Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys

Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


Plagegeister aller Art und deren Bekämpfung: Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 19.05.2010, 20:21   #1
Daveomillo
 
Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys - Unglücklich

Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


Hallo.

Ich bin mit Rootkit.Agent verseucht.

Malwarebytes Anti Malware findet auch nach Beseitigung nach dem Neustart immer wieder den selben Eintrag.

Trotz Einsatz des CC Cleaner auch kein Erfolg.

Ich bin verzweifelt. Bitte helft mir!!!

Hab vor meiner Anmeldung hier gegoogelt und hier in den Foren nach Anleitungen gesucht. Danke für die Infos. Leider kam ich nicht weiter was den rootkit.agent betrifft. Digital protection hab ich zumindest durch die Infos aus den Foren losbekommen.

Hier also die Logdatei von Anti Maleware:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4058

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

19.05.2010 20:00:51
mbam-log-2010-05-19 (20-00-51).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 17427
Laufzeit: 4 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\system32\Drivers\rlmij.sys (Rootkit.Agent) -> Quarantined and deleted successfully.


Danke
Daveomillo

Alt 20.05.2010, 11:11   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys - Standard

Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


Hallo und

Bitte Logs mit GMER und OSAM erstellen + posten.
__________________

__________________
Alt 22.05.2010, 00:32   #3
Daveomillo
 
Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys - Frage

Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


sorry,

aber sehe meine Antwort von eben nicht im Forum unter meinen Beiträgen hier zum Thema angezeigt. weiss jetzt nicht, ob die logdateien ankamen?

alles da?

oder sehe ich meine erste Antwort erst, wenn Du auf meine erste Antwort wieder antwortest. Sorry für meine Unwissenheit, aber ich hab noch keine Beiträge in Foren verfasst. Bin aber lernfähig.

Danke
Daveomillo
__________________
Alt 22.05.2010, 02:24   #4
Daveomillo
 
Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys - Standard

Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


Hallo. Alles klar jetzt. Die Logdatei war zu lang. Hier der Erste Teil:

Logdatei von GMER Teil1:

GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-05-22 02:57:22
Windows 6.0.6002 Service Pack 2
Running: e7tr3c5p.exe; Driver: C:\Users\David\AppData\Local\Temp\fwlcapog.sys


---- Kernel code sections - GMER 1.0.15 ----

? System32\Drivers\rlmij.sys Ein an das System angeschlossenes Gerät funktioniert nicht. !
.text C:\Windows\system32\DRIVERS\nvlddmkm.sys section is writeable [0x8E406340, 0x3EB347, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

