|
IE öffnet sich von selbst mit Werbung... Hallo! Leider habe ich auch ein Problem mit dem IE der sich ständig mit Werbeseiten, z.B. partypoker.com öffnet. Ich habe nach einer inteniven googlesuche schon einiges ausprobiert, bisher jedoch keinen Erfolg gehabt. Antivir findet nichts, ebenso ad-aware. Mein Betriebssystem ist Windows Vista. Und hier kommt mein HJT report: Logfile of HijackThis v1.99.1 Scan saved at 19:39:41, on 09.01.2008 Platform: Unknown Windows (WinNT 6.00.1904) MSIE: Internet Explorer v7.00 (7.00.6000.16575) Running processes: C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\firefox.exe C:\Users\Stephie\Desktop\hijackthis\HijackThis.exe C:\Program Files\Windows Live\Mail\wlmail.exe O1 - Hosts: ::1 localhost O2 - BHO: Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe O4 - HKLM\..\Run: [SMSERIAL] "C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" O4 - HKLM\..\Run: [SynTPEnh] "C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" O4 - HKLM\..\Run: [IAAnotif] "C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe O4 - HKLM\..\Run: [LaunchAp] "C:\Program Files\Launch Manager\LaunchAp.exe" O4 - HKLM\..\Run: [HotkeyApp] "C:\Program Files\Launch Manager\HotkeyApp.exe" O4 - HKLM\..\Run: [LMgrOSD] "C:\Program Files\Launch Manager\OSD.exe" O4 - HKLM\..\Run: [Wbutton] "C:\Program Files\Launch Manager\Wbutton.exe" O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min O4 - HKLM\..\Run: [NBKeyScan] "C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe O4 - HKLM\..\Run: [CtrlVol] C:\Program Files\Launch Manager\CtrlVol.exe O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun O4 - Global Startup: p6_19_erinnerung.lnk = C:\Program Files\phase6\phase6_19_download\WinStart\p6erinnerung.exe O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra 'Tools' menuitem: Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-22/4 (file missing) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-22/4 (file missing) O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL O9 - Extra button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-22/4 (file missing) (HKCU) O9 - Extra 'Tools' menuitem: eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - http://rover.ebay.com/rover/1/707-1170-17534-22/4 (file missing) (HKCU) O10 - Unknown file in Winsock LSP: c:\windows\system32\nlaapi.dll O10 - Unknown file in Winsock LSP: c:\windows\system32\napinsp.dll O11 - Options group: [INTERNATIONAL] International* O13 - Gopher Prefix: O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1183949065925 O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab O18 - Protocol: ms-help - {314111C7-A502-11D2-BBCA-00C04F8EC294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL O18 - Protocol: wlmailhtml - {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll O18 - Filter hijack: text/xml - {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe O23 - Service: AntiVir PersonalEdition Classic Planer (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe O23 - Service: @%SystemRoot%\ehome\ehstart.dll,-101 (ehstart) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe O23 - Service: @%SystemRoot%\system32\qwave.dll,-1 (QWAVE) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: @%SystemRoot%\system32\seclogon.dll,-7001 (seclogon) - Unknown owner - %windir%\system32\svchost.exe (file missing) O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe O23 - Service: WisLMSvc - Wistron Corp. - C:\Program Files\Launch Manager\WisLMSvc.exe O23 - Service: Windows Live Setup Service (WLSetupSvc) - Unknown owner - C:\Program Files\Windows Live\installer\WLSetupSvc.exe O23 - Service: @%ProgramFiles%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - %ProgramFiles%\Windows Media Player\wmpnetwk.exe (file missing) Danke schonmal im Voraus für eure Hilfe!!!:) |
Hallo bittersweet83 und Willkommen! Arbeite zunächst diese Punkte ab, damit wir einen besseren Überblick und mehr Informationen zu deinem System bekommen: Anleitung SmitfraudFix: Lade dir dieses Tool -> SmitfraudFix -Starte es dann und lass das System durchsuchen. (Option 1) -Poste danach wie in der Anleitung beschrieben, das Ergebnis des Scans ComboFix -Lade dir das Tool hier herunter -> KLICK -Starte nun die combofix.exe, bestätige mit (Y)es, lass die Bereinigung durchlaufen und kopiere nun den Text ab, und füge ihn in deinen Beitrag im Board ein! Filelist 1. Lade das filelist.zip auf deinen Desktop herunter. 2. Entpacke die Zip-Datei auf deinen Desktop (mit WINZIP), öffne die nun auf deinem Destop vorhandene filelist.bat mit einem Doppelklick auf die Datei 3. Dein Editor (Textverarbeitungsprogramm) wird sich öffnen 4. Markiere von diesem Inhalt aus jedem Verzeichnis jeweils die letzten 30 Tage, wähle kopieren, füge diese Dateien in deinem nächsten Beitrag ein. Dies sind die Verzeichnisse von denen wir jeweils die letzten 30 Tage sehen wollen: Verzeichnis von C:\ Verzeichnis von C:\WINDOWS\system32 Verzeichnis von C:\WINDOWS Verzeichnis von C:\WINDOWS\Prefetch (Windows XP) Verzeichnis von C:\WINDOWS\tasks Verzeichnis von C:\WINDOWS\Temp Verzeichnis von C:\DOCUME~1\Name\LOCALS~1\Temp *Ein Dankeschön an das Forum HijackThis und besonders Karl83 für die Anleitung* |
