Your computer is infected! (helft mir die Spyware beseitigen)

FabeMan · 06.03.2009

Seid gegrüßt.

Da ich unter der Suche zu alte Beiträge gefunden habe, poste ich hier mal neu.

Ich habe seit gestern folgende Meldung über einem roten Punkt mit weißem X ...

Außerdem öffnet sich öfters ein Explorerfenster, in dem Werbung steht, oder eine C:\Windows\security.html, die mir sagt Your pc is not protected from intrusion attempts und das ich eine Antivirensoftware runterladen soll.

Ab und zu kommt auch ein Hinweis, ich solle Antivirus 360 downloaden, was ich natürlich nicht gemacht habe.
Ein anderes Programm hatte ich zwischendurch plötzlich drauf (Antivirus Agent Pro), welches ich aber entfernen konnte.

Ich habe mittlerweile AntiVir und Ad-Aware laufen lassen und konnte das Problem nicht beheben. Auch eine Systemwiederherstellung half nichts. Die Hinweisblase (s.o.) und die Explorerfenster sind weiterhin da.

Nun habe ich mit HiJackThis ein Protokoll erstellt.
Könnt ihr mir helfen, wenn ich es hier poste?
Liebe Grüße!

warft7 · 06.03.2009

Warte mal auf schrauber oder schau dir seine Threads an hier,
der hat echt was los wenn es um Schädlingsbeseitigung geht!
Ab das logfile kannst du schon mal vorab posten!

cu
warft7

Athene · 06.03.2009

http://de.wikipedia.org/wiki/Scareware
Dürfte sowas sein - warte auf Schrauber.........

schrauber · 06.03.2009

hi,

http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_rs
tool rsit laufen lassen, beide logfiles in code-tags hier posten. ganz unten im verlinkten thread steht wie das mit den code-tags geht.

FabeMan · 06.03.2009

Danke Leute.
Und danke schrauber, dass du dich meiner annimmst.

Ich habe die beiden logfiles. Aber ich finde nichts zu deinem Hinweis mit den code-tags. Ich denke, es geht darum, dass ich die maximale Textlänge nicht überschreite, oder?
Weil wenn ich die normalen code-tags verwende, bin ich über 20000 Zeichen.

Was habe ich übersehen, damit ich die Logfiles richtig posten kann? *rotwerd*
:

schrauber · 06.03.2009

die normalen code-tags sind schon die richtigen, das log ist einfach zu lang. teile die logs in stücke und poste sie in mehreren antworten, in code-tags

FabeMan · 06.03.2009

Ah okay. Hätte's fast so gemacht. Dachte nur es ginge noch anders.
Na dann mal los...

Teil 1 Info.txt

Code:

info.txt logfile of random's system information tool 1.05 2009-03-06 22:24:06

======Uninstall list======

-->C:\Programme\Creative Installation Information\CREATIVE_MEDIASOURCE_U\Setup.exe /remove /nolog/l0x0007
-->C:\Programme\Creative Installation Information\CTCMSGO\Setup.exe /remove /nolog/l0x0007
-->C:\Programme\Creative Installation Information\E-CENTER_NET_CONTENT_U\Setup.exe /remove /nolog/l0x0007
-->C:\Programme\Creative Installation Information\E-CENTER_PLUGIN_CDBURNER_U\Setup.exe /remove /nolog/l0x0007
-->C:\Programme\Creative Installation Information\E-CENTER_PLUGIN_MINIDISC_U\Setup.exe /remove /nolog/l0x0007
-->C:\Programme\Creative Installation Information\E-CENTER_PLUGIN_ONLINESTORE_U\Setup.exe /remove /nolog/l0x0007
-->C:\Programme\Creative Installation Information\MEDIASOURCE_PLAYER_SKINPACK_U\Setup.exe /remove /nolog/l0x0007
-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{88E5FCB8-5F25-11D5-B16F-0800460222F0}\setup.exe -l0x7 UNINSTALL
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{D76298C2-E532-4A11-BCFF-76F3F19DA84D}\setup.exe UNINSTALL
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{700932B3-A964-4878-82A2-96054622A1F7}\setup.exe -l0x7 /remove
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe -l0x7 
-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe -l0x7 
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe REMOVE=TRUE MODIFY=FALSE
Ad-Aware-->C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}\Ad-AwareAE.exe
Adobe Anchor Service CS3-->MsiExec.exe /I{90176341-0A8B-4CCC-A78D-F862228A6B95}
Adobe Asset Services CS3-->MsiExec.exe /I{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}
Adobe Bridge CS3-->MsiExec.exe /I{9C9824D9-9000-4373-A6A5-D0E5D4831394}
Adobe Bridge Start Meeting-->MsiExec.exe /I{08B32819-6EEF-4057-AEDA-5AB681A36A23}
Adobe Camera Raw 4.0-->MsiExec.exe /I{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}
Adobe CMaps-->MsiExec.exe /I{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}
Adobe Color - Photoshop Specific-->MsiExec.exe /I{A2D81E70-2A98-4A08-A628-94388B063C5E}
Adobe Color Common Settings-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\6c8e2cb4fd241c55406016127a6ab2e\Setup.exe
Adobe Color Common Settings-->MsiExec.exe /I{6D4AC5A4-4CF9-4F90-8111-B9B53CE257BF}
Adobe Color EU Recommended Settings-->MsiExec.exe /I{73B5D990-04EA-4751-B10F-5534770B91F2}
Adobe Color JA Extra Settings-->MsiExec.exe /I{DD7DB3C5-6FA3-4FA3-8A71-C2F2940EB029}
Adobe Color NA Extra Settings-->MsiExec.exe /I{FF29A7E2-FF40-4D07-B7E4-2093DE59E10A}
Adobe Default Language CS3-->MsiExec.exe /I{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}
Adobe Device Central CS3-->MsiExec.exe /I{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}
Adobe ExtendScript Toolkit 2-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\3e054d2218e7aa282c2369d939e58ff\Setup.exe
Adobe ExtendScript Toolkit 2-->MsiExec.exe /I{24D7346D-D4B4-45E8-98EA-75EC14B42DD8}
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Flash Player ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Fonts All-->MsiExec.exe /I{6ABE0BEE-D572-4FE8-B434-9E72A289431B}
Adobe Help Viewer CS3-->MsiExec.exe /I{04AF207D-9A77-465A-8B76-991F6AB66245}
Adobe Linguistics CS3-->MsiExec.exe /I{54793AA1-5001-42F4-ABB6-C364617C6078}
Adobe PDF Library Files-->MsiExec.exe /I{D2559B88-CC9D-4B48-81BB-F492BAA9C48C}
Adobe Photoshop CS3-->C:\Programme\Gemeinsame Dateien\Adobe\Installers\5f143314a5d434c8511097393d17397\Setup.exe
Adobe Photoshop CS3-->MsiExec.exe /I{29F05234-DCBB-4FE0-88DC-5160C9250312}
Adobe Reader 8.1.2 - Deutsch-->MsiExec.exe /I{AC76BA86-7AD7-1031-7B44-A81200000003}
Adobe Setup-->MsiExec.exe /I{64C1FA9A-FA94-4B6E-B3E4-8573738E4AD1}
Adobe Setup-->MsiExec.exe /I{B3C02EC1-A7B0-4987-9A43-8789426AAA7D}
Adobe Setup-->MsiExec.exe /I{F01F79AD-1F47-4685-AE4E-CCFA4EA9FF7C}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Adobe Stock Photos CS3-->MsiExec.exe /I{29E5EA97-5F74-4A57-B8B2-D4F169117183}
Adobe Type Support-->MsiExec.exe /I{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}
Adobe Update Manager CS3-->MsiExec.exe /I{E69AE897-9E0B-485C-8552-7841F48D42D8}
Adobe Version Cue CS3 Client-->MsiExec.exe /I{D0DFF92A-492E-4C40-B862-A74A173C25C5}
Adobe WinSoft Linguistics Plugin-->MsiExec.exe /I{184CE391-7E0E-4C63-9935-D7A10EDFD3C6}
Adobe XMP Panels CS3-->MsiExec.exe /I{802771A9-A856-4A41-ACF7-1450E523C923}
ALFTP-->C:\Programme\ESTsoft\ALFTP\unins000.exe
Apple Software Update-->MsiExec.exe /I{02DFF6B1-1654-411C-8D7B-FD6052EF016F}
ASAPI Update-->C:\WINDOWS\system32\IWUNIN~1.EXE -uninstall C:\WINDOWS\ISUNINST.EXE -fC:\PROGRA~1\VOB\ASAPIU~1\ASAPI.isu
Audacity 1.2.6-->C:\Programme\Audacity\unins000.exe
Audiograbber 1.83 SE -->C:\WINDOWS\uninstall\Audiograbber\setup.exe
Avira AntiVir Personal - Free Antivirus-->C:\Programme\Avira\AntiVir PersonalEdition Classic\SETUP.EXE /REMOVE
BrainWave Generator-->C:\WINDOWS\IsUninst.exe -fC:\Programme\BrainWave Generator\Uninst.isu
CamAlert II-->C:\Programme\CamAlert\unins000.exe
CamStudio-->C:\Programme\CamStudio\uninstall.exe
Canon Camera Access Library-->C:\Programme\Gemeinsame Dateien\Canon\UIW\1.1.0.0\Uninst.exe C:\Programme\Canon\CAL\Uninst.ini
Canon Camera Support Core Library-->C:\Programme\Gemeinsame Dateien\Canon\UIW\1.1.0.0\Uninst.exe C:\Programme\Canon\CSCLIB\Uninst.ini
Canon Camera Window DC_DV 5 for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\Canon\UIW\1.1.0.0\Uninst.exe C:\Programme\Canon\CameraWindow\CameraWindowDVC\Uninst.ini
Canon Camera Window DC_DV 6 for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\Canon\UIW\1.1.0.0\Uninst.exe C:\Programme\Canon\CameraWindow\CameraWindowDVC6\Uninst.ini
Canon Camera Window MC 6 for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\Canon\UIW\1.1.0.0\Uninst.exe C:\Programme\Canon\CameraWindow\CameraWindowMC\Uninst.ini
CANON iMAGE GATEWAY Task for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\Canon\UIW\1.1.0.0\Uninst.exe C:\Programme\Canon\ZoomBrowser EX\Program\CRWUnInstall.ini
Canon Internet Library for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\Canon\UIW\1.1.0.0\Uninst.exe C:\Programme\Canon\ZoomBrowser EX\Program\CIGUnInstall.ini
Canon RAW Image Task for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\Canon\UIW\1.1.0.0\Uninst.exe C:\Programme\Canon\RAW Image Task\Uninst.ini
Canon RemoteCapture Task for ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\Canon\UIW\1.1.0.0\Uninst.exe C:\Programme\Canon\CameraWindow\RemoteCaptureTask DC\Uninst.ini
Canon Utilities Digital Photo Professional 2.2-->C:\Programme\Gemeinsame Dateien\Canon\UIW\1.1.0.0\Uninst.exe C:\Programme\Canon\Digital Photo Professional\Uninst.ini
Canon Utilities EOS Utility-->C:\Programme\Gemeinsame Dateien\Canon\UIW\1.1.0.0\Uninst.exe C:\Programme\Canon\EOS Utility\Uninst.ini
Canon Utilities PhotoStitch-->C:\Programme\Gemeinsame Dateien\Canon\UIW\1.1.0.0\Uninst.exe C:\Programme\Canon\PhotoStitch\Uninst.ini
Canon Utilities ZoomBrowser EX-->C:\Programme\Gemeinsame Dateien\Canon\UIW\1.1.0.0\Uninst.exe C:\Programme\Canon\ZoomBrowser EX\Program\Uninst.ini
Cool Edit Pro 2.0-->C:\Programme\coolpro2\cep2unin.exe
Creative MediaSource 5-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}\setup.exe -l0x7 /remove
Creative-Audiokonsole-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{7B9AE66C-2A8F-4FB2-85D7-416AFFAE8408}\setup.exe -l0x7 /remove
DATA BECKER Podcast Producer-->C:\Programme\DATA BECKER\Podcast Producer\unins000.exe
DivX Codec-->C:\Programme\DivX\DivXCodecUninstall.exe /CODEC
DivX Converter-->C:\Programme\DivX\DivXConverterUninstall.exe /CONVERTER
DivX Player-->C:\Programme\DivX\DivXPlayerUninstall.exe /PLAYER
DivX Plus DirectShow Filters-->C:\Programme\DivX\DivXDSFiltersUninstall.exe /DSFILTERS
DivX Web Player-->C:\Programme\DivX\DivXWebPlayerUninstall.exe /PLUGIN
DivxToDVD 0.5.2-->C:\Programme\vso\DivxToDVD\unins000.exe
Free FTP Client 3.2.0-->C:\Programme\Free FTP Client 3.2.0\unins000.exe
Google Earth-->MsiExec.exe /X{548EAC70-EE00-11DD-908C-005056806466}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Google Updater-->C:\Programme\Google\Google Updater\GoogleUpdater.exe -uninstall
Gothic-->C:\WINDOWS\IsUn0407.exe -fe:\programme\Uninst.isu
HijackThis 2.0.2-->c:\programme\trend micro\hijackthis\HijackThis.exe /uninstall
Hotfix for Windows XP (KB915865)-->C:\WINDOWS\$NtUninstallKB915865$\spuninst\spuninst.exe
Hotfix für Windows XP (KB914440)-->C:\WINDOWS\$NtUninstallKB914440$\spuninst\spuninst.exe
ICQ Toolbar-->regsvr32 /u /s C:\PROGRA~1\ICQTOO~1\toolbaru.dll

