IE öffnet sich von selbst mit Werbung...

bittersweet83 · 09.01.2008, 19:42

Hallo!
Leider habe ich auch ein Problem mit dem IE der sich ständig mit Werbeseiten, z.B. partypoker.com öffnet. Ich habe nach einer inteniven googlesuche schon einiges ausprobiert, bisher jedoch keinen Erfolg gehabt. Antivir findet nichts, ebenso ad-aware.
Mein Betriebssystem ist Windows Vista. Und hier kommt mein HJT report:

Logfile of HijackThis v1.99.1
Scan saved at 19:39:41, on 09.01.2008
Platform: Unknown Windows (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16575)

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\firefox.exe
C:\Users\Stephie\Desktop\hijackthis\HijackThis.exe
C:\Program Files\Windows Live\Mail\wlmail.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe"
O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe"
O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe"
O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe"
O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - Global Startup: p6_19_erinnerung.lnk = C:\Program Files\phase6\phase6_19_download\WinStart\p6erinnerung.exe
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-22/4 (file missing)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-22/4 (file missing)
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-22/4 (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-22/4 (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll
O11 - Options group: [INTERNATIONAL] International*
O13 - Gopher Prefix:
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll
O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe
O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe
O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing)

Danke schonmal im Voraus für eure Hilfe!!!

**Sunny** · 09.01.2008, 19:51

Hallo bittersweet83 und Willkommen!

Arbeite zunächst diese Punkte ab, damit wir einen besseren Überblick und mehr Informationen zu deinem System bekommen:

Anleitung SmitfraudFix:

Lade dir dieses Tool -> SmitfraudFix
-Starte es dann und lass das System durchsuchen. (Option 1)
-Poste danach wie in der Anleitung beschrieben, das Ergebnis des Scans

ComboFix

-Lade dir das Tool hier herunter -> KLICK
-Starte nun die combofix.exe, bestätige mit (Y)es, lass die Bereinigung durchlaufen
und kopiere nun den Text ab, und füge ihn in deinen Beitrag im Board ein!

Filelist

1. Lade das filelist.zip auf deinen Desktop herunter.
2. Entpacke die Zip-Datei auf deinen Desktop (mit WINZIP), öffne die nun auf deinem Destop vorhandene filelist.bat mit einem Doppelklick auf die Datei
3. Dein Editor (Textverarbeitungsprogramm) wird sich öffnen
4. Markiere von diesem Inhalt aus jedem Verzeichnis jeweils die letzten 30 Tage, wähle kopieren, füge diese Dateien in deinem nächsten Beitrag ein.

Dies sind die Verzeichnisse von denen wir jeweils die letzten 30 Tage sehen wollen:
Verzeichnis von C:\
Verzeichnis von C:\WINDOWS\system32
Verzeichnis von C:\WINDOWS
Verzeichnis von C:\WINDOWS\Prefetch (Windows XP)
Verzeichnis von C:\WINDOWS\tasks
Verzeichnis von C:\WINDOWS\Temp
Verzeichnis von C:\DOCUME~1\Name\LOCALS~1\Temp

*Ein Dankeschön an das Forum HijackThis und besonders Karl83 für die Anleitung*

bittersweet83 · 10.01.2008, 17:55

Hallo hier die gewünschten Ergebnisse:

SmitFraudFix v2.274

Scan done at 17:46:50,64, 10.01.2008
Run from C:\Users\Stephie\Desktop\SmitfraudFix
OS: Microsoft Windows [Version 6.0.6000] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» Process

C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LaunchAp.exe
C:\Program Files\Launch Manager\HotkeyApp.exe
C:\Program Files\Launch Manager\OSD.exe
C:\Program Files\Launch Manager\WButton.exe
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Launch Manager\WisLMSvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\firefox.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\cmd.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wbem\wmiprvse.exe

»»»»»»»»»»»»»»»»»»»»»»»» hosts

»»»»»»»»»»»»»»»»»»»»»»»» C:\

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32

»»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Stephie

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Stephie\Application Data

»»»»»»»»»»»»»»»»»»»»»»»» Start Menu

»»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Stephie\FAVORI~1

»»»»»»»»»»»»»»»»»»»»»»»» Desktop

»»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files

»»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys

»»»»»»»»»»»»»»»»»»»»»»»» Desktop Components

»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
!!!Attention, following keys are not inevitably infected!!!

