| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Wie TR/Spy.Browse.A auf Windows XP SP3 entfernen?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.07.2010, 10:49
| #1 |
 |  Wie TR/Spy.Browse.A auf Windows XP SP3 entfernen? Hallo Helfer! Ich habe auf meinem Laptop den o. g. Trojaner. Ich habe schon ein bisschen rumgelesen und festgestellt, dass der auch schon andere Systeme angegriffen hat. Aus diesem Thread(s) habe ich auch gelesen, welche Schritte zu einer Vorabanalyse (Dank an Larusso) durchgeführt werden sollen. Hier sind die 4 Logfiles: Malwarebytes: Code:
ATTFilter Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Datenbank Version: 4332
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
20.07.2010 21:57:49
mbam-log-2010-07-20 (21-57-49).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 125757
Laufzeit: 11 Minute(n), 12 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 2
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d9301f87-82ed-47f5-82ab-498ef4dcb0f9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{d9301f87-82ed-47f5-82ab-498ef4dcb0f9} (Trojan.Vundo.H) -> Quarantined and deleted successfully.
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
C:\Dokumente und Einstellungen\Standard\Desktop\.url (Malware.Trace) -> Quarantined and deleted successfully.
Code:
ATTFilter GMER 1.0.15.15281 - hxxp://www.gmer.net
Rootkit scan 2010-07-20 22:09:03
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOKUME~1\Standard\LOKALE~1\Temp\afaoapoc.sys
---- Kernel code sections - GMER 1.0.15 ----
? bfuqimhh.sys Das System kann die angegebene Datei nicht finden. !
init C:\WINDOWS\system32\drivers\ALCXSENS.SYS entry point in "init" section [0xBA5D1900]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\WINDOWS\SOUNDMAN.EXE[296] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\SOUNDMAN.EXE[296] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\WINDOWS\SOUNDMAN.EXE[296] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\SOUNDMAN.EXE[296] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\SOUNDMAN.EXE[296] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\SOUNDMAN.EXE[296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\SOUNDMAN.EXE[296] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\SOUNDMAN.EXE[296] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\AGRSMMSG.exe[404] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\AGRSMMSG.exe[404] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\WINDOWS\AGRSMMSG.exe[404] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\AGRSMMSG.exe[404] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\AGRSMMSG.exe[404] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\AGRSMMSG.exe[404] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\AGRSMMSG.exe[404] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\AGRSMMSG.exe[404] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[1204] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[1204] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[1204] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[1204] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[1204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[1204] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[1204] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\hkcmd.exe[1204] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\QuickTime\qttask.exe[1244] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\QuickTime\qttask.exe[1244] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\Programme\QuickTime\qttask.exe[1244] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\QuickTime\qttask.exe[1244] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\QuickTime\qttask.exe[1244] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\QuickTime\qttask.exe[1244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\QuickTime\qttask.exe[1244] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\QuickTime\qttask.exe[1244] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Real\RealPlayer\RealPlay.exe[1372] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Real\RealPlayer\RealPlay.exe[1372] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Real\RealPlayer\RealPlay.exe[1372] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Real\RealPlayer\RealPlay.exe[1372] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Real\RealPlayer\RealPlay.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\Programme\Real\RealPlayer\RealPlay.exe[1372] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Real\RealPlayer\RealPlay.exe[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Real\RealPlayer\RealPlay.exe[1372] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Real\RealPlayer\RealPlay.exe[1372] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\Programme\Real\RealPlayer\RealPlay.exe[1372] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\PROGRA~1\LAUNCH~1\LManager.EXE[1416] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\PROGRA~1\LAUNCH~1\LManager.EXE[1416] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\PROGRA~1\LAUNCH~1\LManager.EXE[1416] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\PROGRA~1\LAUNCH~1\LManager.EXE[1416] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\PROGRA~1\LAUNCH~1\LManager.EXE[1416] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\PROGRA~1\LAUNCH~1\LManager.EXE[1416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\PROGRA~1\LAUNCH~1\LManager.EXE[1416] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\PROGRA~1\LAUNCH~1\LManager.EXE[1416] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Arcade\PCMService.exe[1468] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Arcade\PCMService.exe[1468] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Arcade\PCMService.exe[1468] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Arcade\PCMService.exe[1468] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\Programme\Arcade\PCMService.exe[1468] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Arcade\PCMService.exe[1468] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Arcade\PCMService.exe[1468] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Arcade\PCMService.exe[1468] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1564] @ C:\WINDOWS\Explorer.EXE [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1564] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1564] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1564] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1564] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1564] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1564] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1564] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E15605] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1564] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1564] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1564] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\WINDOWS\Explorer.EXE[1564] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxtray.exe[1712] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxtray.exe[1712] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxtray.exe[1712] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxtray.exe[1712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxtray.exe[1712] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxtray.exe[1712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxtray.exe[1712] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\igfxtray.exe[1712] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Java\j2re1.4.2_07\bin\jusched.exe[2140] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E15605] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\Programme\Java\j2re1.4.2_07\bin\jusched.exe[2140] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Java\j2re1.4.2_07\bin\jusched.exe[2140] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Java\j2re1.4.2_07\bin\jusched.exe[2140] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Java\j2re1.4.2_07\bin\jusched.exe[2140] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Java\j2re1.4.2_07\bin\jusched.exe[2140] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Java\j2re1.4.2_07\bin\jusched.exe[2140] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\avmwlanstick\FRITZWLANMini.exe[2232] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\avmwlanstick\FRITZWLANMini.exe[2232] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\avmwlanstick\FRITZWLANMini.exe[2232] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\avmwlanstick\FRITZWLANMini.exe[2232] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\Programme\avmwlanstick\FRITZWLANMini.exe[2232] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\avmwlanstick\FRITZWLANMini.exe[2232] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\avmwlanstick\FRITZWLANMini.exe[2232] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\avmwlanstick\FRITZWLANMini.exe[2232] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\avmwlanstick\FRITZWLANMini.exe[2232] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E15605] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\Dokumente und Einstellungen\Standard\Desktop\gmer.exe[2260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Dokumente und Einstellungen\Standard\Desktop\gmer.exe[2260] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Dokumente und Einstellungen\Standard\Desktop\gmer.exe[2260] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Dokumente und Einstellungen\Standard\Desktop\gmer.exe[2260] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Dokumente und Einstellungen\Standard\Desktop\gmer.exe[2260] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Dokumente und Einstellungen\Standard\Desktop\gmer.exe[2260] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Dokumente und Einstellungen\Standard\Desktop\gmer.exe[2260] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\Dokumente und Einstellungen\Standard\Desktop\gmer.exe[2260] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2312] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2312] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2312] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2312] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2312] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe[2312] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\HP\HP Software Update\HPWuSchd2.exe[2360] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\HP\HP Software Update\HPWuSchd2.exe[2360] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\Programme\HP\HP Software Update\HPWuSchd2.exe[2360] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\HP\HP Software Update\HPWuSchd2.exe[2360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\HP\HP Software Update\HPWuSchd2.exe[2360] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\HP\HP Software Update\HPWuSchd2.exe[2360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\HP\HP Software Update\HPWuSchd2.exe[2360] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\HP\HP Software Update\HPWuSchd2.exe[2360] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[2460] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[2460] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[2460] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[2460] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[2460] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[2460] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[2460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[2460] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[2460] @ C:\WINDOWS\system32\USERENV.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\WINDOWS\system32\ctfmon.exe[2460] @ C:\WINDOWS\system32\USERENV.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[2492] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[2492] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[2492] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[2492] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[2492] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[2492] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[2492] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[2492] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\Messenger\msmsgs.exe[2492] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E15605] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\STIHL\Bildschirmschoner\TaskTray.exe[2548] @ C:\WINDOWS\system32\user32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\STIHL\Bildschirmschoner\TaskTray.exe[2548] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\STIHL\Bildschirmschoner\TaskTray.exe[2548] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\STIHL\Bildschirmschoner\TaskTray.exe[2548] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\STIHL\Bildschirmschoner\TaskTray.exe[2548] @ C:\WINDOWS\system32\shell32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\STIHL\Bildschirmschoner\TaskTray.exe[2548] @ C:\WINDOWS\system32\shell32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\STIHL\Bildschirmschoner\TaskTray.exe[2548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\STIHL\Bildschirmschoner\TaskTray.exe[2548] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe[2584] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe[2584] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe[2584] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe[2584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] [7C884205] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe[2584] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe[2584] @ C:\WINDOWS\system32\SHELL32.dll [ADVAPI32.dll!CreateProcessAsUserW] [77E15600] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
IAT C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe[2584] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe[2584] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] [7C884200] C:\WINDOWS\system32\kernel32.dll (Client-DLL für Windows NT-Basis-API/Microsoft Corporation)
IAT C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe[2584] @ C:\WINDOWS\system32\WININET.dll [ADVAPI32.dll!CreateProcessAsUserA] [77E15605] C:\WINDOWS\system32\ADVAPI32.dll (Erweitertes Windows 32 Base-API/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
|
|
21.07.2010, 10:51
| #2 |
| |  Wie TR/Spy.Browse.A auf Windows XP SP3 entfernen? Und hier der Rest...
