Scan-Methode: Vollständiger Scan (C:\|)
Durchsuchte Objekte: 127476
Laufzeit: 1 hour(s), 48 minute(s), 29 second(s)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 9
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2 (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ModuleUsage\c:/windows/downloaded program files/popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{c9c5deaf-0a1f-4660-8279-9edfad6fefe1} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{e4e3e0f8-cd30-4380-8ce9-b96904bdefca} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{fe8a736f-4124-4d9c-b4b1-3b12381efabe} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{df780f87-ff2b-4df8-92d0-73db16a1543a} (Adware.PopCap) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\popcaploader.popcaploaderctrl2.1 (Adware.PopCap) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CLASSES_ROOT\regfile\shell\open\command\ (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\WINDOWS\Downloaded Program Files\popcaploader.dll (Adware.PopCap) -> Quarantined and deleted successfully.

steffi1987

08.02.2009 18:21

Hallo,

hatte keinen Schädlingsbefall, zumindest keinen den ich bemerkt habe.
Auch vorher war der rechner noch nie befallen.

MfG

nochdigger

09.02.2009 06:51

Hallo

die Frage ist wohl durchgerutscht:rolleyes:

Zitat:

Was ist denn eigentlich dieses gamescenter.sat1??

Da war wohl jemand auf dieser Seite
http://www.sat1.de/spiele/
und hat dort gespielt, die Dateien liegen vermutlich im Ordner
C:\Windows\Downloaded Program Files
Die Einträge können mit Hijackthis gefixt werden müssen es aber nicht.

Zitat:

hatte keinen Schädlingsbefall, zumindest keinen den ich bemerkt habe.
Auch vorher war der rechner noch nie befallen.

OK, wenn SASW gelaufen ist, würde ich ganz gern sehen wie der Rechner sich verhält, wenn KIS abgeschaltet ist.

MFG

steffi1987

09.02.2009 08:04

Ich kann das Programm erst heut abend laufen lassen..
Was ist denn KIS??

nochdigger

09.02.2009 08:31

Moin

Zitat:

Was ist denn KIS?

Kaspersky Internet Security 7.0 sorgt bei vielen Leuten für Probleme.

MFG

steffi1987

09.02.2009 15:04

Hallo,
hier noch das Logfile von superantispyware.
im schritt 4 der anleitung steht das ich auf die auswertung meines helfers warten soll bevor ich die objekte in quarantäne gebe oder lösche---> nehme an das ihr das seid!?

MfG

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/09/2009 at 12:58 PM

Application Version : 4.25.1012

Core Rules Database Version : 3724
Trace Rules Database Version: 1714

Scan type : Complete Scan
Total Scan Time : 02:43:20

Memory items scanned : 418
Memory threats detected : 0
Registry items scanned : 5631
Registry threats detected : 0
File items scanned : 81559
File threats detected : 1

Adware.Tracking Cookie
C:\Dokumente und Einstellungen\Sven\Cookies\sven@doubleclick[2].txt

nochdigger

09.02.2009 15:46

Hallo

das ist aber nur ein Cookie, der darf bedenkenlos entfernt werden:)

Ich schätze es ist keine Verbesserung eingetreten, sonst hättest du es wohl erwähnt.

Jetzt würde ich ganz gern einige Details deiner Hardware ansehen.
Lade dir bitte mal dieses Programm
HWiNFO32 2.37 in System-Utilities - Utilities - Windows | Downloads | ZDNet.de
Sieh bitte unter Sensors nach den Temperaturen für CPU und GPU und poste sie hierher.

MFG

steffi1987

09.02.2009 17:42

okay programm ist geladen, was mach ich jetzt damit?
gibts da auch so ne supi anleitung wie bei den anderen?

MfG

steffi1987

09.02.2009 17:53

Das einzige was er mir zeigt ist Toshiba MK825GAS und in der Spalte Value schwankt eszwischen 41 & 42 C° und in der Spalte Min steht 41 c° und bei Max 42C°

mehr steht da nicht auch nix von GPU

MfG

nochdigger

10.02.2009 13:41

Hallo

die Temperaturen sehen eigentlich nicht besonders erhöht aus, versuche bitte mal KIS komplett zu deaktivieren und berichte nochmal.
Wenns daran nicht liegt, weiß ich es leider auch nicht mehr.

MFG

steffi1987

14.02.2009 15:09

Ohne KIS schwanken alle werte zwischen 37 und 38°C aber von gpu und cpu steht immer noch nix da nur das gleiche wie oben

nochdigger

14.02.2009 18:32

Hallo

und wie ist es ohne KIS mit dem eigentlichen Problem?

