Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: ieframe.dll acr_error

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 27.02.2011, 17:00   #1
Danny01
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



hallo.

ich habe mir heut dummerweise auf einer forenseite irgendwas eingefangen.
Die hab ich öfter besucht, aber nie war etwas. Google hat zwar vorher gewarnt aber ich hab mir nix bei gedacht. mein Virenprogramm hat nix gemeldet, der Internet Explorer reagierte nicht mehr, als ich ihn nochmal gestartet habe, kam oben in der adressleiste res://ieframe.dll.acr_error und dahinter die startseite. und eine meldung kommt "EIn Problem mit der Website hat bewirkt das die Registerkarte wiederherrgestellt wurde"

wenn ich den IE ohne add-ons ausführe gehen nur sehr einfache seiten wie selbsterstellte foren oder so, google, youtube, gmx usw. gehen z.b. nicht.(habe Windows XP)

Alle Programme die sich mit dem Internet verbinden gehen nicht, sie öffnen sich für einen bruchteil einer sekunde und schliessen sich dann einfach, ohne fehlermeldung. ICQ, Skype, Windows Live Messenger, softonic-downloader... MMO's gehen noch teilweise.

Mit Firefox/Opera komm ich ohne probleme ins Internet. auf den IE kann ich verzichten, aber halt nicht auf die oben genannten dinge. Ich hab schon deeinstalliert/neuinstalliert den IE7, IE8 ausprobiert, hat nix gebracht.

ich hab gerade einen Vollscan von Anti-Malware zu laufen, dauert warscheinlich noch.

hilfe wäre nicht schlecht, bin ein ziemlicher narr was computer angeht

hab 2 Scans mit Malwarebytes jetzt gemacht

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 5892
 
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
 
27.02.2011 14:42:51
mbam-log-2011-02-27 (14-42-48).txt
 
Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 143121
Laufzeit: 12 Minute(n), 22 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
hab den gefunden eintrag löschen lassen und beim vollscan hat er dann nix mehr gefunden.
Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
 
Datenbank Version: 5892
 
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
 
27.02.2011 17:47:36
mbam-log-2011-02-27 (17-47-36).txt
 
Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 337993
Laufzeit: 2 Stunde(n), 43 Minute(n), 59 Sekunde(n)
 
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
 
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
 
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
 
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
 
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
problem besteht weiterhin...

Alt 28.02.2011, 14:31   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



Systemscan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 28.02.2011, 18:11   #3
Danny01
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



OTL.txt

Code:
ATTFilter
OTL logfile created on: 28.02.2011 17:51:20 - Run 2
OTL by OldTimer - Version 3.2.22.2     Folder = C:\Dokumente und Einstellungen\Mirau\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 130,59 Gb Total Space | 21,66 Gb Free Space | 16,59% Space Free | Partition Type: NTFS
Drive D: | 102,27 Gb Total Space | 18,87 Gb Free Space | 18,45% Space Free | Partition Type: NTFS
Drive E: | 7,72 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MIRAU-1 | User Name: Mirau | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Dokumente und Einstellungen\Mirau\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe (Kaspersky Lab ZAO)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe (Logitech, Inc.)
PRC - C:\Programme\Ahead\InCD\InCDsrv.exe (Ahead Software AG)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Dokumente und Einstellungen\Mirau\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll (Microsoft Corporation)
MOD - C:\Programme\Logitech\SetPoint\lgscroll.dll (Logitech, Inc.)
MOD - C:\Programme\Logitech\SetPoint\GameHook.dll (Logitech, Inc.)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (McComponentHostService) --  File not found
SRV - (ICQ Service) --  File not found
SRV - (AppMgmt) --  File not found
SRV - (nosGetPlusHelper) getPlus(R) -- C:\Programme\NOS\bin\getPlus_Helper_3004.dll (NOS Microsystems Ltd.)
SRV - (AVP) -- C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (Fabs) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (wlidsvc) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware)
SRV - (odserv) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (Messenger) -- C:\WINDOWS\system32\msgsvc.dll ()
SRV - (LBTServ) -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (InCDsrvR) InCD Helper (read only) -- C:\Programme\Ahead\InCD\InCDsrv.exe (Ahead Software AG)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (kl1) -- C:\WINDOWS\system32\DRIVERS\kl1.sys ()
DRV - (klim5) -- C:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab ZAO)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (klmouflt) -- C:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (NdisWan) -- C:\WINDOWS\system32\drivers\ndiswan.sys ()
DRV - (irda) -- C:\WINDOWS\system32\drivers\irda.sys ()
DRV - (FltMgr) -- C:\WINDOWS\system32\drivers\fltmgr.sys ()
DRV - (MRxDAV) -- C:\WINDOWS\system32\drivers\mrxdav.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation                           )
DRV - (LUsbFilt) -- C:\WINDOWS\system32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV - (LMouKE) -- C:\WINDOWS\system32\drivers\LMouKE.Sys (Logitech, Inc.)
DRV - (LMouFilt) -- C:\WINDOWS\system32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV - (LHidFilt) -- C:\WINDOWS\system32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV - (L8042mou) -- C:\WINDOWS\system32\drivers\L8042mou.Sys (Logitech, Inc.)
DRV - (L8042Kbd) -- C:\WINDOWS\system32\drivers\L8042Kbd.sys (Logitech, Inc.)
DRV - (InCDPass) -- C:\WINDOWS\system32\drivers\InCDpass.sys (Ahead Software AG)
DRV - (InCDfs) -- C:\WINDOWS\System32\drivers\InCDfs.sys (Ahead Software AG)
DRV - (incdrm) -- C:\WINDOWS\System32\drivers\InCDrm.sys (Ahead Software AG)
DRV - (GVCplDrv) -- C:\WINDOWS\System32\drivers\GVCplDrv.sys ()
DRV - (cdrmkaun) -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Temp\cdrmkaun.sys ()
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.gmx.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 30 A5 00 6E 51 C5 CB 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.7
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.97
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q="
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Programme\Mozilla Firefox\components [2010.12.29 15:33:50 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2010.12.20 18:41:27 | 000,000,000 | ---D | M]
 