__________________OTL - Extra: Code:
ATTFilter OTL Extras logfile created on: 20.07.2010 22:16:41 - Run 1
OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Standard\Desktop\MFTools
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
495,00 Mb Total Physical Memory | 138,00 Mb Available Physical Memory | 28,00% Memory free
1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free
Paging file location(s): C:\pagefile.sys 744 1488 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 26,87 Gb Total Space | 2,48 Gb Free Space | 9,24% Space Free | Partition Type: FAT32
Drive D: | 9,01 Gb Total Space | 9,01 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: ACER-9EC38315D8
Current User Name: Standard
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLDial.exe:*:Enabled:AOL -- File not found
"C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe" = C:\Programme\Gemeinsame Dateien\aol\ACS\AOLacsd.exe:*:Enabled:AOL -- File not found
"C:\Programme\AOL 9.0\waol.exe" = C:\Programme\AOL 9.0\waol.exe:*:Enabled:AOL 9.0 -- File not found
"C:\Programme\Microsoft ActiveSync\wcescomm.exe" = C:\Programme\Microsoft ActiveSync\wcescomm.exe:*:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)
"C:\Programme\Microsoft ActiveSync\WCESMgr.exe" = C:\Programme\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application -- (Microsoft Corporation)
"C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Programme\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hposfx08.exe" = C:\Programme\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hposid01.exe" = C:\Programme\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe" = C:\Programme\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Programme\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Development Company, L.P.)
"C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- (Hewlett-Packard)
"C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe" = C:\Programme\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe -- ( )
"C:\Programme\HP\Digital Imaging\bin\hpoews01.exe" = C:\Programme\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Development Company, L.P.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0878E100-C0BB-41E8-B4C6-C486B61FDA7B}" = Canon PhotoRecord
"{09E4C6A0-AB81-4ADA-9163-DD7B724E0BB6}" = Janosch Vorschule
"{1A655D51-1423-48A3-B748-8F5A0BE294C8}" = Microsoft Visual J# .NET Redistributable Package 1.1
"{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = PhotoStitch
"{21E90952-11F1-4473-9D6C-2EE09BCB10C3}" = OpenOffice.org 2.0
"{2376813B-2E5A-4641-B7B3-A0D5ADB55229}" = HPPhotoSmartExpress
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = RemoteCapture Task 1.1
"{295C31E5-3F91-498E-9623-DA24D2FA2B6A}" = T-Online WLAN-Access Finder
"{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Internet Library
"{30BB4D60-81DB-11D5-BB77-00400536ABAC}" = OLYMPUS CAMEDIA Master 4.2
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{363790D2-DA98-41DD-9C9F-69FA36B169DE}" = PanoStandAlone
"{45B8A76B-57EC-4242-B019-066400CD8428}" = BufferChm
"{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = RAW Image Task 1.2
"{4C96958A-6562-4143-B820-FF4890D3B734}" = Camera Window DVC
"{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"{4EA684E9-5C81-4033-A696-3019EC57AC3A}" = HPProductAssistant
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePowerManagement
"{66910000-8B30-4973-A159-6371345AFFA5}" = WebReg
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{68763C27-235D-4165-A961-FDEA228CE504}" = AiOSoftwareNPI
"{6909F917-5499-482e-9AA1-FAD06A99F231}" = Toolbox
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142070}" = Java 2 Runtime Environment, SE v1.4.2_07
"{736C803C-DD3B-4015-BC51-AFB9E67B9076}" = Readme
"{7E7B7865-6C80-4373-8BC1-C2EB9431F9DE}" = ProductContextNPI
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{8331C3EA-0C91-43AA-A4D4-27221C631139}" = Status
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A4CE7FD-9657-4B06-9943-E1819F3D5D67}" = DocProc
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = MovieEdit Task
"{8CE4E6E9-9D55-43FB-9DDB-688C976BFC05}" = Unload
"{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Camera Window DS
"{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Camera Support Core Library
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{996512CF-F35B-48DE-9291-557FA5316967}" = ScannerCopy
"{9FC8D8F8-AF3A-4488-98AF-51C6DEC732F2}" = c3100_Help
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{B991B020-2968-11D8-AF23-444553540000}_is1" = FreeMind
"{BB85ED9C-AFC9-43BD-B8DC-258C3C7DF72E}" = HP Software Update
"{BDBE2F3E-42DB-4d4a-8CB1-19BA765DBC6C}" = HP Photosmart, Officejet and Deskjet 7.0.A