[br][br]Erstellt am: 06.03.09 um 23:13:12

[br]Teil 2 Info.txt

Code:

ICQ6-->C:\Programme\InstallShield Installation Information\{60DE4033-9503-48D1-A483-7846BD217CA9}\setup.exe -runfromtemp -l0x0009 -removeonly
Inkscape 0.45.1-->E:\Programme\Inkscape\uninst.exe
Java(TM) 6 Update 4-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160040}
L&amp;H TTS3000 Deutsch-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\LHTTSGED.inf, Uninstall
Lernout &amp; Hauspie TruVoice American English TTS Engine-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\tv_enua.inf, Uninstall
Marvell Miniport Driver-->MsiExec.exe /X{C950420B-4182-49EA-850A-A6A2ABF06C6B}
Microsoft .NET Framework 1.0 Hotfix (KB930494)-->C:\WINDOWS\$NtUninstallKB930494$\spuninst\spuninst.exe
Microsoft Internationalized Domain Names Mitigation APIs-->C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe
Microsoft National Language Support Downlevel APIs-->C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe
Microsoft Text-to-Speech Engine 4.0 (English)-->RunDll32 advpack.dll,LaunchINFSection C:\WINDOWS\INF\msTTS.inf, Uninstall
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.0.6)-->C:\Programme\Mozilla Firefox\uninstall\helper.exe
Mozilla Thunderbird (2.0.0.19)-->C:\Programme\Mozilla Thunderbird\uninstall\helper.exe
Native Instruments Massive-->C:\PROGRA~1\NATIVE~1\Massive\UNWISE.EXE C:\PROGRA~1\NATIVE~1\Massive\INSTALL.LOG
Native Instruments Reaktor v5.1.2.009 VSTi DXi RTAS-->C:\PROGRA~1\NATIVE~1\REAKTO~1\UNWISE.EXE C:\PROGRA~1\NATIVE~1\REAKTO~1\INSTALL.LOG
neroxml-->MsiExec.exe /I{56C049BE-79E9-4502-BEA7-9754A3E60F9B}
OpenMG Limited Patch 4.0-04-08-02-01-->C:\Programme\Gemeinsame Dateien\Sony Shared\OpenMG\HotFixes\HotFix4.0-04-08-02-01\HotFixSetup\setup.exe /u
OpenMG Secure Module 4.0.00-->C:\PROGRA~1\GEMEIN~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{6F1974D6-4249-43B6-88B0-9A9B8A33956C} /l1033 UNINSTALL
OpenOffice.org 2.4-->MsiExec.exe /I{46008F4B-A8C3-4282-ACE3-73821F860911}
PDF Settings-->MsiExec.exe /I{AC5B0C19-D851-42F4-BDA0-410ECF7F70A5}
PhotoFiltre-->E:\Programme\PhotoFiltre\Uninst.exe
QuickTime-->MsiExec.exe /I{8DC42D05-680B-41B0-8878-6C14D24602DB}
RealPlayer-->C:\Programme\Gemeinsame Dateien\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
Realtek AC'97 Audio-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{FB08F381-6533-4108-B7DD-039E11FBC27E}\setup.exe -l0x7 -removeonly
Shareaza 2.3.1.0-->C:\Programme\Shareaza\Uninstall\unins000.exe
Sicherheitsupdate für Windows Internet Explorer 7 (KB942615)-->C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe
Sicherheitsupdate für Windows Internet Explorer 7 (KB944533)-->C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe
Sicherheitsupdate für Windows Media Player 10 (KB936782)-->C:\WINDOWS\$NtUninstallKB936782_WMP10$\spuninst\spuninst.exe
Sicherheitsupdate für Windows Media Player 6.4 (KB925398)-->C:\WINDOWS\$NtUninstallKB925398_WMP64$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB890046)-->C:\WINDOWS\$NtUninstallKB890046$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB893756)-->C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB896358)-->C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB896423)-->C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB896428)-->C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB899591)-->C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB900725)-->C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB901017)-->C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB901214)-->C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB902400)-->C:\WINDOWS\$NtUninstallKB902400$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB905414)-->C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB905749)-->C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB908519)-->C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB911562)-->C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB911927)-->C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB913580)-->C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB914388)-->C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB914389)-->C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB917344)-->C:\WINDOWS\$NtUninstallKB917344$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB918118)-->C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB918439)-->C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB919007)-->C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB920213)-->C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB920670)-->C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB920683)-->C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB920685)-->C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB923191)-->C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB923689)-->C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB923980)-->C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB924270)-->C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB924496)-->C:\WINDOWS\$NtUninstallKB924496$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB924667)-->C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB925902)-->C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB926255)-->C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB926436)-->C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB927779)-->C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB928255)-->C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB928843)-->C:\WINDOWS\$NtUninstallKB928843$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB929123)-->C:\WINDOWS\$NtUninstallKB929123$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB930178)-->C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB931261)-->C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB931784)-->C:\WINDOWS\$NtUninstallKB931784$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB932168)-->C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB933729)-->C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB935839)-->C:\WINDOWS\$NtUninstallKB935839$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB935840)-->C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB936021)-->C:\WINDOWS\$NtUninstallKB936021$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB938127)-->C:\WINDOWS\$NtUninstallKB938127$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB938829)-->C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB941202)-->C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB941568)-->C:\WINDOWS\$NtUninstallKB941568$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB941569)-->C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB941644)-->C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB943055)-->C:\WINDOWS\$NtUninstallKB943055$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB943485)-->C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB944533)-->C:\WINDOWS\$NtUninstallKB944533$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB944653)-->C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe
Sicherheitsupdate für Windows XP (KB946026)-->C:\WINDOWS\$NtUninstallKB946026$\spuninst\spuninst.exe

[br][br]Erstellt am: 06.03.09 um 23:13:46

[br]Teil 3 Info.txt

Code:

SIW version 1.73-->C:\Programme\SIW\unins000.exe
Skype™ 3.8-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}
SonicStage 2.1.00-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{71D6CE84-B7DC-4166-8E0D-56C1C37BFB5A}\setup.exe -l0x7 UNINSTALL
Sound Blaster für Media Center-->RunDll32 C:\PROGRA~1\GEMEIN~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup C:\Programme\InstallShield Installation Information\{C88C3C27-AECE-4137-A6CC-D7A6FFAD2F84}\setup.exe -l0x7 /remove
Speakonia-->C:\Programme\CFS-Technologies\Speakonia\unins000.exe
SpeedFan (remove only)-->C:\Programme\SpeedFan\uninstall.exe
Spybot - Search &amp; Destroy-->C:\Programme\Spybot - Search &amp; Destroy\unins000.exe
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Steinberg WaveLab 5.00a-->C:\PROGRA~1\STEINB~1\WaveLab\UNWISE.EXE C:\PROGRA~1\STEINB~1\WaveLab\INSTALL.LOG
Super Jukebox (Remove Only)-->C:\Programme\Super Jukebox\Uninstall.exe
System Requirements Lab-->C:\Programme\SystemRequirementsLab\Uninstall.exe
TrackMania Nations Forever-->C:\Programme\Steam\steam.exe steam://uninstall/11020
Update für Windows XP (KB894391)-->C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe
Update für Windows XP (KB898461)-->C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe
Update für Windows XP (KB900485)-->C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe
Update für Windows XP (KB904942)-->C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe
Update für Windows XP (KB908531)-->C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe
Update für Windows XP (KB910437)-->C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe
Update für Windows XP (KB911280)-->C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe
Update für Windows XP (KB916595)-->C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe
Update für Windows XP (KB920872)-->C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe
Update für Windows XP (KB922582)-->C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe
Update für Windows XP (KB930916)-->C:\WINDOWS\$NtUninstallKB930916$\spuninst\spuninst.exe
Update für Windows XP (KB938828)-->C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe
Update für Windows XP (KB942763)-->C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe
VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}
VCRedistSetup-->MsiExec.exe /I{3921A67A-5AB1-4E48-9444-C71814CF3027}
Visual C++ 2008 x86 Runtime - (v9.0.30729)-->MsiExec.exe /X{F333A33D-125C-32A2-8DCE-5C5D14231E27}
Visual C++ 2008 x86 Runtime - v9.0.30729.01-->C:\WINDOWS\system32\msiexec.exe /x {F333A33D-125C-32A2-8DCE-5C5D14231E27} /qb+ REBOOTPROMPT=
Winamp-->C:\Programme\Winamp\UninstWA.exe
Windows Installer 3.1 (KB893803)-->C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe
Windows Internet Explorer 7-->C:\WINDOWS\ie7\spuninst\spuninst.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
Windows XP-Hotfix - KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Windows XP-Hotfix - KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Windows XP-Hotfix - KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Windows XP-Hotfix - KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Windows XP-Hotfix - KB890859-->C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe
Windows XP-Hotfix - KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
WinRAR-->C:\Programme\WinRAR\uninstall.exe

======Security center information======

AV: Avira AntiVir PersonalEdition (disabled)

System event log

Computer Name: BASSBOTT-AE4D88
Event Code: 7036
Message: Dienst IMAPI-CD-Brenn-COM-Dienste befindet sich jetzt im Status Ausgeführt.

Record Number: 15002
Source Name: Service Control Manager
Time Written: 20090204133730.000000+060
Event Type: Informationen
User: 

Computer Name: BASSBOTT-AE4D88
Event Code: 7035
Message: Der Steuerbefehl starten wurde erfolgreich an den Dienst IMAPI-CD-Brenn-COM-Dienste gesendet.

Record Number: 15001
Source Name: Service Control Manager
Time Written: 20090204133730.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: BASSBOTT-AE4D88
Event Code: 7036
Message: Dienst RAS-Verbindungsverwaltung befindet sich jetzt im Status Ausgeführt.

Record Number: 15000
Source Name: Service Control Manager
Time Written: 20090204133729.000000+060
Event Type: Informationen
User: 

Computer Name: BASSBOTT-AE4D88
Event Code: 7035
Message: Der Steuerbefehl starten wurde erfolgreich an den Dienst RAS-Verbindungsverwaltung gesendet.

Record Number: 14999
Source Name: Service Control Manager
Time Written: 20090204133728.000000+060
Event Type: Informationen
User: BASSBOTT-AE4D88\bassbottle

Computer Name: BASSBOTT-AE4D88
Event Code: 7036
Message: Dienst Telefonie befindet sich jetzt im Status Ausgeführt.