[2010.07.26 23:39:30 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Extensions
[2009.09.14 12:28:51 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\extensions
[2009.09.14 12:28:51 | 000,000,000 | ---D | M] ("Ask Toolbar for Firefox") -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D}
[2011.02.26 21:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\extensions
[2011.01.10 20:14:05 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010.12.19 23:12:33 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2010.09.23 21:15:45 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011.02.17 19:23:47 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011.01.23 18:52:59 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011.02.25 19:33:30 | 000,000,950 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\searchplugins\icqplugin-1.xml
[2011.01.10 19:28:23 | 000,001,056 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\searchplugins\icqplugin.xml
[2011.02.26 21:48:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2010.10.23 19:01:08 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010.12.18 16:09:10 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
[2010.12.18 16:09:08 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
[2010.10.27 06:44:13 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010.10.27 06:44:13 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2010.10.27 06:44:13 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010.10.27 06:44:13 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010.10.27 06:44:13 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004.08.04 13:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Programme\Google\GoogleToolbar1.dll (Google Germany GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} -  File not found
O3 - HKCU\..\Toolbar\WebBrowser: (Gutscheinmieze) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} -  File not found
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe (Kaspersky Lab ZAO)
O4 - HKLM..\Run: [ICQ Lite]  File not found
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [SpyHunter Security Suite]  File not found
O4 - HKLM..\Run: [TrayServer] C:\Programme\MAGIX\Video_deluxe_17_Download-Version\Trayserver.exe (MAGIX AG)
O4 - HKCU..\Run: [ICQ]  File not found
O4 - HKCU..\Run: [igndlm.exe] C:\Programme\Download Manager\DLM.exe (IGN Entertainment)
O4 - HKCU..\Run: [Pando Media Booster] C:\Programme\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RGSC] D:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk =  File not found
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Mirau\Startmenü\Programme\Autostart\OpenOffice.org 3.0.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll (Kaspersky Lab ZAO)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1229420646859 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.78.160.2 80.78.162.2
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL ()
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~1\kloehk.dll) -  File not found
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~3\mzvkbd3.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\mzvkbd3.dll (Kaspersky Lab ZAO)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~3\kloehk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\kloehk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.15 17:37:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.12.15 11:38:53 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.03.23 16:07:00 | 000,152,968 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.03.15 17:17:45 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010.03.23 16:07:00 | 000,152,968 | R--- | M] (Take-Two Interactive Software, Inc.)
O34 - HKLM BootExecute: (autocheck autochk /k:CDEFGHIJK *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.02.28 17:49:17 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mirau\Desktop\OTL.exe
[2011.02.27 17:09:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\SecondLife
[2011.02.27 17:09:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\SecondLife
[2011.02.27 16:05:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Second Life Viewer 2
[2011.02.27 16:04:44 | 000,000,000 | ---D | C] -- C:\Programme\SecondLifeViewer2
[2011.02.27 13:54:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011.02.19 23:30:14 | 000,438,272 | ---- | C] (On2.com) -- C:\WINDOWS\System32\vp6vfw.dll
[2011.02.19 23:26:20 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\WINDOWS\System32\nbDX.dll
[2011.02.19 23:26:20 | 000,186,880 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLOgg.ax
[2011.02.19 23:26:20 | 000,179,200 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\DiracSplitter.ax
[2011.02.19 23:26:20 | 000,169,472 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\MatroskaDX.ax
[2011.02.19 23:26:20 | 000,163,328 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\flvDX.dll
