Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: trojan.agent - svchospt.exe auf dem rechner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.11.2012, 16:50   #1
adiMo
 
trojan.agent - svchospt.exe auf dem rechner - Standard

trojan.agent - svchospt.exe auf dem rechner



Hallo Zusammen,
auf einem Rechner mit Vista SP2 habe ich folgenden Trojaner:

Trojaner.agent
C:\Windows\System32\svchospt.exe (Trojan.Agent) -> 3012 -> No action taken.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchospt (Trojan.Agent)
C:\Windows\System32\svchospt.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\svchosptd.exe (Trojan.Agent) -> No action taken.

Leider finde ich keine detaillierte Anleitung wie den Trojaner entfernen kann.
Bisher Malwarebytes, MS Essentials und TDSSKiller verwendet, alles ohne Erfolg.

Anbei die Dateien OTL, Gmer usw.

Vielen Dank schon mal für die Hilfe.

Gruß
adiMo

Alt 03.11.2012, 18:44   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
trojan.agent - svchospt.exe auf dem rechner - Standard

trojan.agent - svchospt.exe auf dem rechner



Zitat:
Bisher Malwarebytes, MS Essentials und TDSSKiller verwendet, alles ohne Erfolg.
Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520

Zitat:
Anbei die Dateien OTL, Gmer usw.
Die Logs bitte NICHT anhängen!!

Sie müssen nur dann in den Anhang (als eine ZIP-Datei mit allen Logdateien), wenn sie zu groß sind um direkt gepostet zu werden!


Ansonsten bitte alles nach Möglichkeit hier in CODE-Tags posten. Das ist einfacher, übersichtlicher und man spart sich ne Menge Rumklickerei!

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 03.11.2012, 19:17   #3
adiMo
 
trojan.agent - svchospt.exe auf dem rechner - Standard

trojan.agent - svchospt.exe auf dem rechner



@cosinus, vielen Dank erstmal.

Kernfrage, nach Durchsicht der Logs: Macht es Sinn den Trojaner zu beseitigen oder ist Format C: die schnellere Variante?

Code:
ATTFilter
 Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Database version: v2012.11.01.04

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 8.0.6001.19328
Martina :: MARTINA-PC [limited]

03.11.2012 12:55:58
mbam-log-2012-11-03 (14-21-08) adi.txt

Scan type: Full scan (C:\|D:\|)
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 351102
Time elapsed: 1 hour(s), 22 minute(s), 48 second(s)

Memory Processes Detected: 1
C:\Windows\System32\svchospt.exe (Trojan.Agent) -> 3012 -> No action taken.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchospt (Trojan.Agent) -> Data: C:\Windows\system32\svchospt.exe -> No action taken.

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\System32\svchospt.exe (Trojan.Agent) -> No action taken.
C:\Windows\System32\svchosptd.exe (Trojan.Agent) -> No action taken.

(end)
         

[code]
GMER Logfile:
Code:
ATTFilter
GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-11-03 16:08:52
Windows 6.0.6002 Service Pack 2 Harddisk0\DR0 -> \Device\0000004e WDC_WD32 rev.01.0
Running: djouff26.exe; Driver: C:\Users\admin\AppData\Local\Temp\pgliifow.sys