Record Number: 14998
Source Name: Service Control Manager
Time Written: 20090204133728.000000+060
Event Type: Informationen
User: 

Application event log

Computer Name: BASSBOTT-AE4D88
Event Code: 1
Message: 
Record Number: 21650
Source Name: Bonjour Service
Time Written: 20090301135024.000000+060
Event Type: Informationen
User: 

Computer Name: BASSBOTT-AE4D88
Event Code: 4096
Message: 
Record Number: 21649
Source Name: Avira AntiVir
Time Written: 20090301135022.000000+060
Event Type: Informationen
User: NT-AUTORITÄT\SYSTEM

Computer Name: BASSBOTT-AE4D88
Event Code: 0
Message: 
Record Number: 21648
Source Name: gusvc
Time Written: 20090227163110.000000+060
Event Type: Informationen
User: 

Computer Name: BASSBOTT-AE4D88
Event Code: 0
Message: 
Record Number: 21647
Source Name: gusvc
Time Written: 20090227163000.000000+060
Event Type: Informationen
User: 

Computer Name: BASSBOTT-AE4D88
Event Code: 11707
Message: Produkt: Google Earth -- Installationsvorgang erfolgreich abgeschlossen.

Record Number: 21646
Source Name: MsiInstaller
Time Written: 20090227153141.000000+060
Event Type: Informationen
User: BASSBOTT-AE4D88\bassbottle

======Environment variables======

ComSpec=%SystemRoot%\system32\cmd.exe
Path=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Programme\QuickTime\QTSystem\
windir=%SystemRoot%
FP_NO_HOST_CHECK=NO
OS=Windows_NT
PROCESSOR_ARCHITECTURE=x86
PROCESSOR_LEVEL=15
PROCESSOR_IDENTIFIER=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
PROCESSOR_REVISION=2f02
NUMBER_OF_PROCESSORS=1
PATHEXT=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
TEMP=%SystemRoot%\TEMP
TMP=%SystemRoot%\TEMP
CLASSPATH=.;C:\Programme\Java\jre1.6.0_04\lib\ext\QTJava.zip
QTJAVA=C:\Programme\Java\jre1.6.0_04\lib\ext\QTJava.zip

-----------------EOF-----------------

[br][br]Erstellt am: 06.03.09 um 23:16:04

[br]Brauchst du den Info.txt überhaupt?

Hier auf jeden Fall der Log.txt
Teil 1

Code:

Logfile of random's system information tool 1.05 (written by random/random)
Run by bassbottle at 2009-03-06 22:23:56
Microsoft Windows XP Professional Service Pack 2
System drive C: has 3 GB (9%) free of 38 GB
Total RAM: 1023 MB (46% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:24:04, on 06.03.2009
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
c:\programme\google\update\googleupdate.exe
C:\WINDOWS\Explorer.EXE
C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\system32\svchost.exe
c:\windows\ehome\ehtray.exe
c:\windows\soundman.exe
c:\windows\cthelper.exe
c:\programme\winamp\winampa.exe
c:\programme\java\jre1.6.0_04\bin\jusched.exe
c:\windows\system32\rundll32.exe
c:\windows\guard.exe
c:\programme\lavasoft\ad-aware\aawtray.exe
c:\windows\system32\ctfmon.exe
c:\programme\messenger\msmsgs.exe
c:\dokumente und einstellungen\bassbottle\anwendungsdaten\nsvcappflt.exe
C:\Programme\Canon\CAL\CALMAIN.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
c:\programme\mozilla firefox\firefox.exe
C:\WINDOWS\system32\ldupgrt.jpg
C:\WINDOWS\system32\ldupgrt.jpg
C:\WINDOWS\system32\rundll32.exe
C:\WINDOWS\system32\ldupgrt.jpg
c:\windows\system32\ldupgrt.jpg
C:\DOKUME~1\BASSBO~1\LOKALE~1\Temp\conlf1.ini
C:\WINDOWS\system32\ldupgrt.jpg
C:\WINDOWS\System32\svchost.exe
c:\programme\internet explorer\iexplore.exe
c:\programme\real\realplayer\realplay.exe
c:\dokumente und einstellungen\bassbottle\desktop\rsit.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
c:\programme\trend micro\hijackthis\bassbottle.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = [url]http://www.crawler.com/search/dispatcher.aspx?tp=aus&amp;qkw=%s&amp;tbid=66028[/url]
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://www.crawler.com/?tbid=66028[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = [url]http://www.crawler.com/search/ie.aspx?tb_id=66028[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = [url]http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028[/url]
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = [url]http://go.microsoft.com/fwlink/?LinkId=54896[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = [url]http://go.microsoft.com/fwlink/?LinkId=69157[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = [url]http://www.crawler.com/search/ie.aspx?tb_id=66028[/url]
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = [url]http://dnl.crawler.com/support/sa_customize.aspx?TbId=66028[/url]
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQ Toolbar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\system32\twex.exe,
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: RealPlayer Download and Record Plugin for Internet Explorer - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll
O2 - BHO: (no name) - {3128d715-dc13-47d3-9fe3-36d5fa82d37e} - C:\WINDOWS\system32\bonitezu.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Adobe PDF Reader Link Helper - {B782EDE4-CCB3-4E3E-981F-96C68116F38C} - c:\windows\system32\AcroIEHelpe.dll
O2 - BHO: {0413e733-bcc8-858b-6dc4-d30698a14fbe} - {ebf41a89-603d-4cd6-b858-8ccb337e3140} - C:\WINDOWS\system32\memxno.dll
O3 - Toolbar: ICQ Toolbar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avgnt] C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe /min
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe
O4 - HKLM\..\Run: [WinampAgent] C:\Programme\Winamp\winampa.exe
O4 - HKLM\..\Run: [NBKeyScan] C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Programme\Java\jre1.6.0_04\bin\jusched.exe
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [QuickTime Task] c:\programme\quicktime\qttask.exe -atboottime
O4 - HKLM\..\Run: [toseginelo] Rundll32.exe C:\WINDOWS\system32\wejureke.dll,s
O4 - HKLM\..\Run: [guard] C:\WINDOWS\guard.exe
O4 - HKLM\..\Run: [Ad-Watch] c:\programme\lavasoft\ad-aware\AAWTray.exe
O4 - HKLM\..\Run: [Antivirus Agent Pro] c:\program files\antivirus agent pro\aap.exe
O4 - HKLM\..\Run: [c4518015] rundll32.exe C:\WINDOWS\system32\gehotimi.dll,b
O4 - HKLM\..\Run: [CPMc762b389] Rundll32.exe c:\windows\system32\kapigagi.dll,a
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NVIDIA nTune] C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe clear
O4 - HKCU\..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020
O4 - HKCU\..\Run: [MSMSGS] C:\Programme\Messenger\msmsgs.exe /background
O4 - HKCU\..\Run: [Win32load] C:\Dokumente und Einstellungen\bassbottle\Anwendungsdaten\nSvcAppFlt.exe -lds
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\Run: [toseginelo] Rundll32.exe C:\WINDOWS\system32\wejureke.dll,s (User->LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->NETZWERKDIENST')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User->Default user')
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra->Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra->Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra->Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O9 - Extra->Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programme\Messenger\msmsgs.exe
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - [url]http://www.creative.com/su/ocx/15031/CTSUEng.cab[/url]
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} (System Requirements Lab) - [url]http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab[/url]
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} (NVIDIA Smart Scan) - [url]http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab[/url]
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - [url]http://www.creative.com/su/ocx/15034/CTPID.cab[/url]
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\GEMEIN~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: C:\WINDOWS\system32\ripojopo.dll memxno.dll c:\windows\system32\kapigagi.dll
O21 - SSODL: SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapigagi.dll
O22 - SharedTaskScheduler: STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapigagi.dll
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Programme\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Programme\Canon\CAL\CALMAIN.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c998e7ee8daa7e) (gupdate1c998e7ee8daa7e) - Google Inc. - C:\Programme\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Programme\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: PACSPTISVR - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe
O23 - Service: Sony SPTI Service (SPTISRV) - Sony Corporation - C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe

[br][br]Erstellt am: 06.03.09 um 23:23:59

[br]Log.txt Teil 2

Code:

--
End of file - 10193 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\Google Software Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3049C3E9-B461-4BC5-8870-4C09146192CA}]
RealPlayer Download and Record Plugin for Internet Explorer - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll [2008-04-06 370296]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3128d715-dc13-47d3-9fe3-36d5fa82d37e}]
C:\WINDOWS\system32\bonitezu.dll [1601-01-01 47616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Programme\Java\jre1.6.0_04\bin\ssv.dll [2007-12-14 509328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Programme\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll [2009-02-27 657904]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B782EDE4-CCB3-4E3E-981F-96C68116F38C}]
Adobe PDF Reader Link Helper - c:\windows\system32\AcroIEHelpe.dll [2009-03-06 80672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ebf41a89-603d-4cd6-b858-8ccb337e3140}]
C:\WINDOWS\system32\memxno.dll [2009-03-06 129024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQ Toolbar - C:\PROGRA~1\ICQTOO~1\toolbaru.dll [2006-12-25 701952]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
ehTray=C:\WINDOWS\ehome\ehtray.exe [2004-08-10 59392]
SoundMan=C:\WINDOWS\SOUNDMAN.EXE [2006-08-03 577536]
avgnt=C:\Programme\Avira\AntiVir PersonalEdition Classic\avgnt.exe [2008-07-18 266497]
CTHelper=C:\WINDOWS\CTHELPER.EXE [2006-08-11 17920]
CTxfiHlp=C:\WINDOWS\system32\CTXFIHLP.EXE [2006-08-11 18944]
Adobe Reader Speed Launcher=C:\Programme\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
WinampAgent=C:\Programme\Winamp\winampa.exe [2008-01-15 37376]
NBKeyScan=C:\Programme\Nero\Nero8\Nero BackItUp\NBKeyScan.exe []
SunJavaUpdateSched=C:\Programme\Java\jre1.6.0_04\bin\jusched.exe [2007-12-14 144784]
BluetoothAuthenticationAgent=C:\WINDOWS\system32\bthprops.cpl [2004-08-10 110592]
QuickTime Task=c:\programme\quicktime\qttask.exe [2008-09-06 413696]
toseginelo=C:\WINDOWS\system32\wejureke.dll [1601-01-01 47616]
guard=C:\WINDOWS\guard.exe [2009-03-06 15360]
Ad-Watch=c:\programme\lavasoft\ad-aware\AAWTray.exe [2009-03-06 515416]
Antivirus Agent Pro=c:\program files\antivirus agent pro\aap.exe []
c4518015=C:\WINDOWS\system32\gehotimi.dll [2009-03-06 79872]
CPMc762b389=c:\windows\system32\kapigagi.dll [2009-03-06 84992]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
CTFMON.EXE=C:\WINDOWS\system32\ctfmon.exe [2004-08-10 15360]
NVIDIA nTune=C:\Programme\NVIDIA Corporation\nTune\nTuneCmd.exe clear []
IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}=C:\Programme\Gemeinsame Dateien\Nero\Lib\NMIndexStoreSvr.exe ASO-616B5711-6DAE-4795-A05F-39A1E5104020 []
MSMSGS=C:\Programme\Messenger\msmsgs.exe [2004-10-13 1694208]
Win32load=C:\Dokumente und Einstellungen\bassbottle\Anwendungsdaten\nSvcAppFlt.exe [2009-03-05 15872]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
AppInit_DLLS=C:\WINDOWS\system32\ripojopo.dll memxno.dll c:\windows\system32\kapigagi.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2007-04-10 236928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
SSODL - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapigagi.dll [2009-03-06 84992]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
STS - {EC43E3FD-5C60-46a6-97D7-E0B85DBDD6C4} - c:\windows\system32\kapigagi.dll [2009-03-06 84992]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
notification packages=scecli
C:\WINDOWS\system32\ripojopo.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
dontdisplaylastusername=0
legalnoticecaption=
legalnoticetext=
shutdownwithoutlogon=1
undockwithoutlogon=1
InstallVisualStyle=C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
InstallTheme=C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
NoDriveTypeAutoRun=145