IEDFix.exe by S!Ri

»»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""
"LoadAppInit_DLLs"=dword:00000000

»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]

»»»»»»»»»»»»»»»»»»»»»»»» Rustock

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter
DNS Server Search Order: 192.168.2.1

HKLM\SYSTEM\CCS\Services\Tcpip\..\{310825A3-322D-4107-AFC5-1E187FC18390}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\..\{310825A3-322D-4107-AFC5-1E187FC18390}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\..\{310825A3-322D-4107-AFC5-1E187FC18390}: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1

»»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection

»»»»»»»»»»»»»»»»»»»»»»»» End

Und hier die Ergebnisse von combofix:

ComboFix 08-01-10.2 - Stephie 2008-01-10 17:49:52.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1214 [GMT 1:00]
ausgeführt von:: C:\Users\Stephie\Desktop\ComboFix.exe
* Neuer Wiederherstellungspunkt wurde erstellt
.

((((((((((((((((((((((( Dateien erstellt von 2007-12-10 bis 2008-01-10 ))))))))))))))))))))))))))))))
.

2008-01-10 17:49 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe
2008-01-10 17:46 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe
2008-01-10 17:46 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe
2008-01-10 17:46 . 2007-12-20 23:11 81,920 --a------ C:\Windows\System32\IEDFix.exe
2008-01-10 17:46 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe
2008-01-10 17:46 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe
2008-01-10 17:46 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe
2008-01-10 17:46 . 2008-01-10 17:46 3,872 --a------ C:\Windows\System32\tmp.reg
2008-01-09 19:54 . 2008-01-09 19:54 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys
2008-01-09 19:54 . 2008-01-09 19:54 216,760 --a------ C:\Windows\System32\drivers\netio.sys
2008-01-09 19:54 . 2008-01-09 19:54 167,424 --a------ C:\Windows\System32\tcpipcfg.dll
2008-01-09 19:54 . 2008-01-09 19:54 24,064 --a------ C:\Windows\System32\netcfg.exe
2008-01-09 19:54 . 2008-01-09 19:54 22,016 --a------ C:\Windows\System32\netiougc.exe
2008-01-09 19:53 . 2008-01-09 19:53 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll
2008-01-09 19:53 . 2008-01-09 19:53 1,686,016 --a------ C:\Windows\System32\gameux.dll
2008-01-09 19:53 . 2008-01-09 19:53 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys
2008-01-09 19:53 . 2008-01-09 19:53 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys
2008-01-09 19:53 . 2008-01-09 19:53 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys
2008-01-09 19:53 . 2008-01-09 19:53 110,136 --a------ C:\Windows\System32\drivers\ataport.sys
2008-01-09 19:53 . 2008-01-09 19:53 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys
2008-01-09 19:53 . 2008-01-09 19:53 21,560 --a------ C:\Windows\System32\drivers\atapi.sys
2008-01-09 19:53 . 2008-01-09 19:53 17,976 --a------ C:\Windows\System32\drivers\intelide.sys
2008-01-09 19:53 . 2008-01-09 19:53 11,776 --a------ C:\Windows\System32\sbunattend.exe