---- User code sections - GMER 1.0.15 ----

.text           C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!CreateWindowExW                                                       76DB1305 5 Bytes  JMP 6C4DDB24 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!DialogBoxParamW                                                       76DD10B0 5 Bytes  JMP 6C405505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!DialogBoxIndirectParamW                                               76DD2EF5 5 Bytes  JMP 6C5D725F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!DialogBoxParamA                                                       76DE8152 5 Bytes  JMP 6C5D71FC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!DialogBoxIndirectParamA                                               76DE847D 5 Bytes  JMP 6C5D72C2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!MessageBoxIndirectA                                                   76DFD4D9 5 Bytes  JMP 6C5D7191 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!MessageBoxIndirectW                                                   76DFD5D3 5 Bytes  JMP 6C5D7126 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!MessageBoxExA                                                         76DFD639 5 Bytes  JMP 6C5D70C4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1044] USER32.dll!MessageBoxExW                                                         76DFD65D 5 Bytes  JMP 6C5D7062 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!CreateDialogParamW                                                    76DA72A2 5 Bytes  JMP 6C4DDEB0 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!GetAsyncKeyState                                                      76DA863C 5 Bytes  JMP 6C3F8F27 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!SetWindowsHookExW                                                     76DA87AD 5 Bytes  JMP 6C4D9AB5 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!CallNextHookEx                                                        76DA8E3B 5 Bytes  JMP 6C4CD12D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!UnhookWindowsHookEx                                                   76DA98DB 5 Bytes  JMP 6C44466C C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!EnableWindow                                                          76DACD8B 5 Bytes  JMP 6C4DDD3D C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!CreateWindowExW                                                       76DB1305 5 Bytes  JMP 6C4DDB24 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!GetKeyState                                                           76DB8CB1 5 Bytes  JMP 6C4DD2EB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!IsDialogMessageW                                                      76DC0745 5 Bytes  JMP 6C405A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!CreateDialogParamA                                                    76DC17AA 5 Bytes  JMP 6C5D7ECB C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!IsDialogMessage                                                       76DC1847 5 Bytes  JMP 6C5D7767 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!CreateDialogIndirectParamA                                            76DC26F1 5 Bytes  JMP 6C5D7F02 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!CreateDialogIndirectParamW                                            76DC9A62 5 Bytes  JMP 6C5D7F39 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!SetKeyboardState                                                      76DD0987 5 Bytes  JMP 6C5D7AD6 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!DialogBoxParamW                                                       76DD10B0 5 Bytes  JMP 6C405505 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!DialogBoxIndirectParamW                                               76DD2EF5 5 Bytes  JMP 6C5D725F C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!SendInput                                                             76DD2F75 5 Bytes  JMP 6C5D8693 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!EndDialog                                                             76DD326E 5 Bytes  JMP 6C407EC2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!SetCursorPos                                                          76DE6FB2 5 Bytes  JMP 6C5D86E7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!DialogBoxParamA                                                       76DE8152 5 Bytes  JMP 6C5D71FC C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!DialogBoxIndirectParamA                                               76DE847D 5 Bytes  JMP 6C5D72C2 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!MessageBoxIndirectA                                                   76DFD4D9 5 Bytes  JMP 6C5D7191 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!MessageBoxIndirectW                                                   76DFD5D3 5 Bytes  JMP 6C5D7126 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!MessageBoxExA                                                         76DFD639 5 Bytes  JMP 6C5D70C4 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!MessageBoxExW                                                         76DFD65D 5 Bytes  JMP 6C5D7062 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] USER32.dll!keybd_event                                                           76DFD972 5 Bytes  JMP 6C5D8A17 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] SHELL32.dll!SHRestricted + D95                                                   770C89A8 4 Bytes  [4D, 30, 54, 6E]
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] SHELL32.dll!SHRestricted + D9D                                                   770C89B0 8 Bytes  [57, 2F, 54, 6E, 9C, 5B, 53, ...] {PUSH EDI; DAS ; PUSH ESP; OUTSB ; PUSHF ; POP EBX; PUSH EBX; OUTSB }
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] ole32.dll!OleLoadFromStream                                                      76361E80 5 Bytes  JMP 6C5D75C7 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Program Files\Internet Explorer\iexplore.exe[1084] ole32.dll!CoCreateInstance                                                       76399F3E 5 Bytes  JMP 6C4DDB80 C:\Windows\system32\IEFRAME.dll (Internet Explorer/Microsoft Corporation)
.text           C:\Windows\Explorer.EXE[2484] SHELL32.dll!SHCoCreateInstance + 657                                                                     770D1B20 8 Bytes  [E0, 10, 4F, 6A, 00, 11, 4F, ...] {LOOPNZ 0x12; DEC EDI; PUSH 0x0; ADC [EDI+0x6a], ECX}
.text           C:\Program Files\Windows Live\Messenger\msnmsgr.exe[3216] kernel32.dll!SetUnhandledExceptionFilter                                     77D0A8C5 5 Bytes  JMP 0056DBBD C:\Program Files\Windows Live\Messenger\msnmsgr.exe (Windows Live Messenger/Microsoft Corporation)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]                 [6E5282F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                   [6E5282F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SearchPathW]                      [6E531AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW]                   [6E53007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CopyFileW]                        [6E52E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!MoveFileW]                        [6E530994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!DeleteFileW]                      [6E52EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateProcessW]                   [6E52A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!SetCurrentDirectoryW]             [6E531D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindClose]                        [6E533ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindNextFileW]                    [6E532999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!FindFirstFileW]                   [6E533035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryA]                     [6E52FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!CreateFileW]                      [6E52E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!WritePrivateProfileStringW]       [6E52DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!LoadLibraryW]                     [6E52FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                   [6E5282F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [KERNEL32.dll!GetPrivateProfileStringW]         [6E52D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryInfoKeyW]                 [6E53FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegEnumValueW]                    [6E54051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegOpenKeyExW]                    [6E53EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegQueryValueExW]                 [6E53F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegDeleteKeyW]                    [6E53EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCreateKeyExW]                  [6E53E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USER32.dll [ADVAPI32.dll!RegCloseKey]                      [6E53ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW]                    [6E53007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA]                      [6E52FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CopyFileW]                         [6E52E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                    [6E5282F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW]                      [6E52FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!CreateFileW]                       [6E52E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!SearchPathW]                       [6E531AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\GDI32.dll [KERNEL32.dll!DeleteFileW]                       [6E52EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindClose]                        [6E533ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileA]                   [6E532CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileA]                    [6E532926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindFirstFileW]                   [6E533035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!FindNextFileW]                    [6E532999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesA]               [6E52BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryA]             [6E53173F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesA]               [6E52BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryA]                 [6E530F0F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryA]                 [6E5314E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileA]                      [6E52ED1B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetFileAttributesW]               [6E52BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetCurrentDirectoryW]             [6E531D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!SetFileAttributesW]               [6E52C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateDirectoryW]                 [6E53103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!DeleteFileW]                      [6E52EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileW]                        [6E530994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!RemoveDirectoryW]                 [6E531614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!MoveFileA]                        [6E530921] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                   [6E5282F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA]                     [6E52FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA]                   [6E52A073] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW]                   [6E52A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileA]                      [6E52E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!CreateFileW]                      [6E52E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryW]                     [6E52FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW]                    [6E52FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!ReplaceFileW]                    [6E530C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!WritePrivateProfileStringW]      [6E52DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringW]        [6E52D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetPrivateProfileStringA]        [6E52D361] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!DeleteFileW]                     [6E52EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW]                  [6E53007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesW]              [6E52C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileW]                     [6E52E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileW]                  [6E533035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileW]                   [6E532999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathW]                     [6E531AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesW]              [6E52BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SetFileAttributesA]              [6E52BFCD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!CreateFileA]                     [6E52E717] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindFirstFileA]                  [6E532CD2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindNextFileA]                   [6E532926] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!FindClose]                       [6E533ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!SearchPathA]                     [6E5323A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetFileAttributesA]              [6E52BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA]                    [6E52FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                  [6E5282F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpW]                          [6E52FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [USER32.dll!WinHelpA]                          [6E52F973] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCloseKey]                     [6E53ED95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExA]                 [6E53E43D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyA]                   [6E53EDE8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyA]                [6E53F9B7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExA]                   [6E53E9C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegCreateKeyExW]                 [6E53E5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegOpenKeyExW]                   [6E53EB3D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExW]                   [6E54020D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueW]                  [6E53F4DB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegDeleteKeyW]                   [6E53EF31] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryInfoKeyW]                [6E53FBB3] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExW]                [6E53F817] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueW]                   [6E54051D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyW]                     [6E53FF19] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyExA]                   [6E540085] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumValueA]                   [6E540395] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegEnumKeyA]                     [6E53FDAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHLWAPI.dll [ADVAPI32.dll!RegQueryValueExA]                [6E53F677] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionW]       [6E52CFA8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindNextFileW]                   [6E532999] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!ReplaceFileW]                    [6E530C95] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileSectionNamesW]  [6E52D22A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileSectionW]     [6E52D9DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!WritePrivateProfileStringW]      [6E52DC5C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateHardLinkW]                 [6E52EB68] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetCurrentDirectoryW]            [6E531D56] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CopyFileW]                       [6E52E1E9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetBinaryTypeW]                  [6E52CAA7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW]                  [6E53007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW]                  [6E52A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileW]                       [6E530994] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindFirstFileW]                  [6E533035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!FindClose]                       [6E533ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameA]               [6E52C709] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesA]              [6E52BD77] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SearchPathW]                     [6E531AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileIntW]           [6E52CD20] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetPrivateProfileStringW]        [6E52D4B8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!RemoveDirectoryW]                [6E531614] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateDirectoryW]                [6E53103D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!DeleteFileW]                     [6E52EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!SetFileAttributesW]              [6E52C0FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesW]              [6E52BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!MoveFileExW]                     [6E5309B9] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetShortPathNameW]               [6E52C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW]                    [6E52FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!CreateFileW]                     [6E52E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetFileAttributesExW]            [6E52C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA]                    [6E52FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [KERNEL32.dll!GetLongPathNameW]                [6E52C5D8] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [USER32.dll!LoadImageW]                        [6E52F0D0] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [USER32.dll!WinHelpW]                          [6E52FAAA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [USER32.dll!PrivateExtractIconsW]              [6E52F5C5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringByKeyW]           [6E53620B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHCreateStreamOnFileW]            [6E537595] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryKeyW]                   [6E5360AE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!AssocQueryStringW]                [6E53615B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyA]                     [6E5375E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCombineW]                     [6E536533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHOpenRegStream2W]                [6E53799A] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryW]                 [6E53684F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsURLW]                       [6E536E45] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootA]                      [6E536AFB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRootW]                      [6E536B47] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripToRootW]                 [6E537281] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFindOnPathW]                  [6E536716] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathStripPathW]                   [6E5371ED] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRemoveArgsW]                  [6E537021] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetBoolUSValueW]             [6E537FBE] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathSkipRootW]                    [6E537159] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryEmptyW]            [6E5368E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsSystemFolderW]              [6E536BE2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsDirectoryA]                 [6E536803] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathRelativePathToW]              [6E536F81] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootA]                   [6E5363A5] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetPathW]                    [6E5380BD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegSetPathW]                    [6E538513] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetUSValueW]                 [6E538176] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathCreateFromUrlW]               [6E5365DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHQueryValueExW]                  [6E537BA4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHRegGetValueW]                   [6E538235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsNetworkPathW]               [6E53697F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerShareW]            [6E536DAD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCServerW]                 [6E536D15] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathUnExpandEnvStringsW]          [6E53731F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathMakeSystemFolderW]            [6E536EDD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsUNCW]                       [6E536C7D] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathIsRelativeW]                  [6E536AAF] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHGetValueW]                      [6E5378EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathBuildRootW]                   [6E5363F4] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteValueW]                   [6E5376D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHSetValueW]                      [6E538732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumKeyExW]                     [6E53777E] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHEnumValueW]                     [6E537831] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!PathFileExistsW]                  [6E53667B] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [SHLWAPI.dll!SHDeleteKeyW]                     [6E537636] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SHELL32.dll [ntdll.dll!NtQueryDirectoryFile]               [6E52BB38] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindClose]                         [6E533ADC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!FindFirstFileW]                    [6E533035] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW]                    [6E53007C] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!SearchPathW]                       [6E531AEC] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateProcessW]                    [6E52A3FB] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!DeleteFileW]                       [6E52EE46] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetShortPathNameW]                 [6E52C848] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesExW]              [6E52C368] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!CreateFileW]                       [6E52E860] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryW]                      [6E52FD66] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!GetFileAttributesW]                [6E52BEA2] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\ole32.dll [KERNEL32.dll!LoadLibraryA]                      [6E52FBE1] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                   [6E5282F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueW]                   [6E538235] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHRegGetValueA]                   [6E5381D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathUnExpandEnvStringsA]          [6E5372CD] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteKeyA]                     [6E5375E7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHDeleteValueW]                   [6E5376D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCreateFromUrlW]               [6E5365DA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueA]                      [6E53788F] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueA]                      [6E5386D7] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHGetValueW]                      [6E5378EA] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!SHSetValueW]                      [6E538732] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\WININET.dll [SHLWAPI.dll!PathCombineW]                     [6E536533] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                  [6E5282F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\USERENV.dll [KERNEL32.dll!GetProcAddress]                  [6E5282F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                  [6E5282F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\SAMLIB.dll [KERNEL32.dll!GetProcAddress]                   [6E5282F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress]                 [6E5282F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                  [6E5282F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Program Files\Internet Explorer\iexplore.exe[1084] @ C:\Windows\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress]                 [6E5282F6] C:\Program Files\Internet Explorer\IEShims.dll (Internet Explorer Compatibility Shims/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown]                                                  [74997817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage]                                                   [749DB4E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI]                                               [7499BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode]                                         [7498F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup]                                                   [749975E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC]                                                [7498E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM]                                    [749C73F5] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream]                                       [7499DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight]                                               [7498FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth]                                                [7498FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage]                                                 [749871CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM]                                         [74A1CAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile]                                            [749BC8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics]                                               [7498D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree]                                                         [74986853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc]                                                        [7498687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT             C:\Windows\Explorer.EXE[2484] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode]                                           [74992AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18581_none_9e591052ca1013d0\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice  \FileSystem\fastfat \Fat                                                                                                               fltmgr.sys (Microsoft Dateisystem-Filter-Manager/Microsoft Corporation)