[2011.02.19 23:26:20 | 000,161,792 | RHS- | C] (Gabest) -- C:\WINDOWS\System32\RealMediaDX.ax
[2011.02.19 23:26:20 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\WINDOWS\System32\AVCDX.ax
[2011.02.19 23:26:20 | 000,092,672 | RHS- | C] (RadLight) -- C:\WINDOWS\System32\RLVorbisDec.ax
[2011.02.19 23:26:20 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSSplitter.ax
[2011.02.19 23:26:20 | 000,090,112 | RHS- | C] (-) -- C:\WINDOWS\System32\TTADSDecoder.ax
[2011.02.19 23:26:20 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\WINDOWS\System32\RLTheoraDec.ax
[2011.02.19 23:26:20 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\WINDOWS\System32\msfDX.dll
[2011.02.19 23:26:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\SUPER © v2011.build.46 (Feb 12, 2011)
[2011.02.19 23:20:23 | 000,000,000 | ---D | C] -- C:\Programme\eRightSoft
[2011.02.06 15:33:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2011.01.30 22:33:15 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Startmenü\Programme\Fraps
[2011.01.30 22:24:40 | 000,000,000 | ---D | C] -- C:\Programme\Game Cam XPress
[2011.01.30 22:24:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Startmenü\Programme\Game Cam XPress
[2011.01.30 22:11:44 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\gctmp
[2011.01.30 22:11:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\Xenocode
[2011.01.30 22:11:22 | 000,000,000 | ---D | C] -- C:\Programme\myGamersCam
[2011.01.30 22:11:22 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Startmenü\Programme\myGamersCam
[2011.01.30 22:02:17 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\WeGame
[2011.01.30 22:02:00 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\WeGame
[2011.01.30 22:01:56 | 000,488,800 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Ltkrn15u.dll
[2011.01.30 22:01:56 | 000,390,496 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Lfcmp15u.dll
[2011.01.30 22:01:56 | 000,185,688 | ---- | C] (LEAD Technologies, Inc.) -- C:\WINDOWS\System32\Ltfil15u.dll
[2011.01.30 22:01:56 | 000,000,000 | ---D | C] -- C:\Programme\WeGame
[2011.01.30 22:01:56 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\WeGame
[2011.01.30 21:57:09 | 000,000,000 | ---D | C] -- C:\Fraps
[2011.01.30 21:40:57 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\CamStudio
[2011.01.30 21:40:54 | 000,000,000 | ---D | C] -- C:\Programme\CamStudio
[2010.06.02 05:22:02 | 000,089,944 | ---- | C] (Microsoft Corporation) -- C:\Programme\DSETUP.dll
[2010.01.30 18:36:34 | 000,563,872 | ---- | C] (Google Inc.) -- C:\Programme\GoogleEarthSetup.exe
[2009.12.19 12:57:55 | 074,326,512 | ---- | C] (Kaspersky Lab) -- C:\Programme\kis9.0.0.736deDACH.exe
[2009.05.26 15:40:18 | 020,617,000 | ---- | C] (Skype Technologies S.A.) -- C:\Programme\SkypeSetupFull.exe
[2008.12.18 20:28:37 | 000,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Programme\RngInterstitial.dll
[2008.12.16 18:13:04 | 068,756,776 | ---- | C] (Apple Inc.) -- C:\Programme\iTunesSetup.exe
[7 D:\Beate\Eigene Dateien\*.tmp files -> D:\Beate\Eigene Dateien\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.02.28 17:48:43 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Mirau\Desktop\OTL.exe
[2011.02.28 17:38:06 | 000,236,041 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2011.02.28 17:38:01 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.02.28 17:38:00 | 000,000,464 | ---- | M] () -- C:\WINDOWS\tasks\SDMsgUpdate (TE).job
[2011.02.28 17:35:48 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.02.28 17:35:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.02.27 20:32:01 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.02.27 14:26:18 | 000,000,756 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.27 14:02:51 | 000,462,664 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011.02.27 14:02:51 | 000,444,342 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.02.27 14:02:51 | 000,085,684 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011.02.27 14:02:51 | 000,072,218 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.02.27 13:56:59 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.02.26 15:15:14 | 000,170,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.25 21:30:58 | 000,001,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\Trillian.lnk
[2011.02.24 19:33:50 | 000,088,232 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.02.20 17:14:22 | 000,009,168 | ---- | M] () -- D:\Beate\Eigene Dateien\Tagplane.odt
[2011.02.19 23:26:20 | 000,000,733 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPER ©.lnk
[2011.02.19 23:16:43 | 000,367,304 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.02.19 23:01:54 | 000,000,368 | ---- | M] () -- C:\WINDOWS\spr1042
[2011.02.19 23:00:20 | 000,018,239 | ---- | M] () -- D:\Beate\Eigene Dateien\Wargieeeeee.odt
[2011.02.17 20:20:17 | 000,000,679 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\DSC02041.lnk
[2011.02.17 20:19:27 | 000,000,504 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\Mejo.lnk
