| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: ieframe.dll acr_errorWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.02.2011, 17:00
| #1 |
 |  ieframe.dll acr_error hallo. ich habe mir heut dummerweise auf einer forenseite irgendwas eingefangen. Die hab ich öfter besucht, aber nie war etwas. Google hat zwar vorher gewarnt aber ich hab mir nix bei gedacht. mein Virenprogramm hat nix gemeldet, der Internet Explorer reagierte nicht mehr, als ich ihn nochmal gestartet habe, kam oben in der adressleiste res://ieframe.dll.acr_error und dahinter die startseite. und eine meldung kommt "EIn Problem mit der Website hat bewirkt das die Registerkarte wiederherrgestellt wurde" wenn ich den IE ohne add-ons ausführe gehen nur sehr einfache seiten wie selbsterstellte foren oder so, google, youtube, gmx usw. gehen z.b. nicht.(habe Windows XP) Alle Programme die sich mit dem Internet verbinden gehen nicht, sie öffnen sich für einen bruchteil einer sekunde und schliessen sich dann einfach, ohne fehlermeldung. ICQ, Skype, Windows Live Messenger, softonic-downloader... MMO's gehen noch teilweise. Mit Firefox/Opera komm ich ohne probleme ins Internet. auf den IE kann ich verzichten, aber halt nicht auf die oben genannten dinge. Ich hab schon deeinstalliert/neuinstalliert den IE7, IE8 ausprobiert, hat nix gebracht. ich hab gerade einen Vollscan von Anti-Malware zu laufen, dauert warscheinlich noch. hilfe wäre nicht schlecht, bin ein ziemlicher narr was computer angeht hab 2 Scans mit Malwarebytes jetzt gemacht Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5892
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27.02.2011 14:42:51
mbam-log-2011-02-27 (14-42-48).txt
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 143121
Laufzeit: 12 Minute(n), 22 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5892
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
27.02.2011 17:47:36
mbam-log-2011-02-27 (17-47-36).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 337993
Laufzeit: 2 Stunde(n), 43 Minute(n), 59 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
28.02.2011, 14:31
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | ieframe.dll acr_error Systemscan mit OTL
__________________Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
__________________ |
|
28.02.2011, 18:11
| #3 |
| | ieframe.dll acr_error OTL.txt
__________________Code:
ATTFilter OTL logfile created on: 28.02.2011 17:51:20 - Run 2 OTL by OldTimer - Version 3.2.22.2 Folder = C:\Dokumente und Einstellungen\Mirau\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free 4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 130,59 Gb Total Space | 21,66 Gb Free Space | 16,59% Space Free | Partition Type: NTFS Drive D: | 102,27 Gb Total Space | 18,87 Gb Free Space | 18,45% Space Free | Partition Type: NTFS Drive E: | 7,72 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: MIRAU-1 | User Name: Mirau | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Mirau\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe () PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO) PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) PRC - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.) PRC - C:\Programme\Ahead\InCD\InCDsrv.exe (Ahead Software AG) ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Mirau\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation) MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.) MOD - C:\Programme\Logitech\SetPoint\GameHook.dll (Logitech, Inc.) ========== Win32 Services (SafeList) ========== SRV - (McComponentHostService) -- File not found SRV - (ICQ Service) -- File not found SRV - (AppMgmt) -- File not found SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.) SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.) SRV - (Fabs) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (wlidsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware) SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll () SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation) SRV - (InCDsrvR) InCD Helper (read only) -- C:\Programme\Ahead\InCD\InCDsrv.exe (Ahead Software AG) ========== Driver Services (SafeList) ========== DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab) DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO) DRV - (kl1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys () DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab) DRV - (NdisWan) -- C:\WINDOWS\system32\drivers\ndiswan.sys () DRV - (irda) -- C:\WINDOWS\system32\drivers\irda.sys () DRV - (FltMgr) -- C:\WINDOWS\system32\drivers\fltmgr.sys () DRV - (MRxDAV) -- C:\WINDOWS\system32\drivers\mrxdav.sys () DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation ) DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.) DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.) DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.) DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.) DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Ahead Software AG) DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Ahead Software AG) DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Ahead Software AG) DRV - (GVCplDrv) -- C:\WINDOWS\System32\drivers\GVCplDrv.sys () DRV - (cdrmkaun) -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Temp\cdrmkaun.sys () DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 A5 00 6E 51 C5 CB 01 [binary data] IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556 FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7 FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=" FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.29 15:33:50 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.20 18:41:27 | 000,000,000 | ---D | M] [2010.07.26 23:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Extensions [2009.09.14 12:28:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\extensions [2009.09.14 12:28:51 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2011.02.26 21:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\extensions [2011.01.10 20:14:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.12.19 23:12:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2010.09.23 21:15:45 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.02.17 19:23:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2011.01.23 18:52:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7} [2011.02.25 19:33:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\searchplugins\icqplugin-1.xml [2011.01.10 19:28:23 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\searchplugins\icqplugin.xml [2011.02.26 21:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2010.10.23 19:01:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.18 16:09:10 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru [2010.12.18 16:09:08 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru [2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH) O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - File not found O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - File not found O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.) O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO) O4 - HKLM..\Run: [ICQ Lite] File not found O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [KernelFaultCheck] File not found O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [SpyHunter Security Suite] File not found O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_17_Download-Version\Trayserver.exe (MAGIX AG) O4 - HKCU..\Run: [ICQ] File not found O4 - HKCU..\Run: [igndlm.exe] C:\Programme\Download Manager\DLM.exe (IGN Entertainment) O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [RGSC] D:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk = File not found O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\Mirau\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm () O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229420646859 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.78.160.2 80.78.162.2 O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL () O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) - File not found O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~3\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO) O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~3\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.12.15 17:37:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.12.15 11:38:53 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2010.03.23 16:07:00 | 000,152,968 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ] O32 - AutoRun File - [2010.03.15 17:17:45 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ] O33 - MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\Shell - "" = AutoRun O33 - MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010.03.23 16:07:00 | 000,152,968 | R--- | M] (Take-Two Interactive Software, Inc.) O34 - HKLM BootExecute: (autocheck autochk /k:CDEFGHIJK *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.02.28 17:49:17 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mirau\Desktop\OTL.exe [2011.02.27 17:09:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\SecondLife [2011.02.27 17:09:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\SecondLife [2011.02.27 16:05:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Second Life Viewer 2 [2011.02.27 16:04:44 | 000,000,000 | ---D | C] -- C:\Programme\SecondLifeViewer2 [2011.02.27 13:54:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2011.02.19 23:30:14 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll [2011.02.19 23:26:20 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll [2011.02.19 23:26:20 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax [2011.02.19 23:26:20 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax [2011.02.19 23:26:20 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax [2011.02.19 23:26:20 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll [2011.02.19 23:26:20 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax [2011.02.19 23:26:20 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax [2011.02.19 23:26:20 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax [2011.02.19 23:26:20 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax [2011.02.19 23:26:20 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax [2011.02.19 23:26:20 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax [2011.02.19 23:26:20 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll [2011.02.19 23:26:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SUPER © v2011.build.46 (Feb 12, 2011) [2011.02.19 23:20:23 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft [2011.02.06 15:33:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData [2011.01.30 22:33:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Startmenü\Programme\Fraps [2011.01.30 22:24:40 | 000,000,000 | ---D | C] -- C:\Programme\Game Cam XPress [2011.01.30 22:24:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Startmenü\Programme\Game Cam XPress [2011.01.30 22:11:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\gctmp [2011.01.30 22:11:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\Xenocode [2011.01.30 22:11:22 | 000,000,000 | ---D | C] -- C:\Programme\myGamersCam [2011.01.30 22:11:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Startmenü\Programme\myGamersCam [2011.01.30 22:02:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\WeGame [2011.01.30 22:02:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WeGame [2011.01.30 22:01:56 | 000,488,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Ltkrn15u.dll [2011.01.30 22:01:56 | 000,390,496 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Lfcmp15u.dll [2011.01.30 22:01:56 | 000,185,688 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Ltfil15u.dll [2011.01.30 22:01:56 | 000,000,000 | ---D | C] -- C:\Programme\WeGame [2011.01.30 22:01:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\WeGame [2011.01.30 21:57:09 | 000,000,000 | ---D | C] -- C:\Fraps [2011.01.30 21:40:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CamStudio [2011.01.30 21:40:54 | 000,000,000 | ---D | C] -- C:\Programme\CamStudio [2010.06.02 05:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll [2010.01.30 18:36:34 | 000,563,872 | ---- | C] (Google Inc.) -- C:\Programme\GoogleEarthSetup.exe [2009.12.19 12:57:55 | 074,326,512 | ---- | C] (Kaspersky Lab) -- C:\Programme\kis9.0.0.736deDACH.exe [2009.05.26 15:40:18 | 020,617,000 | ---- | C] (Skype Technologies S.A.) -- C:\Programme\SkypeSetupFull.exe [2008.12.18 20:28:37 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll [2008.12.16 18:13:04 | 068,756,776 | ---- | C] (Apple Inc.) -- C:\Programme\iTunesSetup.exe [7 D:\Beate\Eigene Dateien\*.tmp files -> D:\Beate\Eigene Dateien\*.tmp -> ] [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.02.28 17:48:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mirau\Desktop\OTL.exe [2011.02.28 17:38:06 | 000,236,041 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml [2011.02.28 17:38:01 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2011.02.28 17:38:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job [2011.02.28 17:35:48 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.02.28 