? C:\Windows\System32\svchost.exe[2956] image checksum mismatch; time/date stamp mismatch;
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!CreateWindowExW 776B1305 5 Bytes JMP 6C4DDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!DialogBoxParamW 776D10B0 5 Bytes JMP 6C405505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!DialogBoxIndirectParamW 776D2EF5 5 Bytes JMP 6C5D473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!DialogBoxParamA 776E8152 5 Bytes JMP 6C5D46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!DialogBoxIndirectParamA 776E847D 5 Bytes JMP 6C5D47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!MessageBoxIndirectA 776FD4D9 5 Bytes JMP 6C5D4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!MessageBoxIndirectW 776FD5D3 5 Bytes JMP 6C5D4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!MessageBoxExA 776FD639 5 Bytes JMP 6C5D45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[3788] USER32.dll!MessageBoxExW 776FD65D 5 Bytes JMP 6C5D4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!CreateDialogParamW 776A72A2 5 Bytes JMP 6C4DDE50 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!GetAsyncKeyState 776A863C 5 Bytes JMP 6C3F8EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!SetWindowsHookExW 776A87AD 5 Bytes JMP 6C4D9A75 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!CallNextHookEx 776A8E3B 5 Bytes JMP 6C4CD101 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!UnhookWindowsHookEx 776A98DB 5 Bytes JMP 6C44466E C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!EnableWindow 776ACD8B 5 Bytes JMP 6C4DDCDD C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!CreateWindowExW 776B1305 5 Bytes JMP 6C4DDAC4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!GetKeyState 776B8CB1 5 Bytes JMP 6C4DD28B C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!IsDialogMessageW 776C0745 5 Bytes JMP 6C405A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!CreateDialogParamA 776C17AA 5 Bytes JMP 6C5D53AB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!IsDialogMessage 776C1847 5 Bytes JMP 6C5D4C47 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!CreateDialogIndirectParamA 776C26F1 5 Bytes JMP 6C5D53E2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!CreateDialogIndirectParamW 776C9A62 5 Bytes JMP 6C5D5419 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!SetKeyboardState 776D0987 5 Bytes JMP 6C5D4FB6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!DialogBoxParamW 776D10B0 5 Bytes JMP 6C405505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!DialogBoxIndirectParamW 776D2EF5 5 Bytes JMP 6C5D473F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!SendInput 776D2F75 5 Bytes JMP 6C5D5B73 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!EndDialog 776D326E 5 Bytes JMP 6C407EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!SetCursorPos 776E6FB2 5 Bytes JMP 6C5D5BC7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!DialogBoxParamA 776E8152 5 Bytes JMP 6C5D46DC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!DialogBoxIndirectParamA 776E847D 5 Bytes JMP 6C5D47A2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!MessageBoxIndirectA 776FD4D9 5 Bytes JMP 6C5D4671 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!MessageBoxIndirectW 776FD5D3 5 Bytes JMP 6C5D4606 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!MessageBoxExA 776FD639 5 Bytes JMP 6C5D45A4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!MessageBoxExW 776FD65D 5 Bytes JMP 6C5D4542 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] USER32.dll!keybd_event 776FD972 5 Bytes JMP 6C5D5EF7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] SHELL32.dll!SHRestricted + D95 76758988 4 Bytes [4D, 30, EF, 6C] {DEC EBP; XOR BH, CH; INSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] SHELL32.dll!SHRestricted + D9D 76758990 8 Bytes [57, 2F, EF, 6C, 9C, 5B, EE, ...] {PUSH EDI; DAS ; OUT DX, EAX; INSB ; PUSHF ; POP EBX; OUT DX, AL ; INSB }
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] ole32.dll!OleLoadFromStream 77201E12 5 Bytes JMP 6C5D4AA7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text C:\Program Files\Internet Explorer\iexplore.exe[4160] ole32.dll!CoCreateInstance 77239EA6 5 Bytes JMP 6C4DDB20 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7499F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7499E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [749ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7499FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7499FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7499D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74996853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7499687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2728] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapSetInformation] 51EC8B55
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExpandEnvironmentStringsW] 1845DB51
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CreateActCtxW] F855DD56
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ReleaseActCtx] E8084DDC
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LCMapStringW] 000004D2
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrlenW] FF184589
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DelayLoadFailureHook] 40516015
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedExchange] F845DD00
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!RegisterWaitForSingleObject] 8B104DDC
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetUnhandledExceptionFilter] 1865DAF0
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetModuleHandleA] 0004B9E8
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!QueryPerformanceCounter] 8BC88B00
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetTickCount] F74199C6
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentThreadId] C28B5EF9
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcessId] C9184503
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetSystemTimeAsFileTime] 6015FFC3
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!TerminateProcess] 8B004051
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCurrentProcess] 2B08244C
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!UnhandledExceptionFilter] 9904244C
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetCommandLineW] 8BF9F741
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ExitProcess] 244403C2
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetProcessAffinityUpdateMode] FF56C304
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcessHeap] 244C8B00
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!SetErrorMode] 748D9908
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!HeapFree] 2BC28B5E
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!WideCharToMultiByte] 244403C1
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalFree] 15FFC308
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!CloseHandle] [00405160] C:\Windows\System32\svchost.exe (Hostprozess für Windows-Dienste/Microsoft Corporation)
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LocalAlloc] 04244C8B
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryA] F9F74199
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!InterlockedCompareExchange] FFC3C28B
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!FreeLibrary] 40516015
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!Sleep] 646A9900
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetProcAddress] 33F9F759
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!DeactivateActCtx] 24543BC0
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!LoadLibraryExW] C09C0F04
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!GetLastError] EC8B55C3
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!ActivateActCtx] 0204EC81
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpW] 00000100
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [KERNEL32.dll!lstrcmpiW] 8B590040
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__commode] 8D500000
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_adjust_fdiv] FFFEFC8D
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__setusermatherr] C93351FF
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_amsg_exit] 558D5151
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_initterm] 8D5052FC
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!exit] FFFDFC85
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__p__fmode] FF5150FF
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_exit] 40504415
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memcpy] 56216A00
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!memset] FFFC75FF
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__set_app_type] 40515C15
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!?terminate@@YAXXZ] 0CC48300
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_except_handler4_common] C01BD8F7
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_controlfp] C95EC623
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_cexit] EC8B55C3
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!__wgetmainargs] 458B5151
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [msvcrt.dll!_XcptFilter] 33565308
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!GetTokenInformation] 33FC7589
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!InitializeSecurityDescriptor] 01518DFF
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorOwner] 8441198A
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorGroup] 2BF975DB
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetEntriesInAclW] 802974CA
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetSecurityDescriptorDacl] 7420063C
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!StartServiceCtrlDispatcherW] 75FF850A
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegDisablePredefinedCacheEx] 45FF470C
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegQueryValueExW] 8A01518D
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegOpenKeyExW] DB844119
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegCloseKey] CA2BF975
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!RegisterServiceCtrlHandlerW] D772F13B
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!SetServiceStatus] 5FFC458B
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ADVAPI32.dll!OpenProcessToken] C3C95B5E
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthoritySid] 56530CEC
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlFreeHeap] 68F63357
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlCopySid] 00000400
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSubAuthorityCountSid] FFF87589
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlLengthRequiredSid] 40515815
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlAllocateHeap] 085D8B00
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeSid] C38BF88B
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlImageNtHeader] FC758959
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlSetProcessIsCritical] 8D0007C6
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlUnhandledExceptionFilter] 108A0148
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [ntdll.dll!RtlInitializeCriticalSection] 75D28440
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerListen] 1E048D66
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIf] 74203880
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtWaitServerListen] FC7D8328
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtSetServerStackSize] FF0A7500
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcMgmtStopServerListening] 45C7F845
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUnregisterIfEx] 000001FC
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerRegisterIf] 0C4D8B00
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!RpcServerUseProtseqEpW] F84D3941
IAT C:\Windows\System32\svchost.exe[2956] @ C:\Windows\System32\svchost.exe [RPCRT4.dll!I_RpcMapWin32Status] 016A3275
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [6CED82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [6CED82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW] [6CEE1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] [6CEE007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6CEDE1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6CEE0994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6CEDEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [6CEDA3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6CEE1D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose] [6CEE3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW] [6CEE2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW] [6CEE3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] [6CEDFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6CEDE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6CEDDC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] [6CEDFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [6CED82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6CEDD4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6CEEFBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW] [6CEF051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6CEEEB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW] [6CEEF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW] [6CEEEF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6CEEE5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey] [6CEEED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] [6CEE007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] [6CEDFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6CEDE1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [6CED82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] [6CEDFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6CEDE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW] [6CEE1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6CEDEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose] [6CEE3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA] [6CEE2CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA] [6CEE2926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW] [6CEE3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW] [6CEE2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA] [6CEDBD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA] [6CEE173F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA] [6CEDBFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA] [6CEE0F0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA] [6CEE14E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA] [6CEDED1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW] [6CEDBEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW] [6CEE1D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW] [6CEDC0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW] [6CEE103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW] [6CEDEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW] [6CEE0994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW] [6CEE1614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA] [6CEE0921] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] [6CED82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] [6CEDFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [6CEDA073] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [6CEDA3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA] [6CEDE717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW] [6CEDE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW] [6CEDFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] [6CEDFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW] [6CEE0C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW] [6CEDDC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW] [6CEDD4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA] [6CEDD361] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6CEDEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] [6CEE007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6CEDC0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6CEDE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW] [6CEE3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW] [6CEE2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW] [6CEE1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW] [6CEDBEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6CEDBFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6CEDE717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA] [6CEE2CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA] [6CEE2926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose] [6CEE3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA] [6CEE23A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA] [6CEDBD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] [6CEDFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [6CED82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW] [6CEDFAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA] [6CEDF973] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey] [6CEEED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6CEEE43D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA] [6CEEEDE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA] [6CEEF9B7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6CEEE9C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6CEEE5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6CEEEB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW] [6CEF020D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW] [6CEEF4DB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW] [6CEEEF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW] [6CEEFBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW] [6CEEF817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)