[2011.02.01 22:25:30 | 000,000,691 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\NRVE.lnk
[2011.02.01 22:24:52 | 000,000,688 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\White.lnk
[2011.01.30 22:33:15 | 000,000,478 | ---- | M] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\Fraps.lnk
[2011.01.30 21:40:58 | 000,000,661 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CamStudio.lnk
[7 D:\Beate\Eigene Dateien\*.tmp files -> D:\Beate\Eigene Dateien\*.tmp -> ]
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.02.27 14:26:18 | 000,000,756 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.02.27 14:02:48 | 000,000,783 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Startmenü\Programme\Internet Explorer.lnk
[2011.02.20 14:26:12 | 000,009,168 | ---- | C] () -- D:\Beate\Eigene Dateien\Tagplane.odt
[2011.02.19 23:30:15 | 000,000,038 | -HS- | C] () -- C:\WINDOWS\camcodec100.ini
[2011.02.19 23:30:15 | 000,000,028 | -HS- | C] () -- C:\WINDOWS\lagarith.ini
[2011.02.19 23:26:20 | 000,227,328 | RHS- | C] () -- C:\WINDOWS\System32\ac3DX.ax
[2011.02.19 23:26:20 | 000,175,104 | RHS- | C] () -- C:\WINDOWS\System32\CoreAAC.ax
[2011.02.19 23:26:20 | 000,120,832 | RHS- | C] () -- C:\WINDOWS\System32\MPCDx.ax
[2011.02.19 23:26:20 | 000,107,520 | RHS- | C] () -- C:\WINDOWS\System32\RLMPCDec.ax
[2011.02.19 23:26:20 | 000,097,280 | RHS- | C] () -- C:\WINDOWS\System32\FLACDX.ax
[2011.02.19 23:26:20 | 000,081,920 | RHS- | C] () -- C:\WINDOWS\System32\aac_parser.ax
[2011.02.19 23:26:20 | 000,070,656 | RHS- | C] () -- C:\WINDOWS\System32\RLAPEDec.ax
[2011.02.19 23:26:20 | 000,051,712 | RHS- | C] () -- C:\WINDOWS\System32\RLSpeexDec.ax
[2011.02.19 23:26:20 | 000,000,733 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\SUPER ©.lnk
[2011.02.19 23:01:19 | 000,000,368 | ---- | C] () -- C:\WINDOWS\spr1042
[2011.02.17 20:20:17 | 000,000,679 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\DSC02041.lnk
[2011.02.17 20:19:27 | 000,000,504 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\Mejo.lnk
[2011.02.01 22:25:30 | 000,000,691 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\NRVE.lnk
[2011.02.01 22:24:52 | 000,000,688 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\White.lnk
[2011.01.30 21:57:09 | 000,000,478 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Desktop\Fraps.lnk
[2011.01.30 21:40:58 | 000,000,661 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\CamStudio.lnk
[2010.10.14 01:36:44 | 000,179,263 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2010.09.28 11:50:25 | 000,001,441 | ---- | C] () -- C:\WINDOWS\cxzv_bfw32.ini
[2010.07.29 22:31:05 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2010.07.28 01:40:56 | 003,386,112 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2010.07.27 17:11:39 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\NCMedia2.dll
[2010.07.27 17:11:39 | 000,758,018 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010.07.27 17:11:39 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010.07.26 23:39:21 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.07.26 22:53:15 | 000,088,232 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010.06.02 05:22:54 | 001,412,902 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x64.cab
[2010.06.02 05:22:54 | 001,127,217 | ---- | C] () -- C:\Programme\OCT2006_d3dx9_31_x86.cab
[2010.06.02 05:22:54 | 000,273,960 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x64.cab
[2010.06.02 05:22:54 | 000,272,611 | ---- | C] () -- C:\Programme\Nov2008_XAudio_x86.cab
[2010.06.02 05:22:54 | 000,182,361 | ---- | C] () -- C:\Programme\OCT2006_XACT_x64.cab
[2010.06.02 05:22:54 | 000,138,017 | ---- | C] () -- C:\Programme\OCT2006_XACT_x86.cab
[2010.06.02 05:22:54 | 000,086,037 | ---- | C] () -- C:\Programme\Oct2005_xinput_x64.cab
[2010.06.02 05:22:54 | 000,045,359 | ---- | C] () -- C:\Programme\Oct2005_xinput_x86.cab
[2010.06.02 05:22:52 | 001,906,878 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x64.cab
[2010.06.02 05:22:52 | 001,550,796 | ---- | C] () -- C:\Programme\Nov2008_d3dx9_40_x86.cab
[2010.06.02 05:22:52 | 000,965,421 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x86.cab
[2010.06.02 05:22:52 | 000,121,794 | ---- | C] () -- C:\Programme\Nov2008_XACT_x64.cab
[2010.06.02 05:22:52 | 000,092,684 | ---- | C] () -- C:\Programme\Nov2008_XACT_x86.cab
[2010.06.02 05:22:52 | 000,054,522 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x64.cab
[2010.06.02 05:22:52 | 000,021,851 | ---- | C] () -- C:\Programme\Nov2008_X3DAudio_x86.cab
[2010.06.02 05:22:50 | 000,994,154 | ---- | C] () -- C:\Programme\Nov2008_d3dx10_40_x64.cab
[2010.06.02 05:22:50 | 000,196,762 | ---- | C] () -- C:\Programme\NOV2007_XACT_x64.cab
[2010.06.02 05:22:50 | 000,148,264 | ---- | C] () -- C:\Programme\NOV2007_XACT_x86.cab
[2010.06.02 05:22:50 | 000,046,144 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x64.cab
[2010.06.02 05:22:50 | 000,018,496 | ---- | C] () -- C:\Programme\NOV2007_X3DAudio_x86.cab
