Trojaner-Board
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Trojan.Win32.BHO.yr (https://www.trojaner-board.de/46028-trojan-win32-bho-yr.html)

UneeQ 21.11.2007 22:46
die gmerlogfile muss ich wohl splitten

hier der erste teil

GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2007-11-21 22:31:43
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.13 ----

SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwClose
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwCreateProcess
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwCreateProcessEx
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwCreateSection
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwCreateThread
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwDuplicateObject
SSDT kl1.sys ZwOpenFile
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwOpenProcess
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwOpenSection
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwQuerySystemInformation
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwResumeThread
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwSetContextThread
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwSetInformationFile
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwSetInformationProcess
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwSetSecurityObject
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwSuspendThread
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwTerminateProcess
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys ZwWriteVirtualMemory
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys SSDT[284]
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys SSDT[285]
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys SSDT[286]
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys SSDT[287]
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys SSDT[288]
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys SSDT[289]
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys SSDT[290]
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys SSDT[291]
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys SSDT[292]
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys SSDT[293]
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys SSDT[294]
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys SSDT[295]
SSDT \??\C:\WINDOWS\System32\drivers\klif.sys SSDT[296]

Code \??\C:\WINDOWS\System32\drivers\klif.sys FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\System32\drivers\klif.sys IoIsOperationSynchronous

---- Kernel code sections - GMER 1.0.13 ----

.text ntoskrnl.exe!KiDispatchInterrupt + BA 804DB92E 7 Bytes JMP BAE173C0 \??\C:\WINDOWS\System32\drivers\klif.sys
.text ntoskrnl.exe!IoIsOperationSynchronous 804E8752 5 Bytes JMP BAE14400 \??\C:\WINDOWS\System32\drivers\klif.sys
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 80503C29 5 Bytes JMP BAE13F00 \??\C:\WINDOWS\System32\drivers\klif.sys
PAGE ntoskrnl.exe!RtlCopySid + FF 805673BA 7 Bytes JMP F8836F46 qdofjfyd.dat
? qdofjfyd.dat Das System kann die angegebene Datei nicht finden.
? C:\WINDOWS\system32\Drivers\RKREVEAL150.SYS Das System kann die angegebene Datei nicht finden.
? C:\WINDOWS\system32\2.tmp

UneeQ 21.11.2007 22:47
hier der zweite teil:

---- User code sections - GMER 1.0.13 ----

.text C:\Programme\MSN Messenger\msnmsgr.exe[2180] kernel32.dll!SetUnhandledExceptionFilter 7C84467D 5 Bytes JMP 004DE392 C:\Programme\MSN Messenger\msnmsgr.exe

---- Kernel IAT/EAT - GMER 1.0.13 ----

IAT \SystemRoot\System32\DRIVERS\intelppm.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\VIDEOPRT.SYS[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\USBPORT.SYS[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\i8042prt.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\kbdclass.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\mouclass.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\fdc.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\serial.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\serenum.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\parport.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\irenum.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\CmBatt.sys[NTOSKRNL.EXE!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\imapi.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\redbook.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\ks.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\system32\drivers\portcls.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\Drivers\Modem.SYS[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\audstub.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\ndistapi.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisCloseAdapter] 82D25E80
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisOpenAdapter] 82D25A70
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisDeregisterProtocol] 82D26050
IAT \SystemRoot\System32\DRIVERS\ndiswan.sys[NDIS.SYS!NdisRegisterProtocol] 82D258F0
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisRegisterProtocol] 82D258F0
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisOpenAdapter] 82D25A70
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisCloseAdapter] 82D25E80
IAT \SystemRoot\System32\DRIVERS\raspppoe.sys[NDIS.SYS!NdisDeregisterProtocol] 82D26050
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisDeregisterProtocol] 82D26050
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisRegisterProtocol] 82D258F0
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisOpenAdapter] 82D25A70
IAT \SystemRoot\System32\DRIVERS\psched.sys[NDIS.SYS!NdisCloseAdapter] 82D25E80
IAT \SystemRoot\System32\DRIVERS\msgpc.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\rdpdr.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\termdd.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\swenum.sys[NTOSKRNL.EXE!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\update.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\mssmbios.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisRegisterProtocol] 82D258F0
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisCloseAdapter] 82D25E80
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisOpenAdapter] 82D25A70
IAT \SystemRoot\System32\Drivers\NDProxy.SYS[NDIS.SYS!NdisDeregisterProtocol] 82D26050
IAT \SystemRoot\System32\DRIVERS\usbhub.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\Drivers\Fs_Rec.SYS[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\Drivers\Null.SYS[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\Drivers\Beep.SYS[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\Drivers\Msfs.SYS[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\Drivers\Npfs.SYS[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\rasacd.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisCloseAdapter] 82D25E80
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisOpenAdapter] 82D25A70
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[NDIS.SYS!NdisRegisterProtocol] 82D258F0
IAT \SystemRoot\System32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice]