MFG

steffi1987

15.02.2009 18:57

Ohne KIS war das problem auch nich besser.. Er war insgesamt noch langsamer und die internetseiten haben sich auch extrem langsam aufgebaut..

Ich hab jetzt 2 Benutzerkonten angelegt und die Programme auf beide aufgeteilt, kann das abhilfe schaffen?!

mfg

nochdigger

15.02.2009 22:07

Hallo

zwei Dinge würde ich noch testen wollen

Panda Active Scan

Folgende Seite führt dich durch die Installation: PandaActiveScan2.0 Installation

Drücke auf Jetzt Scannen!

Eine Registrierung ist nicht erforderlich!

Nachdem der Scan abgeschlossen ist drücke auf das Text-Icon Export und speichere das log auf dem Desktop.
Öffne die Datei ActiveScan.txt die sich nun auf deinem Desktop befindet und poste uns den Inhalt.

Catchme - Rootkit detector

Lade dir Catchme.exe runter auf deinen Desktop.
Starte Catchme.exe. Alle anderen Programme sollen geschlossen sein. Mit "Scan" starten.
Falls nach dem Ende des Scans im Fenster Dateien stehen, poste bitte den Inhalt der Logdatei hierher

Sorry, aber wenn auch hier nix weiter gefunden wird, würde ich das System einfach mal neu aufsetzen oder eine Reparaturinstallation durchziehen.

MFG

steffi1987

16.02.2009 12:02

catchme 0.2 W2K/XP/Vista - userland rootkit detector by Gmer, 17 October 2006
http://www.gmer.net

scanning hidden processes ...

scanning hidden services ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden processes: 0
hidden services: 0
hidden files: 0

steffi1987

16.02.2009 16:58

;***************************************************************************************************************************************************** ******************************
ANALYSIS: 2009-02-16 15:31:07
PROTECTIONS: 1
MALWARE: 7
SUSPECTS: 0
;***************************************************************************************************************************************************** ******************************
PROTECTIONS
Description Version Active Updated
;===================================================================================================================================================== ==============================
Kaspersky Internet Security 7.0.1.325 Yes Yes
;===================================================================================================================================================== ==============================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===================================================================================================================================================== ==============================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\XXX\Cookies\XXX@doubleclick[2].txt
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\XXX\Cookies\XXX@doubleclick[1].txt
00139064 Cookie/Atlas DMT TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\XXX\Cookies\XXX@atdmt[2].txt
00145393 Cookie/Tradedoubler TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\XXX\Cookies\XXX@tradedoubler[2].txt
00145738 Cookie/Mediaplex TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\XXX\Cookies\XXX@mediaplex[1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\XXX\Cookies\XXX@com[1].txt
00168048 Cookie/Overture TrackingCookie No 0 Yes No C:\Dokumente und Einstellungen\XXX\Cookies\XXX@perf.overture[1].txt
00590315 Rootkit/Agent.LNB HackTools No 0 Yes No C:\System Volume Information\_restore{1A5F71B2-B371-48BF-97A6-0CF826FF9171}\RP236\A0068388.sys
;===================================================================================================================================================== ==============================
SUSPECTS
Sent Location x
;===================================================================================================================================================== ==============================
;===================================================================================================================================================== ==============================
VULNERABILITIES
Id Severity Description x
;===================================================================================================================================================== ==============================
;===================================================================================================================================================== ==============================

nochdigger

16.02.2009 22:06

Hallo

Ein Rootkit in der Systemwiederherstellung gefällt mir nicht, es muss da irgendwie auch hingekommen sein.
Überprüfe bitte dein System mit den Tools von dieser Seite
AntiRootkit Scanner Anleitung - HijackThis.de Support Board
benutze bitte:
Gmer
Sophos
Panda
Trend Micro
poste alle Logs hierher.

MFG

steffi1987

20.02.2009 22:23

So habs endlich geschafft alle programme laufen zu lassen..