17:35:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.02.27 20:32:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2011.02.27 14:26:18 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.27 14:02:51 | 000,462,664 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.02.27 14:02:51 | 000,444,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.02.27 14:02:51 | 000,085,684 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.02.27 14:02:51 | 000,072,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.02.27 13:56:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2011.02.26 15:15:14 | 000,170,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.25 21:30:58 | 000,001,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\Trillian.lnk [2011.02.24 19:33:50 | 000,088,232 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat [2011.02.20 17:14:22 | 000,009,168 | ---- | M] () -- D:\Beate\Eigene Dateien\Tagplane.odt [2011.02.19 23:26:20 | 000,000,733 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPER ©.lnk [2011.02.19 23:16:43 | 000,367,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2011.02.19 23:01:54 | 000,000,368 | ---- | M] () -- C:\WINDOWS\spr1042 [2011.02.19 23:00:20 | 000,018,239 | ---- | M] () -- D:\Beate\Eigene Dateien\Wargieeeeee.odt [2011.02.17 20:20:17 | 000,000,679 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\DSC02041.lnk [2011.02.17 20:19:27 | 000,000,504 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\Mejo.lnk [2011.02.01 22:25:30 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\NRVE.lnk [2011.02.01 22:24:52 | 000,000,688 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\White.lnk [2011.01.30 22:33:15 | 000,000,478 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\Fraps.lnk [2011.01.30 21:40:58 | 000,000,661 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CamStudio.lnk [7 D:\Beate\Eigene Dateien\*.tmp files -> D:\Beate\Eigene Dateien\*.tmp -> ] [6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ] [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.02.27 14:26:18 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2011.02.27 14:02:48 | 000,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Startmenü\Programme\Internet Explorer.lnk [2011.02.20 14:26:12 | 000,009,168 | ---- | C] () -- D:\Beate\Eigene Dateien\Tagplane.odt [2011.02.19 23:30:15 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini [2011.02.19 23:30:15 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini [2011.02.19 23:26:20 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax [2011.02.19 23:26:20 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax [2011.02.19 23:26:20 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax [2011.02.19 23:26:20 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax [2011.02.19 23:26:20 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax [2011.02.19 23:26:20 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax [2011.02.19 23:26:20 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax [2011.02.19 23:26:20 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax [2011.02.19 23:26:20 | 000,000,733 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPER ©.lnk [2011.02.19 23:01:19 | 000,000,368 | ---- | C] () -- C:\WINDOWS\spr1042 [2011.02.17 20:20:17 | 000,000,679 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\DSC02041.lnk [2011.02.17 20:19:27 | 000,000,504 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\Mejo.lnk [2011.02.01 22:25:30 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\NRVE.lnk [2011.02.01 22:24:52 | 000,000,688 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\White.lnk [2011.01.30 21:57:09 | 000,000,478 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\Fraps.lnk [2011.01.30 21:40:58 | 000,000,661 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CamStudio.lnk [2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2010.09.28 11:50:25 | 000,001,441 | ---- | C] () -- C:\WINDOWS\cxzv_bfw32.ini [2010.07.29 22:31:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll [2010.07.28 01:40:56 | 003,386,112 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat [2010.07.27 17:11:39 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\NCMedia2.dll [2010.07.27 17:11:39 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll [2010.07.27 17:11:39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll [2010.07.26 23:39:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2010.07.26 22:53:15 | 000,088,232 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2010.06.02 05:22:54 | 001,412,902 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x64.cab [2010.06.02 05:22:54 | 001,127,217 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x86.cab [2010.06.02 05:22:54 | 000,273,960 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x64.cab [2010.06.02 05:22:54 | 000,272,611 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x86.cab [2010.06.02 05:22:54 | 000,182,361 | ---- | C] () -- C:\Programme\OCT2006_XACT_x64.cab [2010.06.02 05:22:54 | 000,138,017 | ---- | C] () -- C:\Programme\OCT2006_XACT_x86.cab [2010.06.02 05:22:54 | 000,086,037 | ---- | C] () -- C:\Programme\Oct2005_xinput_x64.cab [2010.06.02 05:22:54 | 000,045,359 | ---- | C] () -- C:\Programme\Oct2005_xinput_x86.cab [2010.06.02 05:22:52 | 001,906,878 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x64.cab [2010.06.02 05:22:52 | 001,550,796 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x86.cab [2010.06.02 05:22:52 | 000,965,421 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x86.cab [2010.06.02 05:22:52 | 000,121,794 | ---- | C] () -- C:\Programme\Nov2008_XACT_x64.cab [2010.06.02 05:22:52 | 000,092,684 | ---- | C] () -- C:\Programme\Nov2008_XACT_x86.cab [2010.06.02 05:22:52 | 000,054,522 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x64.cab [2010.06.02 05:22:52 | 000,021,851 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x86.cab [2010.06.02 05:22:50 | 000,994,154 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x64.cab [2010.06.02 05:22:50 | 000,196,762 | ---- | C] () -- C:\Programme\NOV2007_XACT_x64.cab [2010.06.02 05:22:50 | 000,148,264 | ---- | C] () -- C:\Programme\NOV2007_XACT_x86.cab [2010.06.02 05:22:50 | 000,046,144 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x64.cab [2010.06.02 05:22:50 | 000,018,496 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x86.cab [2010.06.02 05:22:48 | 001,802,058 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x64.cab [2010.06.02 05:22:48 | 001,709,360 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x86.cab [2010.06.02 05:22:48 | 000,864,600 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x64.cab [2010.06.02 05:22:48 | 000,803,884 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x86.cab [2010.06.02 05:22:48 | 000,273,018 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x86.cab [2010.06.02 05:22:46 | 000,275,044 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x64.cab [2010.06.02 05:22:46 | 000,121,506 | ---- | C] () -- C:\Programme\Mar2009_XACT_x64.cab [2010.06.02 05:22:46 | 000,092,740 | ---- | C] () -- C:\Programme\Mar2009_XACT_x86.cab [2010.06.02 05:22:38 | 000,054,600 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x64.cab [2010.06.02 05:22:38 | 000,021,298 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x86.cab [2010.06.02 05:22:36 | 001,973,702 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x64.cab [2010.06.02 05:22:36 | 001,612,446 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x86.cab [2010.06.02 05:22:36 | 001,067,160 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x64.cab [2010.06.02 05:22:36 | 001,040,745 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x86.cab [2010.06.02 05:22:36 | 000,251,194 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x64.cab [2010.06.02 05:22:36 | 000,226,250 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x86.cab [2010.06.02 05:22:36 | 000,122,336 | ---- | C] () -- C:\Programme\Mar2008_XACT_x64.cab [2010.06.02 05:22:36 | 000,093,734 | ---- | C] () -- C:\Programme\Mar2008_XACT_x86.cab [2010.06.02 05:22:34 | 001,769,862 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x64.cab [2010.06.02 05:22:34 | 001,443,282 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x86.cab [2010.06.02 05:22:34 | 000,818,260 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x86.cab [2010.06.02 05:22:34 | 000,055,058 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x64.cab [2010.06.02 05:22:34 | 000,021,867 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x86.cab [2010.06.02 05:22:32 | 000,937,246 | ---- | C] () -- C:\Programme\Jun2010_d3dx9_43_x64.cab [2010.06.02 05:22:32 | 000,844,884 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x64.cab [2010.06.02 05:22:32 | 000,768,036 | ---- | C] () -- C:\Programme\Jun2010_d3dx9_43_x86.cab [2010.06.02 05:22:32 | 000,278,060 | ---- | C] () -- C:\Programme\Jun2010_XAudio_x86.cab [2010.06.02 05:22:32 | 000,277,338 | ---- | C] () -- C:\Programme\Jun2010_XAudio_x64.cab [2010.06.02 05:22:32 | 000,124,596 | ---- | C] () -- C:\Programme\Jun2010_XACT_x64.cab [2010.06.02 05:22:32 | 000,093,686 | ---- | C] () -- C:\Programme\Jun2010_XACT_x86.cab [2010.06.02 05:22:30 | 000,762,188 | ---- | C] () -- C:\Programme\Jun2010_d3dcsx_43_x86.cab [2010.06.02 05:22:30 | 000,235,955 | ---- | C] () -- C:\Programme\Jun2010_d3dx10_43_x64.cab [2010.06.02 05:22:30 | 000,197,283 | ---- | C] () -- C:\Programme\Jun2010_d3dx10_43_x86.cab [2010.06.02 05:22:30 | 000,138,205 | ---- | C] () -- C:\Programme\Jun2010_d3dx11_43_x64.cab [2010.06.02 05:22:30 | 000,109,445 | ---- | C] () -- C:\Programme\Jun2010_d3dx11_43_x86.cab [2010.06.02 05:22:28 | 000,944,460 | ---- | C] () -- C:\Programme\Jun2010_D3DCompiler_43_x64.cab [2010.06.02 05:22:28 | 000,931,471 | ---- | C] () -- C:\Programme\Jun2010_D3DCompiler_43_x86.cab [2010.06.02 05:22:28 | 000,752,783 | ---- | C] () -- C:\Programme\Jun2010_d3dcsx_43_x64.cab [2010.06.02 05:22:20 | 000,269,024 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x86.cab [2010.06.02 05:22:18 | 001,792,608 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x64.cab [2010.06.02 05:22:18 | 001,463,878 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x86.cab [2010.06.02 05:22:18 | 000,867,828 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x64.cab [2010.06.02 05:22:18 | 000,849,919 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x86.cab [2010.06.02 05:22:18 | 000,269,628 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x64.cab [2010.06.02 05:22:18 | 000,152,909 | ---- | C] () -- C:\Programme\JUN2007_XACT_x86.cab [2010.06.02 05:22:18 | 000,121,054 | ---- | C] () -- C:\Programme\JUN2008_XACT_x64.cab [2010.06.02 05:22:18 | 000,093,128 | ---- | C] () -- C:\Programme\JUN2008_XACT_x86.cab [2010.06.02 05:22:18 | 000,055,154 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x64.cab [2010.06.02 05:22:18 | 000,021,905 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x86.cab [2010.06.02 05:22:16 | 001,607,774 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x64.cab [2010.06.02 05:22:16 | 001,607,286 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x86.cab [2010.06.02 05:22:16 | 001,064,925 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x86.cab [2010.06.02 05:22:16 | 000,699,044 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x64.cab [2010.06.02 05:22:16 | 000,698,472 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x86.cab [2010.06.02 05:22:16 | 000,197,122 | ---- | C] () -- C:\Programme\JUN2007_XACT_x64.cab [2010.06.02 05:22:16 | 000,180,785 | ---- | C] () -- C:\Programme\JUN2006_XACT_x64.cab [2010.06.02 05:22:16 | 000,133,671 | ---- | C] () -- C:\Programme\JUN2006_XACT_x86.cab [2010.06.02 05:22:14 | 001,336,002 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x64.cab [2010.06.02 05:22:14 | 000,277,191 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x86.cab [2010.06.02 05:22:14 | 000,276,960 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x64.cab [2010.06.02 05:22:14 | 000,122,446 | ---- | C] () -- C:\Programme\Feb2010_XACT_x64.cab [2010.06.02 05:22:14 | 000,093,180 | ---- | C] () -- C:\Programme\Feb2010_XACT_x86.cab [2010.06.02 05:22:12 | 000,194,675 | ---- | C] () -- C:\Programme\FEB2007_XACT_x64.cab [2010.06.02 05:22:12 | 000,147,983 | ---- | C] () -- C:\Programme\FEB2007_XACT_x86.cab [2010.06.02 05:22:12 | 000,054,678 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x64.cab [2010.06.02 05:22:12 | 000,020,713 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x86.cab [2010.06.02 05:22:10 | 000,178,359 | ---- | C] () -- C:\Programme\Feb2006_XACT_x64.cab [2010.06.02 05:22:10 | 000,132,409 | ---- | C] () -- C:\Programme\Feb2006_XACT_x86.cab [2010.06.02 05:22:04 | 001,084,720 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x86.cab [2010.06.02 05:22:02 | 001,801,048 | ---- | C] () -- C:\Programme\dsetup32.dll [2010.06.02 05:22:02 | 001,574,376 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x86.cab [2010.06.02 05:22:02 | 001,362,796 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x64.cab [2010.06.02 05:22:02 | 001,247,499 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x64.cab [2010.06.02 05:22:02 | 001,013,225 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x86.cab [2010.06.02 05:22:02 | 000,537,432 | ---- | C] () -- C:\Programme\DXSETUP.exe [2010.06.02 05:22:02 | 000,192,475 | ---- | C] () -- C:\Programme\DEC2006_XACT_x64.cab [2010.06.02 05:22:02 | 000,145,599 | ---- | C] () -- C:\Programme\DEC2006_XACT_x86.cab [2010.06.02 05:22:02 | 000,094,011 | ---- | C] () -- C:\Programme\dxupdate.cab [2010.06.02 05:22:02 | 000,042,410 | ---- | C] () -- C:\Programme\dxdllreg_x86.cab [2010.06.02 05:22:00 | 001,571,154 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x64.cab [2010.06.02 05:22:00 | 001,357,976 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x64.cab [2010.06.02 05:22:00 | 001,079,456 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x86.cab [2010.06.02 05:22:00 | 000,273,264 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x64.cab [2010.06.02 05:22:00 | 000,272,642 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x86.cab [2010.06.02 05:22:00 | 000,212,807 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x64.cab [2010.06.02 05:22:00 | 000,191,720 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x86.cab [2010.06.02 05:22:00 | 000,122,408 | ---- | C] () -- C:\Programme\Aug2009_XACT_x64.cab [2010.06.02 05:22:00 | 000,093,106 | ---- | C] () -- C:\Programme\Aug2009_XACT_x86.cab [2010.06.02 05:21:58 | 000,930,116 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x64.cab [2010.06.02 05:21:58 | 000,728,456 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x86.cab [2010.06.02 05:21:58 | 000,232,635 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x64.cab [2010.06.02 05:21:58 | 000,192,131 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x86.cab [2010.06.02 05:21:58 | 000,136,301 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x64.cab [2010.06.02 05:21:58 | 000,105,044 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x86.cab [2010.06.02 05:21:56 | 003,319,740 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x86.cab [2010.06.02 05:21:56 | 003,112,111 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x64.cab [2010.06.02 05:21:56 | 000,900,598 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x86.cab [2010.06.02 05:21:46 | 000,919,044 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x64.cab [2010.06.02 05:21:46 | 000,271,412 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x64.cab [2010.06.02 05:21:46 | 000,271,038 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x86.cab [2010.06.02 05:21:44 | 001,794,084 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x64.cab [2010.06.02 05:21:44 | 001,464,672 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x86.cab [2010.06.02 05:21:44 | 000,849,167 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x86.cab [2010.06.02 05:21:44 | 000,198,096 | ---- | C] () -- C:\Programme\AUG2007_XACT_x64.cab [2010.06.02 05:21:44 | 000,153,012 | ---- | C] () -- C:\Programme\AUG2007_XACT_x86.cab [2010.06.02 05:21:44 | 000,121,772 | ---- | C] () -- C:\Programme\Aug2008_XACT_x64.cab [2010.06.02 05:21:44 | 000,092,996 | ---- | C] () -- C:\Programme\Aug2008_XACT_x86.cab [2010.06.02 05:21:42 | 001,800,160 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x64.cab [2010.06.02 05:21:42 | 001,708,152 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x86.cab [2010.06.02 05:21:42 | 000,867,612 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x64.cab [2010.06.02 05:21:42 | 000,852,286 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x64.cab [2010.06.02 05:21:42 | 000,796,867 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x86.cab [2010.06.02 05:21:40 | 001,350,542 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x64.cab [2010.06.02 05:21:40 | 001,077,644 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x86.cab [2010.06.02 05:21:40 | 000,182,903 | ---- | C] () -- C:\Programme\AUG2006_XACT_x64.cab [2010.06.02 05:21:40 | 000,137,235 | ---- | C] () -- C:\Programme\AUG2006_XACT_x86.cab [2010.06.02 05:21:40 | 000,087,142 | ---- | C] () -- C:\Programme\AUG2006_xinput_x64.cab [2010.06.02 05:21:40 | 000,053,302 | ---- | C] () -- C:\Programme\APR2007_xinput_x86.cab [2010.06.02 05:21:40 | 000,046,058 | ---- | C] () -- C:\Programme\AUG2006_xinput_x86.cab [2010.06.02 05:21:38 | 001,606,039 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x86.cab [2010.06.02 05:21:38 | 000,195,766 | ---- | C] () -- C:\Programme\APR2007_XACT_x64.cab [2010.06.02 05:21:38 | 000,151,225 | ---- | C] () -- C:\Programme\APR2007_XACT_x86.cab [2010.06.02 05:21:38 | 000,096,817 | ---- | C] () -- C:\Programme\APR2007_xinput_x64.cab [2010.06.02 05:21:36 | 001,607,358 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x64.cab [2010.06.02 05:21:36 | 000,698,612 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x64.cab [2010.06.02 05:21:36 | 000,695,865 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x86.cab [2010.06.02 05:21:34 | 000,046,010 | ---- | C] () -- C:\Programme\Apr2006_xinput_x86.cab [2010.06.02 05:21:20 | 000,087,101 | ---- | C] () -- C:\Programme\Apr2006_xinput_x64.cab [2010.06.02 05:21:18 | 004,162,630 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86_Archive.cab [2010.06.02 05:21:18 | 000,916,430 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86.cab [2010.06.02 05:21:18 | 000,179,133 | ---- | C] () -- C:\Programme\Apr2006_XACT_x64.cab [2010.06.02 05:21:18 | 000,133,103 | ---- | C] () -- C:\Programme\Apr2006_XACT_x86.cab [2010.06.02 05:21:16 | 001,397,830 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x64.cab [2010.06.02 05:21:16 | 001,347,354 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x64.cab [2010.06.02 05:21:16 | 001,115,221 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x86.cab [2010.06.02 05:21:16 | 001,078,962 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x86.cab [2010.05.13 12:35:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\AquadelicScreensaver.ini [2010.02.03 13:18:17 | 002,822,232 | ---- | C] () -- C:\Programme\vbus.rar [2010.02.03 12:15:29 | 006,166,150 | ---- | C] () -- C:\Programme\[vBusDepot]O407.rar [2010.02.03 12:09:01 | 002,818,210 | ---- | C] () -- C:\Programme\vbus_a5e.rar [2010.02.03 10:32:06 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll [2010.02.02 18:44:25 | 000,054,206 | ---- | C] () -- C:\Programme\Cockpit-Install_byIcestar05.exe [2010.02.02 18:28:46 | 000,079,015 | ---- | C] () -- C:\Programme\Uninstal_Streckeneditor.exe [2010.02.02 17:50:42 | 004,768,229 | ---- | C] () -- C:\Programme\hlm-gtasa.rar [2010.02.02 17:30:56 | 001,850,882 | ---- | C] () -- C:\Programme\1227955348_pullmanbus.rar [2009.12.23 13:45:20 | 025,543,559 | ---- | C] () -- C:\Programme\SantaIIDemo.zip [2009.12.23 13:42:36 | 025,570,478 | ---- | C] () -- C:\Programme\Santa_Demo_Setup.exe [2009.12.23 13:40:39 | 010,353,442 | ---- | C] () -- C:\Programme\santaclause_free.zip [2009.12.01 12:12:49 | 103,809,024 | ---- | C] () -- C:\Programme\Mirkwood.part02.rar [2009.10.27 18:19:36 | 395,045,070 | ---- | C] () -- C:\Programme\f-1mania38.exe [2009.10.24 22:24:13 | 011,160,007 | ---- | C] () -- C:\Programme\Melbourne.mas [2009.10.24 22:24:13 | 011,160,007 | ---- | C] () -- C:\Programme\2009_ALBERT_PARK.MAS.mas [2009.10.24 15:16:28 | 000,000,548 | ---- | C] () -- C:\WINDOWS\eReg.dat [2009.10.23 21:38:19 | 000,033,401 | ---- | C] () -- C:\Programme\peds.ide [2009.10.23 19:55:50 | 003,079,744 | ---- | C] () -- C:\Programme\main.scm [2009.10.23 19:55:50 | 000,575,488 | ---- | C] () -- C:\Programme\script.img [2009.10.21 20:04:37 | 000,482,624 | ---- | C] () -- C:\Programme\smartdraw_11E_EAXVG_setup.exe [2009.10.14 11:49:32 | 001,369,088 | ---- | C] () -- C:\Programme\CStats 1.0.msi [2009.10.12 11:45:05 | 005,555,145 | ---- | C] () -- C:\Programme\LaunchGTAIV.zip [2009.10.12 10:48:16 | 000,707,946 | ---- | C] () -- C:\Programme\Combat_Analyzer.rar [2009.09.14 12:30:56 | 000,068,199 | ---- | C] () -- C:\Programme\s7-Notfahrplan_ab_09-09-2009.pdf [2009.09.14 12:29:51 | 000,128,784 | ---- | C] () -- C:\Programme\s5-Notfahrplan_ab_09-09-2009.pdf [2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat [2009.08.21 09:25:25 | 000,010,346 | ---- | C] () -- C:\Programme\TLK53.jpg [2009.07.31 11:03:22 | 010,440,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda [2009.07.22 10:53:46 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\setup_ldm.iss [2009.07.17 11:48:30 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat [2009.07.17 11:38:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009.06.10 16:17:32 | 020,834,386 | ---- | C] () -- C:\Programme\lotro_ledmirage_ui_eorlingas_v1.3.zip [2009.06.10 15:19:53 | 011,211,630 | ---- | C] () -- C:\Programme\daimonui331.zip [2009.06.10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2009.06.10 08:29:34 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2009.06.10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2009.06.10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2009.06.10 08:29:34 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2009.06.10 08:29:34 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2009.06.10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2009.06.10 06:03:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin [2009.05.26 15:44:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2009.02.20 17:56:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat [2009.02.20 13:51:17 | 000,007,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\slot1.mm1 [2008.12.31 12:43:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll [2008.12.25 18:51:07 | 008,213,504 | ---- | C] () -- C:\Programme\wz120gev.msi [2008.12.19 15:25:16 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2008.12.18 21:48:43 | 000,000,282 | ---- | C] () -- C:\WINDOWS\SBWIN.INI [2008.12.18 21:48:38 | 000,024,992 | ---- | C] () -- C:\WINDOWS\CTRES.DLL [2008.12.18 21:42:30 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys [2008.12.18 21:27:49 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008.12.16 12:14:16 | 000,170,496 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008.12.16 10:18:10 | 000,114,243 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat [2008.12.16 10:18:10 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat [2008.12.16 10:17:54 | 007,257,632 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat [2008.12.16 10:17:54 | 001,220,640 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat [2008.12.16 09:42:53 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2008.12.16 09:37:28 | 000,004,125 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini [2008.12.16 09:37:26 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS [2008.12.15 17:38:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.12.15 17:35:19 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.12.15 17:25:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.12.15 17:24:38 | 000,367,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.04.14 03:22:09 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\dot3api.dll [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll [2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe [2004.08.04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2004.08.04 13:00:00 | 000,462,664 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2004.08.04 13:00:00 | 000,444,342 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2004.08.04 13:00:00 | 000,085,684 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2004.08.04 13:00:00 | 000,072,218 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2004.08.04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2004.08.04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2004.08.04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin [2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [1999.01.22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL ========== Alternate Data Streams ========== @Alternate Data Stream - 205 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D2397415 @Alternate Data Stream - 192 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:743A8968 < End of report > Code:
ATTFilter OTL Extras logfile created on: 28.02.2011 17:51:20 - Run 2
OTL by OldTimer - Version 3.2.22.2 Folder = C:\Dokumente und Einstellungen\Mirau\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 130,59 Gb Total Space | 21,66 Gb Free Space | 16,59% Space Free | Partition Type: NTFS
Drive D: | 102,27 Gb Total Space | 18,87 Gb Free Space | 18,45% Space Free | Partition Type: NTFS
Drive E: | 7,72 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: MIRAU-1 | User Name: Mirau | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57297:TCP" = 57297:TCP:*:Enabled:Pando Media Booster
"57297:UDP" = 57297:UDP:*:Enabled:Pando Media Booster
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader: 6881
"57297:TCP" = 57297:TCP:*:Enabled:Pando Media Booster
"57297:UDP" = 57297:UDP:*:Enabled:Pando Media Booster
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
"D:\Neuer Ordner\ICQ7.2\ICQ.exe" = D:\Neuer Ordner\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
"D:\Neuer Ordner\ICQ7.2\aolload.exe" = D:\Neuer Ordner\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
"C:\Programme\ICQ7.3\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.3\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
"C:\Programme\ICQ7.3\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.3\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Codemasters\Der Herr der Ringe Online\lotroclient.exe" = C:\Programme\Codemasters\Der Herr der Ringe Online\lotroclient.exe:*:Enabled:lotroclient -- (Turbine, Inc.)