UneeQ 21.11.2007 22:51
hier der dritte teil

IAT \SystemRoot\System32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] 82CF5870
IAT \SystemRoot\System32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] 82CF5870
IAT \SystemRoot\System32\drivers\ws2ifsl.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisDeregisterProtocol] 82D26050
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisRegisterProtocol] 82D258F0
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisOpenAdapter] 82D25A70
IAT \SystemRoot\System32\DRIVERS\wanarp.sys[NDIS.SYS!NdisCloseAdapter] 82D25E80
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\irda.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisOpenAdapter] 82D25A70
IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisRegisterProtocol] 82D258F0
IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisCloseAdapter] 82D25E80
IAT \SystemRoot\System32\DRIVERS\irda.sys[NDIS.SYS!NdisDeregisterProtocol] 82D26050
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisRegisterProtocol] 82D258F0
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisDeregisterProtocol] 82D26050
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisCloseAdapter] 82D25E80
IAT \SystemRoot\System32\DRIVERS\ndisuio.sys[NDIS.SYS!NdisOpenAdapter] 82D25A70
IAT \SystemRoot\System32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\System32\Drivers\HTTP.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0
IAT \SystemRoot\system32\drivers\kmixer.sys[ntoskrnl.exe!IoCreateDevice] 82CF57F0

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00A703D6
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00A70400
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00A7042A
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00A70454
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00A7047E
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00A704A8
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00A704D2
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00A704FC
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00A70526
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00A70550
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00A7057A
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00A705A4
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00A705CE
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00A705F8
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 00A70622
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 00A7064C
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 00A70676
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 00A706A0
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 00A706CA
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 00A706F4
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 00A7071E

UneeQ 21.11.2007 22:52
und der vierte teil

IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 00A70748
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 00A70772
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 00A7079C
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 00A707C6
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 00A707F0
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 00A7081A
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 00A70844
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 00A7086E
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00A70C34
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00A70C5E
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00A70C88
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00A70CB2
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00A70CDC
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00A70D06
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00A70D30
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00A70D5A
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00A70D84
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00A70DAE
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00A70DD8
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00A70E02
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00A70E2C
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00A70E56
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00A70E80
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00A70EAA
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00A70ED4
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00A70EFE
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00A70F28
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00A70F52
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00A70F7C
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00A70FA6
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00A70FD0
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00AE0010
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00AE003A
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00AE0064
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00AE008E
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00AE00B8
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00AE047E
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00AE04A8
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00AE04D2
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00AE04FC
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00AE0526
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00AE0550
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00AE057A
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00AE05A4
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 00A70160
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 00A701DE
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 00A70208
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 00A701DE
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 00A7018A
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 00A70208
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 00A70160
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 00A70160
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 00A70208
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 00A7018A
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 00A701DE
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 00A702B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 00A7018A
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryExA] 00A70232
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 00A70286
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 00A701DE