[br][br]Erstellt am: 06.03.09 um 23:24:31

[br]Log.txt Teil 3

Code:

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Programme\FlashFXP\FlashFXP.exe=C:\Programme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
C:\Programme\ICQ6\ICQ.exe=C:\Programme\ICQ6\ICQ.exe:*:Enabled:ICQ6
%windir%\Network Diagnostic\xpnetdiag.exe=%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000
C:\Programme\Shareaza\Shareaza.exe=C:\Programme\Shareaza\Shareaza.exe:*:Enabled:Shareaza Ultimate File Sharing
C:\Programme\Mozilla Firefox\firefox.exe=C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox
E:\Programme\NES\NESTCL95.EXE=E:\Programme\NES\NESTCL95.EXE:*:Enabled:NESTCL95
C:\Programme\Steam\steamapps\common\trackmania nations forever\TmForever.exe=C:\Programme\Steam\steamapps\common\trackmania nations forever\TmForever.exe:*:Enabled:TmForever
C:\Programme\Messenger\msmsgs.exe=C:\Programme\Messenger\msmsgs.exe:*:Enabled:Windows Messenger
C:\Programme\Steam\Steam.exe=C:\Programme\Steam\Steam.exe:*:Enabled:Steam
C:\Programme\Bonjour\mDNSResponder.exe=C:\Programme\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour
C:\Programme\Steam\steamapps\[email protected]\garrysmod\hl2.exe=C:\Programme\Steam\steamapps\[email protected]\garrysmod\hl2.exe:*:Enabled:hl2
C:\Programme\eMule\emule.exe=C:\Programme\eMule\emule.exe:*:Enabled:eMule
C:\Programme\ESTsoft\ALFTP\ALFTP.exe=C:\Programme\ESTsoft\ALFTP\ALFTP.exe:*:Enabled:ALFTP
C:\Programme\Skype\Phone\Skype.exe=C:\Programme\Skype\Phone\Skype.exe:*:Enabled:Skype
C:\Programme\Free FTP Client 3.2.0\Free FTP Client.EXE=C:\Programme\Free FTP Client 3.2.0\Free FTP Client.EXE:*:Enabled:Free FTP Client
C:\WINDOWS\explorer.exe=C:\WINDOWS\explorer.exe:*:Enabled:explorer
C:\Dokumente und Einstellungen\bassbottle\Anwendungsdaten\nSvcAppFlt.exe=c:\dokumente und einstellungen\bassbottle\anwendungsdaten\nsvcappflt.exe:*:Enabled:Win32load
C:\Programme\Google\Update\GoogleUpdate.exe=C:\Programme\Google\Update\GoogleUpdate.exe:*:Enabled:googleupdate
C:\WINDOWS\system32\dllhost.exe=C:\WINDOWS\system32\dllhost.exe:*:Enabled:dllhost
C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe=C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe:*:Enabled:aawtray
C:\WINDOWS\system32\winlogon.exe=C:\WINDOWS\system32\winlogon.exe:*:Enabled:winlogon

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
%windir%\system32\sessmgr.exe=%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019
C:\Programme\FlashFXP\FlashFXP.exe=C:\Programme\FlashFXP\FlashFXP.exe:*:Enabled:FlashFXP v3
%windir%\Network Diagnostic\xpnetdiag.exe=%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000

======List of files/folders created in the last 1 months======

2009-03-06 22:23:56 ----D---- C:\rsit
2009-03-06 22:17:05 ----ASH---- C:\WINDOWS\system32\memxno.dll
2009-03-06 22:17:03 ----SH---- C:\WINDOWS\system32\imitoheg.ini
2009-03-06 05:27:22 ----D---- C:\Programme\Trend Micro
2009-03-06 03:54:06 ----D---- C:\Programme\Spybot - Search &amp; Destroy
2009-03-06 03:54:06 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search &amp; Destroy
2009-03-06 01:04:37 ----DC---- C:\WINDOWS\system32\DRVSTORE
2009-03-06 01:03:27 ----HDC---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{83C91755-2546-441D-AC40-9A6B4B860800}
2009-03-06 01:03:16 ----D---- C:\Programme\Lavasoft
2009-03-06 00:18:25 ----A---- C:\WINDOWS\system32\AcroIEHelpe.dll
2009-03-06 00:18:21 ----A---- C:\WINDOWS\guard.exe
2009-03-06 00:18:20 ----A---- C:\WINDOWS\system32\srvblck.tmp
2009-03-06 00:17:49 ----D---- C:\WINDOWS\system32\Cks
2009-03-06 00:17:48 ----D---- C:\WINDOWS\system32\Dtw5d
2009-03-06 00:17:47 ----D---- C:\WINDOWS\system32\UAs
2009-03-05 23:50:55 ----A---- C:\WINDOWS\system32\pporlg.ini
2009-03-05 23:50:55 ----A---- C:\WINDOWS\system32\nwpp.ini
2009-03-05 23:50:55 ----A---- C:\WINDOWS\system32\nwklr.ini
2009-03-05 23:50:55 ----A---- C:\WINDOWS\system32\korlg.ini
2009-03-05 23:50:54 ----A---- C:\WINDOWS\system32\worlg.ini
2009-03-05 23:50:54 ----A---- C:\WINDOWS\system32\nwwlnt.ini
2009-03-05 23:50:11 ----A---- C:\Dokumente und Einstellungen\bassbottle\Anwendungsdaten\nSvcAppFlt.exe
2009-03-05 23:14:40 ----SH---- C:\WINDOWS\system32\ofoloveh.ini
2009-03-05 23:14:31 ----ASH---- C:\WINDOWS\system32\ctpmgr.dll
2009-03-05 16:19:50 ----D---- C:\Programme\ATP
2009-02-27 15:29:40 ----D---- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Google Updater
2009-02-26 23:37:21 ----D---- C:\Programme\CamStudio
2009-02-16 15:50:21 ----D---- C:\Dokumente und Einstellungen\bassbottle\Anwendungsdaten\Help
2009-02-16 15:49:27 ----A---- C:\WINDOWS\uninst.exe
2009-02-10 16:38:40 ----D---- C:\Dokumente und Einstellungen\bassbottle\Anwendungsdaten\DivX
2009-02-10 01:34:50 ----N---- C:\WINDOWS\system32\pxcpyi64.exe
2009-02-10 01:34:49 ----N---- C:\WINDOWS\system32\pxinsi64.exe

======List of files/folders modified in the last 1 months======

2009-03-06 22:24:02 ----D---- C:\WINDOWS\system32
2009-03-06 22:23:16 ----D---- C:\WINDOWS\Prefetch
2009-03-06 22:20:29 ----D---- C:\WINDOWS
2009-03-06 22:19:12 ----D---- C:\WINDOWS\Temp
2009-03-06 22:17:44 ----A---- C:\WINDOWS\system32\wininet.dll
2009-03-06 22:17:44 ----A---- C:\WINDOWS\system32\powrprof.dll
2009-03-06 22:17:44 ----A---- C:\WINDOWS\system32\kernel32.dll
2009-03-06 22:17:13 ----D---- C:\Programme\Mozilla Firefox
2009-03-06 22:17:07 ----SD---- C:\WINDOWS\Tasks
2009-03-06 22:17:04 ----ASH---- C:\WINDOWS\system32\yofolufe.dll
2009-03-06 22:17:03 ----ASH---- C:\WINDOWS\system32\kapigagi.dll
2009-03-06 22:17:03 ----ASH---- C:\WINDOWS\system32\gehotimi.dll
2009-03-06 22:16:54 ----D---- C:\WINDOWS\Registration
2009-03-06 07:10:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-03-06 07:10:10 ----A---- C:\WINDOWS\{00000002-00000000-00000007-00001102-00000004-20021102}.BAK
2009-03-06 06:16:35 ----D---- C:\Dokumente und Einstellungen\bassbottle\Anwendungsdaten\eMule
2009-03-06 06:16:25 ----RD---- C:\Programme
2009-03-06 06:16:18 ----D---- C:\Program Files
2009-03-06 04:31:08 ----HDC---- C:\WINDOWS\$NtUninstallKB911562$
2009-03-06 04:31:08 ----HDC---- C:\WINDOWS\$NtUninstallKB890046$
2009-03-06 04:31:08 ----D---- C:\WINDOWS\ie7updates
2009-03-06 04:31:08 ----D---- C:\Programme\Free FTP Client 3.2.0
2009-03-06 04:31:08 ----D---- C:\Programme\ESTsoft
2009-03-06 04:31:08 ----D---- C:\Programme\BrainWave Generator
2009-03-06 04:08:45 ----D---- C:\WINDOWS\Minidump
2009-03-06 01:04:51 ----HD---- C:\WINDOWS\inf
2009-03-06 01:04:51 ----D---- C:\WINDOWS\system32\drivers
2009-03-06 01:04:41 ----D---- C:\WINDOWS\system32\CatRoot2
2009-03-06 01:03:26 ----SHD---- C:\WINDOWS\Installer
2009-03-06 01:03:06 ----D---- C:\WINDOWS\WinSxS
2009-03-06 00:24:52 ----D---- C:\WINDOWS\system32\Restore
2009-03-05 23:51:48 ----D---- C:\Dokumente und Einstellungen\bassbottle\Anwendungsdaten\OpenOffice.org2
2009-03-05 23:50:55 ----A---- C:\WINDOWS\system32\windmlp.ini
2009-03-05 23:50:55 ----A---- C:\WINDOWS\system32\ppdnp.ini
2009-03-05 23:50:55 ----A---- C:\WINDOWS\system32\kerdnp.ini
2009-03-05 23:14:30 ----N---- C:\WINDOWS\system32\hevolofo.dll
2009-03-05 23:14:30 ----ASH---- C:\WINDOWS\system32\reboyuti.dll
2009-03-05 23:14:29 ----ASH---- C:\WINDOWS\system32\gayudida.dll
2009-03-03 17:48:39 ----D---- C:\temp
2009-03-03 15:29:08 ----A---- C:\WINDOWS\win.ini
2009-03-03 15:29:08 ----A---- C:\WINDOWS\system.ini
2009-03-02 03:59:39 ----D---- C:\Dokumente und Einstellungen\bassbottle\Anwendungsdaten\Adobe
2009-02-27 15:31:27 ----D---- C:\Programme\Google
2009-02-24 18:22:39 ----RSD---- C:\WINDOWS\Fonts
2009-02-17 01:23:22 ----D---- C:\Dokumente und Einstellungen\bassbottle\Anwendungsdaten\Creative
2009-02-10 01:35:01 ----D---- C:\Programme\DivX
2009-02-10 01:34:51 ----D---- C:\Programme\Mozilla Thunderbird
2009-02-09 14:50:50 ----D---- C:\WINDOWS\Lhsp