[2010.06.02 05:22:48 | 001,802,058 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x64.cab
[2010.06.02 05:22:48 | 001,709,360 | ---- | C] () -- C:\Programme\Nov2007_d3dx9_36_x86.cab
[2010.06.02 05:22:48 | 000,864,600 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x64.cab
[2010.06.02 05:22:48 | 000,803,884 | ---- | C] () -- C:\Programme\Nov2007_d3dx10_36_x86.cab
[2010.06.02 05:22:48 | 000,273,018 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x86.cab
[2010.06.02 05:22:46 | 000,275,044 | ---- | C] () -- C:\Programme\Mar2009_XAudio_x64.cab
[2010.06.02 05:22:46 | 000,121,506 | ---- | C] () -- C:\Programme\Mar2009_XACT_x64.cab
[2010.06.02 05:22:46 | 000,092,740 | ---- | C] () -- C:\Programme\Mar2009_XACT_x86.cab
[2010.06.02 05:22:38 | 000,054,600 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x64.cab
[2010.06.02 05:22:38 | 000,021,298 | ---- | C] () -- C:\Programme\Mar2009_X3DAudio_x86.cab
[2010.06.02 05:22:36 | 001,973,702 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x64.cab
[2010.06.02 05:22:36 | 001,612,446 | ---- | C] () -- C:\Programme\Mar2009_d3dx9_41_x86.cab
[2010.06.02 05:22:36 | 001,067,160 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x64.cab
[2010.06.02 05:22:36 | 001,040,745 | ---- | C] () -- C:\Programme\Mar2009_d3dx10_41_x86.cab
[2010.06.02 05:22:36 | 000,251,194 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x64.cab
[2010.06.02 05:22:36 | 000,226,250 | ---- | C] () -- C:\Programme\Mar2008_XAudio_x86.cab
[2010.06.02 05:22:36 | 000,122,336 | ---- | C] () -- C:\Programme\Mar2008_XACT_x64.cab
[2010.06.02 05:22:36 | 000,093,734 | ---- | C] () -- C:\Programme\Mar2008_XACT_x86.cab
[2010.06.02 05:22:34 | 001,769,862 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x64.cab
[2010.06.02 05:22:34 | 001,443,282 | ---- | C] () -- C:\Programme\Mar2008_d3dx9_37_x86.cab
[2010.06.02 05:22:34 | 000,818,260 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x86.cab
[2010.06.02 05:22:34 | 000,055,058 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x64.cab
[2010.06.02 05:22:34 | 000,021,867 | ---- | C] () -- C:\Programme\Mar2008_X3DAudio_x86.cab
[2010.06.02 05:22:32 | 000,937,246 | ---- | C] () -- C:\Programme\Jun2010_d3dx9_43_x64.cab
[2010.06.02 05:22:32 | 000,844,884 | ---- | C] () -- C:\Programme\Mar2008_d3dx10_37_x64.cab
[2010.06.02 05:22:32 | 000,768,036 | ---- | C] () -- C:\Programme\Jun2010_d3dx9_43_x86.cab
[2010.06.02 05:22:32 | 000,278,060 | ---- | C] () -- C:\Programme\Jun2010_XAudio_x86.cab
[2010.06.02 05:22:32 | 000,277,338 | ---- | C] () -- C:\Programme\Jun2010_XAudio_x64.cab
[2010.06.02 05:22:32 | 000,124,596 | ---- | C] () -- C:\Programme\Jun2010_XACT_x64.cab
[2010.06.02 05:22:32 | 000,093,686 | ---- | C] () -- C:\Programme\Jun2010_XACT_x86.cab
[2010.06.02 05:22:30 | 000,762,188 | ---- | C] () -- C:\Programme\Jun2010_d3dcsx_43_x86.cab
[2010.06.02 05:22:30 | 000,235,955 | ---- | C] () -- C:\Programme\Jun2010_d3dx10_43_x64.cab
[2010.06.02 05:22:30 | 000,197,283 | ---- | C] () -- C:\Programme\Jun2010_d3dx10_43_x86.cab
[2010.06.02 05:22:30 | 000,138,205 | ---- | C] () -- C:\Programme\Jun2010_d3dx11_43_x64.cab
[2010.06.02 05:22:30 | 000,109,445 | ---- | C] () -- C:\Programme\Jun2010_d3dx11_43_x86.cab
[2010.06.02 05:22:28 | 000,944,460 | ---- | C] () -- C:\Programme\Jun2010_D3DCompiler_43_x64.cab
[2010.06.02 05:22:28 | 000,931,471 | ---- | C] () -- C:\Programme\Jun2010_D3DCompiler_43_x86.cab
[2010.06.02 05:22:28 | 000,752,783 | ---- | C] () -- C:\Programme\Jun2010_d3dcsx_43_x64.cab
[2010.06.02 05:22:20 | 000,269,024 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x86.cab
[2010.06.02 05:22:18 | 001,792,608 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x64.cab
[2010.06.02 05:22:18 | 001,463,878 | ---- | C] () -- C:\Programme\JUN2008_d3dx9_38_x86.cab
[2010.06.02 05:22:18 | 000,867,828 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x64.cab
[2010.06.02 05:22:18 | 000,849,919 | ---- | C] () -- C:\Programme\JUN2008_d3dx10_38_x86.cab
[2010.06.02 05:22:18 | 000,269,628 | ---- | C] () -- C:\Programme\JUN2008_XAudio_x64.cab
[2010.06.02 05:22:18 | 000,152,909 | ---- | C] () -- C:\Programme\JUN2007_XACT_x86.cab
[2010.06.02 05:22:18 | 000,121,054 | ---- | C] () -- C:\Programme\JUN2008_XACT_x64.cab
[2010.06.02 05:22:18 | 000,093,128 | ---- | C] () -- C:\Programme\JUN2008_XACT_x86.cab
[2010.06.02 05:22:18 | 000,055,154 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x64.cab
[2010.06.02 05:22:18 | 000,021,905 | ---- | C] () -- C:\Programme\JUN2008_X3DAudio_x86.cab
[2010.06.02 05:22:16 | 001,607,774 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x64.cab
[2010.06.02 05:22:16 | 001,607,286 | ---- | C] () -- C:\Programme\JUN2007_d3dx9_34_x86.cab
[2010.06.02 05:22:16 | 001,064,925 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x86.cab
[2010.06.02 05:22:16 | 000,699,044 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x64.cab
[2010.06.02 05:22:16 | 000,698,472 | ---- | C] () -- C:\Programme\JUN2007_d3dx10_34_x86.cab