2008-01-08 16:51 . 2008-01-08 16:51 <DIR> d-------- C:\Users\All Users\Lavasoft
2008-01-08 16:51 . 2008-01-08 16:51 <DIR> d-------- C:\ProgramData\Lavasoft
2008-01-08 16:51 . 2008-01-08 16:51 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-08 14:55 . 2008-01-08 14:55 <DIR> d-------- C:\Program Files\Bold Math Readme
2008-01-06 12:36 . 2008-01-06 12:36 <DIR> d-------- C:\Program Files\Kaspersky Lab
2008-01-02 17:42 . 2008-01-03 13:16 2,862 --------- C:\Windows\tm.ini
2008-01-02 17:42 . 2008-01-02 17:42 0 --------- C:\Windows\tdf.dii
2008-01-02 12:06 . 2008-01-03 13:42 101 --a------ C:\Windows\wiso.ini
2008-01-02 11:52 . 2008-01-02 11:52 <DIR> d-------- C:\Users\Stephie\AppData\Roaming\Buhl Data Service
2008-01-02 11:52 . 2008-01-02 11:52 <DIR> d-------- C:\Users\All Users\Buhl Data Service GmbH
2008-01-02 11:52 . 2008-01-02 11:52 <DIR> d-------- C:\ProgramData\Buhl Data Service GmbH
2008-01-01 23:14 . 2008-01-01 23:48 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-01-01 22:09 . 2008-01-08 14:56 <DIR> d-------- C:\Users\All Users\Bold Math Readme
2008-01-01 22:09 . 2008-01-08 14:56 <DIR> d-------- C:\ProgramData\Bold Math Readme
2008-01-01 21:32 . 2008-01-01 21:34 <DIR> d-------- C:\Program Files\Common Files\Nero
2007-12-31 17:16 . 2007-12-31 17:16 54,156 --ah----- C:\Windows\QTFont.qfn
2007-12-31 17:16 . 2007-12-31 17:16 1,409 --a------ C:\Windows\QTFont.for
2007-12-30 13:48 . 2007-12-30 13:50 <DIR> d-------- C:\Program Files\Azureus
2007-12-30 00:13 . 2007-12-30 00:13 <DIR> d-------- C:\Users\All Users\Azureus
2007-12-30 00:13 . 2007-12-30 00:13 <DIR> d-------- C:\ProgramData\Azureus
2007-12-20 15:54 . 2007-12-20 15:54 <DIR> d-------- C:\Users\All Users\Apple Computer
2007-12-20 15:54 . 2007-12-20 15:54 <DIR> d-------- C:\Users\All Users\Apple
2007-12-20 15:54 . 2007-12-20 15:54 <DIR> d-------- C:\ProgramData\Apple Computer
2007-12-20 15:54 . 2007-12-20 15:54 <DIR> d-------- C:\ProgramData\Apple
2007-12-20 15:54 . 2007-12-20 15:55 <DIR> d-------- C:\Program Files\QuickTime
2007-12-20 15:54 . 2007-12-20 15:54 <DIR> d-------- C:\Program Files\Apple Software Update
2007-12-13 19:09 . 2007-12-13 19:09 972,072 --a------ C:\Windows\UNNeroMediaHome.exe
2007-12-11 21:02 . 2007-12-11 21:02 1,327,104 --a------ C:\Windows\System32\quartz.dll
2007-12-11 21:02 . 2007-12-11 21:02 223,232 --a------ C:\Windows\System32\WMASF.DLL
2007-12-11 21:02 . 2007-12-11 21:02 9,728 --a------ C:\Windows\System32\LAPRXY.DLL
2007-12-11 21:02 . 2007-12-11 21:02 2,048 --a------ C:\Windows\System32\asferror.dll
2007-12-11 21:00 . 2007-12-11 21:00 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe
2007-12-11 21:00 . 2007-12-11 21:00 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe
2007-12-11 21:00 . 2007-12-11 21:00 2,048 --a------ C:\Windows\System32\tzres.dll
2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\Windows\System32\QuickTimeVR.qtx
2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\Windows\System32\QuickTime.qts