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 Asapi;Asapi; C:\WINDOWS\system32\drivers\Asapi.sys [2002-04-17 11264]
R1 avgio;avgio; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgio.sys []
R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2008-11-15 75072]
R1 hwinterface;hwinterface; C:\WINDOWS\System32\Drivers\hwinterface.sys [2009-02-10 2996]
R1 kbdhid;Tastatur-HID-Treiber; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-10 14848]
R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2008-04-18 21248]
R1 watcher;watcher; \??\C:\WINDOWS\system32\drivers\watcher.sys []
R2 ACEDRV05;ACEDRV05; \??\C:\WINDOWS\system32\drivers\ACEDRV05.sys []
R2 ACEDRV06;ACEDRV06; \??\C:\WINDOWS\system32\drivers\ACEDRV06.sys []
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2006-08-18 4017536]
R3 Arp1394;1394-ARP-Clientprotokoll; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-10 60800]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2004-08-04 701952]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\system32\drivers\ctac32k.sys [2006-08-11 502272]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2006-08-11 499584]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\system32\drivers\ctprxy2k.sys [2006-08-11 7168]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\system32\drivers\ctsfm2k.sys [2006-08-11 143872]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\system32\drivers\emupia2k.sys [2006-08-11 78336]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2006-08-11 766976]
R3 hap16v2k;Creative P16V HAL Driver; C:\WINDOWS\system32\drivers\hap16v2k.sys [2006-08-11 154112]
R3 hidusb;Microsoft HID Class-Treiber; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2004-08-10 9600]
R3 mouhid;Maus-HID-Treiber; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2004-08-10 12288]
R3 NIC1394;1394-Netzwerktreiber; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-10 61824]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2006-08-11 116224]
R3 usbccgp;Microsoft Standard-USB-Haupttreiber; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-10 31616]
R3 usbehci;Miniporttreiber für erweiterten Microsoft USB 2.0-Hostcontroller; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2004-08-10 26624]
R3 usbhub;USB2-aktivierter Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-10 57600]
R3 usbohci;Miniporttreiber für Microsoft USB Open Host-Controller; C:\WINDOWS\system32\DRIVERS\usbohci.sys [2004-08-10 17024]
R3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2006-11-22 250496]
S3 avgntflt;avgntflt; \??\C:\Programme\Avira\AntiVir PersonalEdition Classic\avgntflt.sys []
S3 BthEnum;Bluetooth-Anforderungsblocktreiber; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Serieller Kommunikationstreiber für Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth-Gerät (PAN); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth-Porttreiber; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-03 275200]
S3 BTHUSB;USB-Treiber für Bluetooth-Funkgerät; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 ctdvda2k;Creative DVD-Audio Device Driver; C:\WINDOWS\system32\drivers\ctdvda2k.sys [2005-11-10 340704]
S3 hap17v2k;Creative P17V HAL Driver; C:\WINDOWS\system32\drivers\hap17v2k.sys [2006-08-11 180224]
S3 HidBth;Microsoft Bluetooth-HID-Miniport; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-03 25856]
S3 MHNDRV;MHN-Treiber; C:\WINDOWS\system32\DRIVERS\mhndrv.sys [2004-08-10 11008]
S3 RFCOMM;Bluetooth-Gerät (RFCOMM-Protokoll-TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 usbscan;USB-Scannertreiber; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 USBSTOR;USB-Massenspeichertreiber; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirScheduler;AntiVir PersonalEdition Classic Planer; C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe [2008-10-23 68865]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Programme\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-10 14336]
R2 CCALib8;Canon Camera Access Library 8; C:\Programme\Canon\CAL\CALMAIN.exe [2005-09-30 96341]
R2 ehRecvr;Media Center Receiver Service; C:\WINDOWS\eHome\ehRecvr.exe [2004-08-10 194560]
R2 ehSched;Media Center-Planerdienst; C:\WINDOWS\eHome\ehSched.exe [2004-08-10 102912]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Programme\Lavasoft\Ad-Aware\aawservice.exe [2009-03-06 951120]
S2 gupdate1c998e7ee8daa7e;Google Update Service (gupdate1c998e7ee8daa7e); C:\Programme\Google\Update\GoogleUpdate.exe [2009-02-27 133104]
S2 gusvc;Google Software Updater; C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-02-27 182768]
S3 AntiVirService;AntiVir PersonalEdition Classic Guard; C:\Programme\Avira\AntiVir PersonalEdition Classic\avguard.exe [2008-10-23 151297]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2008-05-20 654848]
S3 MHN;MHN; C:\WINDOWS\System32\svchost.exe [2004-08-10 14336]
S3 PACSPTISVR;PACSPTISVR; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\PACSPTISVR.exe [2004-05-27 53337]
S3 SPTISRV;Sony SPTI Service; C:\Programme\Gemeinsame Dateien\Sony Shared\AVLib\SPTISRV.exe [2004-05-27 69718]
S3 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-10 38912]

-----------------EOF-----------------

DANKE !!!!!!!!!!!!!!!

schrauber · 07.03.2009

http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_sff
smitfraudfix nach anleitung mit option 2 laufen lassen, log posten.

======

http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_com
combofix laufen lassen, log posten.

======

nächte antwort:

logfile smitfraudfix
logfile combofix
frisches logfile rsit (nur log.txt)

FabeMan · 09.03.2009

Hi

Also ich habe SmitFraudFix laufen lassen. Aber ComboFix ging nur bis zum Disclaimer. Nachdem ich yes geklickt habe, passierte nichts mehr.

Ich poste erstmal den SmitFraudFix rapport...

Code:

SmitFraudFix v2.400

Scan done at 11:59:07,87, 09.03.2009
Run from C:\Dokumente und Einstellungen\xxx\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts


127.0.0.1   localhost

»»»»»»»»»»»»»»»»»»»»»»»» VACFix

VACFix
Credits: Malware Analysis &amp; Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files


»»»»»»»»»»»»»»»»»»»»»»»» IEDFix

IEDFix
Credits: Malware Analysis &amp; Diagnostic
Code: S!Ri



»»»»»»»»»»»»»»»»»»»»»»»» Agent.OMZ.Fix

Agent.OMZ.Fix
Credits: Malware Analysis &amp; Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» 404Fix

404Fix
Credits: Malware Analysis &amp; Diagnostic
Code: S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» RK


»»»»»»»»»»»»»»»»»»»»»»»» DNS

HKLM\SYSTEM\CCS\Services\Tcpip\..\{7A59BB96-00F5-41E2-A23A-BB13E60B52AD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{7A59BB96-00F5-41E2-A23A-BB13E60B52AD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\..\{7A59BB96-00F5-41E2-A23A-BB13E60B52AD}: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1
HKLM\SYSTEM\CS2\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
System=


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
 
Registry Cleaning done. 
 
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End

Wie soll ich weiter verfahren?
Beste Grüße!

schrauber · 09.03.2009

antivirenprogramme abgeschaltet vor dem lauf von combofix?

lösche die combofix.exe vom desktop, neu laden, speicher sie als combo-fix.exe und lass dann nochmal laufen.

FabeMan · 10.03.2009

Hey schrauber.

Habs nochmal probiert. ComboFix (bzw. Combo-Fix) geht leider nicht. Hat das was damit zu tun, dass sich etwas an das Programm geheftet hat?
In diesem Falle gerade C:\WINDOWS\system32\fkyeey.dll und ...\fijiveni.dll .

Gestern waren es zwei andere. :-\
Bin für deine Ratschläge offen.

Lieben Gruß

WalterB · 10.03.2009

Bei einem Anwender war genau der gleiche Virus (falsches Antivirusprogramm) drauf, nach 3 Std. probieren dieses versteckte Programm zu entfernen haben wir uns entschlossen das WINXP neu zu installieren, die meisten Hinweise im Internet diesen Schädling zu entfernen funktionierten nur zum Teil da immer wieder eine andere Datei auftauchte.

Walter

???

FabeMan · 10.03.2009

Wenn gar nichts hilft, werde ich das leider machen müssen. Aber vorher möchte ich probieren das irgendwie zu beheben.

schrauber · 10.03.2009

ich ahne da was....

http://www.wintotal-forum.de/index.php/topic,147847.0.html#post_gm
lass mal gmer laufen und poste das logfile.

FabeMan · 12.03.2009

Teil 1

Code:

GMER 1.0.15.14878 - [url]http://www.gmer.net[/url]
Rootkit scan 2009-03-12 13:22:19
Windows 5.1.2600 Service Pack 2


---- System - GMER 1.0.15 ----

SSDT  F7BFCEB4                                                                  ZwCreateThread
SSDT  F7BFCEA0                                                                  ZwOpenProcess
SSDT  F7BFCEA5                                                                  ZwOpenThread
SSDT  F7BFCEAF                                                                  ZwTerminateProcess
SSDT  F7BFCEAA                                                                  ZwWriteVirtualMemory

---- User code sections - GMER 1.0.15 ----

.reloc C:\WINDOWS\system32\svchost.exe[280] C:\WINDOWS\system32\kernel32.dll                                    section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[280] C:\WINDOWS\system32\wininet.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\rundll32.exe[332] C:\WINDOWS\system32\kernel32.dll                                   section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\rundll32.exe[332] C:\WINDOWS\system32\wininet.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\programme\google\update\googleupdate.exe[336] C:\WINDOWS\system32\kernel32.dll                              section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\programme\google\update\googleupdate.exe[336] C:\WINDOWS\system32\wininet.dll                              section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\csrss.exe[672] C:\WINDOWS\system32\KERNEL32.dll                                     section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\winlogon.exe[696] C:\WINDOWS\system32\kernel32.dll                                   section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\winlogon.exe[696] C:\WINDOWS\system32\wininet.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\system32\kernel32.dll                                   section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\services.exe[740] C:\WINDOWS\system32\wininet.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\kernel32.dll                                     section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\lsass.exe[752] C:\WINDOWS\system32\wininet.dll                                     section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\system32\kernel32.dll                                    section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[924] C:\WINDOWS\system32\wininet.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[992] C:\WINDOWS\system32\kernel32.dll                                    section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[992] C:\WINDOWS\system32\wininet.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\System32\svchost.exe[1084] C:\WINDOWS\system32\kernel32.dll                                   section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\System32\svchost.exe[1084] C:\WINDOWS\system32\WININET.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\kernel32.dll                                   section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[1132] C:\WINDOWS\system32\wininet.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\Programme\Canon\CAL\CALMAIN.exe[1160] C:\WINDOWS\system32\kernel32.dll                                  section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\Programme\Canon\CAL\CALMAIN.exe[1160] C:\WINDOWS\system32\wininet.dll                                  section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\dllhost.exe[1264] C:\WINDOWS\system32\kernel32.dll                                   section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\dllhost.exe[1264] C:\WINDOWS\system32\wininet.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[1356] C:\WINDOWS\system32\kernel32.dll                                   section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[1356] C:\WINDOWS\system32\WININET.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\spoolsv.exe[1540] C:\WINDOWS\system32\kernel32.dll                                   section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\spoolsv.exe[1540] C:\WINDOWS\system32\wininet.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\System32\alg.exe[1648] C:\WINDOWS\system32\kernel32.dll                                     section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\System32\alg.exe[1648] C:\WINDOWS\system32\wininet.dll                                      section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\Programme\Avira\AntiVir PersonalEdition Classic\sched.exe[1672] C:\WINDOWS\system32\kernel32.dll                     section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\Programme\Bonjour\mDNSResponder.exe[1688] C:\WINDOWS\system32\kernel32.dll                                section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\Programme\Bonjour\mDNSResponder.exe[1688] C:\WINDOWS\system32\wininet.dll                                section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[1728] C:\WINDOWS\system32\kernel32.dll                                   section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\system32\svchost.exe[1728] C:\WINDOWS\system32\wininet.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\eHome\ehRecvr.exe[1752] C:\WINDOWS\system32\kernel32.dll                                     section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\eHome\ehRecvr.exe[1752] C:\WINDOWS\system32\wininet.dll                                     section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\eHome\ehSched.exe[1788] C:\WINDOWS\system32\kernel32.dll                                     section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\eHome\ehSched.exe[1788] C:\WINDOWS\system32\wininet.dll                                     section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] C:\WINDOWS\system32\kernel32.dll                    section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] C:\WINDOWS\system32\wininet.dll                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\Explorer.EXE[2616] C:\WINDOWS\system32\kernel32.dll                                       section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\Explorer.EXE[2616] C:\WINDOWS\system32\WININET.dll                                        section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\windows\ehome\ehtray.exe[3396] C:\WINDOWS\system32\kernel32.dll                                     section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\windows\ehome\ehtray.exe[3396] C:\WINDOWS\system32\wininet.dll                                      section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\windows\soundman.exe[3404] C:\WINDOWS\system32\kernel32.dll                                       section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\windows\soundman.exe[3404] C:\WINDOWS\system32\wininet.dll                                        section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\windows\cthelper.exe[3424] C:\WINDOWS\system32\kernel32.dll                                       section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\windows\cthelper.exe[3424] C:\WINDOWS\system32\wininet.dll

[br][br]Erstellt am: 12.03.09 um 13:53:11

[br]Teil 2

Code:

.reloc c:\programme\adobe\reader 8.0\reader\reader_sl.exe[3444] C:\WINDOWS\system32\kernel32.dll                          section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\programme\adobe\reader 8.0\reader\reader_sl.exe[3444] C:\WINDOWS\system32\wininet.dll                          section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\programme\winamp\winampa.exe[3452] C:\WINDOWS\system32\kernel32.dll                                   section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\programme\winamp\winampa.exe[3452] C:\WINDOWS\system32\wininet.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\programme\java\jre1.6.0_04\bin\jusched.exe[3492] C:\WINDOWS\system32\kernel32.dll                            section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\programme\java\jre1.6.0_04\bin\jusched.exe[3492] C:\WINDOWS\system32\WININET.dll                             section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\windows\system32\rundll32.exe[3504] C:\WINDOWS\system32\kernel32.dll                                   section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\windows\system32\rundll32.exe[3504] C:\WINDOWS\system32\wininet.dll                                   section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\windows\guard.exe[3648] C:\WINDOWS\system32\kernel32.dll                                         section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\windows\guard.exe[3648] C:\WINDOWS\system32\wininet.dll                                         section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\windows\system32\ctfmon.exe[3696] C:\WINDOWS\system32\kernel32.dll                                    section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\windows\system32\ctfmon.exe[3696] C:\WINDOWS\system32\wininet.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc c:\programme\messenger\msmsgs.exe[3732] C:\WINDOWS\system32\kernel32.dll                                  section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc c:\programme\messenger\msmsgs.exe[3732] C:\WINDOWS\system32\WININET.dll                                   section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\System32\svchost.exe[3772] C:\WINDOWS\system32\kernel32.dll                                   section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\System32\svchost.exe[3772] C:\WINDOWS\system32\wininet.dll                                    section is executable [0x442A9000, 0xB658, 0xE2000040]
.reloc C:\WINDOWS\eHome\ehmsas.exe[3804] C:\WINDOWS\system32\kernel32.dll                                     section is executable [0x7C901000, 0x7BEC, 0xE2000040]
.reloc C:\WINDOWS\eHome\ehmsas.exe[3804] C:\WINDOWS\system32\wininet.dll                                      section is executable [0x442A9000, 0xB658, 0xE2000040]

---- User IAT/EAT - GMER 1.0.15 ----

IAT   C:\WINDOWS\system32\rundll32.exe[332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                  0040506C
IAT   C:\WINDOWS\system32\rundll32.exe[332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                       00404FB8
IAT   C:\WINDOWS\system32\rundll32.exe[332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                 00404F53
IAT   C:\WINDOWS\system32\rundll32.exe[332] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                     00404F21
IAT   C:\WINDOWS\system32\rundll32.exe[332] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                     00405325
IAT   C:\WINDOWS\system32\rundll32.exe[332] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                     004055D7
IAT   C:\WINDOWS\system32\rundll32.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                    004055D7
IAT   C:\WINDOWS\system32\rundll32.exe[332] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                    00405325
IAT   C:\WINDOWS\system32\rundll32.exe[332] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                    004055D7
IAT   C:\WINDOWS\system32\rundll32.exe[332] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                  0040506C
IAT   c:\programme\google\update\googleupdate.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]            00DF506C
IAT   c:\programme\google\update\googleupdate.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                 00DF4FB8
IAT   c:\programme\google\update\googleupdate.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]           00DF4F53
IAT   c:\programme\google\update\googleupdate.exe[336] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]               00DF4F21
IAT   c:\programme\google\update\googleupdate.exe[336] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]               00DF5325
IAT   c:\programme\google\update\googleupdate.exe[336] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]               00DF55D7
IAT   c:\programme\google\update\googleupdate.exe[336] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]              00DF55D7
IAT   c:\programme\google\update\googleupdate.exe[336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]              00DF55D7
IAT   c:\programme\google\update\googleupdate.exe[336] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]              00DF5325
IAT   c:\programme\google\update\googleupdate.exe[336] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]             00DF506C
IAT   C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\services.exe [ntdll.dll!NtQueryDirectoryFile]                  0004506C
IAT   C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                  0004506C
IAT   C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                       00044FB8
IAT   C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                 00044F53
IAT   C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                     00044F21
IAT   C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                     00045325
IAT   C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                     000455D7
IAT   C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                    000455D7
IAT   C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                    00045325
IAT   C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                    000455D7
IAT   C:\WINDOWS\system32\services.exe[740] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                  0004506C
IAT   C:\WINDOWS\system32\lsass.exe[752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                   00B2506C
IAT   C:\WINDOWS\system32\lsass.exe[752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                        00B24FB8
IAT   C:\WINDOWS\system32\lsass.exe[752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                  00B24F53
IAT   C:\WINDOWS\system32\lsass.exe[752] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                      00B24F21
IAT   C:\WINDOWS\system32\lsass.exe[752] @ C:\WINDOWS\system32\LSASRV.dll [ntdll.dll!LdrLoadDll]                         00B24FB8
IAT   C:\WINDOWS\system32\lsass.exe[752] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                    00B2506C
IAT   C:\WINDOWS\system32\lsass.exe[752] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrLoadDll]                         00B24FB8
IAT   C:\WINDOWS\system32\lsass.exe[752] @ C:\WINDOWS\system32\SAMSRV.dll [ntdll.dll!LdrGetProcedureAddress]                   00B24F53
IAT   C:\WINDOWS\system32\lsass.exe[752] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                      00B25325
IAT   C:\WINDOWS\system32\lsass.exe[752] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                      00B255D7
IAT   C:\WINDOWS\system32\lsass.exe[752] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                     00B255D7
IAT   C:\WINDOWS\system32\lsass.exe[752] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                     00B25325
IAT   C:\WINDOWS\system32\lsass.exe[752] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                     00B255D7
IAT   C:\WINDOWS\system32\svchost.exe[924] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                     00FD4F31
IAT   C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                  0097506C
IAT   C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                       00974FB8
IAT   C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                 00974F53
IAT   C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                     00974F21
IAT   C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                     00975325
IAT   C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                     009755D7
IAT   C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                    009755D7
IAT   C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                    00975325
IAT   C:\WINDOWS\system32\svchost.exe[992] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                    009755D7
IAT   C:\WINDOWS\system32\svchost.exe[992] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                   0097506C
IAT   C:\WINDOWS\System32\svchost.exe[1084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                  0167506C
IAT   C:\WINDOWS\System32\svchost.exe[1084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                       01674FB8
IAT   C:\WINDOWS\System32\svchost.exe[1084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                 01674F53
IAT   C:\WINDOWS\System32\svchost.exe[1084] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                     01674F21
IAT   C:\WINDOWS\System32\svchost.exe[1084] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                     01675325
IAT   C:\WINDOWS\System32\svchost.exe[1084] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                     016755D7
IAT   C:\WINDOWS\System32\svchost.exe[1084] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                    016755D7
IAT   C:\WINDOWS\System32\svchost.exe[1084] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                    01675325
IAT   C:\WINDOWS\System32\svchost.exe[1084] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                    016755D7
IAT   C:\WINDOWS\System32\svchost.exe[1084] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                  0167506C
IAT   C:\WINDOWS\system32\dllhost.exe[1264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                  00BB506C
IAT   C:\WINDOWS\system32\dllhost.exe[1264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                       00BB4FB8
IAT   C:\WINDOWS\system32\dllhost.exe[1264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                 00BB4F53
IAT   C:\WINDOWS\system32\dllhost.exe[1264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                     00BB4F21
IAT   C:\WINDOWS\system32\dllhost.exe[1264] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                     00BB5325
IAT   C:\WINDOWS\system32\dllhost.exe[1264] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                     00BB55D7
IAT   C:\WINDOWS\system32\dllhost.exe[1264] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                    00BB55D7
IAT   C:\WINDOWS\system32\dllhost.exe[1264] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                    00BB5325
IAT   C:\WINDOWS\system32\dllhost.exe[1264] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                    00BB55D7
IAT   C:\WINDOWS\system32\dllhost.exe[1264] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                  00BB506C
IAT   C:\WINDOWS\system32\svchost.exe[1356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                  00B1506C
IAT   C:\WINDOWS\system32\svchost.exe[1356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                       00B14FB8
IAT   C:\WINDOWS\system32\svchost.exe[1356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                 00B14F53
IAT   C:\WINDOWS\system32\svchost.exe[1356] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                     00B14F21
IAT   C:\WINDOWS\system32\svchost.exe[1356] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                     00B15325
IAT   C:\WINDOWS\system32\svchost.exe[1356] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                     00B155D7
IAT   C:\WINDOWS\system32\svchost.exe[1356] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                    00B155D7
IAT   C:\WINDOWS\system32\svchost.exe[1356] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                    00B15325
IAT   C:\WINDOWS\system32\svchost.exe[1356] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                    00B155D7
IAT   C:\WINDOWS\system32\svchost.exe[1356] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                  00B1506C
IAT   C:\WINDOWS\System32\alg.exe[1648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                    007B507C
IAT   C:\WINDOWS\System32\alg.exe[1648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                         007B4FC8
IAT   C:\WINDOWS\System32\alg.exe[1648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                   007B4F63
IAT   C:\WINDOWS\System32\alg.exe[1648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                       007B4F31
IAT   C:\WINDOWS\System32\alg.exe[1648] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                       007B5335
IAT   C:\WINDOWS\System32\alg.exe[1648] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                       007B55EA
IAT   C:\WINDOWS\System32\alg.exe[1648] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                    007B507C
IAT   C:\WINDOWS\System32\alg.exe[1648] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                      007B55EA
IAT   C:\WINDOWS\System32\alg.exe[1648] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                      007B5335
IAT   C:\WINDOWS\System32\alg.exe[1648] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]

[br][br]Erstellt am: 12.03.09 um 13:53:43

[br]Teil 3

Code:

IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]  0013506C
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]       00134FB8
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134F53
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]     00134F21
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]    001355D7
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]    00135325
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]    001355D7
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]     00135325
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]     001355D7
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]   0013506C
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage]                            00C555D7
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                      00C5506C
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                           00C54FB8
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                     00C54F53
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                         00C54F21
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                         00C55325
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                         00C555D7
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                        00C555D7
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                        00C555D7
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                        00C55325
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                      00C5506C
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                    0007506C
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                         00074FB8
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                   00074F53
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                       00074F21
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                      000755D7
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                      00075325
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                      000755D7
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                       00075325
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                       000755D7
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                    0007506C
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                      0013506C
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                           00134FB8
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                     00134F53
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                         00134F21
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                        001355D7
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                        00135325
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                        001355D7
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                      0013506C
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                         00135325
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                         001355D7
IAT   c:\windows\cthelper.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                      0040506C
IAT   c:\windows\cthelper.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                           00404FB8
IAT   c:\windows\cthelper.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]          &n

schrauber · 12.03.2009

das war aber noch nicht alles oder?