Hallo hier die gewünschten Ergebnisse: SmitFraudFix v2.274 Scan done at 17:46:50,64, 10.01.2008 Run from C:\Users\Stephie\Desktop\SmitfraudFix OS: Microsoft Windows [Version 6.0.6000] - Windows_NT The filesystem type is NTFS Fix run in normal mode »»»»»»»»»»»»»»»»»»»»»»»» Process C:\Windows\system32\csrss.exe C:\Windows\system32\wininit.exe C:\Windows\system32\csrss.exe C:\Windows\system32\services.exe C:\Windows\system32\lsass.exe C:\Windows\system32\lsm.exe C:\Windows\system32\winlogon.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\system32\SLsvc.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe C:\Windows\system32\svchost.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe C:\Program Files\Common Files\LightScribe\LSSrvc.exe C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe C:\Windows\system32\svchost.exe C:\Windows\system32\svchost.exe C:\Windows\servicing\TrustedInstaller.exe C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe C:\Windows\System32\svchost.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Program Files\Windows Defender\MSASCui.exe C:\Windows\RtHDVCpl.exe C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe C:\Program Files\Synaptics\SynTP\SynTPEnh.exe C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe C:\Windows\System32\hkcmd.exe C:\Windows\System32\igfxpers.exe C:\Program Files\Launch Manager\LaunchAp.exe C:\Program Files\Launch Manager\HotkeyApp.exe C:\Program Files\Launch Manager\OSD.exe C:\Program Files\Launch Manager\WButton.exe C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe C:\Windows\system32\igfxsrvc.exe C:\Program Files\Windows Sidebar\sidebar.exe C:\Program Files\Launch Manager\WisLMSvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\firefox.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\cmd.exe C:\Windows\system32\conime.exe C:\Windows\system32\wbem\wmiprvse.exe »»»»»»»»»»»»»»»»»»»»»»»» hosts »»»»»»»»»»»»»»»»»»»»»»»» C:\ »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\Web »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32 »»»»»»»»»»»»»»»»»»»»»»»» C:\Windows\system32\LogFiles »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Stephie »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Stephie\Application Data »»»»»»»»»»»»»»»»»»»»»»»» Start Menu »»»»»»»»»»»»»»»»»»»»»»»» C:\Users\Stephie\FAVORI~1 »»»»»»»»»»»»»»»»»»»»»»»» Desktop »»»»»»»»»»»»»»»»»»»»»»»» C:\Program Files »»»»»»»»»»»»»»»»»»»»»»»» Corrupted keys »»»»»»»»»»»»»»»»»»»»»»»» Desktop Components »»»»»»»»»»»»»»»»»»»»»»»» IEDFix !!!Attention, following keys are not inevitably infected!!! IEDFix.exe by S!Ri »»»»»»»»»»»»»»»»»»»»»»»» Sharedtaskscheduler !!!Attention, following keys are not inevitably infected!!! SrchSTS.exe by S!Ri Search SharedTaskScheduler's .dll »»»»»»»»»»»»»»»»»»»»»»»» AppInit_DLLs !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "AppInit_DLLs"="" "LoadAppInit_DLLs"=dword:00000000 »»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System !!!Attention, following keys are not inevitably infected!!! [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] »»»»»»»»»»»»»»»»»»»»»»»» Rustock »»»»»»»»»»»»»»»»»»»»»»»» DNS Description: Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter DNS Server Search Order: 192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\..\{310825A3-322D-4107-AFC5-1E187FC18390}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\..\{310825A3-322D-4107-AFC5-1E187FC18390}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\..\{310825A3-322D-4107-AFC5-1E187FC18390}: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.2.1 »»»»»»»»»»»»»»»»»»»»»»»» Scanning for wininet.dll infection »»»»»»»»»»»»»»»»»»»»»»»» End Und hier die Ergebnisse von combofix: ComboFix 08-01-10.2 - Stephie 2008-01-10 17:49:52.1 - NTFSx86 Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1031.18.1214 [GMT 1:00] ausgeführt von:: C:\Users\Stephie\Desktop\ComboFix.exe * Neuer Wiederherstellungspunkt wurde erstellt . ((((((((((((((((((((((( Dateien erstellt von 2007-12-10 bis 2008-01-10 )))))))))))))))))))))))))))))) . 2008-01-10 17:49 . 2000-08-31 08:00 51,200 --a------ C:\Windows\NirCmd.exe 2008-01-10 17:46 . 2007-09-05 23:22 289,144 --a------ C:\Windows\System32\VCCLSID.exe 2008-01-10 17:46 . 2006-04-27 16:49 288,417 --a------ C:\Windows\System32\SrchSTS.exe 2008-01-10 17:46 . 2007-12-20 23:11 81,920 --a------ C:\Windows\System32\IEDFix.exe 2008-01-10 17:46 . 2003-06-05 20:13 53,248 --a------ C:\Windows\System32\Process.exe 2008-01-10 17:46 . 2004-07-31 17:50 51,200 --a------ C:\Windows\System32\dumphive.exe 2008-01-10 17:46 . 2007-10-03 23:36 25,600 --a------ C:\Windows\System32\WS2Fix.exe 2008-01-10 17:46 . 2008-01-10 17:46 3,872 --a------ C:\Windows\System32\tmp.reg 2008-01-09 19:54 . 2008-01-09 19:54 802,816 --a------ C:\Windows\System32\drivers\tcpip.sys 2008-01-09 19:54 . 