[2010.06.02 05:22:16 | 000,197,122 | ---- | C] () -- C:\Programme\JUN2007_XACT_x64.cab
[2010.06.02 05:22:16 | 000,180,785 | ---- | C] () -- C:\Programme\JUN2006_XACT_x64.cab
[2010.06.02 05:22:16 | 000,133,671 | ---- | C] () -- C:\Programme\JUN2006_XACT_x86.cab
[2010.06.02 05:22:14 | 001,336,002 | ---- | C] () -- C:\Programme\Jun2005_d3dx9_26_x64.cab
[2010.06.02 05:22:14 | 000,277,191 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x86.cab
[2010.06.02 05:22:14 | 000,276,960 | ---- | C] () -- C:\Programme\Feb2010_XAudio_x64.cab
[2010.06.02 05:22:14 | 000,122,446 | ---- | C] () -- C:\Programme\Feb2010_XACT_x64.cab
[2010.06.02 05:22:14 | 000,093,180 | ---- | C] () -- C:\Programme\Feb2010_XACT_x86.cab
[2010.06.02 05:22:12 | 000,194,675 | ---- | C] () -- C:\Programme\FEB2007_XACT_x64.cab
[2010.06.02 05:22:12 | 000,147,983 | ---- | C] () -- C:\Programme\FEB2007_XACT_x86.cab
[2010.06.02 05:22:12 | 000,054,678 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x64.cab
[2010.06.02 05:22:12 | 000,020,713 | ---- | C] () -- C:\Programme\Feb2010_X3DAudio_x86.cab
[2010.06.02 05:22:10 | 000,178,359 | ---- | C] () -- C:\Programme\Feb2006_XACT_x64.cab
[2010.06.02 05:22:10 | 000,132,409 | ---- | C] () -- C:\Programme\Feb2006_XACT_x86.cab
[2010.06.02 05:22:04 | 001,084,720 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x86.cab
[2010.06.02 05:22:02 | 001,801,048 | ---- | C] () -- C:\Programme\dsetup32.dll
[2010.06.02 05:22:02 | 001,574,376 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x86.cab
[2010.06.02 05:22:02 | 001,362,796 | ---- | C] () -- C:\Programme\Feb2006_d3dx9_29_x64.cab
[2010.06.02 05:22:02 | 001,247,499 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x64.cab
[2010.06.02 05:22:02 | 001,013,225 | ---- | C] () -- C:\Programme\Feb2005_d3dx9_24_x86.cab
[2010.06.02 05:22:02 | 000,537,432 | ---- | C] () -- C:\Programme\DXSETUP.exe
[2010.06.02 05:22:02 | 000,192,475 | ---- | C] () -- C:\Programme\DEC2006_XACT_x64.cab
[2010.06.02 05:22:02 | 000,145,599 | ---- | C] () -- C:\Programme\DEC2006_XACT_x86.cab
[2010.06.02 05:22:02 | 000,094,011 | ---- | C] () -- C:\Programme\dxupdate.cab
[2010.06.02 05:22:02 | 000,042,410 | ---- | C] () -- C:\Programme\dxdllreg_x86.cab
[2010.06.02 05:22:00 | 001,571,154 | ---- | C] () -- C:\Programme\DEC2006_d3dx9_32_x64.cab
[2010.06.02 05:22:00 | 001,357,976 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x64.cab
[2010.06.02 05:22:00 | 001,079,456 | ---- | C] () -- C:\Programme\Dec2005_d3dx9_28_x86.cab
[2010.06.02 05:22:00 | 000,273,264 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x64.cab
[2010.06.02 05:22:00 | 000,272,642 | ---- | C] () -- C:\Programme\Aug2009_XAudio_x86.cab
[2010.06.02 05:22:00 | 000,212,807 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x64.cab
[2010.06.02 05:22:00 | 000,191,720 | ---- | C] () -- C:\Programme\DEC2006_d3dx10_00_x86.cab
[2010.06.02 05:22:00 | 000,122,408 | ---- | C] () -- C:\Programme\Aug2009_XACT_x64.cab
[2010.06.02 05:22:00 | 000,093,106 | ---- | C] () -- C:\Programme\Aug2009_XACT_x86.cab
[2010.06.02 05:21:58 | 000,930,116 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x64.cab
[2010.06.02 05:21:58 | 000,728,456 | ---- | C] () -- C:\Programme\Aug2009_d3dx9_42_x86.cab
[2010.06.02 05:21:58 | 000,232,635 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x64.cab
[2010.06.02 05:21:58 | 000,192,131 | ---- | C] () -- C:\Programme\Aug2009_d3dx10_42_x86.cab
[2010.06.02 05:21:58 | 000,136,301 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x64.cab
[2010.06.02 05:21:58 | 000,105,044 | ---- | C] () -- C:\Programme\Aug2009_d3dx11_42_x86.cab
[2010.06.02 05:21:56 | 003,319,740 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x86.cab
[2010.06.02 05:21:56 | 003,112,111 | ---- | C] () -- C:\Programme\Aug2009_d3dcsx_42_x64.cab
[2010.06.02 05:21:56 | 000,900,598 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x86.cab
[2010.06.02 05:21:46 | 000,919,044 | ---- | C] () -- C:\Programme\Aug2009_D3DCompiler_42_x64.cab
[2010.06.02 05:21:46 | 000,271,412 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x64.cab
[2010.06.02 05:21:46 | 000,271,038 | ---- | C] () -- C:\Programme\Aug2008_XAudio_x86.cab
[2010.06.02 05:21:44 | 001,794,084 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x64.cab
[2010.06.02 05:21:44 | 001,464,672 | ---- | C] () -- C:\Programme\Aug2008_d3dx9_39_x86.cab
[2010.06.02 05:21:44 | 000,849,167 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x86.cab
[2010.06.02 05:21:44 | 000,198,096 | ---- | C] () -- C:\Programme\AUG2007_XACT_x64.cab
[2010.06.02 05:21:44 | 000,153,012 | ---- | C] () -- C:\Programme\AUG2007_XACT_x86.cab
[2010.06.02 05:21:44 | 000,121,772 | ---- | C] () -- C:\Programme\Aug2008_XACT_x64.cab
[2010.06.02 05:21:44 | 000,092,996 | ---- | C] () -- C:\Programme\Aug2008_XACT_x86.cab
[2010.06.02 05:21:42 | 001,800,160 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x64.cab
[2010.06.02 05:21:42 | 001,708,152 | ---- | C] () -- C:\Programme\AUG2007_d3dx9_35_x86.cab