Sophos, Trend Micro und Panda haben nichtf´s gefunden..

nur gmer hat mir nen ewig langes logfile ausgespuckt:

Hab das mal auf mehrere teile aufgeteilt weil es sonst zu groß is:

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2009-02-18 11:33:28
Windows 5.1.2600 Service Pack 3

---- System - GMER 1.0.14 ----

SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwClose [0xEE8BE370]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwConnectPort [0xEE8BC420]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateKey [0xEE8AF7A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcess [0xEE8BE0A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateProcessEx [0xEE8BE210]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSection [0xEE8BEE70]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateSymbolicLinkObject [0xEE8BE940]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwCreateThread [0xEE8BF7B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteKey [0xEE8AF8A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDeleteValueKey [0xEE8AF920]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwDuplicateObject [0xEE8BE510]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateKey [0xEE8AF9B0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwEnumerateValueKey [0xEE8AFA60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwFlushKey [0xEE8AFB10]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwInitializeRegistry [0xEE8AFB90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadDriver [0xEE8BBFD0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey [0xEE8B0590]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwLoadKey2 [0xEE8AFBB0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwNotifyChangeKey [0xEE8AFC80]
SSDT kl1.sys (Kaspersky Unified Driver/Kaspersky Lab) ZwOpenFile [0xF7511030]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenKey [0xEE8AFD60]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenProcess [0xEE8BDE90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwOpenSection [0xEE8BECA0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryKey [0xEE8AFE30]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryMultipleValueKey [0xEE8AFEE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQuerySystemInformation [0xEE8BF460]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwQueryValueKey [0xEE8AFF90]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwReplaceKey [0xEE8B0040]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRequestWaitReplyPort [0xEE8BCA00]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwRestoreKey [0xEE8B00D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwResumeThread [0xEE8BF760]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSaveKey [0xEE8B02D0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetContextThread [0xEE8BFAE0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationFile [0xEE8C00A0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetInformationKey [0xEE8B0360]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSecurityObject [0xEE8BAC20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetSystemInformation [0xEE8BEB20]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSetValueKey [0xEE8B0400]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSuspendThread [0xEE8BF710]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwSystemDebugControl [0xEE8BC2E0]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwTerminateProcess [0xEE8BF300]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwUnloadKey [0xEE8B0550]
SSDT \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) ZwWriteVirtualMemory [0xEE8BE3D0]

Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab) IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.14 ----

.text ntoskrnl.exe!_abnormal_termination + 1D0 804E282C 12 Bytes [ D0, BF, 8B, EE, 90, 05, 8B, ... ]
.text ntoskrnl.exe!IoIsOperationSynchronous 804E875A 5 Bytes JMP EE8C09C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80512919 5 Bytes JMP EE8C04C0 \??\C:\WINDOWS\system32\drivers\klif.sys (spuper-ptor/Kaspersky Lab)
? C:\WINDOWS\system32\195.tmp

steffi1987

20.02.2009 22:32

---- User code sections - GMER 1.0.14 ----

? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[204] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[204] USER32.dll!AlignRects + FFFA5598 7E362A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\Programme\TOSHIBA\ConfigFree\CFSvcs.exe[272] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\ctfmon.exe[376] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\Explorer.EXE[412] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\Explorer.EXE[412] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\Explorer.EXE[412] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
.text C:\WINDOWS\Explorer.EXE[412] SHELL32.dll!StrStrW + FFE2C0A4 7E678AD0 3 Bytes [ 70, 04, 40 ]
? C:\WINDOWS\system32\DVDRAMSV.exe[536] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe[716] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[808] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\csrss.exe[880] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\winlogon.exe[904] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Messenger\msmsgs.exe[924] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Messenger\msmsgs.exe[924] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Programme\Messenger\msmsgs.exe[924] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\WINDOWS\system32\services.exe[948] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\lsass.exe[960] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\lsass.exe[960] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\lsass.exe[960] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\WINDOWS\system32\wdfmgr.exe[1000] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1120] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1172] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1172] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1172] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\WINDOWS\System32\svchost.exe[1220] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1276] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1276] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1276] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\svchost.exe[1344] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\WINDOWS\system32\igfxtray.exe[1528] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\igfxtray.exe[1528] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\igfxtray.exe[1528] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\WINDOWS\system32\hkcmd.exe[1536] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\hkcmd.exe[1536] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS

steffi1987

20.02.2009 22:35

.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!StrStrW + FFE286FC 7E675128 3 Bytes [ F0, 00, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!StrStrW + FFE28708 7E675134 3 Bytes [ 60, 01, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!StrStrW + FFE2A5AC 7E676FD8 3 Bytes [ 00, 04, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!StrStrW + FFE2A6C4 7E6770F0 3 Bytes [ 70, 04, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!StrStrW + FFE2A774 7E6771A0 3 Bytes [ C0, 05, EA ]
.text ...
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!DllGetClassObject + 50B 7E6A2DC4 3 Bytes [ 90, 03, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!DllGetClassObject + 52B 7E6A2DE4 3 Bytes [ 20, 03, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!DllGetClassObject + 563 7E6A2E1C 3 Bytes [ B0, 02, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[1544] SHELL32.dll!ILLoadFromStream + BA2 7E6B74D8 3 Bytes [ 60, 08, EA ]
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1552] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1552] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1552] USER32.dll!AlignRects + FFFA5598 7E362A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[1552] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\Programme\Java\jre1.5.0\bin\jusched.exe[1568] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE[1576] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE[1576] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE[1576] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\ctfmon.exe[1600] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\ctfmon.exe[1600] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\ctfmon.exe[1600] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1616] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1616] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe[1616] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\Programme\Gemeinsame Dateien\Microsoft Shared\Works Shared\WkCalRem.exe[1660] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\hkcmd.exe[1676] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\hkcmd.exe[1676] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\system32\LEXBCES.EXE[1764] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\spoolsv.exe[1800] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\LEXPPS.EXE[1808] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\System32\alg.exe[2148] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\winlogon.exe[2188] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\TOSHIBA\TOSCDSPD\toscdspd.exe[2204] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\SMSC\SetIcon.exe[2392] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\system32\csrss.exe[2708] C:\WINDOWS\system32\KERNEL32.dll time/date stamp mismatch;
? C:\Programme\Java\jre1.5.0\bin\jusched.exe[2876] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!StrStrW + FFE286FC 7E675128 3 Bytes [ F0, 00, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!StrStrW + FFE28708 7E675134 3 Bytes [ 60, 01, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!StrStrW + FFE2A5AC 7E676FD8 3 Bytes [ 00, 04, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!StrStrW + FFE2A6C4 7E6770F0 3 Bytes [ 70, 04, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!StrStrW + FFE2A774 7E6771A0 3 Bytes [ C0, 05, EA ]
.text ...
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!DllGetClassObject + 50B 7E6A2DC4 3 Bytes [ 90, 03, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!DllGetClassObject + 52B 7E6A2DE4 3 Bytes [ 20, 03, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!DllGetClassObject + 563 7E6A2E1C 3 Bytes [ B0, 02, EA ]
.text C:\Programme\TOSHIBA\Touch and Launch\PadExe.exe[3352] SHELL32.dll!ILLoadFromStream + BA2 7E6B74D8 3 Bytes [ 60, 08, EA ]
? C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
? C:\WINDOWS\Explorer.EXE[3428] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS

steffi1987

20.02.2009 22:44

.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!StrStrW + FFE286FC 7E675128 3 Bytes [ F0, 00, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!StrStrW + FFE28708 7E675134 3 Bytes [ 60, 01, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!StrStrW + FFE2A5AC 7E676FD8 3 Bytes [ 30, 0D, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!StrStrW + FFE2A694 7E6770C0 4 Bytes [ A0, 0D, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!StrStrW + FFE2A6A8 7E6770D4 4 Bytes [ 10, 0E, F0, 01 ]
.text ...
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!SHFree + 11E 7E69AA08 4 Bytes [ 20, 0A, F0, 01 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!ILFree + 7C 7E69AB68 4 Bytes [ F0, 0E, F0, 01 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!ILFindChild + 3D4 7E6A18C0 4 Bytes [ 30, 06, F0, 01 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!ILFindChild + A50 7E6A1F3C 4 Bytes [ D0, 01, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!DllGetClassObject + 50B 7E6A2DC4 3 Bytes [ 20, 03, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!DllGetClassObject + 52B 7E6A2DE4 3 Bytes [ B0, 02, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!DllGetClassObject + 563 7E6A2E1C 3 Bytes [ 40, 02, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!DllGetVersion + 241 7E6AFC44 4 Bytes [ 60, 01, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!DllGetVersion + 2BD 7E6AFCC0 4 Bytes [ 60, 0F, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!SHGetImageList + B23 7E6B0A4C 4 Bytes [ 80, 0E, F0, 01 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!SHTestTokenMembership + E5 7E6B5644 4 Bytes [ 10, 00, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!ILLoadFromStream + 9EA 7E6B7320 4 Bytes [ 60, 08, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!ILLoadFromStream + BA2 7E6B74D8 3 Bytes [ 50, 05, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!ILLoadFromStream + CB2 7E6B75E8 3 Bytes [ D0, 08, EA ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!PathProcessCommand + C5D 7E6BF0E8 4 Bytes [ 80, 0E, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!StrStrIW + 1F5 7E6E135C 4 Bytes [ 80, 00, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!SHGetRealIDL + 633B 7E6EF0EC 4 Bytes [ F0, 0E, 41, 03 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 185C9 7E79F058 4 Bytes [ D0, 01, F8, 02 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 185E5 7E79F074 4 Bytes [ 60, 01, F8, 02 ]
.text C:\WINDOWS\Explorer.EXE[3428] SHELL32.dll!SHLoadNonloadedIconOverlayIdentifiers + 18631 7E79F0C0 4 Bytes [ F0, 00, F8, 02 ]
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3444] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3444] C:\WINDOWS\system32\USER32.dll time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3444] USER32.dll!AlignRects + FFFA5598 7E362A78 4 Bytes [ D0, 11, 42, 30 ]
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 7.0\avp.exe[3444] C:\WINDOWS\system32\SHELL32.dll time/date stamp mismatch; unknown module: WINMM.dllunknown module: msi.dllunknown module: DEVMGR.DLLunknown module: urlmon.dllunknown module: OLEAUT32.dllunknown module: OLEACC.dllunknown module: VERSION.dllunknown module: MPR.dllunknown module: CSCDLL.dllunknown module: UxTheme.dllunknown module: credui.dllunknown module: RASAPI32.dllunknown module: MSGINA.dllunknown module: POWRPROF.dllunknown module: SHDOCVW.dllunknown module: BROWSEUI.dllunknown module: EFSADU.dllunknown module: LINKINFO.dllunknown module: MSIMG32.dllunknown module: DUSER.dllunknown module: PRINTUI.dllunknown module: CdfView.dllunknown module: SETUPAPI.dllunknown module: appHelp.dllunknown module: query.dllunknown module: gdiplus.dllunknown module: IMM32.dllunknown module: msvcrt.dllunknown module: MSWIN.EXE\Metastock 6.*",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\MSWIN.EXE\Metastock 6.*",FILEOPENBOGUSCTRLID,,
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",Version,,"6.*"
HKLM,"%SHELLCOMPAT%\Applications\pwrplay.exe",FILEOPENBOGUS
? C:\DOKUME~1\Sven\LOKALE~1\Temp\Temporäres Verzeichnis 2 für gmer114.zip\gmer.exe[3788] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
? C:\DOKUME~1\Sven\LOKALE~1\Temp\Temporäres Verzeichnis 2 für gmer114.zip\gmer.exe[3788] C:\WINDOWS\system32\USER32.DLL time/date stamp mismatch; unknown module: MSIMG32.dllunknown module: POWRPROF.dllunknown module: WINSTA.dll