.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-10 16:38 972 ----a-w C:\Program Files\active-update.xml
2008-01-10 16:33 --------- d-----w C:\Program Files\Windows Mail
2008-01-09 18:53 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll
2008-01-09 18:53 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll
2008-01-09 18:53 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll
2008-01-09 18:53 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll
2008-01-09 18:53 --------- d-----w C:\Program Files\Windows Sidebar
2008-01-09 18:45 4,647 ----a-w C:\Program Files\updates.xml
2008-01-09 17:14 --------- d-----w C:\Program Files\extensions
2008-01-08 17:16 --------- d-----w C:\Users\Stephie\AppData\Roaming\Azureus
2008-01-08 15:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-01-08 14:09 --------- d-----w C:\Users\Stephie\AppData\Roaming\LimeWire
2008-01-08 13:56 --------- d-----w C:\ProgramData\Bin Wait Ante Cast
2008-01-03 13:40 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-02 10:56 --------- d-----w C:\Program Files\Common Files\Buhl Data Service
2008-01-01 20:32 --------- d-----w C:\ProgramData\Nero
2007-12-24 17:43 --------- d-----w C:\Program Files\uninstall
2007-12-22 23:09 --------- d-----w C:\Users\Stephie\AppData\Roaming\Winamp
2007-12-20 14:55 --------- d-----w C:\Program Files\plugins
2007-12-20 14:55 --------- d-----w C:\Program Files\components
2007-12-19 21:40 --------- d-----w C:\Program Files\Trillian
2007-12-11 20:01 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys
2007-12-11 20:01 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys
2007-12-11 20:01 56,320 ----a-w C:\Windows\System32\iesetup.dll
2007-12-11 20:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll
2007-12-11 20:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe
2007-12-11 20:01 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys
2007-12-11 20:01 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys
2007-12-04 11:08 --------- d-----w C:\ProgramData\Microsoft Help
2007-12-04 08:59 972,072 ----a-w C:\Windows\UNRecode.exe
2007-12-03 17:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll
2007-11-20 21:10 --------- d-----w C:\Users\Stephie\AppData\Roaming\Nero
2007-11-20 21:06 --------- d-----w C:\Program Files\Nero
2007-11-20 20:46 1,244,672 ----a-w C:\Windows\System32\mcmde.dll
2007-11-20 20:06 --------- d-----w C:\ProgramData\Ulead Systems
2007-11-20 19:40 --------- d-----w C:\Users\Stephie\AppData\Roaming\DivX
2007-11-16 10:36 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr
2007-11-16 10:35 67,584 ----a-w C:\Windows\System32\wlanhlp.dll
2007-11-16 10:35 542,720 ----a-w C:\Windows\System32\sysmain.dll
2007-11-16 10:35 502,784 ----a-w C:\Windows\System32\wlansvc.dll
2007-11-16 10:35 47,104 ----a-w C:\Windows\System32\wlanapi.dll
2007-11-16 10:35 297,984 ----a-w C:\Windows\System32\wlansec.dll
2007-11-16 10:35 290,816 ----a-w C:\Windows\System32\wlanmsm.dll
2007-11-16 10:35 28,344 ----a-w C:\Windows\system32\drivers\battc.sys
2007-11-16 10:35 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys
2007-11-16 10:35 24,064 ----a-w C:\Windows\System32\wtsapi32.dll
2007-11-16 10:35 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys
2007-11-16 10:35 2,923,520 ----a-w C:\Windows\explorer.exe
2007-11-16 10:35 2,027,008 ----a-w C:\Windows\System32\win32k.sys
2007-11-16 10:35 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys
2007-11-16 10:35 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys
2007-11-11 17:01 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll
2007-11-11 17:01 --------- d--h--r C:\Users\Stephie\AppData\Roaming\SecuROM
2007-11-11 15:22 --------- d-----w C:\Program Files\phase6
2007-10-28 19:04 0 ----a-w C:\Program Files\.autoreg
2007-10-10 16:52 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL
2007-10-10 16:52 7,680 ----a-w C:\Windows\System32\spwmp.dll
2007-10-10 16:52 4,096 ----a-w C:\Windows\System32\dxmasf.dll
2007-10-10 16:52 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll
2007-10-10 16:50 84,480 ----a-w C:\Windows\System32\INETRES.dll
2007-10-10 16:50 788,992 ----a-w C:\Windows\System32\rpcrt4.dll
2007-10-10 16:50 737,792 ----a-w C:\Windows\System32\inetcomm.dll
2007-09-19 10:48 73,584 ----a-r C:\Program Files\xpcom_compat.dll
2007-09-19 10:48 73,072 ----a-r C:\Program Files\xpicleanup.exe
2007-09-19 10:48 7,644,520 ----a-r C:\Program Files\firefox.exe
2007-09-19 10:48 476 ----a-w C:\Program Files\softokn3.chk
2007-09-19 10:48 476 ----a-w C:\Program Files\freebl3.chk
2007-09-19 10:48 456,032 ----a-r C:\Program Files\js3250.dll
2007-09-19 10:48 421,736 ----a-r C:\Program Files\xpcom_core.dll
2007-09-19 10:48 378,208 ----a-r C:\Program Files\nss3.dll
2007-09-19 10:48 34,160 ----a-r C:\Program Files\plc4.dll
2007-09-19 10:48 30,056 ----a-r C:\Program Files\plds4.dll
2007-09-19 10:48 271,720 ----a-r C:\Program Files\nssckbi.dll
2007-09-19 10:48 254,060 ----a-r C:\Program Files\softokn3.dll
2007-09-19 10:48 200,829 ----a-r C:\Program Files\freebl3.dll
2007-09-19 10:48 161,128 ----a-r C:\Program Files\nspr4.dll
2007-09-19 10:48 132,448 ----a-r C:\Program Files\ssl3.dll
2007-09-19 10:48 13,688 ----a-r C:\Program Files\AccessibleMarshal.dll
2007-09-19 10:48 13,152 ----a-r C:\Program Files\xpcom.dll
2007-09-19 10:48 129,920 ----a-r C:\Program Files\updater.exe
2007-09-19 10:48 12,136 ----a-r C:\Program Files\xpistub.dll
2007-09-19 10:48 111,968 ----a-r C:\Program Files\smime3.dll
2007-09-07 07:46 174 --sha-w C:\Program Files\desktop.ini
2007-09-06 14:43 18,775 ----a-r C:\Program Files\install.log
2007-07-26 06:01 222 ----a-r C:\Program Files\browserconfig.properties
2007-07-26 06:01 141 ----a-r C:\Program Files\updater.ini
2007-07-26 06:01 107 ----a-r C:\Program Files\old-homepage-default.properties
2007-07-26 02:39 30,869 ----a-r C:\Program Files\LICENSE
2005-07-24 17:52 229 ----a-r C:\Program Files\README.txt
.