"{C1D76D7A-F3BB-47EA-A746-5B1E2FFC1DF2}" = Canon ZoomBrowser EX
"{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker
"{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Camera Window MC
"{C7F54CF8-D6FB-4E0A-93A3-E68AE0D6C476}" = SolutionCenter
"{C8753E28-2680-49BF-BD48-DD38FD086EFE}" = AiO_Scan_CDA
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{DBC20735-34E6-4E97-A9E5-2066B66B243D}" = TrayApp
"{E1B80DEE-A795-4258-8445-074C06AE3AB8}" = MarketResearch
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EB8C9964-09AC-48bf-8B98-027609C78251}" = C3100
"{F157460F-720E-482f-8625-AD7843891E5F}" = InstantShareDevicesMFC
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" =
"{F3760724-B29D-465B-BC53-E5D72095BCC4}" = Scan
"{F6076EF9-08E1-442F-B6A2-BFB61B295A14}" = Fax_CDA
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FB15E224-67C3-491F-9F5C-F257BC418412}" = Destinations
"{FBB980B0-63F8-4B48-8D65-90F1D9F81D9F}" = NewCopy_CDA
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AntiVir PersonalEdition Classic" = Avira AntiVir Personal - Free Antivirus
"ERUNT_is1" = ERUNT 1.1j
"Home Photo Service Light" = Home Photo Service Light
"HP Imaging Device Functions" = HP Imaging Device Functions 7.0
"HP PrecisionScan LTX" = HP PrecisionScan LTX
"HP Solution Center & Imaging Support Tools" = HP Solution Center 7.0
"HPExtendedCapabilities" = HP Customer Participation Program 7.0
"HPOCR" = OCR Software by I.R.I.S 7.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{218BBBE3-FE63-4BB2-81A8-7435575A84FA}" = Canon Utilities PhotoStitch 3.1
"InstallShield_{28291BD5-92D2-4685-82DC-CCA925C53CCA}" = Canon RemoteCapture Task for ZoomBrowser EX
"InstallShield_{2F81FBFC-9A37-431F-9050-14B55485DF5A}" = Canon Internet Library for ZoomBrowser EX
"InstallShield_{45EF4EE3-F591-4B74-A477-0CAE12934CE7}" = Canon RAW Image Task for ZoomBrowser EX
"InstallShield_{4C96958A-6562-4143-B820-FF4890D3B734}" = Canon Camera Window DVC for ZoomBrowser EX
"InstallShield_{4E68EAA3-775A-4542-A08A-47DB8E8E74A6}" = NTI Backup NOW! 3
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"InstallShield_{8AF1E098-1A5C-4336-BBE2-D047ABB401ED}" = Canon MovieEdit Task for ZoomBrowser EX
"InstallShield_{91203BD3-6C3E-472F-ADBD-F60FDC7C4010}" = Canon Camera Window DS for ZoomBrowser EX
"InstallShield_{91F1A0D6-23AD-49FE-8D4E-379485652214}" = Canon Camera Support Core Library
"InstallShield_{C438B7C4-B4F8-49C5-A4DF-FF6F1F242778}" = NTI CD & DVD-Maker Gold
"InstallShield_{C7281207-4AA4-425E-B57A-0E9EF8445635}" = Canon Camera Window for ZoomBrowser EX
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)
"Nero - Burning Rom!UninstallKey" = Ahead Nero Burning ROM
"NeroVision!UninstallKey" = Ahead NeroVision Express
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMIX!UninstallKey" = Ahead NeroMIX
"QuickTime" = QuickTime
"RealPlayer 6.0" = RealPlayer Basic
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows CE Services" = Microsoft ActiveSync 3.8
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 31.03.2010 16:00:05 | Computer Name = ACER-9EC38315D8 | Source = Avira AntiVir | ID = 4118
Description =
Error - 11.04.2010 15:29:48 | Computer Name = ACER-9EC38315D8 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20071.816, fehlgeschlagenes
Modul xpcom_core.dll, Version 1.8.20071.816, Fehleradresse 0x0003fc4e.
Error - 11.04.2010 15:30:11 | Computer Name = ACER-9EC38315D8 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20071.816, fehlgeschlagenes
Modul xpcom_core.dll, Version 1.8.20071.816, Fehleradresse 0x0003fc4e.
Error - 12.04.2010 06:36:10 | Computer Name = ACER-9EC38315D8 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20071.816, fehlgeschlagenes
Modul xpcom_core.dll, Version 1.8.20071.816, Fehleradresse 0x0003fc4e.
Error - 12.04.2010 06:41:13 | Computer Name = ACER-9EC38315D8 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung firefox.exe, Version 1.8.20071.816, fehlgeschlagenes
Modul xpcom_core.dll, Version 1.8.20071.816, Fehleradresse 0x0003fc4e.
Error - 06.07.2010 03:35:44 | Computer Name = ACER-9EC38315D8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung firefox.exe, Version 1.9.2.3814, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 06.07.2010 16:52:08 | Computer Name = ACER-9EC38315D8 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung explorer.exe, Version 6.0.2900.5512, fehlgeschlagenes
Modul shlwapi.dll, Version 6.0.2900.5912, Fehleradresse 0x000592d7.
Error - 11.07.2010 15:35:25 | Computer Name = ACER-9EC38315D8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 18.07.2010 16:38:27 | Computer Name = ACER-9EC38315D8 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pushinst.exe, Version 0.0.0.0, fehlgeschlagenes
Modul pushinst.exe, Version 0.0.0.0, Fehleradresse 0x00004091.