2008-01-09 19:54 216,760 --a------ C:\Windows\System32\drivers\netio.sys 2008-01-09 19:54 . 2008-01-09 19:54 167,424 --a------ C:\Windows\System32\tcpipcfg.dll 2008-01-09 19:54 . 2008-01-09 19:54 24,064 --a------ C:\Windows\System32\netcfg.exe 2008-01-09 19:54 . 2008-01-09 19:54 22,016 --a------ C:\Windows\System32\netiougc.exe 2008-01-09 19:53 . 2008-01-09 19:53 4,247,552 --a------ C:\Windows\System32\GameUXLegacyGDFs.dll 2008-01-09 19:53 . 2008-01-09 19:53 1,686,016 --a------ C:\Windows\System32\gameux.dll 2008-01-09 19:53 . 2008-01-09 19:53 1,060,920 --a------ C:\Windows\System32\drivers\ntfs.sys 2008-01-09 19:53 . 2008-01-09 19:53 211,000 --a------ C:\Windows\System32\drivers\volsnap.sys 2008-01-09 19:53 . 2008-01-09 19:53 154,624 --a------ C:\Windows\System32\drivers\nwifi.sys 2008-01-09 19:53 . 2008-01-09 19:53 110,136 --a------ C:\Windows\System32\drivers\ataport.sys 2008-01-09 19:53 . 2008-01-09 19:53 45,112 --a------ C:\Windows\System32\drivers\pciidex.sys 2008-01-09 19:53 . 2008-01-09 19:53 21,560 --a------ C:\Windows\System32\drivers\atapi.sys 2008-01-09 19:53 . 2008-01-09 19:53 17,976 --a------ C:\Windows\System32\drivers\intelide.sys 2008-01-09 19:53 . 2008-01-09 19:53 11,776 --a------ C:\Windows\System32\sbunattend.exe 2008-01-08 16:51 . 2008-01-08 16:51 <DIR> d-------- C:\Users\All Users\Lavasoft 2008-01-08 16:51 . 2008-01-08 16:51 <DIR> d-------- C:\ProgramData\Lavasoft 2008-01-08 16:51 . 2008-01-08 16:51 <DIR> d-------- C:\Program Files\Lavasoft 2008-01-08 14:55 . 2008-01-08 14:55 <DIR> d-------- C:\Program Files\Bold Math Readme 2008-01-06 12:36 . 2008-01-06 12:36 <DIR> d-------- C:\Program Files\Kaspersky Lab 2008-01-02 17:42 . 2008-01-03 13:16 2,862 --------- C:\Windows\tm.ini 2008-01-02 17:42 . 2008-01-02 17:42 0 --------- C:\Windows\tdf.dii 2008-01-02 12:06 . 2008-01-03 13:42 101 --a------ C:\Windows\wiso.ini 2008-01-02 11:52 . 2008-01-02 11:52 <DIR> d-------- C:\Users\Stephie\AppData\Roaming\Buhl Data Service 2008-01-02 11:52 . 2008-01-02 11:52 <DIR> d-------- C:\Users\All Users\Buhl Data Service GmbH 2008-01-02 11:52 . 2008-01-02 11:52 <DIR> d-------- C:\ProgramData\Buhl Data Service GmbH 2008-01-01 23:14 . 2008-01-01 23:48 <DIR> d-------- C:\Program Files\Enigma Software Group 2008-01-01 22:09 . 2008-01-08 14:56 <DIR> d-------- C:\Users\All Users\Bold Math Readme 2008-01-01 22:09 . 2008-01-08 14:56 <DIR> d-------- C:\ProgramData\Bold Math Readme 2008-01-01 21:32 . 2008-01-01 21:34 <DIR> d-------- C:\Program Files\Common Files\Nero 2007-12-31 17:16 . 2007-12-31 17:16 54,156 --ah----- C:\Windows\QTFont.qfn 2007-12-31 17:16 . 2007-12-31 17:16 1,409 --a------ C:\Windows\QTFont.for 2007-12-30 13:48 . 2007-12-30 13:50 <DIR> d-------- C:\Program Files\Azureus 2007-12-30 00:13 . 2007-12-30 00:13 <DIR> d-------- C:\Users\All Users\Azureus 2007-12-30 00:13 . 2007-12-30 00:13 <DIR> d-------- C:\ProgramData\Azureus 2007-12-20 15:54 . 2007-12-20 15:54 <DIR> d-------- C:\Users\All Users\Apple Computer 2007-12-20 15:54 . 2007-12-20 15:54 <DIR> d-------- C:\Users\All Users\Apple 2007-12-20 15:54 . 2007-12-20 15:54 <DIR> d-------- C:\ProgramData\Apple Computer 2007-12-20 15:54 . 2007-12-20 15:54 <DIR> d-------- C:\ProgramData\Apple 2007-12-20 15:54 . 2007-12-20 15:55 <DIR> d-------- C:\Program Files\QuickTime 2007-12-20 15:54 . 2007-12-20 15:54 <DIR> d-------- C:\Program Files\Apple Software Update 2007-12-13 19:09 . 2007-12-13 19:09 972,072 --a------ C:\Windows\UNNeroMediaHome.exe 2007-12-11 21:02 . 2007-12-11 21:02 1,327,104 --a------ C:\Windows\System32\quartz.dll 2007-12-11 21:02 . 2007-12-11 21:02 223,232 --a------ C:\Windows\System32\WMASF.DLL 2007-12-11 21:02 . 2007-12-11 21:02 9,728 --a------ C:\Windows\System32\LAPRXY.DLL 2007-12-11 21:02 . 2007-12-11 21:02 2,048 --a------ C:\Windows\System32\asferror.dll 2007-12-11 21:00 . 2007-12-11 21:00 3,504,824 --a------ C:\Windows\System32\ntkrnlpa.exe 2007-12-11 21:00 . 2007-12-11 21:00 3,470,520 --a------ C:\Windows\System32\ntoskrnl.exe 2007-12-11 21:00 . 2007-12-11 21:00 2,048 --a------ C:\Windows\System32\tzres.dll 2007-12-11 10:57 . 2007-12-11 10:57 65,536 --a------ C:\Windows\System32\QuickTimeVR.qtx 2007-12-11 10:57 . 2007-12-11 10:57 49,152 --a------ C:\Windows\System32\QuickTime.qts . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2008-01-10 16:38 972 ----a-w C:\Program Files\active-update.xml 2008-01-10 16:33 --------- d-----w C:\Program Files\Windows Mail 2008-01-09 18:53 537,600 ----a-w C:\Windows\AppPatch\AcLayers.dll 2008-01-09 18:53 449,024 ----a-w C:\Windows\AppPatch\AcSpecfc.dll 2008-01-09 18:53 2,143,744 ----a-w C:\Windows\AppPatch\AcGenral.dll 2008-01-09 18:53 173,056 ----a-w C:\Windows\AppPatch\AcXtrnal.dll 2008-01-09 18:53 --------- d-----w C:\Program Files\Windows Sidebar 2008-01-09 18:45 4,647 ----a-w C:\Program Files\updates.xml 2008-01-09 17:14 --------- d-----w C:\Program Files\extensions 2008-01-08 17:16 --------- d-----w C:\Users\Stephie\AppData\Roaming\Azureus 2008-01-08 15:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard 2008-01-08 14:09 --------- d-----w C:\Users\Stephie\AppData\Roaming\LimeWire 2008-01-08 13:56 --------- d-----w C:\ProgramData\Bin Wait Ante Cast 2008-01-03 13:40 --------- d--h--w C:\Program Files\InstallShield Installation Information 2008-01-02 10:56 --------- d-----w C:\Program Files\Common Files\Buhl Data Service 2008-01-01 20:32 --------- d-----w C:\ProgramData\Nero 2007-12-24 17:43 --------- d-----w C:\Program Files\uninstall 2007-12-22 23:09 --------- d-----w C:\Users\Stephie\AppData\Roaming\Winamp 2007-12-20 14:55 --------- d-----w C:\Program Files\plugins 2007-12-20 14:55 --------- d-----w C:\Program Files\components 2007-12-19 21:40 --------- d-----w C:\Program Files\Trillian 2007-12-11 20:01 84,992 ----a-w C:\Windows\system32\drivers\srvnet.sys 2007-12-11 20:01 58,368 ----a-w C:\Windows\system32\drivers\mrxsmb20.sys 2007-12-11 20:01 56,320 ----a-w C:\Windows\System32\iesetup.dll 2007-12-11 20:01 52,736 ----a-w C:\Windows\AppPatch\iebrshim.dll 2007-12-11 20:01 26,624 ----a-w C:\Windows\System32\ieUnatt.exe 2007-12-11 20:01 130,048 ----a-w C:\Windows\system32\drivers\srv2.sys 2007-12-11 20:01 101,888 ----a-w C:\Windows\system32\drivers\mrxsmb.sys 2007-12-04 11:08 --------- d-----w C:\ProgramData\Microsoft Help 2007-12-04 08:59 972,072 ----a-w C:\Windows\UNRecode.exe 2007-12-03 17:04 95,600 ----a-w C:\Windows\System32\NeroCo.dll 2007-11-20 21:10 --------- d-----w C:\Users\Stephie\AppData\Roaming\Nero 2007-11-20 21:06 --------- d-----w C:\Program Files\Nero 2007-11-20 20:46 1,244,672 ----a-w C:\Windows\System32\mcmde.dll 2007-11-20 20:06 --------- d-----w C:\ProgramData\Ulead Systems 2007-11-20 19:40 --------- d-----w C:\Users\Stephie\AppData\Roaming\DivX 2007-11-16 10:36 704,000 ----a-w C:\Windows\System32\PhotoScreensaver.scr 2007-11-16 10:35 67,584 ----a-w C:\Windows\System32\wlanhlp.dll 2007-11-16 10:35 542,720 ----a-w C:\Windows\System32\sysmain.dll 2007-11-16 10:35 502,784 ----a-w C:\Windows\System32\wlansvc.dll 2007-11-16 10:35 47,104 ----a-w C:\Windows\System32\wlanapi.dll 2007-11-16 10:35 297,984 ----a-w C:\Windows\System32\wlansec.dll 2007-11-16 10:35 290,816 ----a-w C:\Windows\System32\wlanmsm.dll 2007-11-16 10:35 28,344 ----a-w C:\Windows\system32\drivers\battc.sys 2007-11-16 10:35 258,232 ----a-w C:\Windows\system32\drivers\acpi.sys 2007-11-16 10:35 24,064 ----a-w C:\Windows\System32\wtsapi32.dll 2007-11-16 10:35 20,920 ----a-w C:\Windows\system32\drivers\compbatt.sys 2007-11-16 10:35 2,923,520 ----a-w C:\Windows\explorer.exe 2007-11-16 10:35 2,027,008 ----a-w C:\Windows\System32\win32k.sys 2007-11-16 10:35 14,208 ----a-w C:\Windows\system32\drivers\CmBatt.sys 2007-11-16 10:35 11,264 ----a-w C:\Windows\system32\drivers\wmiacpi.sys 2007-11-11 17:01 108,144 ----a-w C:\Windows\System32\CmdLineExt.dll 2007-11-11 17:01 --------- d--h--r C:\Users\Stephie\AppData\Roaming\SecuROM 2007-11-11 15:22 --------- d-----w C:\Program Files\phase6 2007-10-28 19:04 0 ----a-w C:\Program Files\.autoreg 2007-10-10 16:52 8,147,968 ----a-w C:\Windows\System32\wmploc.DLL 2007-10-10 16:52 7,680 ----a-w C:\Windows\System32\spwmp.dll 2007-10-10 16:52 4,096 ----a-w C:\Windows\System32\dxmasf.dll 2007-10-10 16:52 356,864 ----a-w C:\Windows\System32\MediaMetadataHandler.dll 2007-10-10 16:50 84,480 ----a-w C:\Windows\System32\INETRES.dll 2007-10-10 16:50 788,992 ----a-w C:\Windows\System32\rpcrt4.dll 2007-10-10 16:50 737,792 ----a-w C:\Windows\System32\inetcomm.dll 2007-09-19 10:48 73,584 ----a-r C:\Program Files\xpcom_compat.dll 2007-09-19 10:48 73,072 ----a-r C:\Program Files\xpicleanup.exe 2007-09-19 10:48 7,644,520 ----a-r C:\Program Files\firefox.exe 2007-09-19 10:48 476 ----a-w C:\Program Files\softokn3.chk 2007-09-19 10:48 476 ----a-w C:\Program Files\freebl3.chk 2007-09-19 10:48 456,032 ----a-r C:\Program Files\js3250.dll 2007-09-19 10:48 421,736 ----a-r C:\Program Files\xpcom_core.dll 2007-09-19 10:48 378,208 ----a-r C:\Program Files\nss3.dll 2007-09-19 10:48 34,160 ----a-r C:\Program Files\plc4.dll 2007-09-19 10:48 30,056 ----a-r C:\Program Files\plds4.dll 2007-09-19 10:48 271,720 ----a-r C:\Program Files\nssckbi.dll 2007-09-19 10:48 254,060 ----a-r C:\Program Files\softokn3.dll 2007-09-19 10:48 200,829 ----a-r C:\Program Files\freebl3.dll 2007-09-19 10:48 161,128 ----a-r C:\Program Files\nspr4.dll 2007-09-19 10:48 132,448 ----a-r C:\Program Files\ssl3.dll 2007-09-19 10:48 13,688 ----a-r C:\Program Files\AccessibleMarshal.dll 2007-09-19 10:48 13,152 ----a-r C:\Program Files\xpcom.dll 2007-09-19 10:48 129,920 ----a-r C:\Program Files\updater.exe 2007-09-19 10:48 12,136 ----a-r C:\Program Files\xpistub.dll 2007-09-19 10:48 111,968 ----a-r C:\Program Files\smime3.dll 2007-09-07 07:46 174 --sha-w C:\Program Files\desktop.ini 2007-09-06 14:43 18,775 ----a-r C:\Program Files\install.log 2007-07-26 06:01 222 ----a-r C:\Program Files\browserconfig.properties 2007-07-26 06:01 141 ----a-r C:\Program Files\updater.ini 2007-07-26 06:01 107 ----a-r C:\Program Files\old-homepage-default.properties 