---- EOF - GMER 1.0.15 ----
         
--- --- ---


OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.11.2012 15:07:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martina\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 38,27% Memory free
3,74 Gb Paging File | 2,59 Gb Available in Paging File | 69,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,43 Gb Total Space | 185,84 Gb Free Space | 65,57% Space Free | Partition Type: NTFS
Drive D: | 14,64 Gb Total Space | 8,78 Gb Free Space | 59,96% Space Free | Partition Type: FAT32
 
Computer Name: MARTINA-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Müller Foto\Müller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{6EEE6D98-62D8-48D8-9D26-2797956B745B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D4C5C158-7CAC-48D2-9EA0-5C2BCEE763C4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{ED1CC61F-F2D1-4182-A632-3A9412505676}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{4EAE8E6B-8B5F-4542-9A67-27C60A03355D}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{523AD132-76A2-49EC-8162-E17EAC222E42}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{548E7339-B23D-4802-966F-3299EAE429C3}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | 
"{5762579C-F885-4B77-BBEC-E062F51CEA9F}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposfx08.exe | 
"{602386F7-E1C1-4CA1-9C3F-B7530ABAC75F}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{674ED15B-2EF8-4B8F-9510-E422F3CAE01A}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{6B00B7CB-0577-424C-B797-D78B9D1BA222}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxm08.exe | 
"{706226C0-96F5-45D7-A9E4-C0572516AF1A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqkygrp.exe | 
"{75A1FA3F-645A-41A4-AF21-232A6969EABC}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{7A657385-A5C7-42D6-BF51-56ED67EE8EA9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{82F946A4-FBC7-4342-95B9-291857B3E2BA}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | 
"{99CD95AA-44AE-4AA9-94FD-D0DB5EC7C701}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | 
"{A08A49F4-EAB3-44C2-BD92-51D8D30AAC20}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{AC4E4AAB-C7C2-4637-A83A-6CE85C5B6A45}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpofxs08.exe | 
"{B6B8D7F0-294D-4868-9F1F-F7300008E5D5}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{B77DB439-216C-46F5-B72D-C333D895CF5A}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{BB465E03-3A9E-4634-AA29-D72AE297CC53}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{C9065B1F-02A6-4FED-ADA2-12F620C5AA40}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpzwiz01.exe | 
"{D37FA6A7-BECA-47B2-8C71-7C9262CA07D2}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | 
"{DE029360-36CF-4F50-8454-A79554B88600}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqfxt08.exe | 
"{E195629B-EA43-48FA-A437-7F21940A21B5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | 
"{F0449987-FC6C-4FA8-AC3E-C2D72B72F699}" = dir=in | app=c:\program files\windows live\messenger\livecall.exe | 
"{F5AE91FC-B542-4260-865C-87CD3671DA36}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | 
"{F92FB476-13DE-4EA3-870C-0650041F6057}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpiscnapp.exe | 
"{F9D95DD4-FC61-4E8B-8C11-200A51C5040A}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{FE81FCF7-7343-4055-AE9D-BA4CAF425B95}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | 
"TCP Query User{F8E6CA3E-0A5B-42A9-A482-47F36D8FAF2E}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
"UDP Query User{1C2DC403-E1CD-468B-9660-CC665CB44B07}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0289B35E-DC07-4c7a-9710-BBD686EA4B7D}" = Status
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID-Anmelde-Assistent
"{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8
"{0A5825FD-0FB7-4e45-9037-858D463F2943}" = BPDSoftware
"{0CC1DAFB-40C8-4903-953D-471E541477C7}" = WISO Steuer 2012
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2614F54E-A828-49FA-93BA-45A3F756BFAA}" = 32 Bit HP CIO Components Installer
"{26A24AE4-039D-4CA4-87B4-2F83216030FF}" = Java(TM) 6 Update 30
"{2951A232-69BA-4925-BB9A-CEEB72B18B4F}" = BPDSoftware_Ini
"{2B091530-69AA-442E-AB09-39ED06B58220}" = Windows Live Messenger
"{3700194C-C5DD-439A-BE06-A66960CA4C70}" = MSVCSetup
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{398E8625-6F3A-4C54-B54C-28F0ABB89774}" = BPD_HPSU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{410AB9BC-B057-4D39-9260-660EE1B4BED2}" = Steuer 2009
"{47948554-90C6-4AAC-8CFA-D23CE11C1031}" = Nero 8 Essentials
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A3D0CF8-60FF-4CEF-91A4-A1F001424602}" = DocProc
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{50779A29-834E-4E36-BBEB-B7CABC67A825}" = Microsoft Security Client DE-DE Language Pack
"{56364334-9530-11D2-BFFC-00C04FA329AA}" = Microsoft Works 2000
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{572F2A62-70CD-4429-8758-6D4D6DC696E1}" = 4500_Help
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5DC02603-6642-11D3-80AC-00C04F348408}" = Word in Works Suite-Add-In
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6697D99E-E550-4498-B793-4A8DD8A1821F}" = ProductContext
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A7B0BF3-2F00-4F03-8A9B-6ABCC07B90C6}" = Windows Live installer
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{818ABC3C-635C-4651-8183-D0E9640B7DD1}" = HP Update
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C2D4047-0E40-499a-AC7A-C4B9BB12FE03}" = TrayApp
"{A1D08B90-AE1A-4885-AC29-731496FD397E}" = Windows Live Fotogalerie
"{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}" = 1&1 Surf-Stick
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.2 - Deutsch
"{B8D42C3A-3CFF-4A8A-A7DA-4F44474D12C5}" = Windows Live Writer
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CD0773D5-C18E-495c-B39B-21A96415EDD5}" = HP Officejet J4500 Series
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{E78FC917-C21B-11D2-99FE-00105A98B681}" = Microsoft Picture It! 2000
"{EEEB604C-C1A7-4f8c-B03F-56F9C1C9C45F}" = Fax
"{EF1ADA5A-0B1A-4662-8C55-7475A61D8B65}" = DeviceDiscovery
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FDEC11CC-4BD6-4a8c-A398-3CCD8E43EACA}" = J4500
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = WEB.DE Internet Explorer Addon
"1&1 Mail & Media GmbH 1und1Softwareaktualisierung" = WEB.DE Softwareaktualisierung
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.5
"CCleaner" = CCleaner
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Google Desktop" = Google Desktop
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Smart Web Printing" = HP Smart Web Printing 4.60
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"InstallShield_{08BE0A17-0AB8-4B0C-88E2-EB1B4977A511}" = Lernwerkstatt 8
"lgx4.lgx.server" = G DATA Logox4 Speechengine
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft Security Client" = Microsoft Security Essentials
"Müller Foto" = Müller Foto
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Shop for HP Supplies" = Shop for HP Supplies
"TeamViewer 7" = TeamViewer 7
"Trojan Remover_is1" = Trojan Remover 6.8.5
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.05.2011 08:28:34 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.05.2011 08:45:14 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.05.2011 08:45:29 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 09.05.2011 08:45:29 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.05.2011 08:27:38 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.05.2011 08:27:55 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.05.2011 08:27:55 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.05.2011 12:34:59 | Computer Name = Martina-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 11.05.2011 12:35:26 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
Error - 11.05.2011 12:35:26 | Computer Name = Martina-PC | Source = Microsoft-Windows-CAPI2 | ID = 131083
Description = 
 
[ OSession Events ]
Error - 31.03.2011 08:08:35 | Computer Name = Martina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 11.04.2011 12:32:27 | Computer Name = Martina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 19
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.05.2011 06:31:58 | Computer Name = Martina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.05.2011 06:32:10 | Computer Name = Martina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 03.06.2011 05:01:01 | Computer Name = Martina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 09.11.2011 11:00:34 | Computer Name = Martina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 30
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 16.12.2011 05:09:14 | Computer Name = Martina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.12.2011 09:24:25 | Computer Name = Martina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 3
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 21.12.2011 09:24:38 | Computer Name = Martina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 29.12.2011 03:37:12 | Computer Name = Martina-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6545.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 03.11.2012 09:44:08 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 03.11.2012 09:48:02 | Computer Name = Martina-PC | Source = Service Control Manager | ID = 7022
Description = 
 
Error - 03.11.2012 09:49:07 | Computer Name = Martina-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 03.11.2012 09:49:07 | Computer Name = Martina-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 03.11.2012 09:49:07 | Computer Name = Martina-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 03.11.2012 09:49:07 | Computer Name = Martina-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 03.11.2012 09:49:07 | Computer Name = Martina-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 03.11.2012 09:49:07 | Computer Name = Martina-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 03.11.2012 09:49:07 | Computer Name = Martina-PC | Source = Microsoft-Windows-Servicing | ID = 4375
Description = 
 