(((((((((((((((((((((((((((( Autostart Punkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 19:53 1232896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-19 14:44 1006264]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 4390912 C:\Windows\RtHDVCpl.exe]
"SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 16:31 630784]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 20:50 857648]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 15:58 151552]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-06 10:52 142104]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-06 10:52 154392]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-06 10:52 138008]
"LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 12:36 32768]
"HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-12-14 15:53 192512]
"LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2006-12-26 10:23 180224]
"Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-11-09 13:37 86016]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 19:59 249896]
"NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720]
"NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136]
"CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ]
"SOAPFACE"="C:\ProgramData\Eggs Skip Skip.t5hp2g" [2008-01-09 19:50 385040]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
p6_19_erinnerung.lnk - C:\Program Files\phase6\phase6_19_download\WinStart\p6erinnerung.exe [2007-02-11 19:20:42]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

R1 Hotkey;Hotkey;C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 10:27]
R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2006-11-02 10:45]
R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-31 09:51]
R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 12:42]
R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-07-05 18:23]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-02-07 17:35]
R3 WisLMSvc;WisLMSvc;"C:\Program Files\Launch Manager\WisLMSvc.exe" [2006-11-17 19:45]
S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17ed1b04-5b97-11dc-9a44-806e6f6e6963}]
\shell\AutoRun\command - E:\cdstart.exe

*Newly Created Service* - PROCEXP90
.
Inhalt des "geplante Tasks" Ordners
"2007-12-21 16:16:40 C:\Windows\Tasks\1-Klick-Wartung.job"
- C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-10 17:52:00
Windows 6.0.6000 NTFS

Scanne versteckte Prozesse...

Scanne versteckte Autostart Einträge...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe?????H?2???????2??42????w????????????0???<???????|??????wb??w????3 ?w!??w??????2???2?=??v????L???~z?w??2?????x?2?????? A???2?????? A????4=??v?????????a@?`??????????? ?A????4????? A???@???2??x@???2????4??@???2????