UneeQ 21.11.2007 22:53
der fünfte teil

IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 00A70208
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 00A70160
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 00A70160
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 00A701DE
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 00A70208
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 00A70232
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 00A7025C
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 00A701B4
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA] 00A7018A
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 00A70286
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 00A70208
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 00A70160
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 00A701DE
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 00A7018A
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!LoadLibraryA] 00A70208
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!FreeLibrary] 00A70160
IAT C:\Programme\Kaspersky Lab\Kaspersky Security Suite V\avp.exe[212] @ C:\WINDOWS\system32\psapi.dll [KERNEL32.dll!GetProcAddress] 00A701DE

---- Devices - GMER 1.0.13 ----

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_NAMED_PIPE [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLOSE [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_READ [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_WRITE [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_INFORMATION [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_INFORMATION [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_EA [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_EA [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FLUSH_BUFFERS [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_VOLUME_INFORMATION [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_VOLUME_INFORMATION [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DIRECTORY_CONTROL [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_FILE_SYSTEM_CONTROL

UneeQ 21.11.2007 22:55
der sechste teil

AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CONTROL [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_INTERNAL_DEVICE_CONTROL [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SHUTDOWN [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_LOCK_CONTROL [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CLEANUP [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_CREATE_MAILSLOT [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_SECURITY [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_SECURITY [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_POWER [BAE0AE10] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SYSTEM_CONTROL [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_DEVICE_CHANGE [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_QUERY_QUOTA [BAE0AFD0] klif.sys
AttachedDevice \FileSystem\Ntfs \Ntfs IRP_MJ_SET_QUOTA [BAE0AFD0] klif.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_NAMED_PIPE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_READ [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_WRITE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_EA [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_EA [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FLUSH_BUFFERS [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_VOLUME_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_VOLUME_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DIRECTORY_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_FILE_SYSTEM_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SHUTDOWN [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_LOCK_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_CREATE_MAILSLOT [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_SECURITY [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_SECURITY [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_POWER [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SYSTEM_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CHANGE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_QUERY_QUOTA [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Ip IRP_MJ_SET_QUOTA

UneeQ 21.11.2007 22:56
der siebte teil

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [F88C6B7E] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [F88C6D8C] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_READ [F88C799A] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [F88C6AF6] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [F88C82C8] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [F88C8086] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [F88C6AB2] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [F88C8CD4] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [F88C8790] mouclass.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_NAMED_PIPE [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLOSE [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_READ [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_WRITE [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_INFORMATION [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_INFORMATION [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_EA [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_EA [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FLUSH_BUFFERS [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_VOLUME_INFORMATION [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_VOLUME_INFORMATION [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DIRECTORY_CONTROL [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_FILE_SYSTEM_CONTROL [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CONTROL [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_INTERNAL_DEVICE_CONTROL [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SHUTDOWN [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_LOCK_CONTROL [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CLEANUP [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_MAILSLOT [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_SECURITY [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_SECURITY [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_POWER [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SYSTEM_CONTROL [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CHANGE [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_QUOTA [F818A850] SynTP.sys
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 IRP_MJ_SET_QUOTA

UneeQ 21.11.2007 22:58
oh man so kann man auch die anzahl der beiträge erhöhen ;)

so das war der letzte teil hoffentlich

AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_NAMED_PIPE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_READ [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_WRITE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_EA [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_EA [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FLUSH_BUFFERS [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_VOLUME_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_VOLUME_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DIRECTORY_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_FILE_SYSTEM_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SHUTDOWN [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_LOCK_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE_MAILSLOT [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_SECURITY [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_SECURITY [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_POWER [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SYSTEM_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CHANGE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_QUERY_QUOTA [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Tcp IRP_MJ_SET_QUOTA [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_NAMED_PIPE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_READ [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_WRITE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_EA [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_EA [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FLUSH_BUFFERS [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_VOLUME_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_VOLUME_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DIRECTORY_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_FILE_SYSTEM_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SHUTDOWN [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_LOCK_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_CREATE_MAILSLOT [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_SECURITY [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_SECURITY [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_POWER [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SYSTEM_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CHANGE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_QUERY_QUOTA [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\Udp IRP_MJ_SET_QUOTA [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_NAMED_PIPE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_READ [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_WRITE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_INFORMATION