Error - 03.11.2012 09:57:38 | Computer Name = Martina-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 03.11.2012, 19:18   #4
adiMo
 
trojan.agent - svchospt.exe auf dem rechner - Standard

trojan.agent - svchospt.exe auf dem rechner



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.11.2012 15:07:35 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Martina\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19328)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,75 Gb Total Physical Memory | 0,67 Gb Available Physical Memory | 38,27% Memory free
3,74 Gb Paging File | 2,59 Gb Available in Paging File | 69,12% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 283,43 Gb Total Space | 185,84 Gb Free Space | 65,57% Space Free | Partition Type: NTFS
Drive D: | 14,64 Gb Total Space | 8,78 Gb Free Space | 59,96% Space Free | Partition Type: FAT32
 
Computer Name: MARTINA-PC | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.03 14:58:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Martina\Downloads\OTL.exe
PRC - [2012.11.03 14:57:59 | 000,050,477 | ---- | M] () -- C:\Users\Martina\Downloads\Defogger.exe
PRC - [2012.10.23 10:47:48 | 007,859,112 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer.exe
PRC - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.10.23 10:47:48 | 002,285,480 | ---- | M] (TeamViewer GmbH) -- c:\Programme\TeamViewer\Version7\TeamViewer_Desktop.exe
PRC - [2012.10.23 10:40:39 | 000,106,408 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\tv_w32.exe
PRC - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 16:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.08.25 12:55:48 | 000,638,064 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe
PRC - [2012.07.18 19:27:12 | 000,409,696 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\WINWORD.EXE
PRC - [2011.09.08 18:05:08 | 000,995,328 | -H-- | M] (FK2) -- C:\Windows\System32\svchospt.exe
PRC - [2011.08.23 21:20:18 | 000,887,976 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe
PRC - [2011.07.12 08:53:26 | 000,240,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe
PRC - [2011.06.09 13:06:06 | 000,507,624 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Common Files\Java\Java Update\jucheck.exe
PRC - [2010.09.30 13:00:28 | 000,253,264 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe
PRC - [2010.09.30 13:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.04.11 07:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 07:27:28 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2009.02.26 18:36:46 | 000,030,040 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe
PRC - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
PRC - [2008.01.21 03:25:33 | 000,202,240 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnscfg.exe
PRC - [2007.10.18 11:34:34 | 005,724,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Live\Messenger\msnmsgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.03 14:57:59 | 000,050,477 | ---- | M] () -- C:\Users\Martina\Downloads\Defogger.exe
MOD - [2011.10.05 03:52:30 | 000,756,048 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL
MOD - [2010.09.30 13:00:28 | 000,139,088 | ---- | M] () -- C:\Programme\1&1 Surf-Stick\UIExec.exe
MOD - [2010.08.26 18:40:25 | 000,034,816 | ---- | M] () -- C:\Programme\Google\Google Desktop Search\gzlib.dll
MOD - [2005.11.27 20:07:30 | 000,417,792 | ---- | M] () -- C:\Windows\System32\CoolXPCombo.ocx
MOD - [2005.11.27 20:07:12 | 000,491,520 | ---- | M] () -- C:\Windows\System32\CoolXPButton.ocx
MOD - [2005.11.27 20:06:54 | 000,360,448 | ---- | M] () -- C:\Windows\System32\CoolXPLabel.ocx
 