2007-07-26 02:39 30,869 ----a-r C:\Program Files\LICENSE 2005-07-24 17:52 229 ----a-r C:\Program Files\README.txt . (((((((((((((((((((((((((((( Autostart Punkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . REGEDIT4 *Hinweis* leere Eintrage & legitime Standardeintrage werden nicht angezeigt. [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Sidebar"="C:\Program Files\Windows Sidebar\sidebar.exe" [2008-01-09 19:53 1232896] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2007-06-19 14:44 1006264] "RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 16:07 4390912 C:\Windows\RtHDVCpl.exe] "SMSERIAL"="C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe" [2006-11-22 16:31 630784] "SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-02-15 20:50 857648] "IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-11-15 15:58 151552] "IgfxTray"="C:\Windows\system32\igfxtray.exe" [2007-06-06 10:52 142104] "HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2007-06-06 10:52 154392] "Persistence"="C:\Windows\system32\igfxpers.exe" [2007-06-06 10:52 138008] "LaunchAp"="C:\Program Files\Launch Manager\LaunchAp.exe" [2005-07-25 12:36 32768] "HotkeyApp"="C:\Program Files\Launch Manager\HotkeyApp.exe" [2006-12-14 15:53 192512] "LMgrOSD"="C:\Program Files\Launch Manager\OSD.exe" [2006-12-26 10:23 180224] "Wbutton"="C:\Program Files\Launch Manager\Wbutton.exe" [2006-11-09 13:37 86016] "SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 00:11 132496] "avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2007-10-10 19:59 249896] "NBKeyScan"="C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-12-03 14:21 2213160] "Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 19:51 39792] "QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2007-12-11 10:56 286720] "NeroFilterCheck"="C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 14:57 153136] "CtrlVol"="C:\Program Files\Launch Manager\CtrlVol.exe" [ ] "SOAPFACE"="C:\ProgramData\Eggs Skip Skip.t5hp2g" [2008-01-09 19:50 385040] C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ p6_19_erinnerung.lnk - C:\Program Files\phase6\phase6_19_download\WinStart\p6erinnerung.exe [2007-02-11 19:20:42] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableLUA"= 0 (0x0) R1 Hotkey;Hotkey;C:\Windows\system32\drivers\Hotkey.sys [2003-04-28 10:27] R2 UxTuneUp;TuneUp Designerweiterung;C:\Windows\System32\svchost.exe [2006-11-02 10:45] R3 igfx;igfx;C:\Windows\system32\DRIVERS\igdkmd32.sys [2007-05-31 09:51] R3 RTL8169;Realtek 8169 NT Driver;C:\Windows\system32\DRIVERS\Rtlh86.sys [2007-04-30 12:42] R3 RTL8187B;Realtek RTL8187B Wireless 802.11g 54Mbps USB 2.0 Network Adapter;C:\Windows\system32\DRIVERS\RTL8187B.sys [2007-07-05 18:23] R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC);C:\Windows\system32\DRIVERS\snp2uvc.sys [2007-02-07 17:35] R3 WisLMSvc;WisLMSvc;"C:\Program Files\Launch Manager\WisLMSvc.exe" [2006-11-17 19:45] S3 R300;R300;C:\Windows\system32\DRIVERS\atikmdag.sys [2006-11-02 08:36] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] LocalSystemNetworkRestricted REG_MULTI_SZ hidserv UxSms WdiSystemHost Netman trkwks AudioEndpointBuilder WUDFSvc irmon sysmain IPBusEnum dot3svc PcaSvc EMDMgmt TabletInputService wlansvc WPDBusEnum HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{17ed1b04-5b97-11dc-9a44-806e6f6e6963}] \shell\AutoRun\command - E:\cdstart.exe *Newly Created Service* - PROCEXP90 . Inhalt des "geplante Tasks" Ordners "2007-12-21 16:16:40 C:\Windows\Tasks\1-Klick-Wartung.job" - C:\Program Files\TuneUp Utilities 2007\SystemOptimizer.exe . ************************************************************************** catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2008-01-10 17:52:00 Windows 6.0.6000 NTFS Scanne versteckte Prozesse... Scanne versteckte Autostart Einträge... HKLM\Software\Microsoft\Windows\CurrentVersion\Run CtrlVol = C:\Program Files\Launch Manager\CtrlVol.exe?????H?2???????2??42????w????????????0???<???????|??????wb??w????3 ?w!??w??????2???2?=??v????L???~z?w??2?????x?2?????? A???2?????? A????4=??v?????????a@?`??????????? ?A????4????? A???@???2??x@???2????4??@???2???? Scanne versteckte Dateien... Scan erfolgreich abgeschlossen versteckte Dateien: 0 ************************************************************************** . Zeit der Fertigstellung: 2008-01-10 17:52:47 . 2008-01-09 18:54:33 --- E O F --- Filelist.bat ergab leider nur folgendes: not supported windows version ---------------------------------------- Microsoft Windows [Version 6.0.6000] Vielen Dank für eure Hilfe!!! |