UneeQ 21.11.2007 23:00
ja das war es dann aber auch, hier der wirklich letzte teil:

AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_EA [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_EA [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FLUSH_BUFFERS [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_VOLUME_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_VOLUME_INFORMATION [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DIRECTORY_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_FILE_SYSTEM_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SHUTDOWN [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_LOCK_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE_MAILSLOT [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_SECURITY [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_SECURITY [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_POWER [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SYSTEM_CONTROL [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CHANGE [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_QUERY_QUOTA [F83C80F0] kl1.sys
AttachedDevice \Driver\Tcpip \Device\RawIp IRP_MJ_SET_QUOTA [F83C80F0] kl1.sys

---- Threads - GMER 1.0.13 ----

Thread 4:112 82D2BB40
Thread 4:116 82D2BB40
Thread 4:120 82D000A0
Thread 4:124 82D000A0
Thread 4:128 82D000A0
Thread 4:444 82D2BB40
Thread 4:508 82D2BB40
Thread 4:652 82D2BB40

---- Files - GMER 1.0.13 ----

ADS C:\Dokumente und Einstellungen\internet\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\ekice46@hotmail.de\SharingMetadata\alimusto@hotmail.com\DFSR\Staging\CS{071A13A8-BF24-2DF6-F613-9907341846FF}\01\10-{071A13A8-BF24-2DF6-F613-9907341846FF}-v1-{1C87AA91-4382-4955-8228-26212D21B68B}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\cavras46@hotmail.de\SharingMetadata\knuffi23@hotmail.com\DFSR\Staging\CS{CFE8611D-7389-E71F-3D18-7FEA06AE6137}\01\10-{CFE8611D-7389-E71F-3D18-7FEA06AE6137}-v1-{030B1082-4EBB-400C-8388-EF53D370B1E5}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\ekice46@hotmail.de\SharingMetadata\alimusto@hotmail.com\DFSR\Staging\CS{071A13A8-BF24-2DF6-F613-9907341846FF}\01\12-{071A13A8-BF24-2DF6-F613-9907341846FF}-v1-{D5063A0F-C5A6-4326-A70F-79431E1DE890}-v12-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS
ADS C:\Dokumente und Einstellungen\test\Lokale Einstellungen\Anwendungsdaten\Microsoft\Messenger\ekice46@hotmail.de\SharingMetadata\alokara37@hotmail.fr\DFSR\Staging\CS{9C70DEDB-FE3A-066C-7DBB-05BB9A5C680A}\01\10-{9C70DEDB-FE3A-066C-7DBB-05BB9A5C680A}-v1-{D5063A0F-C5A6-4326-A70F-79431E1DE890}-v10-Downloaded.frx:{59828bbb-3f72-4c1b-a420-b51ad66eb5d3}.XPRESS

---- EOF - GMER 1.0.13 ----

nochdigger 22.11.2007 18:10
Hallo

Zitat:
Nee ich hab extra einen Gastzugang angelegt, weil ich schon mal Probleme mit dem Rechner hatte und mir da geraten wurde, nicht mit Adminrechten im Internet zu surfen.
Is recht so ;)
Nu bräuchten wir aber Adminrechte um die verdammte Datei
C:\WINDOWS\System32\dpwsockxf.dll
in einen von dir vorher erstellten Ordner (z.B. C:\Boese\ ) zu verschieben o. zu kopieren.
Versuch das bitte gleich im abgesicherten Modus mit Adminrechten.