Scanne versteckte Dateien...

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
Zeit der Fertigstellung: 2008-01-10 17:52:47
.
2008-01-09 18:54:33 --- E O F ---

Filelist.bat ergab leider nur folgendes:

not supported windows version
----------------------------------------

Microsoft Windows [Version 6.0.6000]

Vielen Dank für eure Hilfe!!!

**Sunny** · 10.01.2008, 20:00

Blacklight scannen lassen

* Lade F-Secure Blacklight runter in einen eigenen Ordner, z.B. C:\programme\blacklight. Sollte der Download nicht klappen, dann probiere es mit diesem Link.
* Starte in diesem Ordner blbeta.exe. Alle anderen Programme schließen.
* Klick "I accept the agreement", "next", "Scan".
* Wenn der Scan fertig ist beende Blacklight mit "Close".
* Im Verzeichnis von Blacklight findest Du das erstellte Log fsbl-XXX.log, anstelle der XXX steht eine längere Folge von Ziffern.

Sophos scannen lassen

* Gehe zu Sophos und lade dir ihren Rootkitescanner herunter. Du bekommst eine Installationsdatei sarsfx.exe.
* Starte diese, akzeptiere die Lizenz und lass das Programm installieren, ändere den Pfad C:\SOPHTEMP nicht.
* Gehe mit dem Explorer in diesen Ordner und starte sargui.exe, schließe danach alle anderen Programme.
* Lass unter Area alles angehalt und starte den Scan mit "Start scan". Der Scan dauert einige Zeit, wenn er fertig ist poppt ein Fenster auf mit einer Zusammenfassung, klicke dort "Ok". Beende den Sophos Rootkitscanner, dieser Scan dient nur der Analyse.
* Starte den Explorer und gib in der Adresszeile "%temp%" ein (ohne Anführungsstriche), dort gibt es eine Datei sarscan.log, deren Inhalt bitte posten.

Gmer scannen lassen

* Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop.
* Starte gmer.exe und gehe zum Tab Rootkit. Alle anderen Programme sollen geschlossen sein.
* Stelle sicher, daß in der Leiste rechts alles von "System" bis "ADS" angehakt ist
(Wichtig: "Show all" darf nicht angehakt sein)
* Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
* Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird GMER beendet.
* Füge das Log aus der Zwischenablage in deine Antwort hier ein.

bittersweet83 · 11.01.2008, 14:48

Hallo, hier die Ergebnisse:

Blacklight:
01/11/08 14:18:40 [Info]: BlackLight Engine 1.0.67 initialized
01/11/08 14:18:40 [Info]: OS: 6.0 build 6000 ()
01/11/08 14:18:40 [Note]: 7019 4
01/11/08 14:18:40 [Note]: 7005 0
01/11/08 14:18:42 [Note]: 7006 0
01/11/08 14:18:42 [Note]: 7027 0
01/11/08 14:18:43 [Note]: 7026 0
01/11/08 14:18:43 [Note]: 7026 0
01/11/08 14:18:45 [Note]: FSRAW library version 1.7.1024
01/11/08 14:22:04 [Note]: 7007 0

Sophos unterstützt kein Vista und ließ sich daher nicht starten!

Gmer:
[COLOR="Green"]GMER 1.0.13.12551 - http://www.gmer.net
Rootkit scan 2008-01-11 14:45:06
Windows 6.0.6000

---- System - GMER 1.0.13 ----

SSDT A55D371C ZwCreateThread
SSDT A55D3708 ZwOpenProcess
SSDT A55D370D ZwOpenThread
SSDT A55D3717 ZwTerminateProcess
SSDT A55D3712 ZwWriteVirtualMemory