---- Kernel IAT/EAT - GMER 1.0.14 ----

IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 85744530
IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 85744530
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\usbccgp.sys[NTOSKRNL.EXE!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\usbprint.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\HIDCLASS.SYS[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\kbdhid.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\mouhid.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\System32\Drivers\Fastfat.SYS[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] 85744400
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice]85744400

steffi1987

20.02.2009 22:52

So nachdem ich jetzt alle einzeln reingestellt hab, hab ich mitbekomm das man auch datein anhängen kann..

steffi1987

20.02.2009 23:01

Teil 1 von sehr vielen

steffi1987

20.02.2009 23:06

Teil 2 von Teilen

steffi1987

20.02.2009 23:21

Teil 3 von Teilen

steffi1987

20.02.2009 23:25

IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\svchost.exe [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\svchost.exe[808] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\winsrv.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\winsrv.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\winsrv.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\winsrv.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\csrss.exe[880] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\KERNEL32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)

steffi1987

20.02.2009 23:31

IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\winlogon.exe [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\REGAPI.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\winlogon.exe[904] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [7C884FEC] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [7C884F9C] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] [7C884FB0] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [7C884FD8] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[924] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [7C884FC4] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)

steffi1987

21.02.2009 00:50

Könnt ihr mal bitte alle einträge von mir löschen, wo ich versucht hab die datein von gmer reinzustellen?? Da lief wohl einiges verkerrt bzw. ich versuch das mal irgendwie anders zu machen, weil das logfile is 500kb groß und ich kann das irgendwie nich kleiner machen..

lg Steffi

john.doe

21.02.2009 00:53

Hallo Steffi,

das kann man ja nicht mit ansehen. Lade die Datei hier hoch und poste den Link, den du danach bekommst.

Gute Nacht, andreas

steffi1987

23.02.2009 10:23

Sorry nochmal für das Chaos...

http://www.file-upload.net/download-1477013/gmer.log.html

john.doe

01.03.2009 17:36

Kannst du das Log bitte nocheinmal hochladen. Diesmal bitte bei Datei Upload, Bilder hochladen, Datei Hosting auf Materialordner.de

Danke,
Andreas

steffi1987

03.03.2009 20:42

http://www.materialordner.de/T8vyWXuIirMqTgfjGXeisKwKzyEBim.html

So versuch nummer2...

Alle Zeitangaben in WEZ +1. Es ist jetzt 11:33 Uhr.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131