MFG

UneeQ 22.11.2007 21:31
so ich bin jetzt im abgesicherten modus mit netzwerkirgendwas und das mit dem verschieben hat leider nicht geklappt. ich bekomme immer die meldung, dass der zugriff verweigert wurde. ich soll sicherstellen, dass die datei weder schreibgeschützt ist noch verwendet wird. schreibgeschützt ist sie nicht lt. den einstellungen. wie kann ich feststellen, ob die gerade benutzt wird? soll ich in den task-einstellungen nachsehen?

oh und eben kam die meldung von kaspersky, dass noch weitere viren gefunden wurde bzw. der gleiche immer woanders
hab das mal kopiert:
gefunden: trojanisches Programm Trojan.Win32.BHO.yr Datei: c:\windows\system32\dpwsockxf.dll//PE_Patch.UPX//UPX
gelöscht: trojanisches Programm Trojan.Win32.BHO.yr Datei: C:\Dokumente und Einstellungen\test\Desktop\backups\backup-20071120-213250-980.dll//PE_Patch.UPX//UPX
gelöscht: trojanisches Programm Trojan.Win32.BHO.yr Datei: C:\Dokumente und Einstellungen\test\Desktop\backups\backup-20071120-213314-538.dll//PE_Patch.UPX//UPX
gelöscht: trojanisches Programm Trojan.Win32.BHO.yr Datei: C:\System Volume Information\_restore{3173B4BA-9E4F-4C1E-B78E-739DB0608E8D}\RP1\A0000137.dll//PE_Patch.UPX//UPX
gelöscht: trojanisches Programm Trojan.Win32.BHO.yr Datei: C:\System Volume Information\_restore{3173B4BA-9E4F-4C1E-B78E-739DB0608E8D}\RP1\A0000138.dll//PE_Patch.UPX//UPX


kannst du damit etwas anfangen?

nochdigger 23.11.2007 06:11
Hallo

Zitat:
ich bekomme immer die meldung, dass der zugriff verweigert wurde. ich soll sicherstellen, dass die datei weder schreibgeschützt ist noch verwendet wird. schreibgeschützt ist sie nicht lt. den einstellungen.
Das wird ja immer besser:koch:

Zitat:
soll ich in den task-einstellungen nachsehen?
Ausprobieren...

Die Datei liegt einmal in der Systemwiederherstellung und in diesem Ordner
C:\Dokumente und Einstellungen\test\Desktop\backups\backup-20071120-213250-980.dll
versuche mal diese Datei
hier Virustotal
hier VirSCAN.org - The Multi-Engine Virus Scanner v1.00 Beta,Support 36 AntiVirus Engine, Last Update(071109)
oder hier Jotti
überprüfen zu lassen (kann einige Minuten dauern),
poste die Ergebnisse mit der Angabe der größe der hochgeladenen Datei sowie die MD5 und SHA1 Angaben,
bitte auch wenn nichts gefunden wurde.

MFG

UneeQ 23.11.2007 08:04
Liste der Anhänge anzeigen (Anzahl: 2)
hat alles nicht geklappt, ich hab dir mal die screenshots angehängt
ich dreh gleich durch dieses verdammte mistding :headbang:

nochdigger 23.11.2007 18:15
Hallo

Bitte die folgenden Schritte wieder als Admin ausführen

Lade dir bitte mal den Process Explorer
Process Explorer 11.02
und entpacke das Programm in einen eigenen Ordner.
-Starte die procexp.exe
-klicke auf unser Problemkind:snyper:
-klicke in der Leiste oben auf "Process" dann auf "Kill" -> OK
-versuche nun die Datei in den von dir erstellten Ordner zu kopieren
-versuche den Eintrag im Hijackthis Log den ich dir anfangs nannte zu fixen
-lass die Datei bei Virustotal auswerten
-berichte bitte nochmal


MFG

UneeQ 24.11.2007 08:41
Liste der Anhänge anzeigen (Anzahl: 2)
ähm ich weiss ehrlich gesagt nicht, wo ich besagte dll-datei finden kann. hab dir mal zwei screenshots angehängt

sorry *totalernerdbin* :confused:


Alle Zeitangaben in WEZ +1. Es ist jetzt 17:38 Uhr.
Seite 2 von 4 1 2 34
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131