"C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat" = C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabled:Die Schlacht um Mittelerde -- ()
"C:\Programme\Firefly Studios\Stronghold Legends\StrongholdLegends.exe" = C:\Programme\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends -- (Firefly Studios)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat" = C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II -- (Electronic Arts Inc.)
"C:\Programme\rFactor2\rFactor.exe" = C:\Programme\rFactor2\rFactor.exe:*:Enabled:rFactor
"C:\Programme\rFactor Kopie\rFactor.exe" = C:\Programme\rFactor Kopie\rFactor.exe:*:Enabled:rFactor
"C:\Programme\rFactor\rFactor.exe" = C:\Programme\rFactor\rFactor.exe:*:Enabled:rFactor
"C:\Programme\rFactor FSONE 2008\rFactor.exe" = C:\Programme\rFactor FSONE 2008\rFactor.exe:*:Enabled:rFactor
"C:\Programme\rFactor f12009\rFactor.exe" = C:\Programme\rFactor f12009\rFactor.exe:*:Enabled:rFactor
"C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club
"C:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV
"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Programme\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-deDE-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Programme\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-deDE-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Programme\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-deDE-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Programme\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-deDE-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat" = C:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat:*:Enabled:Der Herr der Ringe™, Aufstieg des Hexenkönigs™ -- (Electronic Arts Inc.)
"C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\patchget.dat" = C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe:*:Disabled:Installationsprogramm für Kaspersky Internet Security 2009 -- (Kaspersky Lab)
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\German\setup.exe:*:Enabled:setup
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"D:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = D:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\Codemasters\Der Herr der Ringe Online - Beta\lotroclient.exe" = C:\Programme\Codemasters\Der Herr der Ringe Online - Beta\lotroclient.exe:*:Disabled:lotroclient
"D:\Programme\Codemasters\Der Herr der Ringe Online\lotroclient.exe" = D:\Programme\Codemasters\Der Herr der Ringe Online\lotroclient.exe:*:Enabled:lotroclient
"C:\Programme\World of Warcraft\Launcher.patch.exe" = C:\Programme\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe" = C:\Programme\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite
"D:\Neuer Ordner\ICQ7.2\ICQ.exe" = D:\Neuer Ordner\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
"D:\Neuer Ordner\ICQ7.2\aolload.exe" = D:\Neuer Ordner\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
"C:\Programme\BitTorrent\BitTorrent.exe" = C:\Programme\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Programme\ICQ7.3\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.3\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
"C:\Programme\ICQ7.3\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.3\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18DF6AB4-0CD0-4856-80BA-51F5282EC2B4}" = DameWare NT Utilities
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{317058CF-0568-4331-82C0-A08350E3E068}" = CStats
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A2F371F-8B5D-46B4-833C-0612B065BEC7}" = GameShadow
"{5F4B9958-F507-449A-A6E1-FD223314AF5A}" = TMPGEnc 4.0 XPress Testversion
"{5FB31CB9-A4A2-49FD-00AF-41785B21FDEE}" = F1 Challenge 99-02
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E298B0A-558C-4138-0096-740677B382CD}" = HdR Die Rückkehr des Königs tm
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{8544556F-92C9-478E-9ABC-BC2823E39577}" = MAGIX Speed burnR (MSI)
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAE31374-02C2-452E-88EC-2F16D92731A9}" = MAGIX Screenshare
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB394D95-C049-4EA4-00B3-F866A3357CCD}" = F1 2002 WORK IN PROGRESS DEMO
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E475BD43-9722-4FAE-BFBE-B8061C34583C}_is1" = Public Edition Version 2
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED1390DC-6910-4C77-97E2-579CAFE82F5B}" = Moorhuhn 4 Teile
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE3A0915-E8E5-4F1C-A048-592B7BD374D7}" = MAGIX Video deluxe 17 Download-Version
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F6399E05-9FC3-4C3E-8730-DF786C9D4B31}" = KPSA-home (IE)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Beta 2.1.9
"18 Wheels of Steel: American Long Haul" = 18 Wheels of Steel: American Long Haul
"18 Wheels of Steel: Haulin'" = 18 Wheels of Steel: Haulin' (remove only)
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = DER HERR DER RINGE ONLINE: Die Schatten von Angmar v01.07.01.81
"68a8eb3f-bd2e-4535-a290-d89cf3453924_is1" = Der Herr der Ringe Online v03.02.03.8014
"7-Zip" = 7-Zip 4.57
"AbAlarm_is1" = AbAlarm
"Accent OFFICE Password Recovery" = Accent OFFICE Password Recovery 2.80
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"AquadelicGT screensaver_is1" = Aquadelic Screensaver version 1.0
"AVI Splitter_is1" = AVI Splitter
"Azureus" = Azureus
"BFGC" = Big Fish Games: Game Manager
"BFG-Gutterball 2" = Gutterball 2
"BFG-Mein Koenigreich fuer die Prinzessin" = Mein Königreich für die Prinzessin
"BitTorrent" = BitTorrent
"BitTyrant" = BitTyrant
"Bus-Simulator 2008 Demo_is1" = Bus-Simulator 2008 Demo
"Bus-Simulator 2009_is1" = Bus-Simulator 2009
"CamStudio" = CamStudio
"Download Manager" = Download Manager 2.3.10
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Emicsoft FLV Converter_is1" = Emicsoft FLV Converter
"Euro Truck Simulator 30 Minuten Demo" = Euro Truck Simulator 30 Minuten Demo (entfernen)
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F1 DELUX FINAL 2009" = F1 DELUX FINAL 2009
"FIS2005_is1" = FIS2005 1.0
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.93.0
"Free YouTube Download_is1" = Free YouTube Download 2.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"FSONE 2008 V1 SINGLE PLAER 1.0 Single Player" = FSONE 2008 V1 SINGLE PLAER 1.0 Single Player
"Game Cam XPress" = Game Cam XPress 2.6.0
"GameSpy Arcade" = GameSpy Arcade
"G-Force" = G-Force
"Google Chrome" = Google Chrome
"Guitar Explorer 1.0" = Guitar Explorer 1.0
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IMG Tool" = IMG Tool (remove only)
"Imperium Romanum" = Imperium Romanum 1.02
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"IrfanView" = IrfanView (remove only)
"King" = King
"KPSA-home (IE)" = KPSA-home (IE)
"MAGIX_MSI_Videodeluxe17" = MAGIX Video deluxe 17 Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.9.13
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"myGamersCam" = myGamersCam 1.5
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.01.1190" = Opera 11.01
"PerformanceTest 7_is1" = PerformanceTest v7.0
"PROR" = Microsoft Office Professional 2007-Testversion
"ProTrain 10 Aachen - Köln 1.0" = ProTrain 10 Aachen - Köln 1.0
"ProTrain 17 München-Salzburg 1.0" = ProTrain 17 München-Salzburg 1.0
"ProTrain 18 Hamburg-Berlin 1.0" = ProTrain 18 Hamburg-Berlin 1.0
"ProTrain 19 Berlin-Rostock 1.0" = ProTrain 19 Berlin-Rostock 1.0
"RealArcade 1.2" = RealArcade
"rFactor" = rFactor (remove only)
"San Andreas Mod Installer1.0" = San Andreas Mod Installer
"Santa Claus in Trouble" = Santa Claus in Trouble
"Santa Claus in trouble ...again! - Demo" = Santa Claus in trouble ...again! - Demo
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Security Task Manager" = Security Task Manager 1.7i
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Sound Blaster AudioPCI 128" = Sound Blaster AudioPCI 128
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"Train Simulator 1.0" = Microsoft Train Simulator
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wipeout 2097 Demo" = Wipeout 2097 Demo
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMedia Recode" = XMedia Recode 2.2.9.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"Bus Driver Streckeneditor 0.9.0.0 Alpha" = Bus Driver Streckeneditor 0.9.0.0 Alpha
"Icestar Modifications 1.0.0.0 für Bus Driver" = Icestar Modifications 1.0.0.0 für Bus Driver
"MOD rFactor F1 2009 F1RL V.1.3.2" = MOD rFactor F1 2009 F1RL V.1.3.2
"PhotoFiltre" = PhotoFiltre
"PhotoZoom Pro 3" = BenVista PhotoZoom Pro 3.1
"QIP 2010" = QIP 2010 3.1.4570
"SmartDraw 2010" = SmartDraw 2010
"TA 2.1 Deutsche Übersetzung" = TA 2.1 Deutsche Übersetzung
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Third Age - Total War 2.0 (Part1of2)" = Third Age - Total War 2.0 (Part1of2)
"Third Age - Total War 2.0 (Part2of2)" = Third Age - Total War 2.0 (Part2of2)
"vBus" = vBus
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 05.02.2011 12:24:18 | Computer Name = MIRAU-1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mshta.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x6d7d8f3b.