Error - 20.07.2010 15:13:10 | Computer Name = ACER-9EC38315D8 | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung Load.exe, Version 3.3.6.1, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
[ System Events ]
Error - 20.07.2010 15:24:23 | Computer Name = ACER-9EC38315D8 | Source = Service Control Manager | ID = 7034
Description = Dienst "AntiVir PersonalEdition Classic Planer" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 20.07.2010 15:24:24 | Computer Name = ACER-9EC38315D8 | Source = Service Control Manager | ID = 7034
Description = Dienst "AntiVir PersonalEdition Classic Guard" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 20.07.2010 15:24:24 | Computer Name = ACER-9EC38315D8 | Source = Service Control Manager | ID = 7034
Description = Dienst "T-Online WLAN Adapter Steuerungsdienst" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
Error - 20.07.2010 16:00:27 | Computer Name = ACER-9EC38315D8 | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
IntelIde
< End of report >
Code:
ATTFilter OTL logfile created on: 20.07.2010 22:16:41 - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Dokumente und Einstellungen\Standard\Desktop\MFTools Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 495,00 Mb Total Physical Memory | 138,00 Mb Available Physical Memory | 28,00% Memory free 1,00 Gb Paging File | 1,00 Gb Available in Paging File | 71,00% Paging File free Paging file location(s): C:\pagefile.sys 744 1488 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 26,87 Gb Total Space | 2,48 Gb Free Space | 9,24% Space Free | Partition Type: FAT32 Drive D: | 9,01 Gb Total Space | 9,01 Gb Free Space | 99,99% Space Free | Partition Type: FAT32 E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ACER-9EC38315D8 Current User Name: Standard Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 90 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2010.07.20 21:17:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Standard\Desktop\MFTools\OTL.exe PRC - [2008.10.31 19:52:24 | 000,068,865 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe PRC - [2008.10.31 19:52:14 | 000,151,297 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe PRC - [2008.07.21 20:48:46 | 000,266,497 | ---- | M] (Avira GmbH) -- C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe PRC - [2008.04.14 04:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.04 22:00:08 | 000,647,220 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe PRC - [2006.10.04 21:51:16 | 000,442,433 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MWLaMaS.exe PRC - [2006.10.04 21:36:26 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe PRC - [2006.06.23 11:24:12 | 000,343,552 | ---- | M] (AVM Berlin GmbH) -- C:\Programme\avmwlanstick\FRITZWLanMini.exe PRC - [2006.02.24 17:28:22 | 002,478,080 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.0\program\soffice.bin PRC - [2006.02.24 17:28:20 | 002,334,720 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 2.0\program\soffice.exe PRC - [2005.01.15 12:24:18 | 000,032,881 | ---- | M] () -- C:\Programme\Java\j2re1.4.2_07\bin\jusched.exe PRC - [2005.01.04 12:27:00 | 000,405,583 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft ActiveSync\wcescomm.exe PRC - [2004.11.19 14:05:40 | 000,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\realplay.exe PRC - [2004.10.01 16:46:02 | 000,262,144 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\LManager.EXE PRC - [2004.08.27 16:50:06 | 000,081,920 | ---- | M] (CyberLink Corp.) -- C:\Programme\Arcade\PCMService.exe PRC - [2004.07.27 17:01:36 | 000,068,096 | ---- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE PRC - [2003.02.26 12:22:12 | 000,318,976 | ---- | M] (silkmoth plc) -- C:\STIHL\Bildschirmschoner\TaskTray.exe ========== Modules (SafeList) ========== MOD - [2010.07.20 21:17:50 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Standard\Desktop\MFTools\OTL.exe MOD - [2010.07.15 21:56:00 | 000,046,592 | ---- | M] () -- C:\WINDOWS\system32\rdsacont.dll MOD - [2008.04.14 04:22:14 | 001,028,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll MOD - [2008.04.14 04:22:12 | 000,020,992 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\hid.dll MOD - [2008.04.14 04:21:06 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx MOD - [2004.08.27 16:42:36 | 000,049,152 | ---- | M] (CyberLink Corp.) -- C:\Programme\CyberLink\Shared Files\CLRCEngine.dll MOD - [2004.08.04 05:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt) SRV - File not found [Auto | Stopped] -- C:\Acer\eManager\anbmServ.exe -- (anbmService) SRV - [2008.10.31 19:52:24 | 000,068,865 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler) SRV - [2008.10.31 19:52:14 | 000,151,297 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService) SRV - [2007.08.09 09:27:52 | 000,073,728 | ---- | M] (HP) [Auto | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) SRV - [2006.10.04 21:36:26 | 000,061,440 | ---- | M] (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MZCCntrl.exe -- (MZCCntrl) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\wanatw4.sys -- (wanatw) WAN Miniport (ATW) DRV - [2009.05.31 20:25:22 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt) DRV - [2009.05.31 20:25:14 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Programme\AntiVir PersonalEdition Classic\avgio.sys -- (avgio) DRV - [2008.04.13 20:53:10 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm) DRV - [2006.10.04 09:14:26 | 000,017,280 | ---- | M] (Marmiko IT-Solutions GmbH) [Kernel | On_Demand | Running] -- C:\Programme\Gemeinsame Dateien\Marmiko Shared\MAcNdis5.sys -- (MACNDIS5) DRV - [2006.04.06 01:00:00 | 000,264,704 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2004.11.19 14:05:44 | 000,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM) DRV - [2004.10.07 16:47:40 | 000,006,912 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr) DRV - [2004.09.20 17:37:24 | 000,010,363 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio) DRV - [2004.09.02 17:27:00 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd) DRV - [2004.08.09 14:27:18 | 000,070,144 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp) DRV - [2004.08.07 18:51:04 | 003,210,496 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel(R) DRV - [2004.08.02 21:09:18 | 000,635,281 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM) DRV - [2004.07.22 14:50:16 | 001,268,234 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2004.07.19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd) DRV - [2004.06.16 11:19:58 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA) DRV - [2004.06.01 11:50:50 | 000,004,054 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm) DRV - [2004.03.29 17:23:42 | 000,140,288 | ---- | M] (Inprocomm, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\i2220ntx.sys -- (IPN2220) DRV - [2004.02.24 11:08:52 | 000,400,384 | ---- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS) DRV - [2003.12.05 18:46:36 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc) DRV - [2003.10.08 11:11:26 | 000,033,847 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wA301a.sys -- ({E2B953A6-195A-44F9-9BA3-3D5F4E32BB55}) DRV - [2003.09.14 15:27:50 | 000,018,838 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.04.16 21:11:06 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2007.01.20 16:19:50 | 000,000,000 | ---D | M] [2009.02.21 22:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Extensions [2007.01.20 16:20:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Mozilla\Firefox\Profiles\jao6wyku.default\extensions [2010.04.16 21:11:06 | 000,000,000 | ---D | M] -- C:\Programme\Mozilla Firefox\extensions [2010.04.01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.04.01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.04.01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.04.01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.04.01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Programme\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Programme\avmwlanstick\FRITZWLanMini.exe (AVM Berlin GmbH) O4 - HKLM..\Run: [EPM-DM] C:\Acer\ePM\EPM-DM.exe File not found O4 - HKLM..\Run: [ePowerManagement] C:\Acer\ePM\ePM.exe File not found O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.EXE (Dritek System Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh) O4 - HKLM..\Run: [PCMService] C:\Programme\Arcade\PCMService.exe (CyberLink Corp.) O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [RealTray] C:\Programme\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Java\j2re1.4.2_07\bin\jusched.exe () O4 - HKCU..\Run: [H/PC Connection Agent] C:\Programme\Microsoft ActiveSync\WCESCOMM.EXE (Microsoft Corporation) O4 - HKCU..\Run: ['STIHL Bildschirmschoner' ] c:\STIHL\Bildschirmschoner\TaskTray.exe (silkmoth plc) O4 - HKCU..\Run: [T-Online_Software_6\WLAN-Access Finder] C:\Programme\T-Online\WLAN-Access Finder\ToWLaAcF.exe (Deutsche Telekom AG, Marmiko IT-Solutions GmbH) O4 - Startup: C:\Dokumente und Einstellungen\Standard\Startmenü\Programme\Autostart\OpenOffice.org 2.0.lnk = C:\Programme\OpenOffice.org 2.0\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found O9 - Extra Button: Mobilen Favoriten erstellen - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Programme\Microsoft ActiveSync\inetrepl.dll (Microsoft Corporation) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mctp {d7b95390-b1c5-11d0-b111-0080c712fe82} - C:\Programme\Microsoft ActiveSync\aatp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Standard\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Standard\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004.10.07 16:31:32 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O33 - MountPoints2\{2efdcbf0-ce4d-11db-bc62-00023f0eb916}\Shell - "" = AutoRun O33 - MountPoints2\{2efdcbf0-ce4d-11db-bc62-00023f0eb916}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{2efdcbf0-ce4d-11db-bc62-00023f0eb916}\Shell\AutoRun\command - "" = G:\pushinst.