[2010.06.02 05:21:42 | 000,867,612 | ---- | C] () -- C:\Programme\Aug2008_d3dx10_39_x64.cab
[2010.06.02 05:21:42 | 000,852,286 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x64.cab
[2010.06.02 05:21:42 | 000,796,867 | ---- | C] () -- C:\Programme\AUG2007_d3dx10_35_x86.cab
[2010.06.02 05:21:40 | 001,350,542 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x64.cab
[2010.06.02 05:21:40 | 001,077,644 | ---- | C] () -- C:\Programme\Aug2005_d3dx9_27_x86.cab
[2010.06.02 05:21:40 | 000,182,903 | ---- | C] () -- C:\Programme\AUG2006_XACT_x64.cab
[2010.06.02 05:21:40 | 000,137,235 | ---- | C] () -- C:\Programme\AUG2006_XACT_x86.cab
[2010.06.02 05:21:40 | 000,087,142 | ---- | C] () -- C:\Programme\AUG2006_xinput_x64.cab
[2010.06.02 05:21:40 | 000,053,302 | ---- | C] () -- C:\Programme\APR2007_xinput_x86.cab
[2010.06.02 05:21:40 | 000,046,058 | ---- | C] () -- C:\Programme\AUG2006_xinput_x86.cab
[2010.06.02 05:21:38 | 001,606,039 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x86.cab
[2010.06.02 05:21:38 | 000,195,766 | ---- | C] () -- C:\Programme\APR2007_XACT_x64.cab
[2010.06.02 05:21:38 | 000,151,225 | ---- | C] () -- C:\Programme\APR2007_XACT_x86.cab
[2010.06.02 05:21:38 | 000,096,817 | ---- | C] () -- C:\Programme\APR2007_xinput_x64.cab
[2010.06.02 05:21:36 | 001,607,358 | ---- | C] () -- C:\Programme\APR2007_d3dx9_33_x64.cab
[2010.06.02 05:21:36 | 000,698,612 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x64.cab
[2010.06.02 05:21:36 | 000,695,865 | ---- | C] () -- C:\Programme\APR2007_d3dx10_33_x86.cab
[2010.06.02 05:21:34 | 000,046,010 | ---- | C] () -- C:\Programme\Apr2006_xinput_x86.cab
[2010.06.02 05:21:20 | 000,087,101 | ---- | C] () -- C:\Programme\Apr2006_xinput_x64.cab
[2010.06.02 05:21:18 | 004,162,630 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86_Archive.cab
[2010.06.02 05:21:18 | 000,916,430 | ---- | C] () -- C:\Programme\Apr2006_MDX1_x86.cab
[2010.06.02 05:21:18 | 000,179,133 | ---- | C] () -- C:\Programme\Apr2006_XACT_x64.cab
[2010.06.02 05:21:18 | 000,133,103 | ---- | C] () -- C:\Programme\Apr2006_XACT_x86.cab
[2010.06.02 05:21:16 | 001,397,830 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x64.cab
[2010.06.02 05:21:16 | 001,347,354 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x64.cab
[2010.06.02 05:21:16 | 001,115,221 | ---- | C] () -- C:\Programme\Apr2006_d3dx9_30_x86.cab
[2010.06.02 05:21:16 | 001,078,962 | ---- | C] () -- C:\Programme\Apr2005_d3dx9_25_x86.cab
[2010.05.13 12:35:05 | 000,000,061 | ---- | C] () -- C:\WINDOWS\AquadelicScreensaver.ini
[2010.02.03 13:18:17 | 002,822,232 | ---- | C] () -- C:\Programme\vbus.rar
[2010.02.03 12:15:29 | 006,166,150 | ---- | C] () -- C:\Programme\[vBusDepot]O407.rar
[2010.02.03 12:09:01 | 002,818,210 | ---- | C] () -- C:\Programme\vbus_a5e.rar
[2010.02.03 10:32:06 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2010.02.02 18:44:25 | 000,054,206 | ---- | C] () -- C:\Programme\Cockpit-Install_byIcestar05.exe
[2010.02.02 18:28:46 | 000,079,015 | ---- | C] () -- C:\Programme\Uninstal_Streckeneditor.exe
[2010.02.02 17:50:42 | 004,768,229 | ---- | C] () -- C:\Programme\hlm-gtasa.rar
[2010.02.02 17:30:56 | 001,850,882 | ---- | C] () -- C:\Programme\1227955348_pullmanbus.rar
[2009.12.23 13:45:20 | 025,543,559 | ---- | C] () -- C:\Programme\SantaIIDemo.zip
[2009.12.23 13:42:36 | 025,570,478 | ---- | C] () -- C:\Programme\Santa_Demo_Setup.exe
[2009.12.23 13:40:39 | 010,353,442 | ---- | C] () -- C:\Programme\santaclause_free.zip
[2009.12.01 12:12:49 | 103,809,024 | ---- | C] () -- C:\Programme\Mirkwood.part02.rar
[2009.10.27 18:19:36 | 395,045,070 | ---- | C] () -- C:\Programme\f-1mania38.exe
[2009.10.24 22:24:13 | 011,160,007 | ---- | C] () -- C:\Programme\Melbourne.mas
[2009.10.24 22:24:13 | 011,160,007 | ---- | C] () -- C:\Programme\2009_ALBERT_PARK.MAS.mas
[2009.10.24 15:16:28 | 000,000,548 | ---- | C] () -- C:\WINDOWS\eReg.dat
[2009.10.23 21:38:19 | 000,033,401 | ---- | C] () -- C:\Programme\peds.ide
[2009.10.23 19:55:50 | 003,079,744 | ---- | C] () -- C:\Programme\main.scm
[2009.10.23 19:55:50 | 000,575,488 | ---- | C] () -- C:\Programme\script.img
[2009.10.21 20:04:37 | 000,482,624 | ---- | C] () -- C:\Programme\smartdraw_11E_EAXVG_setup.exe
[2009.10.14 11:49:32 | 001,369,088 | ---- | C] () -- C:\Programme\CStats 1.0.msi
[2009.10.12 11:45:05 | 005,555,145 | ---- | C] () -- C:\Programme\LaunchGTAIV.zip
[2009.10.12 10:48:16 | 000,707,946 | ---- | C] () -- C:\Programme\Combat_Analyzer.rar
[2009.09.14 12:30:56 | 000,068,199 | ---- | C] () -- C:\Programme\s7-Notfahrplan_ab_09-09-2009.pdf
[2009.09.14 12:29:51 | 000,128,784 | ---- | C] () -- C:\Programme\s5-Notfahrplan_ab_09-09-2009.pdf
[2009.09.09 18:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009.08.21 09:25:25 | 000,010,346 | ---- | C] () -- C:\Programme\TLK53.jpg
[2009.07.31 11:03:22 | 010,440,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2009.07.22 10:53:46 | 000,000,760 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\setup_ldm.iss