Error - 06.02.2011 07:40:57 | Computer Name = MIRAU-1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung helpctr.exe, Version 5.1.2600.5512, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x6d7d8f3b.
Error - 17.02.2011 13:30:58 | Computer Name = MIRAU-1 | Source = MsiInstaller | ID = 11722
Description = Produkt: Java(TM) 6 Update 24 -- Fehler 1722. Es liegt ein dieses
Windows Installer-Paket betreffendes Problem vor. Ein Programm, das im Rahmen der
Installation ausgeführt wurde, wurde nicht erfolgreich abgeschlossen. Wenden Sie
sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: patchjre, Pfad:
C:\Programme\Java\jre6\patchjre.exe, Befehl: -s "C:\Programme\Java\jre6"
Error - 19.02.2011 07:18:08 | Computer Name = MIRAU-1 | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
Error - 19.02.2011 08:23:16 | Computer Name = MIRAU-1 | Source = MsiInstaller | ID = 11722
Description = Produkt: Java(TM) 6 Update 24 -- Fehler 1722. Es liegt ein dieses
Windows Installer-Paket betreffendes Problem vor. Ein Programm, das im Rahmen der
Installation ausgeführt wurde, wurde nicht erfolgreich abgeschlossen. Wenden Sie
sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: patchjre, Pfad:
C:\Programme\Java\jre6\patchjre.exe, Befehl: -s "C:\Programme\Java\jre6"
Error - 19.02.2011 18:28:39 | Computer Name = MIRAU-1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung super.exe, Version 2.0.11.46, fehlgeschlagenes
Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
Error - 27.02.2011 08:03:18 | Computer Name = MIRAU-1 | Source = MsiInstaller | ID = 10005
Description = Product: Skype Toolbars -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2738. The arguments are: , ,
Error - 27.02.2011 08:05:46 | Computer Name = MIRAU-1 | Source = MsiInstaller | ID = 10005
Description = Product: Skype Toolbars -- The installer has encountered an unexpected
error installing this package. This may indicate a problem with this package. The
error code is 2738. The arguments are: , ,
Error - 27.02.2011 15:11:45 | Computer Name = MIRAU-1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avp.exe, Version 11.0.2.571, fehlgeschlagenes
Modul msvcr80.dll, Version 8.0.50727.4053, Fehleradresse 0x00015460.
Error - 28.02.2011 12:49:16 | Computer Name = MIRAU-1 | Source = Bonjour Service | ID = 100
Description = 204: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
vom Remotehost geschlossen.)
[ System Events ]
Error - 09.01.2011 12:36:57 | Computer Name = MIRAU-1 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet.
Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000
Millisekunden durchgeführt: Starten Sie den Dienst neu..
Error - 09.01.2011 12:37:07 | Computer Name = MIRAU-1 | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
des Dienstes "Kaspersky Anti-Virus Service" Korrekturmaßnahmen (Starten Sie den
Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler: %%1056
Error - 13.01.2011 13:29:36 | Computer Name = MIRAU-1 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\Programme\Windows Live\Messenger\msnmsgr.exe
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .
Error - 15.01.2011 06:24:12 | Computer Name = MIRAU-1 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\Programme\Windows Live\Messenger\msnmsgr.exe
fehlgeschlagen. Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet. .
Error - 26.01.2011 18:24:35 | Computer Name = MIRAU-1 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Kaspersky
Anti-Virus Service.
Error - 26.01.2011 18:24:35 | Computer Name = MIRAU-1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053
Error - 28.01.2011 13:41:45 | Computer Name = MIRAU-1 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
von Dienst nvsvc.
Error - 28.01.2011 13:42:14 | Computer Name = MIRAU-1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSDP-Suchdienst" wurde mit folgendem Fehler beendet: %%32
Error - 29.01.2011 09:28:36 | Computer Name = MIRAU-1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSDP-Suchdienst" wurde mit folgendem Fehler beendet: %%32
< End of report >
|
|
28.02.2011, 20:32
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ieframe.dll acr_error Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
@Alternate Data Stream - 205 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D2397415
@Alternate Data Stream - 192 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:743A8968
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.15 17:37:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.12.15 11:38:53 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.03.23 16:07:00 | 000,152,968 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.03.15 17:17:45 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010.03.23 16:07:00 | 000,152,968 | R--- | M] (Take-Two Interactive Software, Inc.)
:Commands
[purity]
[resethosts]
[emptytemp]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.03.2011, 18:26
| #5 |
| | ieframe.dll acr_error als der pc neugestartet ist, ist er beim herunterfahren hängen geblieben, musste dann resetten Code:
ATTFilter All processes killed
========== OTL ==========
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D2397415 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:743A8968 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\AUTOEXEC.BAT moved successfully.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c0869c0-cacc-11dd-bb70-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c0869c0-cacc-11dd-bb70-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c0869c0-cacc-11dd-bb70-806d6172696f}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2649722 bytes
->Flash cache emptied: 2523 bytes
User: Mirau
->Temp folder emptied: 13374265429 bytes
->Temporary Internet Files folder emptied: 71286507 bytes
->Java cache emptied: 149522220 bytes
->FireFox cache emptied: 97416552 bytes
->Google Chrome cache emptied: 8694696 bytes
->Opera cache emptied: 16294530 bytes
->Flash cache emptied: 330742 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 19118399 bytes
->Flash cache emptied: 1439 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2825327 bytes
%systemroot%\System32 .tmp files removed: 102791 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 776362318 bytes
RecycleBin emptied: 26742968 bytes
Total Files Cleaned = 13.872,00 mb
OTL by OldTimer - Version 3.2.22.2 log created on 03012011_180551
Files\Folders moved on Reboot...
File\Folder E:\Autorun.exe not found!
File\Folder E:\Autorun.inf not found!
Registry entries deleted on Reboot...
edit:habs gefunden Geändert von Danny01 (01.03.2011 um 18:33 Uhr) Grund: vollständiges log gepostet |
|
01.03.2011, 21:45
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ieframe.dll acr_error Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
__________________ --> ieframe.dll acr_error |
|
02.03.2011, 21:15
| #7 |
| | ieframe.dll acr_error hier gabs soweit keine probleme... Code:
ATTFilter ComboFix 11-03-02.01 - Mirau 02.03.2011 20:50:26.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.2047.1580 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Mirau\Desktop\cofi.exe
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\BASSMOD.DLL
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\z.xml
c:\dokumente und einstellungen\Mirau\System
c:\dokumente und einstellungen\Mirau\System\win_qs8.jqx
C:\Install.exe
C:\readme.txt
.
((((((((((((((((((((((( Dateien erstellt von 2011-02-02 bis 2011-03-02 ))))))))))))))))))))))))))))))
.
2011-03-02 19:36 . 2011-03-02 19:36 -------- d-----w- c:\programme\CCleaner
2011-03-01 17:05 . 2011-03-01 17:05 -------- d-----w- C:\_OTL
2011-02-27 12:54 . 2011-02-27 12:55 -------- dc-h--w- c:\windows\ie8
2011-02-19 22:30 . 2004-06-26 16:39 438272 ----a-w- c:\windows\system32\vp6vfw.dll
2011-02-19 22:20 . 2011-02-19 22:20 -------- d-----w- c:\programme\eRightSoft
2011-02-06 14:33 . 2011-02-06 14:33 -------- d-----w- c:\windows\system32\NtmsData
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-04 12:00 440832 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-19 08:26 . 2011-01-19 08:26 86016 ----a-w- c:\windows\system32\frapsvid.dll
2011-01-09 15:32 . 2011-01-09 15:32 61440 ----a-r- c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Microsoft\Installer\{5F4B9958-F507-449A-A6E1-FD223314AF5A}\NewShortcut2_B8E0232CA79B41989B1C5FF48BD2EA02.exe
2011-01-09 15:32 . 2011-01-09 15:32 61440 ----a-r- c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Microsoft\Installer\{5F4B9958-F507-449A-A6E1-FD223314AF5A}\NewShortcut1_B8E0232CA79B41989B1C5FF48BD2EA02.exe
2011-01-08 17:08 . 2009-03-08 12:53 45056 ----a-r- c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2011-01-08 17:08 . 2009-03-08 12:53 45056 ----a-r- c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2011-01-08 17:08 . 2009-03-08 12:53 45056 ----a-r- c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\ARPPRODUCTICON.exe
2011-01-07 14:09 . 2004-08-04 12:00 290048 ----a-w- c:\windows\system32\atmfd.dll
2011-01-03 20:22 . 2009-08-18 10:30 564632 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\IdentityCRL\production\wlidui.dll
2011-01-03 20:22 . 2009-08-18 10:24 17816 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-12-31 14:03 . 2004-08-04 12:00 1855104 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-04 12:00 43520 ------w- c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-08-04 12:00 1469440 ------w- c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2004-08-04 12:00 737792 ----a-w- c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2010-07-30 14:42 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-07-30 14:42 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2004-08-04 12:00 385024 ------w- c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-04 12:00 743936 ----a-w- c:\windows\system32\ntdll.dll
2010-12-09 15:13 . 2004-08-04 00:50 2029568 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:13 . 2004-08-04 12:00 2151424 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-12-09 14:29 . 2004-08-04 12:00 33280 ----a-w- c:\windows\system32\csrsrv.dll
2010-06-02 04:22 . 2010-06-02 04:22 89944 ----a-w- c:\programme\DSETUP.dll
2010-06-02 04:22 . 2010-06-02 04:22 537432 ----a-w- c:\programme\DXSETUP.exe
2010-06-02 04:22 . 2010-06-02 04:22 1801048 ----a-w- c:\programme\dsetup32.dll
2010-02-02 17:44 . 2010-02-02 17:44 54206 ----a-w- c:\programme\Cockpit-Install_byIcestar05.exe
2010-02-02 17:28 . 2010-02-02 17:28 79015 ----a-w- c:\programme\Uninstal_Streckeneditor.exe
2010-01-30 17:36 . 2010-01-30 17:36 563872 ----a-w- c:\programme\GoogleEarthSetup.exe
2009-12-23 12:42 . 2009-12-23 12:42 25570478 ----a-w- c:\programme\Santa_Demo_Setup.exe
2009-12-19 11:58 . 2009-12-19 11:57 74326512 ----a-w- c:\programme\kis9.0.0.736deDACH.exe
2009-10-21 19:04 . 2009-10-21 19:04 482624 ----a-w- c:\programme\smartdraw_11E_EAXVG_setup.exe
2009-10-14 10:49 . 2009-10-14 10:49 1369088 ----a-w- c:\programme\CStats 1.0.msi
2009-05-26 14:40 . 2009-05-26 14:40 20617000 ----a-w- c:\programme\SkypeSetupFull.exe
2008-12-26 12:04 . 2008-12-25 17:51 8213504 ----a-w- c:\programme\wz120gev.msi
2008-12-18 19:28 . 2008-12-18 19:28 774144 ----a-w- c:\programme\RngInterstitial.dll
2008-12-16 17:13 . 2008-12-16 17:13 68756776 ----a-w- c:\programme\iTunesSetup.exe
2008-05-28 01:39 . 2009-10-27 17:19 395045070 ----a-w- c:\programme\f-1mania38.exe
2006-05-03 10:06 163328 --sha-r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\system32\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\system32\nbDX.dll
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="d:\programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-12 306088]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Pando Media Booster"="c:\programme\Pando Networks\Media Booster\PMB.exe" [2010-10-25 2969496]
"igndlm.exe"="c:\programme\Download Manager\DLM.exe" [2009-10-27 1103216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"TrayServer"="c:\programme\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe" [2008-08-07 90112]
"avp"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
c:\dokumente und einstellungen\Mirau\Startmen\Programme\Autostart\
OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-7-22 784912]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 08:10 72208 ----a-w- c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:CDEFGHIJK *
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Codemasters\\Der Herr der Ringe Online\\lotroclient.exe"=
"c:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\game.dat"=
"c:\\Programme\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"=
"c:\\Programme\\World of Warcraft\\Launcher.exe"=
"c:\\Programme\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"=
"c:\\Programme\\Electronic Arts\\Aufstieg des Hexenkönigs\\game.dat"=
"c:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\patchget.dat"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\German\\setup.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\Programme\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Windows Media Player\\wmplayer.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Programme\\BitTorrent\\BitTorrent.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
"57297:TCP"= 57297:TCP:Pando Media Booster
"57297:UDP"= 57297:UDP:Pando Media Booster
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09.06.2010 16:43 11352]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [27.08.2009 17:09 1253376]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.09.2009 12:42 32856]
S1 ensqio;ensqio;c:\windows\system32\DRIVERS\ensqio.sys --> c:\windows\system32\DRIVERS\ensqio.sys [?]