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O36 - AppCertDlls: gdipm12 - (C:\WINDOWS\system32\rdsacont.dll) - C:\WINDOWS\system32\rdsacont.dll () O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: 6to4 - File not found NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found NetSvcs: Ias - File not found NetSvcs: Iprip - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point (15776209447157760) ========== Files/Folders - Created Within 90 Days ========== [2010.07.20 21:43:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT [2010.07.20 21:42:42 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT [2010.07.20 21:23:29 | 000,000,000 | ---D | C] -- C:\Programme\7-Zip [2010.07.20 21:22:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Malwarebytes [2010.07.20 21:22:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.07.20 21:22:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes [2010.07.20 21:22:01 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010.07.20 21:22:01 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2010.07.20 21:14:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Standard\Desktop\MFTools [2010.07.08 22:48:26 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Standard\Eigene Dateien\Downloads [2010.07.06 22:44:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Standard\Desktop\DarkShot ========== Files - Modified Within 90 Days ========== [2010.07.20 22:12:52 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010.07.20 22:12:12 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010.07.20 22:12:08 | 519,622,656 | -HS- | M] () -- C:\hiberfil.sys [2010.07.20 22:12:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010.07.20 22:11:14 | 004,980,736 | -H-- | M] () -- C:\Dokumente und Einstellungen\Standard\NTUSER.DAT [2010.07.20 22:11:14 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\Standard\ntuser.ini [2010.07.20 21:42:44 | 000,000,499 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\Desktop\NTREGOPT.lnk [2010.07.20 21:42:44 | 000,000,480 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\Desktop\ERUNT.lnk [2010.07.20 21:22:14 | 000,000,584 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.20 21:14:42 | 000,284,915 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\Desktop\Gmer.zip [2010.07.20 21:12:08 | 000,410,680 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\Desktop\Load.exe [2010.07.15 21:56:00 | 000,046,592 | ---- | M] () -- C:\WINDOWS\System32\rdsacont.dll [2010.07.07 22:36:32 | 000,799,059 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\Eigene Dateien\einladung b.odt [2010.06.14 15:18:50 | 000,173,872 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010.06.13 21:49:16 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010.05.27 22:01:18 | 000,036,592 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT [2010.05.05 19:20:14 | 000,010,387 | ---- | M] () -- C:\Dokumente und Einstellungen\Standard\Eigene Dateien\Elternkasse.ods [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys ========== Files Created - No Company Name ========== [2010.07.20 22:02:35 | 000,293,376 | ---- | C] () -- C:\Dokumente und Einstellungen\Standard\Desktop\gmer.exe [2010.07.20 21:42:42 | 000,000,499 | ---- | C] () -- C:\Dokumente und Einstellungen\Standard\Desktop\NTREGOPT.lnk [2010.07.20 21:42:42 | 000,000,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Standard\Desktop\ERUNT.lnk [2010.07.20 21:22:13 | 000,000,584 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010.07.20 21:14:35 | 000,284,915 | ---- | C] () -- C:\Dokumente und Einstellungen\Standard\Desktop\Gmer.zip [2010.07.20 21:11:58 | 000,410,680 | ---- | C] () -- C:\Dokumente und Einstellungen\Standard\Desktop\Load.exe [2010.07.15 21:55:58 | 000,046,592 | ---- | C] () -- C:\WINDOWS\System32\rdsacont.dll [2010.07.06 23:00:29 | 000,799,059 | ---- | C] () -- C:\Dokumente und Einstellungen\Standard\Eigene Dateien\einladung b.odt [2007.10.17 09:55:15 | 000,077,824 | R--- | C] () -- C:\WINDOWS\System32\HPZIDS01.dll [2007.02.08 18:46:24 | 000,000,211 | ---- | C] () -- C:\WINDOWS\uno.ini [2007.02.08 18:46:08 | 000,109,568 | ---- | C] () -- C:\WINDOWS\vos364mi.dll [2007.02.08 18:46:07 | 000,287,744 | ---- | C] () -- C:\WINDOWS\uno364mi.dll [2007.02.08 18:46:07 | 000,091,648 | ---- | C] () -- C:\WINDOWS\osl364mi.dll [2006.12.29 13:07:28 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI [2006.08.31 21:39:19 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD-Start.INI [2006.07.28 16:20:14 | 000,306,688 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll [2006.07.28 16:20:14 | 000,095,232 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll [2006.02.12 19:52:10 | 000,000,093 | ---- | C] () -- C:\WINDOWS\'STIHL Bildschirmschoner'.ini [2006.02.12 19:52:10 | 000,000,055 | ---- | C] () -- C:\WINDOWS\FSaver.ini [2006.01.31 21:25:23 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini [2006.01.31 20:50:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OpPrintServer.INI [2005.01.08 23:22:35 | 000,004,500 | ---- | C] () -- C:\WINDOWS\System32\FILTRCOI.DLL [2004.10.07 17:48:29 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2004.10.07 16:50:44 