Blacklight scannen lassen * Lade F-Secure Blacklight runter in einen eigenen Ordner, z.B. C:\programme\blacklight. Sollte der Download nicht klappen, dann probiere es mit diesem Link. * Starte in diesem Ordner blbeta.exe. Alle anderen Programme schließen. * Klick "I accept the agreement", "next", "Scan". * Wenn der Scan fertig ist beende Blacklight mit "Close". * Im Verzeichnis von Blacklight findest Du das erstellte Log fsbl-XXX.log, anstelle der XXX steht eine längere Folge von Ziffern. Sophos scannen lassen * Gehe zu Sophos und lade dir ihren Rootkitescanner herunter. Du bekommst eine Installationsdatei sarsfx.exe. * Starte diese, akzeptiere die Lizenz und lass das Programm installieren, ändere den Pfad C:\SOPHTEMP nicht. * Gehe mit dem Explorer in diesen Ordner und starte sargui.exe, schließe danach alle anderen Programme. * Lass unter Area alles angehalt und starte den Scan mit "Start scan". Der Scan dauert einige Zeit, wenn er fertig ist poppt ein Fenster auf mit einer Zusammenfassung, klicke dort "Ok". Beende den Sophos Rootkitscanner, dieser Scan dient nur der Analyse. * Starte den Explorer und gib in der Adresszeile "%temp%" ein (ohne Anführungsstriche), dort gibt es eine Datei sarscan.log, deren Inhalt bitte posten. Gmer scannen lassen * Lade dir Gmer von dieser Seite runter und entpacke es auf deinen Desktop. * Starte gmer.exe und gehe zum Tab Rootkit. Alle anderen Programme sollen geschlossen sein. * Stelle sicher, daß in der Leiste rechts alles von "System" bis "ADS" angehakt ist (Wichtig: "Show all" darf nicht angehakt sein) * Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft. * Wenn der Scan fertig ist klicke auf "Copy" um das Log in die Zwischenablage zu kopieren. Mit "Ok" wird Gmer beendet. * Füge das Log aus der Zwischenablage in deine Antwort hier ein. |
Hallo, hier die Ergebnisse: Blacklight: 01/11/08 14:18:40 [Info]: BlackLight Engine 1.0.67 initialized 01/11/08 14:18:40 [Info]: OS: 6.0 build 6000 () 01/11/08 14:18:40 [Note]: 7019 4 01/11/08 14:18:40 [Note]: 7005 0 01/11/08 14:18:42 [Note]: 7006 0 01/11/08 14:18:42 [Note]: 7027 0 01/11/08 14:18:43 [Note]: 7026 0 01/11/08 14:18:43 [Note]: 7026 0 01/11/08 14:18:45 [Note]: FSRAW library version 1.7.1024 01/11/08 14:22:04 [Note]: 7007 0 Sophos unterstützt kein Vista und ließ sich daher nicht starten! Gmer: [COLOR="Green"]GMER 1.0.13.12551 - http://www.gmer.net Rootkit scan 2008-01-11 14:45:06 Windows 6.0.6000 ---- System - GMER 1.0.13 ---- SSDT A55D371C ZwCreateThread SSDT A55D3708 ZwOpenProcess SSDT A55D370D ZwOpenThread SSDT A55D3717 ZwTerminateProcess SSDT A55D3712 ZwWriteVirtualMemory ---- Kernel code sections - GMER 1.0.13 ---- .text ntoskrnl.exe!ZwQueryLicenseValue + D41 81C46239 1 Byte [ 06 ] .text ntoskrnl.exe!_alloca_probe + 164 81C560B4 4 Bytes [ 1C, 37, 5D, A5 ] .text ntoskrnl.exe!_alloca_probe + 334 81C56284 4 Bytes [ 08, 37, 5D, A5 ] .text ntoskrnl.exe!_alloca_probe + 350 81C562A0 4 Bytes [ 0D, 37, 5D, A5 ] .text ntoskrnl.exe!_alloca_probe + 574 81C564C4 4 Bytes [ 17, 37, 5D, A5 ] .text ntoskrnl.exe!_alloca_probe + 5D4 81C56524 4 Bytes [ 12, 37, 5D, A5 ] ---- User IAT/EAT - GMER 1.0.13 ---- IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [70901923] C:\Windows\AppPatch\AcLayers.DLL IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Launch Manager\LaunchAp.exe[2116] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [70901923] C:\Windows\AppPatch\AcLayers.DLL IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!RegisterWaitForInputIdle] [709013AA] C:\Windows\AppPatch\AcLayers.DLL IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [70901923] C:\Windows\AppPatch\AcLayers.DLL IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [70901923] C:\Windows\AppPatch\AcLayers.DLL IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\IPHLPAPI.DLL [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2392] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [70901923] C:\Windows\AppPatch\AcLayers.DLL IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!RegisterWaitForInputIdle] [709013AA] C:\Windows\AppPatch\AcLayers.DLL IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [70901923] C:\Windows\AppPatch\AcLayers.DLL IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [70901923] C:\Windows\AppPatch\AcLayers.DLL IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Program Files\Internet Explorer\iexplore.exe[2508] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW] [6C5588F6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW] [6C558B2F] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW] [6C558A65] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C559639] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegSetValueExW] [6C559BA7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW] [6C5588F6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW] [6C558A65] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!OpenFile] [6C558C84] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CopyFileW] [6C5588F6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!DeleteFileW] [6C558A65] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!MoveFileW] [6C558B2F] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegCreateKeyExA] [6C55952A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegSetValueExA] [6C559AFB] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExA] [6C559741] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\RPCRT4.