S1 sbpcint4;SB AudioPCI 128;c:\windows\system32\DRIVERS\sbpcint4.sys --> c:\windows\system32\DRIVERS\sbpcint4.sys [?]
S2 gupdate1c9de1043fda0a;Google Update Service (gupdate1c9de1043fda0a);c:\programme\Google\Update\GoogleUpdate.exe [26.05.2009 15:41 133104]
S3 cdrmkaun;cdrmkaun;\??\c:\dokume~1\Mirau\LOKALE~1\Temp\cdrmkaun.sys --> c:\dokume~1\Mirau\LOKALE~1\Temp\cdrmkaun.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [07.08.2008 11:10 3276800]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.10.2009 18:39 19472]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04.08.2004 13:00 14336]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [31.07.2009 11:03 98488]
S4 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe --> c:\programme\ICQ6Toolbar\ICQ Service.exe [?]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners
2011-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-26 14:41]
2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-26 14:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.de/
IE: Hinzufügen zu Anti-Banner - c:\programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
FF - ProfilePath - c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Modul zur Link-Untersuchung: linkfilter@kaspersky.ru - c:\programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
Toolbar-Locked - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\programme\AskBarDis\bar\bin\askBar.dll
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
HKCU-Run-ICQ - c:\programme\ICQ7.3\ICQ7.2\ICQ.exe
HKLM-Run-NWEReboot - (no file)
HKLM-Run-SpyHunter Security Suite - c:\programme\Enigma Software Group\SpyHunter\SpyHunter3.exe
HKLM-Run-ICQ Lite - c:\programme\ICQLite\ICQLite.exe
AddRemove-18 Wheels of Steel: American Long Haul - c:\programme\18 Wheels of Steel American Long Haul\uninst.exe
AddRemove-18 Wheels of Steel: Haulin' - c:\programme\18 Wheels of Steel Haulin\Uninstall.exe
AddRemove-68a8eb3f-bd2e-4535-a290-d89cf3453924_is1 - c:\programme\Codemasters\Der Herr der Ringe Online - Beta\unins000.exe
AddRemove-AquadelicGT screensaver_is1 - c:\programme\AquadelicGT_Screensaver\unins000.exe
AddRemove-Azureus - c:\programme\Azureus\Uninstall.exe
AddRemove-BFG-Mein Koenigreich fuer die Prinzessin - c:\programme\Mein Koenigreich fuer die Prinzessin\Uninstall.exe
AddRemove-BitTyrant - c:\programme\BitTyrant\Uninstall.exe
AddRemove-Bus-Simulator 2008 Demo_is1 - c:\programme\Bus-Simulator 2008 Demo\unins000.exe
AddRemove-Euro Truck Simulator 30 Minuten Demo - c:\programme\Euro Truck Simulator 30 Minuten Demo\Uninstall.exe
AddRemove-EVEREST Home Edition_is1 - c:\programme\Lavalys\EVEREST Home Edition\unins000.exe
AddRemove-F1 DELUX FINAL 2009 - c:\programme\EA SPORTS\F1 Challenge 99-02\Uninstal.exe
AddRemove-FSONE 2008 V1 SINGLE PLAER 1.0 Single Player - c:\programme\Uninstall.exe
AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE
AddRemove-McAfee Security Scan - c:\programme\McAfee Security Scan\uninstall.exe
AddRemove-PerformanceTest 7_is1 - c:\programme\PerformanceTest\unins000.exe
AddRemove-rFactor - c:\programme\rFactor\Uninstall.exe
AddRemove-softonic-de3 Toolbar - c:\progra~1\SOFTON~1\UNWISE.EXE
AddRemove-Teamspeak 2 RC2_is1 - c:\programme\Teamspeak2_RC2\unins000.exe
AddRemove-Wipeout 2097 Demo - c:\program files\Wipeout 2097\DeIsL1.isu
AddRemove-{5FB31CB9-A4A2-49FD-00AF-41785B21FDEE} - c:\programme\EA SPORTS\F1 Challenge 99-02\EAUninstall.exe
AddRemove-{6E298B0A-558C-4138-0096-740677B382CD} - c:\programme\EA GAMES\HdR Die Rückkehr des Königs tm\EAUninstall.exe
AddRemove-{E475BD43-9722-4FAE-BFBE-B8061C34583C}_is1 - c:\programme\rFactor1\unins000.exe
AddRemove-Icestar Modifications 1.0.0.0 für Bus Driver - d:\programme\Bus Driver\Uninstal.exe
AddRemove-MOD rFactor F1 2009 F1RL V.1.3.2 - c:\program files\Unistall_modf12009l.exe
AddRemove-QIP 2010 - c:\programme\QIP 2010\unins000.exe
AddRemove-SmartDraw 2010 - c:\programme\SmartDraw 2010\Uninstall.exe
AddRemove-TA 2.1 Deutsche Übersetzung - c:\programme\SEGA\Medieval II Total War\mods\Third_Age\data\Uninstal.exe
AddRemove-Third Age - Total War 2.0 (Part1of2) - c:\programme\SEGA\Medieval II Total War\Uninstal.exe
AddRemove-Third Age - Total War 2.0 (Part2of2) - c:\programme\SEGA\Medieval II Total War\Uninstal.exe
AddRemove-vBus - d:\programme\Bus Driver\vbus\Uninstal.exe
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-02 21:03
Windows 5.1.2600 Service Pack 3 NTFS
Scanne versteckte Prozesse...
Scanne versteckte Autostarteinträge...
Scanne versteckte Dateien...
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
[HKEY_USERS\S-1-5-21-1708537768-1383384898-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
[HKEY_USERS\S-1-5-21-1708537768-1383384898-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,1b,6c,be,98,d2,9f,3e,de,e2,70,f5,74,32,24,9a,b2,78,66,36,3d,cc,dd,
48,f8,c3,94,70,95,f3,73,ae,64,45,19,5b,73,ce,f2,5f,0c,95,28,bf,01,61,50,da,\
"??"=hex:b1,82,6f,f8,1f,55,dd,3a,f2,4c,ec,72,5b,20,80,c7
[HKEY_USERS\S-1-5-21-1708537768-1383384898-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:79,40,c7,2e,0d,48,8b,4a,35,2c,99,41,88,2d,65,db,b1,ce,06,9d,a5,
c5,c0,02,c4,c8,24,80,dc,5a,7e,55,bf,d1,5d,4c,eb,1a,d2,29,21,cd,6b,6b,93,fc,\
"rkeysecu"=hex:45,95,a9,51,e0,10,98,aa,a4,99,be,2f,70,61,1f,24
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
- - - - - - - > 'winlogon.exe'(1052)
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll
- - - - - - - > 'explorer.exe'(468)
c:\programme\Logitech\SetPoint\GameHook.dll
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programme\Ahead\InCD\InCDsrv.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
c:\programme\iPod\bin\iPodService.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-02 21:08:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-03-02 20:08
Vor Suchlauf: 16 Verzeichnis(se), 38.030.962.688 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 38.003.580.928 Bytes frei
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
- - End Of File - - 6A1CFD7B2B66D3EFCA9648CD787DAEB0
|
|
02.03.2011, 21:30
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ieframe.dll acr_error Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.03.2011, 21:50
| #9 |
| | ieframe.dll acr_error schonmal GMER Code:
ATTFilter GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-04 21:34:55
Windows 5.1.2600 Service Pack 3
Running: 9wwk15un.exe; Driver: C:\DOKUME~1\Mirau\LOKALE~1\Temp\pgtdypow.sys
---- System - GMER 1.0.15 ----
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwAdjustPrivilegesToken [0xB39515FA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwClose [0xB3951EFE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwConnectPort [0xB3952D32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateEvent [0xB395327C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateFile [0xB39521DA]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateKey [0xB395046A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateMutant [0xB3953162]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateNamedPipeFile [0xB39511E8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreatePort [0xB3953036]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSection [0xB3951390]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateSemaphore [0xB395339C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateThread [0xB3951B86]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwCreateWaitablePort [0xB39530CC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDebugActiveProcess [0xB3954A84]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteKey [0xB3950A74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeleteValueKey [0xB3950E28]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDeviceIoControlFile [0xB395265C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwDuplicateObject [0xB3955C90]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateKey [0xB3950F74]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwEnumerateValueKey [0xB395100C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwFsControlFile [0xB395246A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadDriver [0xB3954B76]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey [0xB3950446]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwLoadKey2 [0xB3950458]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwMapViewOfSection [0xB39552DE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwNotifyChangeKey [0xB3951138]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenEvent [0xB3953312]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenFile [0xB3951F80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenKey [0xB395062A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenMutant [0xB39531F2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenProcess [0xB3951836]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSection [0xB3955078]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenSemaphore [0xB3953432]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwOpenThread [0xB3951728]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryKey [0xB39510A4]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryMultipleValueKey [0xB3950CDC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQuerySection [0xB3955618]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueryValueKey [0xB3950906]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwQueueApcThread [0xB3954F0A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRenameKey [0xB3950B96]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplaceKey [0xB394FE80]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyPort [0xB3953796]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwReplyWaitReceivePort [0xB395365C]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRequestWaitReplyPort [0xB395481E]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwRestoreKey [0xB39501F8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwResumeThread [0xB3955B32]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSaveKey [0xB394FE18]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSecureConnectPort [0xB3952A78]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetContextThread [0xB3951DA2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetInformationToken [0xB39540BE]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSecurityObject [0xB3954D14]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetSystemInformation [0xB3955768]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSetValueKey [0xB3950780]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendProcess [0xB395585A]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSuspendThread [0xB3955994]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwSystemDebugControl [0xB39549A8]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateProcess [0xB39519D2]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwTerminateThread [0xB3951932]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwUnmapViewOfSection [0xB39554BC]
SSDT \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) ZwWriteVirtualMemory [0xB3951ABC]
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) FsRtlCheckLockForReadAccess
Code \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab) IoIsOperationSynchronous
Code 6C6B5DAC KeFindConfigurationEntry
---- Kernel code sections - GMER 1.0.15 ----
.text ntoskrnl.exe!ZwYieldExecution + 1FA 804E4A54 12 Bytes [76, 4B, 95, B3, 46, 04, 95, ...]