FabeMan · 13.03.2009

Huch? Wo ist denn der Rest hin? Hatte alles gepostet. Na dann mach ich nochmal einen neuen Teil 3 und poste auch den Rest hinterher.
Teil 3

Code:

IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]  0013506C
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]       00134FB8
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress] 00134F53
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]     00134F21
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]    001355D7
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]    00135325
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]    001355D7
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]     00135325
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]     001355D7
IAT   c:\dokumente und einstellungen\xxx\desktop\5egkd1bb.exe[2272] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]   0013506C
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\Explorer.EXE [USER32.dll!TranslateMessage]                            00C555D7
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                      00C5506C
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                           00C54FB8
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                     00C54F53
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                         00C54F21
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                         00C55325
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                         00C555D7
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                        00C555D7
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                        00C555D7
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                        00C55325
IAT   C:\WINDOWS\Explorer.EXE[2616] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                      00C5506C
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                    0007506C
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                         00074FB8
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                   00074F53
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                       00074F21
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                      000755D7
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                      00075325
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                      000755D7
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                       00075325
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                       000755D7
IAT   c:\windows\ehome\ehtray.exe[3396] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                    0007506C
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                      0013506C
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                           00134FB8
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                     00134F53
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                         00134F21
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                        001355D7
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                        00135325
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                        001355D7
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                      0013506C
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                         00135325
IAT   c:\windows\soundman.exe[3404] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                         001355D7
IAT   c:\windows\cthelper.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                      0040506C
IAT   c:\windows\cthelper.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                           00404FB8
IAT   c:\windows\cthelper.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                     00404F53
IAT   c:\windows\cthelper.exe[3424] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                         00404F21
IAT   c:\windows\cthelper.exe[3424] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                         00405325
IAT   c:\windows\cthelper.exe[3424] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                         004055D7
IAT   c:\windows\cthelper.exe[3424] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]                        004055D7
IAT   c:\windows\cthelper.exe[3424] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]                        00405325
IAT   c:\windows\cthelper.exe[3424] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                        004055D7
IAT   c:\windows\cthelper.exe[3424] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                      0040506C

[br][br]Erstellt am: 13.03.09 um 08:38:44

[br]Teil 4

Code:

IAT   c:\programme\adobe\reader 8.0\reader\reader_sl.exe[3444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]        0013506C
IAT   c:\programme\adobe\reader 8.0\reader\reader_sl.exe[3444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]             00134FB8
IAT   c:\programme\adobe\reader 8.0\reader\reader_sl.exe[3444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]       00134F53
IAT   c:\programme\adobe\reader 8.0\reader\reader_sl.exe[3444] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]           00134F21
IAT   c:\programme\adobe\reader 8.0\reader\reader_sl.exe[3444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]          001355D7
IAT   c:\programme\adobe\reader 8.0\reader\reader_sl.exe[3444] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]          00135325
IAT   c:\programme\adobe\reader 8.0\reader\reader_sl.exe[3444] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]          001355D7
IAT   c:\programme\adobe\reader 8.0\reader\reader_sl.exe[3444] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]         0013506C
IAT   c:\programme\adobe\reader 8.0\reader\reader_sl.exe[3444] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]           00135325
IAT   c:\programme\adobe\reader 8.0\reader\reader_sl.exe[3444] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]           001355D7
IAT   c:\programme\winamp\winampa.exe[3452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                  0007506C
IAT   c:\programme\winamp\winampa.exe[3452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                       00074FB8
IAT   c:\programme\winamp\winampa.exe[3452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                 00074F53
IAT   c:\programme\winamp\winampa.exe[3452] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                     00074F21
IAT   c:\programme\winamp\winampa.exe[3452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                    000755D7
IAT   c:\programme\winamp\winampa.exe[3452] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                    00075325
IAT   c:\programme\winamp\winampa.exe[3452] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                    000755D7
IAT   c:\programme\winamp\winampa.exe[3452] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                  0007506C
IAT   c:\programme\winamp\winampa.exe[3452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                     00075325
IAT   c:\programme\winamp\winampa.exe[3452] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                     000755D7
IAT   c:\programme\java\jre1.6.0_04\bin\jusched.exe[3492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]           0013506C
IAT   c:\programme\java\jre1.6.0_04\bin\jusched.exe[3492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                00134FB8
IAT   c:\programme\java\jre1.6.0_04\bin\jusched.exe[3492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]          00134F53
IAT   c:\programme\java\jre1.6.0_04\bin\jusched.exe[3492] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]              00134F21
IAT   c:\programme\java\jre1.6.0_04\bin\jusched.exe[3492] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]             001355D7
IAT   c:\programme\java\jre1.6.0_04\bin\jusched.exe[3492] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]              00135325
IAT   c:\programme\java\jre1.6.0_04\bin\jusched.exe[3492] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]              001355D7
IAT   c:\programme\java\jre1.6.0_04\bin\jusched.exe[3492] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]             001355D7
IAT   c:\programme\java\jre1.6.0_04\bin\jusched.exe[3492] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]             00135325
IAT   c:\programme\java\jre1.6.0_04\bin\jusched.exe[3492] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]           0013506C
IAT   c:\windows\system32\rundll32.exe[3504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                 0040506C
IAT   c:\windows\system32\rundll32.exe[3504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                      00404FB8
IAT   c:\windows\system32\rundll32.exe[3504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                00404F53
IAT   c:\windows\system32\rundll32.exe[3504] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                    00404F21
IAT   c:\windows\system32\rundll32.exe[3504] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                    00405325
IAT   c:\windows\system32\rundll32.exe[3504] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                    004055D7
IAT   c:\windows\system32\rundll32.exe[3504] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                   004055D7
IAT   c:\windows\system32\rundll32.exe[3504] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                   00405325
IAT   c:\windows\system32\rundll32.exe[3504] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                   004055D7
IAT   c:\windows\system32\rundll32.exe[3504] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                  0040506C
IAT   c:\windows\guard.exe[3648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                       0013506C
IAT   c:\windows\guard.exe[3648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                            00134FB8
IAT   c:\windows\guard.exe[3648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                      00134F53
IAT   c:\windows\guard.exe[3648] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                          00134F21
IAT   c:\windows\guard.exe[3648] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                          00135325
IAT   c:\windows\guard.exe[3648] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                          001355D7
IAT   c:\windows\guard.exe[3648] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]                         001355D7
IAT   c:\windows\guard.exe[3648] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]                         00135325
IAT   c:\windows\guard.exe[3648] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                         001355D7
IAT   c:\windows\guard.exe[3648] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                        0013506C
IAT   c:\windows\system32\ctfmon.exe[3696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                  0008506C
IAT   c:\windows\system32\ctfmon.exe[3696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                       00084FB8
IAT   c:\windows\system32\ctfmon.exe[3696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                 00084F53
IAT   c:\windows\system32\ctfmon.exe[3696] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                     00084F21
IAT   c:\windows\system32\ctfmon.exe[3696] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                     00085325
IAT   c:\windows\system32\ctfmon.exe[3696] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                     000855D7
IAT   c:\windows\system32\ctfmon.exe[3696] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                    000855D7
IAT   c:\windows\system32\ctfmon.exe[3696] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                    00085325
IAT   c:\windows\system32\ctfmon.exe[3696] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                    000855D7
IAT   c:\windows\system32\ctfmon.exe[3696] @ c:\windows\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                   0008506C
IAT   c:\programme\messenger\msmsgs.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                 0040506C
IAT   c:\programme\messenger\msmsgs.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                      00404FB8
IAT   c:\programme\messenger\msmsgs.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                00404F53
IAT   c:\programme\messenger\msmsgs.exe[3732] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                    00404F21
IAT   c:\programme\messenger\msmsgs.exe[3732] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                 0040506C
IAT   c:\programme\messenger\msmsgs.exe[3732] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                    00405325
IAT   c:\programme\messenger\msmsgs.exe[3732] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                    004055D7
IAT   c:\programme\messenger\msmsgs.exe[3732] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                   004055D7
IAT   c:\programme\messenger\msmsgs.exe[3732] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                   004055D7
IAT   c:\programme\messenger\msmsgs.exe[3732] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                   00405325
IAT   C:\WINDOWS\System32\svchost.exe[3772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                  0040506C

[br][br]Erstellt am: 13.03.09 um 08:39:26

[br]Teil 5

Code:

IAT   C:\WINDOWS\System32\svchost.exe[3772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                       00404FB8
IAT   C:\WINDOWS\System32\svchost.exe[3772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                 00404F53
IAT   C:\WINDOWS\System32\svchost.exe[3772] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                     00404F21
IAT   C:\WINDOWS\System32\svchost.exe[3772] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                     00405325
IAT   C:\WINDOWS\System32\svchost.exe[3772] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                     004055D7
IAT   C:\WINDOWS\System32\svchost.exe[3772] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!TranslateMessage]                    004055D7
IAT   C:\WINDOWS\System32\svchost.exe[3772] @ C:\WINDOWS\system32\SHELL32.dll [USER32.dll!GetClipboardData]                    00405325
IAT   C:\WINDOWS\System32\svchost.exe[3772] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                    004055D7
IAT   C:\WINDOWS\System32\svchost.exe[3772] @ C:\WINDOWS\System32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                  0040506C
IAT   C:\WINDOWS\eHome\ehmsas.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtQueryDirectoryFile]                    0007507C
IAT   C:\WINDOWS\eHome\ehmsas.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrLoadDll]                         00074FC8
IAT   C:\WINDOWS\eHome\ehmsas.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!LdrGetProcedureAddress]                   00074F63
IAT   C:\WINDOWS\eHome\ehmsas.exe[3804] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!NtCreateThread]                       00074F31
IAT   C:\WINDOWS\eHome\ehmsas.exe[3804] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!GetClipboardData]                       00075335
IAT   C:\WINDOWS\eHome\ehmsas.exe[3804] @ C:\WINDOWS\system32\ole32.dll [USER32.dll!TranslateMessage]                       000755EA
IAT   C:\WINDOWS\eHome\ehmsas.exe[3804] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!TranslateMessage]                      000755EA
IAT   C:\WINDOWS\eHome\ehmsas.exe[3804] @ C:\WINDOWS\system32\shell32.dll [USER32.dll!GetClipboardData]                      00075335
IAT   C:\WINDOWS\eHome\ehmsas.exe[3804] @ C:\WINDOWS\system32\SHLWAPI.dll [USER32.dll!TranslateMessage]                      000755EA
IAT   C:\WINDOWS\eHome\ehmsas.exe[3804] @ C:\WINDOWS\system32\WS2HELP.dll [ntdll.dll!NtQueryDirectoryFile]                    0007507C

---- Registry - GMER 1.0.15 ----

Reg   HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060b033b8                                 
Reg   HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001060b033b8@001b59eb80e1                          0x22 0x34 0xEA 0x61 ...
Reg   HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060b033b8                                   
Reg   HKLM\SYSTEM\ControlSet002\Services\BTHPORT\Parameters\Keys\001060b033b8@001b59eb80e1                            0x22 0x34 0xEA 0x61 ...
Reg   HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run@CPMc762b389                                       Rundll32.exe c:\windows\system32\yifiroso.dll,a

---- Files - GMER 1.0.15 ----

File  C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZGZXEWZL\ErrorPageTemplate[2]      2168 bytes
File  C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZGZXEWZL\background_gradient[2]     453 bytes
File  C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZLZNZ784\info_48[1]           0 bytes
File  C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZLZNZ784\httpErrorPagesScripts[1]    0 bytes
File  C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZLZNZ784\http_404[1]          0 bytes
File  C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZLZNZ784\down[2]            0 bytes
File  C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZLZNZ784\errorPageStrings[3]      0 bytes
File  C:\WINDOWS\system32\sdra64.exe                                                       314880 bytes executable
File  C:\WINDOWS\system32\lowsec                                                         0 bytes
File  C:\WINDOWS\system32\lowsec\local.ds                                                     28963 bytes
File  C:\WINDOWS\system32\lowsec\user.ds                                                     0 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Pedersen_Inge\Worktunes\Its_A_Sin.sid                8082 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Higher_Love_tune_4.sid                     3619 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\About.sid                            2862 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Agony.sid                            2526 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Amiga.sid                            2638 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\AOL_Mod.sid                           3447 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Away.sid                            3552 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Callisto.sid                          4025 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Connect_5_game.sid                       4222 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Connect_5_intro_game.sid                    2502 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Dawn.sid                            2474 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Disno.sid                            3920 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Fly_Around_the_World.sid                    4491 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Friend.sid                           2531 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Harmony.sid                           3563 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Harvy.sid                            3818 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Improve.sid                           3465 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Intro.sid                            2695 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\In_Ennio_Moricone_Style.sid                   4242 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Life.sid                            4433 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Lord.sid                            4029 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Milestone_1.sid                         2846 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Milestone_4.sid                         4190 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Nice.sid                            4271 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Nutcracker.sid                         3315 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Peet_01.sid                           2650 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Peet_02.sid                           2171 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Peet_03.sid                           2174 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Prison_Dream.sid                        3246 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Rain.sid                            4741 bytes

[br][br]Erstellt am: 13.03.09 um 08:40:14

[br]Teil 6

Code:

File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Restrict.sid                          4786 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Revolution_end.sid                       5262 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Revolution_glenz.sid                      4666 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Revolution_plotter.sid                     3984 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Revolution_raytracing.sid                    4210 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Revolution_tune_5.sid                      3388 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Revolution_zoomrotator.sid                   4866 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Rocky_Train.sid                         3000 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Something.sid                          4123 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Szandi_99.sid                          3758 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Tour.sid                            3814 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\To_Kate.sid                           3582 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\UJ4.sid                             3361 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Vari.sid                            7550 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Var_2a.sid                           3295 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Who.sid                             2420 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\X-mas_Cooperation_part_3.sid                  2398 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\X-mas_Cooperation_part_6.sid                  2586 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\X-mas_Cooperation_the_end.sid                  2871 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Yo_Ozo.sid                           3839 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Peet\Z_ZI.sid                            2112 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Astatin.sid                         5299 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars                          0 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Destination_I.sid                 3454 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Afternoon_part_1.sid               11393 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Afternoon_part_2.sid               19313 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Afternoon_part_2_PSID.sid             19321 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Alderan-Ingame_92.sid               4414 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Alderan.sid                    8228 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Bangkok_mix.sid                  2998 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Breakout_Elite.sid                4950 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Circling_Vultures.sid               3230 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Cowshit_Jam.sid                  4542 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Destination_II.sid                3960 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Hit_I.sid                     3892 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Illusions.sid                   4724 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Jazzin.sid                    3966 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Jeans_are_Blue.sid                2959 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Lars_Hoff-02.sid                 3486 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Lars_Hoff-04.sid                 4169 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Lars_Hoff-05.sid                 3520 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Moonetic_Digi.sid                 19469 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Raslefis.sid                   2966 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Recovery.sid                   3467 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Seal_Boogie.sid                  4734 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Sinny.sid                     3504 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Sloucher.sid                   2642 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hoff_Lars\Xmas_87.sid                    11492 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Hybrid_Mega_Fanfare.sid                   2627 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Lynx                            0 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Prosonix\Lynx\Pimplesqueezer_5_part_1.sid

FabeMan · 13.03.2009

Teil 7

Code:

File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Pro_Pen\Abnormal.sid                         20902 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Pro_Pen\Abnormal_PSID.sid                      20901 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Pro_Pen\Ecstazia.sid                         11941 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Pro_Pen\Mayhem.sid                          19877 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Pro_Pen\Mayhem_PSID.sid                       20901 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PseudoGrafx\Aurora.sid                        6218 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PseudoGrafx\Close_To_Me.sid                     4099 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PseudoGrafx\Fire.sid                         4291 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PseudoGrafx\Fonttime.sid                       3749 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PseudoGrafx\Mountain_Bike.sid                    3990 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PseudoGrafx\Partyzak.sid                       3550 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PseudoGrafx\Wish_Me_Luck.sid                     4559 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Music_Demo_2.sid                         4222 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Action_Intro.sid                         3454 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Aidon_Apocalypse.sid                       18023 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Entertainment.sid                        2628 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Introspective.sid                        4190 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Krymini.sid                           5502 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Magic_Moments_part_2.sid                     3966 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Magic_Moments_part_4.sid                     7134 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Music_Demo_1.sid                         4318 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Music_Demo_3.sid                         4094 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Music_Demo_4.sid                         3998 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Music_Demo_5.sid                         4222 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Music_Demo_6.sid                         4222 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Oilmania.sid                           9598 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\PST_01.sid                            3454 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\PST_02.sid                            3038 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Steigenberger_Hotel_Manage.sid                  5487 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Strategic_Worlds.sid                       2558 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\Street_Jumpin.sid                        4222 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\PST\System-4.sid                           3516 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Losing_Control.sid                      5483 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Amsterdam.sid                         4611 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Autumn_Memoir.sid                       6017 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Back_to_96.sid                        4728 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Cup_of_Coffee_and_Few_Cigs.sid                5239 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes                          0 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Loading_2.sid                   3342 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Brain_Damage.sid                 4262 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Crash.sid                     3492 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Electric_Sleep.sid                4421 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\For_Street_Children.sid              3810 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Hardcore.sid                   3752 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Heavy.sid                     3817 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Im_Crazy.sid                   3791 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Intro.sid                     3626 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Introzak.sid                   3565 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Jakkie_Jam.sid                  4038 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Laceferus.sid                   3826 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Loading_1.sid                   3750 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Love_Is.sid                    4312 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Mars_Time.sid                   3753 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\No_Idea.sid                    3832 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Psychosis.sid                   4137 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Psychotechno.sid                 4152 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Schizeralize_version_1.sid            4611 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Schizeralize_version_2.sid            4579 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Scream_Wing.sid                  3544 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Speedtrax.sid                   3847 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Street_Dance.sid                 4702 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Sunstroke.sid                   4148 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Todanto.sid                    4034 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Todanto_Mix.sid                  4099 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Two_in_One.sid                  4061 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Virus_H178.sid                  3934 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\Visual_Dance.sid                 4155 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Early_Tunes\X-Project_12.sid                 5376 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Going_Nowhere.sid                       5214 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\How_Ive_Missed_This_Party.sid                 4893 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Let_me_be_your_DJ.sid                     4357 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Little_Beat_of_SID.sid                    4336 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Losing_Control_chill_versi.sid                4688 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Low_Battery.sid                        4885 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\My_Rusty_Love_C64.sid                     5978 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\One_of_Those_Days.sid                     4725 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Postcard_from_Ibiza.sid                    5202 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Saturday.sid                         4915 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Sending_Good_Vibes.sid                    4885 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Sun_beach_and_beer.sid                    4950 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Synthology.sid                        5056 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Tough_to_Break.sid                      3632 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Turbulent_Times.sid                      4835 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Twilight_Worker.sid                      4901 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Unfetter.sid                         4560 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Unstoppable.sid                        5753 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Psycho\Wot_Da_Funk.sid                        5465 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Agents_of_the_Underworld.sid                2986 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Alien_Poke_Scanner.sid                   7038 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Alien_Strategic_Transmissi.sid               7391 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Barnflickan.sid                       3905 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Can_i_be_your_Clown.sid                   3061 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Chronic.sid                         4468 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Clicks.sid                         2999 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Computer_Girl_I_Love_You.sid                3268 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Crappier_Than_Xonox.sid                   3002 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Depleted_Uranium.sid                    8319 bytes

[br][br]Erstellt am: 13.03.09 um 08:42:09

[br]Teil 8 (letzter)

Code:

File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Devilbreath.sid                      4382 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Devildisco.sid                       4311 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Devilslow.sid                       3950 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Discojive.sid                       3454 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Discojive_end.sid                     3710 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Discojive_note.sid                     3826 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Dungeon_Groove.sid                     2975 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Either_Or.sid                       3694 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Elevator_Music.sid                     4774 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Emanation_Machine_tune_2.sid                1497 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Fantasy_Spaceship.sid                   2742 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Finite_Automaton.sid                    3296 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Future_Speedcode.sid                    6307 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Gilbert_Strang_is_Boring.sid                3100 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Godbreath.sid                       4927 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Hardrocker.sid                       4111 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\I_Could_Eat_a_Knob_at_Nigh.sid               3167 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\I_Used_to_be_Mad.sid                    4240 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Jesuschock.sid                       4564 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Kristi_Brud.sid                      3622 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Kurt_and_Doris.sid                     2678 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Kurt_and_Doris_Are_In_Love.sid               3454 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Lost_Parts.sid                       3833 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Mainframe.sid                       3638 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Old-Fashioned_Goose.sid                  5033 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Pastorn.sid                        4656 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Pjalk_Nr_5.sid                       3246 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Please_let_me_in.sid                    3284 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Plotkiform.sid                       4110 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Process_Manager.sid                    3284 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Puss_och_Kram_Bli_Vegan.sid                3321 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Radar_and_Plate.sid                    2916 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Radiation.sid                       4187 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Radium.sid                         3502 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Reincarnated_Ghost_King.sid                3339 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Re_store.sid                        4188 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Re_struction.sid                      4856 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Robotics.sid                        3177 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Sit_In_My_Underwear.sid                  4032 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Stored.sid                         3644 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Struct.sid                         2884 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Theory_of_Remote_Plane.sid                 3892 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Thief.sid                         3578 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\This_Disco_Shit.sid                    3997 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Traditional_Goat_Polish.sid                4221 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Ultragui.sid                        3742 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Visitors.sid                        2404 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Visitors_Note.sid                     2952 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\We_struct.sid                       5232 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Demo.sid                          2645 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\I_am_nothing.sid                      2720 bytes
File  E:\FABIS ZEUG\E - MUSIK\heute\Chiptunes\SID tunes\C64Music\MUSICIANS\P\Puterman\Namevoter.sid                       3223 bytes

---- EOF - GMER 1.0.15 ----

Bin gespannt auf deine Ahnung!

schrauber · 13.03.2009

Lade den Avenger herunter und entzippe ihn auf den Desktop.

Starte die avenger.exe durch Doppelklick und akzeptiere mit OK die Nutzungsbedingungen. Füge den Inhalt der folgenden Codebox vollständig und unverändert bei Input script here ein und klicke auf Execute. Beantworte die Frage, ob Du sicher bist, dass das Skript ausgeführt werden soll mit Ja.

Code:

Files to delete:
C:\WINDOWS\system32\ldupgrt.jpg
C:\DOKUME~1\BASSBO~1\LOKALE~1\Temp\conlf1.ini
C:\WINDOWS\system32\twex.exe
C:\WINDOWS\system32\bonitezu.dll
C:\WINDOWS\system32\wejureke.dll
C:\WINDOWS\system32\gehotimi.dll
c:\windows\system32\kapigagi.dll
Folders to delete:
c:\program files\antivirus agent pro

Beantworte die Frage zum Neustart des Rechners (Reboot now?) ebenfalls mit Ja. Nachdem der Rechner neu gestartet ist (das kann auch zweimal nötig sein und passieren!) und das DOS-Fenster, das der Avenger geöffnet hat, wieder geschlossen ist, öffnet Avenger Deinen Editor mit dem Avengerlog, zu finden auch unter C:\avenger.txt. Den Inhalt bitte posten. Ein Backup der entfernten Objekte wurde als C:\avenger\backup.zip angelegt.

lösche die combofix.exe vom desktop, lade sie neu und benenne sie in fabeman.exe um, bevor sie auf dem desktop ist. versuch dann combofix wieder.

FabeMan · 31.03.2009

Moin.
Konnte nicht eher. War ne zeitlang auswärts und dann im Krankenhaus. :'(

Hab Avenger laufen lassen. Hier das Logfile...

Code:

Logfile of The Avenger Version 2.0, (c) by Swandog46
[url]http://swandog46.geekstogo.com[/url]

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File C:\WINDOWS\system32\ldupgrt.jpg deleted successfully.

Error: file C:\DOKUME~1\xxx\LOKALE~1\Temp\conlf1.ini not found!
Deletion of file C:\DOKUME~1\xxx\LOKALE~1\Temp\conlf1.ini failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
 --> the object does not exist

File C:\WINDOWS\system32\twex.exe deleted successfully.
File C:\WINDOWS\system32\bonitezu.dll deleted successfully.
File C:\WINDOWS\system32\wejureke.dll deleted successfully.
File C:\WINDOWS\system32\gehotimi.dll deleted successfully.
File c:\windows\system32\kapigagi.dll deleted successfully.

Error: folder c:\program files\antivirus agent pro not found!
Deletion of folder c:\program files\antivirus agent pro failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
 --> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

Combofix muss ich nochmal probieren...

Edit: Habs mit dem anderen Dateinamen gemacht. Funzt nicht. Stattdessen wird angezeigt, das n.com nicht gefunden oder ausgeführt werden kann. Vielleicht funzt ComboFix auf meinem System nicht... :-\

Your computer is infected! (helft mir die Spyware beseitigen)

FabeMan

warft7

Athene

schrauber

FabeMan

schrauber

FabeMan

schrauber

FabeMan

schrauber

FabeMan

WalterB

FabeMan

schrauber

FabeMan

schrauber

FabeMan

FabeMan

schrauber

FabeMan

Your computer is infected! (helft mir die Spyware beseitigen)

ANGEBOTE & SPONSOREN

Neueste Themen

Statistik des Forums