Alt 22.05.2010, 02:27   #5
Daveomillo
 
Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys - Standard

Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


und der 2. Teil

IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW] [6CEF051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW] [6CEEFF19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA] [6CEF0085] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA] [6CEF0395] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA] [6CEEFDAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA] [6CEEF677] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW] [6CEDCFA8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW] [6CEE2999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW] [6CEE0C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW] [6CEDD22A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW] [6CEDD9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW] [6CEDDC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW] [6CEDEB68] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW] [6CEE1D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6CEDE1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW] [6CEDCAA7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] [6CEE007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [6CEDA3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6CEE0994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW] [6CEE3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose] [6CEE3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA] [6CEDC709] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA] [6CEDBD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW] [6CEE1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW] [6CEDCD20] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW] [6CEDD4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW] [6CEE1614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW] [6CEE103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6CEDEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6CEDC0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW] [6CEDBEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6CEE09B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW] [6CEDC848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] [6CEDFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6CEDE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW] [6CEDC368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] [6CEDFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW] [6CEDC5D8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW] [6CEDF0D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW] [6CEDFAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW] [6CEDF5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW] [6CEE65DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW] [6CEE620B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW] [6CEE7595] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW] [6CEE60AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW] [6CEE615B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA] [6CEE75E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW] [6CEE6533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W] [6CEE799A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW] [6CEE684F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW] [6CEE6E45] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA] [6CEE6AFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW] [6CEE6B47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW] [6CEE7281] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW] [6CEE6716] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW] [6CEE71ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW] [6CEE7021] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW] [6CEE7FBE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW] [6CEE7159] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW] [6CEE68E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW] [6CEE6BE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA] [6CEE6803] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW] [6CEE6F81] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA] [6CEE63A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW] [6CEE80BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW] [6CEE8513] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW] [6CEE8176] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW] [6CEE7BA4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW] [6CEE8235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW] [6CEE697F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW] [6CEE6DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW] [6CEE6D15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW] [6CEE731F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW] [6CEE6EDD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW] [6CEE6C7D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW] [6CEE6AAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW] [6CEE78EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW] [6CEE63F4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW] [6CEE76D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW] [6CEE8732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW] [6CEE777E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW] [6CEE7831] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW] [6CEE667B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW] [6CEE7636] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile] [6CEDBB38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose] [6CEE3ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW] [6CEE3035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] [6CEE007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW] [6CEE1AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6CEDA3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6CEDEE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW] [6CEDC848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6CEDC368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6CEDE860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] [6CEDFD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6CEDBEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] [6CEDFBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [6CED82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW] [6CEE8235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA] [6CEE81D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA] [6CEE72CD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA] [6CEE75E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW] [6CEE76D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW] [6CEE65DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA] [6CEE788F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA] [6CEE86D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW] [6CEE78EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW] [6CEE8732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW] [6CEE6533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [6CED82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [6CED82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [6CED82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [6CED82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [6CED82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [6CED82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Program Files\Internet Explorer\iexplore.exe[4160] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [6CED82F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [749A7817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [749FA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [749ABB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [7499F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [749A75E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [7499E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [749D8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [749ADA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [7499FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [7499FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [749971CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [74A2CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [749CC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [7499D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [74996853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [7499687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[4868] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [749A2AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

Device \FileSystem\Ntfs \Ntfs 869E32C8

AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (WDF Dynamic/Microsoft Corporation)
AttachedDevice \FileSystem\fastfat \Fat fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- Services - GMER 1.0.15 ----

Service (*** hidden *** ) [BOOT] rlmij <-- ROOTKIT !!!

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\000272013b31
Reg HKLM\SYSTEM\CurrentControlSet\Services\rlmij@Type 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\rlmij@Start 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\rlmij@ErrorControl 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\rlmij@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet002\Services\rlmij@Type 1
Reg HKLM\SYSTEM\ControlSet002\Services\rlmij@Start 0
Reg HKLM\SYSTEM\ControlSet002\Services\rlmij@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet002\Services\rlmij@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet003\Services\rlmij@Type 1
Reg HKLM\SYSTEM\ControlSet003\Services\rlmij@Start 0
Reg HKLM\SYSTEM\ControlSet003\Services\rlmij@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet003\Services\rlmij@Group Boot Bus Extender
Reg HKLM\SYSTEM\ControlSet004\Services\BTHPORT\Parameters\Keys\000272013b31 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet004\Services\rlmij@Type 1
Reg HKLM\SYSTEM\ControlSet004\Services\rlmij@Start 0
Reg HKLM\SYSTEM\ControlSet004\Services\rlmij@ErrorControl 0
Reg HKLM\SYSTEM\ControlSet004\Services\rlmij@Group Boot Bus Extender

---- EOF - GMER 1.0.15 ----



und hier die Logdatei von OSAM:

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 23:50:01 on 21.05.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job" - ? - C:\Users\David\AppData\Local\Temp\Rv0.exe  (File not found)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"Dynamically loaded UxdDrv" (uxddrv) - ? - G:\WST3.1a\uxddrv.sys  (File not found)
"fwlcapog" (fwlcapog) - ? - C:\Users\David\AppData\Local\Temp\fwlcapog.sys  (Hidden registry entry, rootkit activity | File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Player Recovery Device Control Driver" (StMp3Rec) - "Nike, Inc." - C:\Windows\System32\Drivers\StMp3Rec.sys
"PSA128F" (PSA128F) - "Nike, Inc." - C:\Windows\system32\drivers\PSA128F.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"rlmij" (rlmij) - ? - C:\Windows\system32\drivers\rlmij.sys  (Hidden registry entry, rootkit activity | File not found)
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Datei-Manager" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{DBE9EB93-FE98-4629-8534-5801A36864A7} "Nike psa[128max PlayerShell Hook" - "Nike, Inc." - C:\Windows\system32\psa128h.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Autoplay Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{00F33137-EE26-412F-8D71-F84E4C2C6625} "{00F33137-EE26-412F-8D71-F84E4C2C6625}" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} "EPUImageControl Class" - "eBay, Inc." - C:\Windows\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\System32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AGEIA PhysX SysTray" - ? - C:\Program Files\AGEIA Technologies\TrayIcon.exe  (File found, but it contains no detailed information)
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BsMnt" - ? - C:\Program Files\BisonCam\BsMnt.exe
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"Google EULA Launcher" - "Google" - C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe GE
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MDS_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
"mumservice" - "Motorola" - C:\Program Files\Motorola\Software Update\mumservice.exe
"PDVD8LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"UpdatePDRShortCut" - "CyberLink Corp." - "C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Google Desktop Manager 5.9.909.30391" (GoogleDesktopManager-093009-130223) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca8a184dd07e6e)" (gupdate1ca8a184dd07e6e) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\usnsvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MotoConnect Service" (MotoConnect Service) - ? - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe  (File found, but it contains no detailed information)
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"Reset Reader" (resetWinService) - ? - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe  (File found, but it contains no detailed information)
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Danke,
Daveomillo


Alt 23.05.2010, 20:30   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys - Standard

Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


Zitat:
"rlmij" (rlmij) - ? - C:\Windows\system32\drivers\rlmij.sys (Hidden registry entry, rootkit activity | File not found)
Diesen Eintrag mit OSAM deaktivieren und löschen (delete from storage)
Poste danach ein neues OSAM Log um zu kontrollieren, dass der Eintrag auch wirklich weg ist.
__________________
--> Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys

Alt 23.05.2010, 21:37   #7
Daveomillo
 
Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys - Icon24

Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


Hallo. Hier der neue Osam Log. Habe alle Schritte zuvor ausgeführt.

Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 22:33:45 on 23.05.2010

OS: Windows Vista Home Premium Edition Service Pack 2 (Build 6002), 32-bit
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Google" - C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL

[Common]
-----( %SystemRoot%\Tasks )-----
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job" - ? - C:\Users\David\AppData\Local\Temp\Rv0.exe  (File not found)

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"ISUSPM.cpl" - "Macrovision Corporation" - C:\Windows\system32\ISUSPM.cpl
"PhysX.cpl" - ? - C:\Windows\system32\PhysX.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys
"avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys
"Dynamically loaded UxdDrv" (uxddrv) - ? - G:\WST3.1a\uxddrv.sys  (File not found)
"IP in IP Tunnel Driver" (IpInIp) - ? - C:\Windows\System32\DRIVERS\ipinip.sys  (File not found)
"IPX Traffic Filter Driver" (NwlnkFlt) - ? - C:\Windows\System32\DRIVERS\nwlnkflt.sys  (File not found)
"IPX Traffic Forwarder Driver" (NwlnkFwd) - ? - C:\Windows\System32\DRIVERS\nwlnkfwd.sys  (File not found)
"Player Recovery Device Control Driver" (StMp3Rec) - "Nike, Inc." - C:\Windows\System32\Drivers\StMp3Rec.sys
"PSA128F" (PSA128F) - "Nike, Inc." - C:\Windows\system32\drivers\PSA128F.sys
"PxHelp20" (PxHelp20) - "Sonic Solutions" - C:\Windows\System32\Drivers\PxHelp20.sys
"ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys
(Disabled) "rlmij" (rlmij) - ? - C:\Windows\system32\drivers\rlmij.sys  (Hidden registry entry, rootkit activity | File not found)

[Explorer]
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WI1F86~1\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{911051fa-c21c-4246-b470-070cd8df6dc4} ".cab or .zip files" - ? -   (File not found | COM-object registry key not found)
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Program Files\7-Zip\7-zip.dll
{1b24a030-9b20-49bc-97ac-1be4426f9e59} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{34449847-FD14-4fc8-A75A-7432F5181EFB} "ActiveDirectory Folder" - ? -   (File not found | COM-object registry key not found)
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll
{0F8604A5-4ECE-4DE1-BA7D-CF10F8AA4F48} "Contacts folder" - ? -   (File not found | COM-object registry key not found)
 "CorelDRAW Shell Extension Component" - ? -   (File not found | COM-object registry key not found)
{738D66C6-0149-4D40-84E4-A7BB2D0CE949} "Datei-Manager" - ? -   (File not found | COM-object registry key not found)
{2C2577C2-63A7-40e3-9B7F-586602617ECB} "Explorer Query Band" - ? -   (File not found | COM-object registry key not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{00020d75-0000-0000-c000-000000000046} "lnkfile" - ? -   (File not found | COM-object registry key not found)
{FC9FB64A-1EB2-4CCF-AF5E-1A497A9B5C2D} "Meine freigegebenen Ordner" - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\fsshext.8.5.1302.1018.dll
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONFILTER.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\msoshext.dll
{97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files\Nero\Nero8\Nero CoverDesigner\CoverEdExtension.dll
{DBE9EB93-FE98-4629-8534-5801A36864A7} "Nike psa[128max PlayerShell Hook" - "Nike, Inc." - C:\Windows\system32\psa128h.dll
{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} "RealOne Player Context Menu Class" - "RealNetworks, Inc." - C:\Program Files\Real\RealPlayer\rpshell.dll
{C8494E42-ACDD-4739-B0FB-217361E4894F} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{E29F9716-5C08-4FCD-955A-119FDB5A522D} "Sam Account Folder" - ? -   (File not found | COM-object registry key not found)
{45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll
{52B87208-9CCF-42C9-B88E-069281105805} "Trojan Remover Shell Extension" - ? -   (File not found | COM-object registry key not found)
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Autoplay Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoViewer.dll
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Drop Target Shim" - ? -   (File not found | COM-object registry key not found)
{da67b8ad-e81b-4c70-9b91b417b5e33527} "Windows Search Shell Service" - ? -   (File not found | COM-object registry key not found)
{00F33137-EE26-412F-8D71-F84E4C2C6625} "{00F33137-EE26-412F-8D71-F84E4C2C6625}" - ? -   (File not found | COM-object registry key not found)
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-15/4  (HTTP value)
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} "EPUImageControl Class" - "eBay, Inc." - C:\Windows\Downloaded Program Files\EPUWALcontrol.dll / hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_11" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_11.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
{233C1507-6A77-46A4-9443-F871F945D258} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\Windows\System32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll
"eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4  (HTTP value)
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "Google Toolbar" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll
{3049C3E9-B461-4BC5-8870-4C09146192CA} "RealPlayer Download and Record Plugin for Internet Explorer" - "RealPlayer" - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{7E853D72-626A-48EC-A868-BA8D5E23E045} "{7E853D72-626A-48EC-A868-BA8D5E23E045}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE  (Shortcut exists | File exists)
"desktop.ini" - ? - C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )-----
"desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"swg" - "Google Inc." - "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
-----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )-----
"StartupPrograms" - ? - rdpclip  (File not found)
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"AGEIA PhysX SysTray" - ? - C:\Program Files\AGEIA Technologies\TrayIcon.exe  (File found, but it contains no detailed information)
"avgnt" - "Avira GmbH" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
"BsMnt" - ? - C:\Program Files\BisonCam\BsMnt.exe
"Google Desktop Search" - "Google" - "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"Google EULA Launcher" - "Google" - C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe GE
" Malwarebytes Anti-Malware  (reboot)" - "Malwarebytes Corporation" - "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
"MDS_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\MediaShow4" UpdateWithCreateOnce "Software\CyberLink\MediaShow\4.1"
"mumservice" - "Motorola" - C:\Program Files\Motorola\Software Update\mumservice.exe
"PDVD8LanguageShortcut" - ? - "C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe"
"TkBellExe" - "RealNetworks, Inc." - "C:\Program Files\Common Files\Real\Update_OB\realsched.exe"  -osboot
"UCam_Menu" - "CyberLink Corp." - "C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
"UpdatePDRShortCut" - "CyberLink Corp." - "C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\HomeCinema\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"