.text ntoskrnl.exe!ZwYieldExecution + 376 804E4BD0 16 Bytes [96, 0B, 95, B3, 80, FE, 94, ...]
.text ntoskrnl.exe!ZwYieldExecution + 46A 804E4CC4 12 Bytes [5A, 58, 95, B3, 94, 59, 95, ...]
.text ntoskrnl.exe!IoIsOperationSynchronous 804EAFCE 5 Bytes JMP B39443C8 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text ntoskrnl.exe!FsRtlCheckLockForReadAccess 804F45B3 5 Bytes JMP B3943FEC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB6182360, 0x3D46A5, 0xE8000020]
---- User code sections - GMER 1.0.15 ----
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] USER32.dll!AlignRects + FFFA5598 7E362A78 4 Bytes [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB }
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] USER32.dll!AlignRects + FFFA5598 7E362A78 4 Bytes [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB }
---- Kernel IAT/EAT - GMER 1.0.15 ----
IAT \SystemRoot\system32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject] [B8320D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject] [B8320D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\usbccgp.sys[NTOSKRNL.EXE!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\Wdf01000.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\HIDCLASS.SYS[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\mouhid.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\kbdhid.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\irda.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice] [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 01170240
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 011702B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 01170320
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 01170390
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 013504E0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01350550
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 013505C0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 01350630
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 013506A0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 01170940
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 011709B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 01170A20
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 01170A90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 01170B70
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 013508D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 01170CC0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 01350940
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 013509B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 01350A20
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 01350A90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 01350B00
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 01170E10
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 01170E80
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 01170EF0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 01170F60
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7C9D0400
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 01350B70
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 01350BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01350C50
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7C9D0550
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 01350CC0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 7C9D05C0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 7C9D0630
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7C9D06A0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7C9D0710
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01350D30
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 01350DA0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 01350E10
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 01350E80
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7C9D0780
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7C9D07F0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 01350EF0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 01350F60
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E02B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7C9D0860
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7C9E0320
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7C9E04E0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7C9D08D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7C9E0550
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E05C0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7C9E0630
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7C9E06A0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7C9D0B00
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7C9D0B70
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0710
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7C9E0780
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7C9E07F0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7C9D0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7C9D0C50
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7C9E0D30
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 01180320
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7C9E0DA0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 7C9E0E10
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0E80
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 01180390
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 013600F0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!FreeLibrary] 01360160
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] 013601D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!CreateThread] 01180470
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlAllocateHeap] 011805C0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlFreeHeap] 01180630
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 01360390
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 01360400
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 01360470
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 013604E0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01360550
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 013605C0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 01360630
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 013606A0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 011808D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 01180940
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 01180A20
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 01360710
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 01180EF0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 01360B70
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 01180F60
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 01190010
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 011901D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01360BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 01360C50
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 01360CC0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 01360D30
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 01190240
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 01360DA0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 011902B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01360E10
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 01360E80
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 01360EF0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 011904E0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 01190550
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01360F60
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 011905C0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7C9D0240
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7C9D02B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7C9E0160
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7C9D01D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7C9E0010
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0240
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7C9E0010
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0240
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7C9E0080
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7C9D01D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7C9E0160
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 00F20240
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00F202B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 00F20320
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00F20390
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 011F04E0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 011F0550
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 011F05C0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 011F0630
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA] 011F06A0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 00F20940
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate] 00F209B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 00F20A20
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 00F20A90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread] 00F20B70
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 011F08D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread] 00F20CC0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW] 011F0940
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 011F09B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA] 011F0A20
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 011F0A90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 011F0B00
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 00F20E10
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00F20E80
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 00F20EF0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 00F20F60
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 7C9D0400
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 011F0B70
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 011F0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 011F0C50
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread] 7C9D0550
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW] 011F0CC0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 7C9D05C0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 7C9D0630
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 7C9D06A0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 7C9D0710
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 011F0D30
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW] 011F0DA0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 011F0E10
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 011F0E80
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 7C9D0780
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 7C9D07F0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 011F0EF0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 011F0F60
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E02B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread] 7C9D0860
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA] 7C9E0320
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW] 7C9E04E0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread] 7C9D08D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA] 7C9E0550
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E05C0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7C9E0630
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7C9E06A0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 7C9D0B00
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 7C9D0B70
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0710
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7C9E0780
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7C9E07F0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 7C9D0BE0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 7C9D0C50
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 7C9E0EF0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread] 00F30470
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 7C9E0F60
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 01200010
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01200080
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 00F304E0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 012002B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!FreeLibrary] 01200320
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress] 01200390
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!CreateThread] 00F305C0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlAllocateHeap] 00F30710
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlFreeHeap] 00F30780
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 01200550
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 012005C0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 01200630
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 012006A0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 01200710
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA] 01200780
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW] 012007F0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 01200860
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread] 00F30A20
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 00F30A90
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate] 00F30B70
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 012008D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 00F40080
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA] 01200D30
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate] 00F400F0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 00F40160
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 00F40320
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01200DA0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW] 01200E10
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 01200E80
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 01200EF0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread] 00F40390
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 01200F60
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 00F40400
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 01210010
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW] 01210080
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 012100F0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread] 00F40630
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 00F406A0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 01210160
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 00F40710
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate] 7C9D0240
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7C9D02B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7C9E0160
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread] 7C9D01D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7C9E0010
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0240
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7C9E0010
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0240
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA] 7C9E0080
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread] 7C9D01D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7C9E0160
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0240
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7C9E0010
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate] 7C9D0240
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7C9D02B0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7C9E0160
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7C9D0080
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7C9D0010
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0240
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree] 7C9D0390
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc] 7C9D0320
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread] 7C9D01D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode] 7C9E01D0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA] 7C9E0080
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW] 7C9E00F0
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0240
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress] 7C9E0160
IAT C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary] 7C9E0010