 
========== Services (SafeList) ==========
 
SRV - [2012.10.23 10:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.09.12 16:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 16:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2010.09.30 13:00:28 | 000,253,264 | ---- | M] () [Auto | Running] -- C:\Programme\1&1 Surf-Stick\AssistantServices.exe -- (UI Assistant Service)
SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.02.26 18:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2007.10.25 15:27:54 | 000,266,240 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007.10.18 11:31:54 | 000,098,328 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - [2012.11.03 14:55:08 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{9D34AB33-8730-4E30-A5DB-BFE91E226601}\MpKslb64f1bfa.sys -- (MpKslb64f1bfa)
DRV - [2012.08.30 21:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2010.01.12 12:03:34 | 011,586,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2009.10.29 18:28:24 | 000,105,088 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2009.10.29 18:28:24 | 000,009,216 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2008.01.11 13:02:02 | 000,036,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2007.12.08 07:28:08 | 000,140,320 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\nvstor32.sys -- (nvstor32)
DRV - [2007.11.17 19:39:50 | 001,040,544 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvmfdx32.sys -- (NVENETFD)
DRV - [2007.10.12 15:53:10 | 000,013,312 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvsmu.sys -- (nvsmu)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.msn.de/
IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDB
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.msn.com/?ocid=OIE9MSE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.web.de/br/ie9_search_pic/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=g7gKnJ146bSK45SokCinsr_XZys?q={searchTerms}
IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.web.de/br/ie9_search_produkte/?su={searchTerms}
IE - HKCU\..\SearchScopes\{9C1D8DA1-666B-4CAF-93C2-39718B181765}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=BIE9SE&pc=BIE9&src=IE-SearchBox
IE - HKCU\..\SearchScopes\{BFB3FFD3-190C-40EA-9729-698973218AE0}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=0519FFCE-82FB-4E5A-9C6F-22A0331C94E8&apn_sauid=A859C00D-BBAD-46FE-B0F8-A652BE34E7EE&
IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.web.de/br/ie9_search_maps/?su={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.05.11 15:43:02 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (WEB.DE Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Google EULA Launcher] C:\Program Files\Google\Google EULA\GoogleEULALauncher.exe (Google)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found
O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found
O4 - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [svchospt] C:\Windows\System32\svchospt.exe (FK2)
O4 - HKLM..\Run: [TrojanScanner] C:\Program Files\Trojan Remover\Trjscan.exe (Simply Super Software)
O4 - HKLM..\Run: [UIExec] C:\Program Files\1&1 Surf-Stick\UIExec.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AFDAE815-7936-4E59-B037-A6198BF1F753] C:\Windows\System32\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [BrandClearStubs] C:\Windows\System32\iedkcs32.dll (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [NoIE4StubProcessing] C:\Windows\system32\reg.exe DELETE "HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" /v "NoIE4StubProcessing" /f File not found
O4 - HKCU..\RunOnce: [FlashPlayerUpdate] C:\Windows\System32\Macromed\Flash\FlashUtil10t_ActiveX.exe (Adobe Systems, Inc.)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in &Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7737549B-2E96-414E-81E3-C929F83A6D05}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img24.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.03 14:57:53 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2012.11.03 12:54:32 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer
[2012.11.01 14:30:38 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2012.11.01 14:30:08 | 000,000,000 | ---D | C] -- C:\Users\admin\Documents\Simply Super Software
[2012.11.01 14:30:08 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Simply Super Software
[2012.11.01 14:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover
[2012.11.01 14:30:03 | 000,605,968 | ---- | C] (Igor Pavlov) -- C:\Windows\System32\ztv7z.dll
[2012.11.01 14:29:53 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover
[2012.11.01 14:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software
[2012.11.01 14:29:20 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes
[2012.11.01 14:28:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.01 14:28:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.01 14:28:37 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.11.01 14:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.11.01 14:16:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.11.01 14:16:44 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.10.26 14:58:03 | 000,000,000 | ---D | C] -- C:\UserData
[2012.10.26 14:51:39 | 000,000,000 | ---D | C] -- C:\ProgramData\UUdb
[2012.10.26 06:52:57 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbser6k.sys
[2012.10.26 06:52:57 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbnmea.sys
[2012.10.26 06:52:57 | 000,105,088 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys
[2012.10.26 06:52:57 | 000,009,216 | ---- | C] (ZTE Incorporated) -- C:\Windows\System32\drivers\massfilter.sys
[2012.10.26 06:52:36 | 000,000,000 | ---D | C] -- C:\Windows\System32\SupportAppCB
[2012.10.26 06:52:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\1&1 Surf-Stick
[2012.10.26 06:52:30 | 000,000,000 | ---D | C] -- C:\Program Files\1&1 Surf-Stick
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.03 15:08:31 | 000,000,422 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{DE3EBD0E-CB14-49D8-B1A1-23ECC290FC2B}.job
[2012.11.03 14:50:50 | 000,160,125 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.11.03 14:50:50 | 000,160,125 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.11.03 14:46:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 14:46:30 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 14:46:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.03 14:45:46 | 1878,274,048 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.03 14:22:53 | 000,000,000 | ---- | M] () -- C:\Users\admin\defogger_reenable
[2012.11.03 12:54:38 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.11.01 14:30:04 | 000,000,940 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.11.01 14:28:44 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.01 14:16:45 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.26 14:50:43 | 000,001,817 | ---- | M] () -- C:\Users\admin\Desktop\Amazon.lnk
[2012.10.26 14:50:43 | 000,001,811 | ---- | M] () -- C:\Users\admin\Desktop\WEB.DE.lnk
[2012.10.26 14:50:43 | 000,001,809 | ---- | M] () -- C:\Users\admin\Desktop\eBay.lnk
[2012.10.26 06:52:46 | 000,001,543 | ---- | M] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.03 14:22:53 | 000,000,000 | ---- | C] () -- C:\Users\admin\defogger_reenable
[2012.11.03 12:54:38 | 000,000,971 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk
[2012.11.03 12:54:38 | 000,000,959 | ---- | C] () -- C:\Users\Public\Desktop\TeamViewer 7.lnk
[2012.11.01 14:30:04 | 000,000,940 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Remover.lnk
[2012.11.01 14:30:03 | 000,185,616 | ---- | C] () -- C:\Windows\System32\ztvunrar39.dll
[2012.11.01 14:30:03 | 000,169,744 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll
[2012.11.01 14:30:03 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll
[2012.11.01 14:30:03 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll
[2012.11.01 14:30:03 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll
[2012.11.01 14:28:44 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.11.01 14:16:45 | 000,000,808 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.10.26 06:52:35 | 000,001,543 | ---- | C] () -- C:\Users\Public\Desktop\1&1 Surf-Stick.lnk
[2012.04.01 19:27:29 | 000,000,660 | ---- | C] () -- C:\Windows\wiso.ini
[2011.10.09 11:42:35 | 000,124,416 | ---- | C] () -- C:\Windows\System32\dXCtrls.dll
[2011.10.09 11:42:34 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll
[2010.02.18 09:28:57 | 000,160,125 | ---- | C] () -- C:\ProgramData\nvModes.001
[2010.02.18 09:28:56 | 000,160,125 | ---- | C] () -- C:\ProgramData\nvModes.dat
 