[Print Monitors]
-----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )-----
"Microsoft Document Imaging Writer Monitor" - "Microsoft Corporation" - C:\Windows\system32\mdimon.dll
"Send To Microsoft OneNote Monitor" - "Microsoft Corporation" - C:\Windows\system32\msonpmon.dll

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"Avira AntiVir Guard" (AntiVirService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
"Avira AntiVir Planer" (AntiVirSchedulerService) - "Avira GmbH" - C:\Program Files\Avira\AntiVir Desktop\sched.exe
"Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
"Google Desktop Manager 5.9.909.30391" (GoogleDesktopManager-093009-130223) - "Google" - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
"Google Software Updater" (gusvc) - "Google" - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
"Google Update Service (gupdate1ca8a184dd07e6e)" (gupdate1ca8a184dd07e6e) - "Google Inc." - C:\Program Files\Google\Update\GoogleUpdate.exe
"Messenger USN Journal Reader-Service für freigegebene Ordner" (usnjsvc) - "Microsoft Corporation" - C:\Program Files\Windows Live\Messenger\usnsvc.exe
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
"MotoConnect Service" (MotoConnect Service) - ? - C:\Program Files\Motorola\MotoConnectService\MotoConnectService.exe  (File found, but it contains no detailed information)
"Nero BackItUp Scheduler 3" (Nero BackItUp Scheduler 3) - "Nero AG" - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
"NMIndexingService" (NMIndexingService) - "Nero AG" - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"PLFlash DeviceIoControl Service" (PLFlash DeviceIoControl Service) - "Prolific Technology Inc." - C:\Windows\system32\IoctlSvc.exe
"PnkBstrA" (PnkBstrA) - ? - C:\Windows\system32\PnkBstrA.exe  (File found, but it contains no detailed information)
"ProtexisLicensing" (ProtexisLicensing) - ? - C:\Windows\system32\PSIService.exe
"Reset Reader" (resetWinService) - ? - C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe  (File found, but it contains no detailed information)
"X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe

===[ Logfile end ]=========================================[ Logfile end ]===
If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru

Alt 23.05.2010, 22:35   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys - Standard

Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


Gut, der Eintrag ist deaktiviert.
Bitte jetzt nen Vollscan mit Malwarebytes machen und Log posten. Aktualisiere das Programm vorher!!
Danach OTL:

Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 23.05.2010, 23:55   #9
Daveomillo
 
Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys - Standard

Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


o.k. hier zuerst der Log von malewarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4134

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

24.05.2010 00:45:32
mbam-log-2010-05-24 (00-45-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 274337
Laufzeit: 1 Stunde(n), 4 Minute(n), 7 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.

Danke
Daveomillo

Alt 24.05.2010, 00:04   #10
Daveomillo
 
Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys - Icon24

Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


gut. und jetzt noch der Log von OTL. war übrigens nur 1 Datei, nicht wie in der Beschreibung 2 Logdateien:

Code:
ATTFilter
OTL logfile created on: 24.05.2010 00:58:02 - Run 1
OTL by OldTimer - Version 3.2.5.0     Folder = C:\Users\David\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18904)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 69,00% Memory free
6,00 Gb Paging File | 5,00 Gb Available in Paging File | 85,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 278,07 Gb Total Space | 192,15 Gb Free Space | 69,10% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 8,83 Gb Free Space | 44,13% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: LUXUS-PC
Current User Name: David
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\David\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Motorola\MotoConnectService\MotoConnect.exe (Motorola)
PRC - C:\Programme\Google\Google Toolbar\GoogleToolbarUser_32.exe (Google Inc.)
PRC - C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe ()
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
PRC - C:\Programme\Google\Google Desktop Search\GoogleDesktop.exe (Google)
PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
PRC - C:\Programme\BisonCam\BsMnt.exe ()
PRC - C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Programme\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
PRC - C:\Windows\System32\PSIService.exe ()
PRC - C:\Programme\AGEIA Technologies\TrayIcon.exe ()
PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\David\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18005_none_5cb72f96088b0de0\comctl32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (MotoConnect Service) -- C:\Programme\Motorola\MotoConnectService\MotoConnectService.exe ()
SRV - (GoogleDesktopManager-093009-130223) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (resetWinService) -- C:\Program Files\Realtek Semiconductor Corp\Realtek USB 2.0 Card Reader\reset.exe ()
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (WLSetupSvc) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (usnjsvc) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (ProtexisLicensing) -- C:\Windows\System32\PSIService.exe ()
SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH)
DRV - (motmodem) -- C:\Windows\System32\drivers\motmodem.sys (Motorola)
DRV - (motccgp) -- C:\Windows\System32\drivers\motccgp.sys (Motorola)
DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (motccgpfl) -- C:\Windows\System32\drivers\motccgpfl.sys (Motorola)
DRV - (Cam5607) -- C:\Windows\System32\drivers\BisonC07.sys (Bison Electronics. Inc. )
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (RTSTOR) -- C:\Windows\System32\drivers\RTSTOR.sys (Realtek Semiconductor Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (netr28) -- C:\Windows\System32\drivers\netr28.sys (Ralink Technology, Corp.)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (MegaSR) -- C:\Windows\system32\drivers\megasr.sys (LSI Corporation, Inc.)
DRV - (adpu320) -- C:\Windows\system32\drivers\adpu320.sys (Adaptec, Inc.)
DRV - (megasas) -- C:\Windows\system32\drivers\megasas.sys (LSI Corporation)
DRV - (adpu160m) -- C:\Windows\system32\drivers\adpu160m.sys (Adaptec, Inc.)
DRV - (SiSRaid4) -- C:\Windows\system32\drivers\sisraid4.sys (Silicon Integrated Systems)
DRV - (HpCISSs) -- C:\Windows\system32\drivers\hpcisss.sys (Hewlett-Packard Company)
DRV - (adpahci) -- C:\Windows\system32\drivers\adpahci.sys (Adaptec, Inc.)
DRV - (LSI_SAS) -- C:\Windows\system32\drivers\lsi_sas.sys (LSI Logic)
DRV - (ql2300) -- C:\Windows\system32\drivers\ql2300.sys (QLogic Corporation)
DRV - (E1G60) Intel(R) -- C:\Windows\System32\drivers\E1G60I32.sys (Intel Corporation)
DRV - (arcsas) -- C:\Windows\system32\drivers\arcsas.sys (Adaptec, Inc.)
DRV - (iaStorV) -- C:\Windows\system32\drivers\iastorv.sys (Intel Corporation)
DRV - (vsmraid) -- C:\Windows\system32\drivers\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (ulsata2) -- C:\Windows\system32\drivers\ulsata2.sys (Promise Technology, Inc.)
DRV - (LSI_SCSI) -- C:\Windows\system32\drivers\lsi_scsi.sys (LSI Logic)
DRV - (LSI_FC) -- C:\Windows\system32\drivers\lsi_fc.sys (LSI Logic)
DRV - (arc) -- C:\Windows\system32\drivers\arc.sys (Adaptec, Inc.)
DRV - (elxstor) -- C:\Windows\system32\drivers\elxstor.sys (Emulex)
DRV - (adp94xx) -- C:\Windows\system32\drivers\adp94xx.sys (Adaptec, Inc.)
DRV - (nvraid) -- C:\Windows\system32\drivers\nvraid.sys (NVIDIA Corporation)
DRV - (nvstor) -- C:\Windows\system32\drivers\nvstor.sys (NVIDIA Corporation)
DRV - (uliahci) -- C:\Windows\system32\drivers\uliahci.sys (ULi Electronics Inc.)
DRV - (viaide) -- C:\Windows\system32\drivers\viaide.sys (VIA Technologies, Inc.)
DRV - (cmdide) -- C:\Windows\system32\drivers\cmdide.sys (CMD Technology, Inc.)
DRV - (aliide) -- C:\Windows\system32\drivers\aliide.sys (Acer Laboratories Inc.)
DRV - (MotoSwitchService) -- C:\Windows\System32\drivers\motswch.sys (Motorola)
DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH)
DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.)
DRV - (ql40xx) -- C:\Windows\system32\drivers\ql40xx.sys (QLogic Corporation)
DRV - (UlSata) -- C:\Windows\system32\drivers\ulsata.sys (Promise Technology, Inc.)
DRV - (nfrd960) -- C:\Windows\system32\drivers\nfrd960.sys (IBM Corporation)
DRV - (iirsp) -- C:\Windows\system32\drivers\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (aic78xx) -- C:\Windows\system32\drivers\djsvs.sys (Adaptec, Inc.)
DRV - (iteraid) -- C:\Windows\system32\drivers\iteraid.sys (Integrated Technology Express, Inc.)
DRV - (iteatapi) -- C:\Windows\system32\drivers\iteatapi.sys (Integrated Technology Express, Inc.)
DRV - (Symc8xx) -- C:\Windows\system32\drivers\symc8xx.sys (LSI Logic)
DRV - (Sym_u3) -- C:\Windows\system32\drivers\sym_u3.sys (LSI Logic)
DRV - (Mraid35x) -- C:\Windows\system32\drivers\mraid35x.sys (LSI Logic Corporation)
DRV - (Sym_hi) -- C:\Windows\system32\drivers\sym_hi.sys (LSI Logic)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\system32\drivers\brserid.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\system32\drivers\brusbser.sys (Brother Industries Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\drivers\brfiltup.sys (Brother Industries, Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\drivers\brfiltlo.sys (Brother Industries, Ltd.)
DRV - (BrSerWdm) -- C:\Windows\system32\drivers\brserwdm.sys (Brother Industries Ltd.)
DRV - (BrUsbMdm) -- C:\Windows\system32\drivers\brusbmdm.sys (Brother Industries Ltd.)
DRV - (ntrigdigi) -- C:\Windows\system32\drivers\ntrigdigi.sys (N-trig Innovative Technologies)
DRV - (se59obex) -- C:\Windows\System32\drivers\se59obex.sys (MCCI)
DRV - (se59mgmt) Sony Ericsson Device 089 USB WMC Device Management Drivers (WDM) -- C:\Windows\System32\drivers\se59mgmt.sys (MCCI)
DRV - (se59mdm) -- C:\Windows\System32\drivers\se59mdm.sys (MCCI)
DRV - (se59mdfl) -- C:\Windows\System32\drivers\se59mdfl.sys (MCCI)
DRV - (se59bus) Sony Ericsson Device 089 driver (WDM) -- C:\Windows\System32\drivers\se59bus.sys (MCCI)
DRV - (se59nd5) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (NDIS) -- C:\Windows\System32\drivers\se59nd5.sys (MCCI)
DRV - (se59unic) Sony Ericsson Device 089 USB Ethernet Emulation SEMC59 (WDM) -- C:\Windows\System32\drivers\se59unic.sys (MCCI)
DRV - (StMp3Rec) -- C:\Windows\System32\drivers\StMp3Rec.sys (Nike, Inc.)
DRV - (psa128u) -- C:\Windows\System32\drivers\psa128u.sys (Nike, Inc.)
DRV - (psa128s) -- C:\Windows\System32\drivers\psa128s.sys (Nike, Inc.)
DRV - (PSA128F) -- C:\Windows\System32\drivers\PSA128F.SYS (Nike, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Programme\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [AGEIA PhysX SysTray] C:\Programme\AGEIA Technologies\TrayIcon.exe ()
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BsMnt] C:\Programme\BisonCam\BsMnt.exe ()
O4 - HKLM..\Run: [Google Desktop Search] C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files\HomeCinema\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [mumservice] C:\Programme\Motorola\Software Update\mumservice.exe (Motorola)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD8\Language\Language.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\HomeCinema\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} -  File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-27-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Java Plug-in 1.6.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img11.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008.08.21 11:50:32 | 000,000,672 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010.05.24 00:56:22 | 000,571,904 | ---- | C] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2010.05.23 22:13:35 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Online Solutions
[2010.05.21 23:48:09 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Data
[2010.05.21 23:42:34 | 002,437,632 | ---- | C] (Codejock Software) -- C:\Users\David\Desktop\ToolkitPro1211vc80U.dll
[2010.05.21 23:42:34 | 001,392,640 | ---- | C] (Online Solutions) -- C:\Users\David\Desktop\osam_gui.dll