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\Tcpip \Device\Ip kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Tcp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\Udp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice \Driver\Tcpip \Device\RawIp kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:52:14 on 04.03.2011 OS: Windows XP Home Edition Service Pack 3 (Build 2600) Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [AppInit DLLs] -----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )----- "AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\KASPER~3\kloehk.dll [Common] -----( %SystemRoot%\Tasks )----- "AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl "javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl "nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl "nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL "Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl "QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\cofi\catchme.sys (File not found) "cdrmkaun" (cdrmkaun) - ? - C:\DOKUME~1\Mirau\LOKALE~1\Temp\cdrmkaun.sys (File not found) "Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys (File not found) "ensqio" (ensqio) - ? - C:\WINDOWS\System32\DRIVERS\ensqio.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys "GVCplDrv" (GVCplDrv) - ? - C:\WINDOWS\system32\drivers\GVCplDrv.sys (File found, but it contains no detailed information) "i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys (File not found) "InCD File System" (InCDfs) - "Ahead Software AG" - C:\WINDOWS\system32\drivers\InCDfs.sys "InCD Reader" (incdrm) - "Ahead Software AG" - C:\WINDOWS\system32\drivers\incdrm.sys "InCDPass" (InCDPass) - "Ahead Software AG" - C:\WINDOWS\System32\DRIVERS\InCDPass.sys "InCDrec" (InCDrec) - "Ahead Software AG" - C:\WINDOWS\system32\drivers\InCDrec.sys "lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys (File not found) "PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys (File not found) "PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys (File not found) "PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys (File not found) "PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys (File not found) "PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys (File not found) "pgtdypow" (pgtdypow) - ? - C:\DOKUME~1\Mirau\LOKALE~1\Temp\pgtdypow.sys (Hidden registry entry, rootkit activity | File not found) "SB AudioPCI 128" (sbpcint4) - ? - C:\WINDOWS\System32\DRIVERS\sbpcint4.sys (File not found) "WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys (File not found) [Explorer] -----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll {42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll (File not found) {1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll {88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - ? - C:\WINDOWS\system32\hticons.dll (File not found) {FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? - (File not found | COM-object registry key not found) {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll {DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll {853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? - (File not found | COM-object registry key not found) {B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll {73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Programme\ICQLite\ICQLiteShell.dll (File not found) {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll {1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - (File not found | COM-object registry key not found) {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - (File not found | COM-object registry key not found) {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - (File not found | COM-object registry key not found) {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - (File not found | COM-object registry key not found) {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL {950FF917-7A57-46BC-8017-59D9BF474000} "Shell Extension for CDRW" - "Ahead Software AG" - C:\Programme\Ahead\InCD\incdshx.dll {E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? - (File not found | COM-object registry key not found) {e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll {66F1DE40-D550-4119-9120-6592E3390623} "SmartDraw Thumbnail Handler" - ? - C:\Programme\SmartDraw 2010\SDThumbnail.dll (File not found) {85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für den Schutz des Web-Datenverkehrs" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll {B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll <binary data> "Gutscheinmieze" - ? - C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Gutscheinmieze\toolbar.dll (File not found) ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) <binary data> "ITBarLayout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab {166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab {1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? - (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "Blog This" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll {CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corp." - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll {5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? - (File not found | COM-object registry key not found) [Logon] -----( %AllUsersProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini "Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\SetPoint.exe (Shortcut exists | File exists) "McAfee Security Scan Plus.lnk" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk (Shortcut exists | File not found) "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE (Shortcut exists | File exists) -----( %UserProfile%\Startmenü\Programme\Autostart )----- "desktop.ini" - ? - C:\Dokumente und Einstellungen\Mirau\Startmenü\Programme\Autostart\desktop.ini "OpenOffice.org 3.0.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "igndlm.exe" - "IGN Entertainment" - C:\Programme\Download Manager\DLM.exe /windowsstart /startifwork "msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background "Pando Media Booster" - ? - C:\Programme\Pando Networks\Media Booster\PMB.exe "RGSC" - "Take-Two Interactive Software, Inc." - D:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avp" - "Kaspersky Lab ZAO" - "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" "iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe" "NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup "NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit "nwiz" - "NVIDIA Corporation" - nwiz.exe /install "QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime "TrayServer" - "MAGIX AG" - C:\Programme\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- ".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe "Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll (File not found) "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe "FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe "Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe "getPlus(R) Helper 3004" (nosGetPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper_3004.dll "Google Update Service (gupdate1c9de1043fda0a)" (gupdate1c9de1043fda0a) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe "Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe "InCD Helper (read only)" (InCDsrvR) - "Ahead Software AG" - C:\Programme\Ahead\InCD\InCDsrv.exe "InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe "Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe "Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe "McAfee Security Scan Component Host Service" (McComponentHostService) - ? - "C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe" (File not found) "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE "SeaPort" (SeaPort) - "Microsoft Corp." - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe "SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe "Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe "Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE "Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [Winlogon] -----( HKCU\Control Panel\IOProcs )----- "MVB" - ? - mvfs32.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )----- {c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll (File not found) -----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )----- "LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Geändert von Danny01 (04.03.2011 um 21:57 Uhr) |
|
04.03.2011, 22:54
| #10 |
| | ieframe.dll acr_error und mbr Code:
ATTFilter MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x0000003c
Kernel Drivers (total 123):
0x804D7000 \WINDOWS\system32\ntoskrnl.exe
0x80701000 \WINDOWS\system32\hal.dll
0xF7987000 \WINDOWS\system32\KDCOM.DLL
0xF7897000 \WINDOWS\system32\BOOTVID.dll
0xB82DE000 kl1.sys
0xB82AF000 ACPI.sys
0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xB829E000 pci.sys
0xF75F7000 isapnp.sys
0xF7A4F000 pciide.sys
0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7607000 MountMgr.sys
0xB81DF000 ftdisk.sys
0xF770F000 PartMgr.sys
0xF7617000 VolSnap.sys
0xB81C7000 atapi.sys
0xF7627000 disk.sys
0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xB81A7000 fltmgr.sys
0xB8195000 sr.sys
0xB817E000 KSecDD.sys
0xB80F1000 Ntfs.sys
0xB80C4000 NDIS.sys
0xB80AA000 Mup.sys
0xF76A7000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xB6182000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
0xB616E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xB6146000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF77BF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xB6108000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF77C7000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF76C7000 \SystemRoot\system32\DRIVERS\serial.sys
0xF77D7000 \SystemRoot\system32\DRIVERS\irsir.sys
0xF792F000 \SystemRoot\system32\DRIVERS\irenum.sys
0xB60F4000 \SystemRoot\system32\DRIVERS\parport.sys
0xB6F24000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF76D7000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF76E7000 \SystemRoot\system32\DRIVERS\redbook.sys
0xB60D1000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77E7000 \SystemRoot\System32\DRIVERS\InCDPass.sys
0xF77EF000 \SystemRoot\System32\Drivers\incdrm.SYS
0xF77FF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF76F7000 \SystemRoot\system32\DRIVERS\imapi.sys
0xB828E000 \SystemRoot\system32\DRIVERS\klim5.sys
0xF7AA4000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF780F000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF781F000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xB827E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7937000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xB60BA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xB826E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xB825E000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xB60A9000 \SystemRoot\system32\DRIVERS\psched.sys
0xB824E000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xB757D000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xB756D000 \SystemRoot\system32\DRIVERS\raspti.sys
0xB823E000 \SystemRoot\system32\DRIVERS\termdd.sys
0xB755D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xB7555000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF79E5000 \SystemRoot\system32\DRIVERS\swenum.sys
0xB5FAB000 \SystemRoot\system32\DRIVERS\update.sys
0xF7943000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xB821E000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xB39F0000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xB39CC000 \SystemRoot\system32\drivers\portcls.sys
0xB820E000 \SystemRoot\system32\drivers\drmk.sys
0xB81FE000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF799D000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xB3925000 \SystemRoot\system32\DRIVERS\klif.sys
0xF79A3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xB6D07000 \SystemRoot\System32\Drivers\Null.SYS
0xF79A7000 \SystemRoot\System32\Drivers\Beep.SYS
0xF77CF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF77DF000 \SystemRoot\System32\drivers\vga.sys
0xF79AB000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF79AF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79B1000 \SystemRoot\System32\Drivers\InCDrec.SYS
0xB38C6000 \SystemRoot\System32\Drivers\InCDfs.SYS
0xF7817000 \SystemRoot\System32\Drivers\Msfs.SYS
0xB758D000 \SystemRoot\System32\Drivers\Npfs.SYS
0xB8082000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xB7585000 \SystemRoot\system32\DRIVERS\kl2.sys
0xB388B000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xB3832000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xB380A000 \SystemRoot\system32\DRIVERS\netbt.sys
0xB37E4000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xB7FFA000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xB37C2000 \SystemRoot\System32\drivers\afd.sys
0xB7FEA000 \SystemRoot\system32\DRIVERS\netbios.sys
0xB3797000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xB3727000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xB7FDA000 \SystemRoot\System32\Drivers\Fips.SYS
0xF7757000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xF7767000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
0xB7FAA000 \SystemRoot\System32\Drivers\WDFLDR.SYS
0xB365C000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
0xB3919000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xB7F9A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF7777000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
0xB3915000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF777F000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
0xB390D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
0xF7667000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xB361C000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF79C3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xB38C2000 \SystemRoot\System32\drivers\Dxapi.sys
0xF77A7000 \SystemRoot\System32\watchdog.sys
0xBD000000 \SystemRoot\System32\drivers\dxg.sys
0xB699C000 \SystemRoot\System32\drivers\dxgthk.sys
0xBD012000 \SystemRoot\System32\nv4_disp.dll
0xBD5B5000 \SystemRoot\System32\ATMFD.DLL
0xB6009000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
0xB310E000 \SystemRoot\system32\DRIVERS\irda.sys
0xB3174000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xB2F01000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xF7993000 \SystemRoot\System32\Drivers\ParVdm.SYS
0xB2C01000 \SystemRoot\system32\DRIVERS\srv.sys
0xB2890000 \SystemRoot\system32\drivers\wdmaud.sys
0xB32E4000 \SystemRoot\system32\drivers\sysaudio.sys
0xB0721000 \??\C:\DOKUME~1\Mirau\LOKALE~1\Temp\pgtdypow.sys
0xB01F8000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0x7C910000 \WINDOWS\system32\ntdll.dll
Processes (total 38):
0 System Idle Process
4 System
960 C:\WINDOWS\system32\smss.exe
1028 csrss.exe
1052 C:\WINDOWS\system32\winlogon.exe
1096 C:\WINDOWS\system32\services.exe
1108 C:\WINDOWS\system32\lsass.exe
1268 C:\WINDOWS\system32\nvsvc32.exe
1308 C:\WINDOWS\system32\svchost.exe
1416 svchost.exe
1544 C:\WINDOWS\system32\svchost.exe
1580 C:\Programme\Ahead\InCD\InCDsrv.exe
1804 svchost.exe
2032 C:\WINDOWS\system32\spoolsv.exe
340 svchost.exe
376 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
388 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
472 C:\Programme\Bonjour\mDNSResponder.exe
508 C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
892 C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
1528 C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
1564 C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE
3528 alg.exe
2308 C:\WINDOWS\explorer.exe
1760 C:\WINDOWS\RTHDCPL.exe
2884 C:\WINDOWS\system32\rundll32.exe
3060 C:\Programme\iTunes\iTunesHelper.exe
264 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
3516 C:\WINDOWS\system32\ctfmon.exe
3800 C:\Programme\Logitech\SetPoint\SetPoint.exe
1456 C:\Programme\OpenOffice.org 3\program\soffice.exe
972 C:\Programme\OpenOffice.org 3\program\soffice.bin
2188 C:\Programme\iPod\bin\iPodService.exe
1100 C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
2952 PresentationFontCache.exe
844 C:\Programme\Mozilla Firefox\firefox.exe
668 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
2628 C:\Dokumente und Einstellungen\Mirau\Desktop\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000 (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000020`a686b200 (NTFS)
PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.AAF
Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
Done!
|
|
04.03.2011, 23:02
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ieframe.dll acr_error Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.03.2011, 11:46
| #12 |
| | ieframe.dll acr_error hier schonmal malewarebytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 5972
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
06.03.2011 11:45:06
mbam-log-2011-03-06 (11-45-06).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 262948
Laufzeit: 1 Stunde(n), 50 Minute(n), 53 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
|
|
06.03.2011, 14:24
| #13 |
| | ieframe.dll acr_errorCode:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 03/06/2011 at 02:11 PM
Application Version : 4.49.1000
Core Rules Database Version : 6538
Trace Rules Database Version: 4350
Scan type : Complete Scan
Total Scan Time : 02:16:35
Memory items scanned : 500
Memory threats detected : 0
Registry items scanned : 7384
Registry threats detected : 5
File items scanned : 181754
File threats detected : 6
Adware.IST/ISTBar (Slotch Bar)
HKCR\Pugi.PugiObj
HKCR\Pugi.PugiObj\CLSID
HKCR\Pugi.PugiObj\CurVer
HKCR\Pugi.PugiObj.1
HKCR\Pugi.PugiObj.1\CLSID
Adware.Tracking Cookie
www.naiadsystems.com [ C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\BFGTW76Z ]
agf.com [ C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\BFGTW76Z ]
Trojan.Agent/Gen-FakeDrop
C:\PROGRAMME\UNINSTAL_STRECKENEDITOR.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DF01F75A-8918-4465-A337-7FE57BB2E57D}\RP605\A0863095.EXE
D:\SYSTEM VOLUME INFORMATION\_RESTORE{DF01F75A-8918-4465-A337-7FE57BB2E57D}\RP610\A0864382.EXE
Trojan.Agent/Gen-FakeAV
C:\PROGRAMME\WINRAR\DEFAULT.SFX
|
|
07.03.2011, 15:56
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | ieframe.dll acr_error Nur Überreste und Cookies, ist harmlos. Noch Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.03.2011, 17:33
| #15 |
| | ieframe.dll acr_error nö zur zeit ist alles wieder schick... hoffentlich brauch ich hier nich nochmal hilfe  tolles forum! |
|
| Themen zu ieframe.dll acr_error |
| anti-malware, computer, error, explorer, gmx, google, icq, ie7, ieframe.dll, internet, internet explorer, live, meldung, messenger, nicht mehr, problem, probleme, programm, programme, registerkarte, seite, seiten, windows, windows live, youtube, öffnen |
Linear-Darstellung