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [6C552E2C] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW] [6C558A65] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW] [6C552C16] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW] [6C552A18] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!AccessCheck] [6C55883A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueW] [6C559A53] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegDeleteValueW] [6C559CF9] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegSetValueExW] [6C559BA7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C559639] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\ole32.dll [ADVAPI32.dll!RegOpenKeyExA] [6C559741] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW] [6C558A65] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW] [6C558FA6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA] [6C558F4E] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA] [6C55A275] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExA] [6C559AFB] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA] [6C55952A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA] [6C559741] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueA] [6C559C57] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW] [6C559639] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegSetValueExW] [6C559BA7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteValueW] [6C559CF9] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegSetValueExW] [6C559BA7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!SetFileSecurityW] [6C559DF4] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExA] [6C559741] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C559639] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [ADVAPI32.dll!AccessCheck] [6C55883A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!MoveFileExW] [6C558C14] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW] [6C5588F6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW] [6C558B2F] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW] [6C558A65] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW] [6C558FA6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW] [6C558C14] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ |
und hier noch die Fortsetzung von gmer (war zu groß für nur eine Antwort...) C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueExW] [6C559BA7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C559639] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegDeleteValueW] [6C559CF9] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegSetValueW] [6C559A53] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegCreateKeyW] [6C559498] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!SetFileSecurityW] [6C559DF4] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!AccessCheck] [6C55883A] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\SHELL32.dll [ADVAPI32.dll!RegOpenKeyExA] [6C559741] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!PrivCopyFileExW] [6C558EEA] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!MoveFileExW] [6C558C14] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!DeleteFileW] [6C558A65] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!SetFileAttributesW] [6C558FA6] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!SetFileSecurityW] [6C559DF4] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegCreateKeyExW] [6C559639] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegSetValueExW] [6C559BA7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\USERENV.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!CreateFileW] [6C55A391] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] [70A14618] C:\Windows\system32\ShimEng.dll IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegCreateKeyExW] [6C559639] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegSetValueExW] [6C559BA7] C:\Windows\AppPatch\AcGenral.DLL IAT C:\Users\Stephie\Desktop\gmer\gmer.exe[3908] @ C:\Windows\system32\Secur32.dll [ADVAPI32.dll!RegOpenKeyExW] [6C559815] C:\Windows\AppPatch\AcGenral.DLL AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_NAMED_PIPE [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CLOSE [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_READ [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_WRITE [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_INFORMATION [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_INFORMATION [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_EA [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_EA [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_FLUSH_BUFFERS [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_VOLUME_INFORMATION [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_VOLUME_INFORMATION [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_DIRECTORY_CONTROL [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_FILE_SYSTEM_CONTROL [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CONTROL [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_INTERNAL_DEVICE_CONTROL [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SHUTDOWN [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_LOCK_CONTROL [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CLEANUP [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_CREATE_MAILSLOT [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_SECURITY [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_SECURITY [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_POWER [804F1F42] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SYSTEM_CONTROL [804F1F42] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_DEVICE_CHANGE [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_QUERY_QUOTA [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 IRP_MJ_SET_QUOTA [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_NAMED_PIPE [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_CLOSE [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_READ [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_WRITE [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_INFORMATION [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_SET_INFORMATION [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_EA [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_SET_EA [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_FLUSH_BUFFERS [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_VOLUME_INFORMATION [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_SET_VOLUME_INFORMATION [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_DIRECTORY_CONTROL [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_FILE_SYSTEM_CONTROL [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CONTROL [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_INTERNAL_DEVICE_CONTROL [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_SHUTDOWN [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_LOCK_CONTROL [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_CLEANUP [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_CREATE_MAILSLOT [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_SECURITY [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_SET_SECURITY [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_POWER [804F1F42] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_SYSTEM_CONTROL [804F1F42] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_DEVICE_CHANGE [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_QUERY_QUOTA [804F1D1B] Wdf01000.sys AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 IRP_MJ_SET_QUOTA [804F1D1B] Wdf01000.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CREATE [826B07F0] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CREATE_NAMED_PIPE [826B07F0] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CLOSE [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_READ [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_WRITE [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_INFORMATION [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_INFORMATION [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_EA [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_EA [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_FLUSH_BUFFERS [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_VOLUME_INFORMATION [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_VOLUME_INFORMATION [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_DIRECTORY_CONTROL [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_FILE_SYSTEM_CONTROL [826B0DC8] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_DEVICE_CONTROL [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_INTERNAL_DEVICE_CONTROL [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SHUTDOWN [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_LOCK_CONTROL [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CLEANUP [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_CREATE_MAILSLOT [826B07F0] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_SECURITY [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_SECURITY [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_POWER [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SYSTEM_CONTROL [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_DEVICE_CHANGE [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_QUERY_QUOTA [8269EB56] fltmgr.sys AttachedDevice \FileSystem\fastfat \Fat IRP_MJ_SET_QUOTA [8269EB56] fltmgr.sys ---- Registry - GMER 1.0.13 ---- Reg \Registry\USER\S-1-5-21-4022781497-3537278231-3995956278-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0x34 0xEC 0x65 0x4A ... Reg \Registry\USER\S-1-5-21-4022781497-3537278231-3995956278-1003\Software\SecuROM\!CAUTION! NEVER DELETE OR CHANGE ANY KEY@?? 0xE3 0xC1 0xD6 0x7C ... ---- EOF - GMER 1.0.13 ---- |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 18:30 Uhr. |
Copyright ©2000-2025, Trojaner-Board