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini [2004.10.07 16:50:43 | 000,000,336 | ---- | C] () -- C:\WINDOWS\uninstall.ini [2004.10.07 16:47:39 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\ntiembed.dll [2004.10.07 16:47:07 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll [2004.10.07 16:47:07 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK32.dll [2004.10.07 16:41:33 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini [2004.10.07 16:41:31 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll [2004.10.07 16:36:43 | 000,037,684 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2004.10.07 16:27:19 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2001.12.26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll [2001.09.03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll [2001.07.30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll [2001.07.23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll [2001.07.07 03:00:00 | 000,003,254 | ---- | C] () -- C:\WINDOWS\System32\HPTCPMON.INI [1980.01.01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI [1980.01.01 00:00:00 | 000,000,095 | ---- | C] () -- C:\WINDOWS\ALAUNCH.INI ========== LOP Check ========== [2004.11.19 14:06:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Viewpoint [2005.02.10 04:52:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\OLYMPUS [2007.02.08 18:45:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\T-Online [2007.05.20 19:56:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AntiVir PersonalEdition Classic [2007.02.08 18:46:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\T-Online [2007.10.17 10:07:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\Image Zone Express [2010.04.16 20:38:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Standard\Anwendungsdaten\MSNInstaller ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*.* > [2004.10.07 16:07:22 | 000,000,067 | RHS- | M] () -- C:\PRELOAD.AAA [2010.07.20 22:12:06 | 780,140,544 | -HS- | M] () -- C:\pagefile.sys [2008.12.10 19:44:42 | 000,000,000 | -H-- | M] () -- C:\BOOTLOG.TXT [2004.10.07 16:10:46 | 000,000,512 | -HS- | M] () -- C:\BOOTSECT.DOS [2004.08.04 05:00:00 | 000,004,952 | RHS- | M] () -- C:\bootfont.bin [2008.10.11 21:05:48 | 000,251,712 | RHS- | M] () -- C:\ntldr [2004.08.04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM [2005.01.08 23:19:40 | 000,000,194 | RHS- | M] () -- C:\BOOT.INI [2004.10.07 16:31:32 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS [2004.10.07 16:31:32 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT [2004.10.07 16:31:32 | 000,000,000 | RHS- | M] () -- C:\IO.SYS [2004.10.07 16:31:32 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS [2004.11.19 14:06:10 | 000,000,783 | -H-- | M] () -- C:\IPH.PH [2010.07.20 22:12:08 | 519,622,656 | -HS- | M] () -- C:\hiberfil.sys [2009.06.22 13:37:00 | 000,000,000 | ---- | M] () -- C:\Log.txt [2005.01.08 23:20:34 | 000,000,090 | ---- | M] () -- C:\setup.log [2010.04.17 21:49:06 | 000,000,161 | ---- | M] () -- C:\TO_InstallLog.txt < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < %systemroot%\Tasks\*.job /lockedfiles > < %systemroot%\System32\config\*.sav > [2004.10.07 16:21:16 | 000,421,888 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav [2004.10.07 16:21:16 | 000,638,976 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav [2004.10.07 16:21:16 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav < %systemroot%\system32\drivers\*.sys /90 > [2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbam.sys [2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys < %systemroot%\system32\user32.dll /md5 > [2008.04.14 04:22:32 | 000,580,096 | ---- | M] (Microsoft Corporation) MD5=B0050CC5340E3A0760DD8B417FF7AEBD -- C:\WINDOWS\system32\user32.dll < %systemroot%\system32\ws2_32.dll /md5 > [2008.04.14 04:22:32 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=6A35E2D6F5F052C84EC2CEB296389439 -- C:\WINDOWS\system32\ws2_32.dll < %systemroot%\system32\ws2help.dll /md5 > [2008.04.14 04:22:32 | 000,019,968 | ---- | M] (Microsoft Corporation) MD5=C7D8A0517CBF16B84F657DE87EBE9D4B -- C:\WINDOWS\system32\ws2help.dll < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU > < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs > HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-07-15 19:34:41 < End of report > Viele Grüße, Michl |
|
21.07.2010, 16:37
| #3 |
| | Wie TR/Spy.Browse.A auf Windows XP SP3 entfernen? Nochmal nach vorne...
__________________ |
|
22.07.2010, 13:26
| #4 |
| | Wie TR/Spy.Browse.A auf Windows XP SP3 entfernen? ich komme echt nicht weiter...  Kann mir wirklich niemand helfen??? *verzweifelt schau* |
|
| Themen zu Wie TR/Spy.Browse.A auf Windows XP SP3 entfernen? |
| .dll, antivir, avg, bildschirmschoner, browser, dateien, desktop, einstellungen, entfernen, explorer, explorer.exe, festgestellt, helper, jusched.exe, launch, logfiles, messenger, microsoft, programme, realplay.exe, realplayer, shell32.dll, software, sp3, stick, temp, windows, windows xp |
Linear-Darstellung