========== ZeroAccess Check ==========
 
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.04.01 19:29:53 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Buhl Data Service
[2012.11.01 14:30:08 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\Simply Super Software
[2011.10.09 12:55:30 | 000,000,000 | ---D | M] -- C:\Users\admin\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

[/code]

Alt 03.11.2012, 19:56   #5
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
trojan.agent - svchospt.exe auf dem rechner - Standard

trojan.agent - svchospt.exe auf dem rechner



Zitat:
oder ist Format C: die schnellere Variante?
Kann man so pauschal nicht beantworten

Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte combofix.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!

Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie

Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
startest du Windows dann manuell neu und die Fehlermeldungen sollten nicht mehr auftauchen.

__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu trojan.agent - svchospt.exe auf dem rechner
action, anleitung, dateien, entferne, entfernen, essen, folge, folgende, gmer, hallo zusammen, malwarebytes, microsoft, rechner, software, sp2, svchospt.exe, system, system32, troja, trojan.agent, trojaner, version, verwendet, vista, windows, zusammen




Ähnliche Themen: trojan.agent - svchospt.exe auf dem rechner


  1. trojan.agent/Gen-frauder und trojan.agent/Gen-Reputation gefunden
    Log-Analyse und Auswertung - 02.11.2013 (10)
  2. WinXp Trojan.Agent/Gen-Reputation Stolen.Data Trojan.Agent/Gen-DunDun Win32/Spy.Banker.YPK trojan
    Log-Analyse und Auswertung - 29.10.2013 (7)
  3. Win.Trojan.Agent-228583, Win.Trojan.Expiro-1161 und Win.Trojan.Agent-232649
    Plagegeister aller Art und deren Bekämpfung - 13.03.2013 (8)
  4. svchospt.exe (Trojan.Agent) in C:\Windows.old\Windows\SysWOW64\svchospt.exe
    Plagegeister aller Art und deren Bekämpfung - 08.03.2013 (3)
  5. Trojan.Fakesmoke, Trojan.Agent-128337, Trojan.Agent-128287 bei Desinfect 2012 (Clam AV)
    Log-Analyse und Auswertung - 06.02.2013 (17)
  6. Trojaner gefunden: Win 32:Patcher [Trj], Win.Trojan.Agent-36124, Win.Trojan.Agent-44393
    Log-Analyse und Auswertung - 02.02.2013 (7)
  7. Trojan.Downloader, Trojan.Agent.VGENX, Trojan.Agent, PUP.Pantsoff.PasswordFinder, TR/spy.banker.gen5
    Log-Analyse und Auswertung - 27.10.2012 (1)
  8. Trojan.Apppatch,Trojan.Agent.BVXGen und Trojan.Midhos in C:\Users\inet-kid\AppData,TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.09.2012 (35)
  9. Trojan.Agent, Backdoor.Agent, Trojan.Banker > 10 Trojaner auf einem PC
    Log-Analyse und Auswertung - 22.07.2012 (0)
  10. Hilfe! Trojan.Small; Trojan.Sirefef; Rootkit.0Access; Trojan.Atraps.Gen2 auf meinem Rechner.
    Plagegeister aller Art und deren Bekämpfung - 29.06.2012 (11)
  11. EXP/CVE-2010-4452.F, Trojan.Agent.CK und Malware.Packer.Gen vom Rechner entfernen
    Plagegeister aller Art und deren Bekämpfung - 22.01.2012 (1)
  12. Trojan.Agent/Gen-BanLoad auf neu aufgespieltem Rechner
    Log-Analyse und Auswertung - 13.04.2011 (1)
  13. Trojan.Agent.ck und Adware.mirar auf dem Rechner
    Plagegeister aller Art und deren Bekämpfung - 27.08.2010 (11)
  14. Diverse Trojaner vom Typ Trojan.Rodecap, Trojan.Dropper und Trojan.Agent! Brauche dringend Hilfe!
    Log-Analyse und Auswertung - 09.08.2010 (16)
  15. TR/Agent.RUO.4 [trojan] auf dem rechner gefunden.
    Plagegeister aller Art und deren Bekämpfung - 08.04.2010 (11)
  16. tdssservers.dat (Trojan.Agent) gefunden und gelöscht - Rechner sauber?
    Plagegeister aller Art und deren Bekämpfung - 22.09.2008 (0)
  17. Trojan-Downloader.Win32.Agent variant auf meinem Rechner
    Plagegeister aller Art und deren Bekämpfung - 27.10.2007 (1)

Zum Thema trojan.agent - svchospt.exe auf dem rechner - Hallo Zusammen, auf einem Rechner mit Vista SP2 habe ich folgenden Trojaner: Trojaner.agent C:\Windows\System32\svchospt.exe (Trojan.Agent) -> 3012 -> No action taken. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|svchospt (Trojan.Agent) C:\Windows\System32\svchospt.exe (Trojan.Agent) -> No action taken. C:\Windows\System32\svchosptd.exe - trojan.agent - svchospt.exe auf dem rechner...
Archiv
Du betrachtest: trojan.agent - svchospt.exe auf dem rechner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.