---- Kernel code sections - GMER 1.0.13 ----

.text ntoskrnl.exe!ZwQueryLicenseValue + D41 81C46239 1 Byte [ 06 ]
.text ntoskrnl.exe!_alloca_probe + 164 81C560B4 4 Bytes [ 1C, 37, 5D, A5 ]
.text ntoskrnl.exe!_alloca_probe + 334 81C56284 4 Bytes [ 08, 37, 5D, A5 ]
.text ntoskrnl.exe!_alloca_probe + 350 81C562A0 4 Bytes [ 0D, 37, 5D, A5 ]
.text ntoskrnl.exe!_alloca_probe + 574 81C564C4 4 Bytes [ 17, 37, 5D, A5 ]
.text ntoskrnl.exe!_alloca_probe + 5D4 81C56524 4 Bytes [ 12, 37, 5D, A5 ]

---- User IAT/EAT - GMER 1.0.13 ----

IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [70901923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [70901923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!RegisterWaitForInputIdle] [709013AA] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [70901923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [70901923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [70901923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!RegisterWaitForInputIdle] [709013AA] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [70901923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [70901923] C:\Windows\AppPatch\AcLayers.DLL
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6C5588F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6C558B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6C558A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C559639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] [6C559BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6C5588F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6C558A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [6C558C84] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] [6C5588F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] [6C558A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] [6C558B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [6C55952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [6C559AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [6C559741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6C552E2C] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6C558A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6C552C16] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6C552A18] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [6C55883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6C559A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [6C559CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [6C559BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C559639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6C559741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6C558A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6C558FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6C558F4E] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6C55A275] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] [6C559AFB] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6C55952A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6C559741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [6C559C57] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6C559639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [6C559BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [6C559CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [6C559BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [6C559DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [6C559741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C559639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [6C55883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] [6C558C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6C5588F6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6C558B2F] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6C558A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6C558FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6C558C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @

bittersweet83 · 11.01.2008, 14:49

und hier noch die Fortsetzung von gmer (war zu groß für nur eine Antwort...)

C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [6C559BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C559639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [6C559CF9] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6C559A53] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6C559498] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [6C559DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AccessCheck] [6C55883A] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6C559741] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!PrivCopyFileExW] [6C558EEA] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] [6C558C14] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] [6C558A65] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetFileAttributesW] [6C558FA6] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [6C559DF4] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [6C559639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] [6C559BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C559639] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [6C559BA7] C:\Windows\AppPatch\AcGenral.DLL
IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_READ [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [804F1F42] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [804F1F42] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_NAMED_PIPE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_CLOSE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_READ [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_WRITE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_INFORMATION [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_SET_INFORMATION [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_EA [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_SET_EA [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_FLUSH_BUFFERS [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_VOLUME_INFORMATION [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_SET_VOLUME_INFORMATION [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_DIRECTORY_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_FILE_SYSTEM_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_INTERNAL_DEVICE_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_SHUTDOWN [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_LOCK_CONTROL [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_CLEANUP [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_MAILSLOT [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_SECURITY [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_SET_SECURITY [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_POWER [804F1F42] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_SYSTEM_CONTROL [804F1F42] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CHANGE [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_QUOTA [804F1D1B] Wdf01000.sys
AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_SET_QUOTA [804F1D1B] Wdf01000.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CREATE [826B07F0] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [826B07F0] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CLOSE [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_READ [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_WRITE [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_INFORMATION [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_INFORMATION [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_EA [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_EA [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_FLUSH_BUFFERS [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [826B0DC8] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_DEVICE_CONTROL [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SHUTDOWN [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_LOCK_CONTROL [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CLEANUP [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CREATE_MAILSLOT [826B07F0] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_SECURITY [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_SECURITY [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_POWER [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SYSTEM_CONTROL [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_DEVICE_CHANGE [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_QUOTA [8269EB56] fltmgr.sys
AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_QUOTA [8269EB56] fltmgr.sys

---- Registry - GMER 1.0.13 ----

Reg \Registry\USER\S-1-5-21-4022781497-3537278231-3995956278-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x34 0xEC 0x65 0x4A ...
Reg \Registry\USER\S-1-5-21-4022781497-3537278231-3995956278-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xE3 0xC1 0xD6 0x7C ...

---- EOF - GMER 1.0.13 ----

IE öffnet sich von selbst mit Werbung...

Log-Analyse und Auswertung: IE öffnet sich von selbst mit Werbung...