[2010.05.21 23:42:34 | 001,093,632 | ---- | C] (Online Solutions) -- C:\Users\David\Desktop\osam_srv.dll
[2010.05.21 23:42:34 | 001,093,120 | ---- | C] (Microsoft Corporation) -- C:\Users\David\Desktop\mfc80u.dll
[2010.05.21 23:42:34 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Users\David\Desktop\msvcr80.dll
[2010.05.21 23:42:34 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\Users\David\Desktop\msvcp80.dll
[2010.05.21 23:42:34 | 000,372,736 | ---- | C] (Online Solutions) -- C:\Users\David\Desktop\osam.exe
[2010.05.19 17:39:45 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.05.11 22:16:55 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\David Passfoto
[2010.05.05 21:07:18 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Kids
[2010.05.05 21:07:11 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\Carport
[2010.05.05 21:07:04 | 000,000,000 | ---D | C] -- C:\Users\David\Desktop\kids für Kalender
[2010.05.02 09:15:32 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Malwarebytes
[2010.05.02 09:15:17 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.05.02 09:15:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010.05.02 09:15:16 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010.05.02 09:15:16 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.01 19:45:27 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Simply Super Software
[2010.05.01 19:45:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2010.05.01 17:29:54 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\Avira
[2010.05.01 17:14:59 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2010.05.01 17:14:58 | 000,124,784 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys
[2010.05.01 17:14:58 | 000,060,936 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys
[2010.05.01 17:14:58 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010.05.01 17:14:58 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010.05.01 17:14:57 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2010.05.01 17:14:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2010.05.01 16:31:37 | 000,000,000 | ---D | C] -- C:\Users\David\AppData\Roaming\1FC18452E7E8AA1106E7B7478CE39503
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010.05.24 00:59:29 | 002,621,440 | -HS- | M] () -- C:\Users\David\NTUSER.DAT
[2010.05.24 00:56:29 | 000,571,904 | ---- | M] (OldTimer Tools) -- C:\Users\David\Desktop\OTL.exe
[2010.05.24 00:56:00 | 001,447,804 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2010.05.24 00:56:00 | 000,628,910 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2010.05.24 00:56:00 | 000,595,946 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010.05.24 00:56:00 | 000,127,606 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2010.05.24 00:56:00 | 000,105,276 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010.05.24 00:55:00 | 000,000,438 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{103B65BD-4798-4CA0-9487-EB211B637804}.job
[2010.05.24 00:49:04 | 000,134,739 | ---- | M] () -- C:\ProgramData\nvModes.001
[2010.05.24 00:48:47 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.24 00:48:44 | 000,134,739 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2010.05.24 00:48:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010.05.24 00:48:27 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010.05.24 00:48:26 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[2010.05.24 00:48:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010.05.24 00:48:13 | 3215,851,520 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.24 00:47:35 | 000,524,288 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{e7d54e1d-0282-11df-a894-001f1614268e}.TMContainer00000000000000000001.regtrans-ms
[2010.05.24 00:47:35 | 000,065,536 | -HS- | M] () -- C:\Users\David\NTUSER.DAT{e7d54e1d-0282-11df-a894-001f1614268e}.TM.blf
[2010.05.24 00:47:13 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010.05.24 00:47:08 | 001,666,140 | -H-- | M] () -- C:\Users\David\AppData\Local\IconCache.db
[2010.05.24 00:22:00 | 000,001,096 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.21 23:41:57 | 004,272,474 | ---- | M] () -- C:\Users\David\Desktop\osam_autorun_manager_5_0_portable.rar
[2010.05.21 22:41:04 | 000,293,376 | ---- | M] () -- C:\Users\David\Desktop\e7tr3c5p.exe
[2010.05.19 23:47:33 | 000,001,083 | ---- | M] () -- C:\Users\David\Documents\mbam-log-2010-05-19 (23-47-04) 23 uhr 47
[2010.05.19 23:32:29 | 000,000,082 | ---- | M] () -- C:\Users\David\Documents\cc_20100519_233226.reg
[2010.05.19 20:26:24 | 000,000,082 | ---- | M] () -- C:\Users\David\Documents\cc_20100519_202621.reg
[2010.05.19 17:49:51 | 000,000,206 | ---- | M] () -- C:\Users\David\Documents\cc_20100519_174938.reg
[2010.05.19 17:49:01 | 000,068,716 | ---- | M] () -- C:\Users\David\Documents\cc_20100519_174850.reg
[2010.05.19 17:48:15 | 000,000,082 | ---- | M] () -- C:\Users\David\Documents\cc_20100519_174806.reg
[2010.05.19 17:39:46 | 000,001,674 | ---- | M] () -- C:\Users\David\Desktop\CCleaner.lnk
[2010.05.11 22:30:49 | 000,107,781 | ---- | M] () -- C:\Users\David\Desktop\setz-fix.pdf
[2010.05.02 09:15:20 | 000,000,822 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.01 17:29:01 | 000,001,891 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010.05.01 17:15:09 | 000,001,851 | ---- | M] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.05.01 16:22:37 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2010.04.30 20:33:58 | 000,311,608 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010.04.29 12:19:24 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010.04.29 12:19:14 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010.05.21 23:42:34 | 000,002,371 | ---- | C] () -- C:\Users\David\Desktop\Microsoft.VC80.MFC.manifest
[2010.05.21 23:42:34 | 000,001,869 | ---- | C] () -- C:\Users\David\Desktop\Microsoft.VC80.CRT.manifest
[2010.05.21 23:41:45 | 004,272,474 | ---- | C] () -- C:\Users\David\Desktop\osam_autorun_manager_5_0_portable.rar
[2010.05.21 22:41:02 | 000,293,376 | ---- | C] () -- C:\Users\David\Desktop\e7tr3c5p.exe
[2010.05.19 23:47:33 | 000,001,083 | ---- | C] () -- C:\Users\David\Documents\mbam-log-2010-05-19 (23-47-04) 23 uhr 47
[2010.05.19 23:32:29 | 000,000,082 | ---- | C] () -- C:\Users\David\Documents\cc_20100519_233226.reg
[2010.05.19 20:26:24 | 000,000,082 | ---- | C] () -- C:\Users\David\Documents\cc_20100519_202621.reg
[2010.05.19 17:49:40 | 000,000,206 | ---- | C] () -- C:\Users\David\Documents\cc_20100519_174938.reg
[2010.05.19 17:48:53 | 000,068,716 | ---- | C] () -- C:\Users\David\Documents\cc_20100519_174850.reg
[2010.05.19 17:48:15 | 000,000,082 | ---- | C] () -- C:\Users\David\Documents\cc_20100519_174806.reg
[2010.05.19 17:39:46 | 000,001,674 | ---- | C] () -- C:\Users\David\Desktop\CCleaner.lnk
[2010.05.11 22:30:49 | 000,107,781 | ---- | C] () -- C:\Users\David\Desktop\setz-fix.pdf
[2010.05.02 11:33:44 | 3215,851,520 | -HS- | C] () -- C:\hiberfil.sys
[2010.05.02 09:15:20 | 000,000,822 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010.05.01 17:15:09 | 000,001,851 | ---- | C] () -- C:\Users\Public\Desktop\Avira AntiVir Control Center.lnk
[2010.03.09 13:03:06 | 000,069,632 | R--- | C] () -- C:\Windows\System32\xmltok.dll
[2010.03.09 13:03:06 | 000,036,864 | R--- | C] () -- C:\Windows\System32\xmlparse.dll
[2010.01.30 13:01:42 | 000,138,464 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2009.12.12 23:12:09 | 000,002,828 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys
[2009.12.12 23:12:09 | 000,000,088 | RHS- | C] () -- C:\Windows\System32\9FB2002FA4.sys
[2009.11.06 10:58:04 | 000,178,975 | ---- | C] () -- C:\Windows\System32\xlive.dll.cat
[2009.09.13 18:53:12 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009.08.03 15:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll
[2008.12.18 05:36:10 | 000,009,824 | ---- | C] () -- C:\Windows\System32\716xCoInstaller.dll
[2008.12.15 08:53:24 | 000,015,190 | ---- | C] () -- C:\Windows\M3000Twn.ini
[2008.12.09 13:15:52 | 000,009,336 | ---- | C] () -- C:\Windows\System32\WinIo.sys
[2006.11.02 14:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006.11.02 09:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006.03.20 21:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll
[2006.03.20 21:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll
[2006.03.20 21:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll
[2006.03.20 21:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll
[2006.03.20 21:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll
[2006.03.20 21:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll
[2006.03.20 21:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll
[2006.03.20 21:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll
[2006.03.20 21:43:15 | 000,045,056 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll
[2006.03.09 10:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:CB0AACC9
< End of report >
Danke
Daveomillo

Alt 24.05.2010, 13:49   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys - Standard

Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


Das andere Log ist nicht ganz so wichtig, brauch ich nicht unbedingt.
Das Log was Du gepostet hast, sieht unauffällig aus. Noch Probleme oder Meldungen?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 24.05.2010, 15:16   #12
Daveomillo
 
Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys - Icon24

Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


Hallo. Ist mein System nun wieder komplett sauber? Hab eben noch nen Quickscann von Malewarebytes gemacht (s. u.), keine Meldung. Im vorherigen Vollscann (wie von Dir empfohlen) war noch eine Meldung (Infizierte Dateien:
C:\Windows\Tasks\{8C3FDD81-7AE0-4605-A46A-2488B179F2A3}.job (Trojan.Downloader) -> No action taken.) Den Eintrag hab ich eben gelöscht aus der Quarantaine.

Noch ne Frage: Telekom hat mir den Versand von emails z. Zt. beschränkt (abuse-Meldung). Kann ich mir mittlerweile die Sperre wieder freischalten lassen, sprich, ist also mein system wieder sauber?

Hier der aktuellste Log von Malewarebytes allerdings nur quickscann:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4137

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

24.05.2010 15:56:43
mbam-log-2010-05-24 (15-56-43).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 129677
Laufzeit: 5 Minute(n), 18 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)


vielen Dank
Daveomillo

Alt 24.05.2010, 16:37   #13
Daveomillo
 
Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys - Icon24

Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


Hab nochmal einen Vollscann in Malewarebytes gemacht, kein Eintrag mehr (s. Logdatei hier). D.h., eigentlich ist jetzt alles wieder sauber, oder?

Hier die Logdatei v. Malewarebytes:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4138

Windows 6.0.6002 Service Pack 2
Internet Explorer 8.0.6001.18904

24.05.2010 17:23:38
mbam-log-2010-05-24 (17-23-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 276248
Laufzeit: 1 Stunde(n), 5 Minute(n), 56 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

vielen Dank
Daveomillo

Antwort

Themen zu Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys
anmeldung, anti, anti maleware, anti malware, anti-malware, beseitigung, bösartige, c:\windows, cc cleaner, cleaner, dateien, digital, einsatz, explorer, foren, gesuch, helft, logdatei, maleware, meldung, minute, neustart, protection, service, system, system32, version, windows


« malware doctor (idstrf) nimmt kein Ende | system infiziert? »


Ähnliche Themen: Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys


  1. Avira meldet TR/Rootkit.Gen in C:windows/system32/drivers....was ist zu tun?
    Plagegeister aller Art und deren Bekämpfung - 19.07.2014 (22)
  2. Trojaner/Rootkit TR/Agent.37888.248 in C:\WINDOWS\system32\drivers\a127b2c0fb888938.sys
    Log-Analyse und Auswertung - 05.07.2014 (15)
  3. TR/Rootkit.Gen2'-'C:\WINDOWS\system32\drivers\sptd.sys'
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (1)
  4. Rootkit C:\windows\system32\drivers\volmgr.sys
    Plagegeister aller Art und deren Bekämpfung - 01.02.2011 (8)
  5. TR/Rootkit.Gen in C:\Windows\System32\drivers\ghldywj.sys
    Plagegeister aller Art und deren Bekämpfung - 25.12.2010 (9)
  6. Rootkit.Bubnix in c:\windows\system32\drivers\qmjlmyja.sys
    Plagegeister aller Art und deren Bekämpfung - 20.08.2010 (23)
  7. Rootkit Agent in C:\WINDOWS\system32\drivers\lpvmtsvd.sys
    Plagegeister aller Art und deren Bekämpfung - 19.08.2010 (13)
  8. Rootkit in C:\Windows\system32\drivers\afkw4fu9.sys ?
    Log-Analyse und Auswertung - 08.08.2010 (4)
  9. Rootkit Bubnix.au in c:\windows\system32\drivers\hljrifmj.sys
    Plagegeister aller Art und deren Bekämpfung - 21.06.2010 (10)
  10. TR/Rootkit.Gen in C:\WINDOWS\system32\drivers\herbh.sys
    Plagegeister aller Art und deren Bekämpfung - 01.06.2010 (16)
  11. TR/Rootkit.Gen in C:\Windows\System32\drivers\ezokdc.sys
    Plagegeister aller Art und deren Bekämpfung - 30.05.2010 (6)
  12. Tr/rootkit.gen windows/system32/Drivers.lnuuf.sys (rootkit Agent)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2010 (1)
  13. Rootkit.Agent../System32/Drivers/
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (46)
  14. Was tun? Virus Rootkit C:\Windows\System32\drivers\hsntoaox.sys
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (12)
  15. C:\WINDOWS\system32\drivers\**; befürchte Rootkit
    Plagegeister aller Art und deren Bekämpfung - 23.04.2010 (18)
  16. Rootkit.Win32.Agent.besn in system32\drivers\aec.sys / syspck32 im Autostart
    Plagegeister aller Art und deren Bekämpfung - 01.04.2010 (8)
  17. Rootkit.Agent im system32\drivers\qkavedba.sys
    Plagegeister aller Art und deren Bekämpfung - 14.03.2010 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys - Hallo. Ich bin mit Rootkit.Agent verseucht. Malwarebytes Anti Malware findet auch nach Beseitigung nach dem Neustart immer wieder den selben Eintrag. Trotz Einsatz des CC Cleaner auch kein Erfolg. Ich - Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys...
Archiv
Du betrachtest: Rootkit.Agent bringe ich nicht los C:\Windows\system32\Drivers\rlmij.sys auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55