[2009.07.17 11:48:30 | 000,001,100 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009.07.17 11:38:34 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009.06.10 16:17:32 | 020,834,386 | ---- | C] () -- C:\Programme\lotro_ledmirage_ui_eorlingas_v1.3.zip
[2009.06.10 15:19:53 | 011,211,630 | ---- | C] () -- C:\Programme\daimonui331.zip
[2009.06.10 08:29:34 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009.06.10 08:29:34 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009.06.10 08:29:34 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009.06.10 08:29:34 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009.06.10 08:29:34 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009.06.10 08:29:34 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009.06.10 08:29:32 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009.06.10 06:03:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009.05.26 15:44:10 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009.02.20 17:56:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2009.02.20 13:51:17 | 000,007,480 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\slot1.mm1
[2008.12.31 12:43:09 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008.12.25 18:51:07 | 008,213,504 | ---- | C] () -- C:\Programme\wz120gev.msi
[2008.12.19 15:25:16 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2008.12.18 21:48:43 | 000,000,282 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008.12.18 21:48:38 | 000,024,992 | ---- | C] () -- C:\WINDOWS\CTRES.DLL
[2008.12.18 21:42:30 | 000,023,040 | R--- | C] () -- C:\WINDOWS\System32\drivers\GVCplDrv.sys
[2008.12.18 21:27:49 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008.12.16 12:14:16 | 000,170,496 | ---- | C] () -- C:\Dokumente und Einstellungen\Mirau\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.12.16 10:18:10 | 000,114,243 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2008.12.16 10:18:10 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2008.12.16 10:17:54 | 007,257,632 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox.dat
[2008.12.16 10:17:54 | 001,220,640 | -HS- | C] () -- C:\WINDOWS\System32\drivers\fidbox2.dat
[2008.12.16 09:42:53 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.12.16 09:37:28 | 000,004,125 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008.12.16 09:37:26 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008.12.15 17:38:38 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.12.15 17:35:19 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.12.15 17:25:37 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.12.15 17:24:38 | 000,367,304 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.04.14 03:22:09 | 000,026,112 | ---- | C] () -- C:\WINDOWS\System32\dot3api.dll
[2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2006.11.02 17:10:16 | 000,080,912 | ---- | C] () -- C:\WINDOWS\System32\sherlock2.exe
[2004.08.04 13:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004.08.04 13:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004.08.04 13:00:00 | 000,462,664 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2004.08.04 13:00:00 | 000,444,342 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004.08.04 13:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004.08.04 13:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004.08.04 13:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004.08.04 13:00:00 | 000,085,684 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2004.08.04 13:00:00 | 000,072,218 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004.08.04 13:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004.08.04 13:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004.08.04 13:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004.08.04 13:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004.08.04 13:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004.08.04 13:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004.08.04 13:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999.01.22 17:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 205 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D2397415
@Alternate Data Stream - 192 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:743A8968

< End of report >
         
Extras.Txt.

Code:
ATTFilter
OTL Extras logfile created on: 28.02.2011 17:51:20 - Run 2
OTL by OldTimer - Version 3.2.22.2     Folder = C:\Dokumente und Einstellungen\Mirau\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 70,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 88,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 130,59 Gb Total Space | 21,66 Gb Free Space | 16,59% Space Free | Partition Type: NTFS
Drive D: | 102,27 Gb Total Space | 18,87 Gb Free Space | 18,45% Space Free | Partition Type: NTFS
Drive E: | 7,72 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: MIRAU-1 | User Name: Mirau | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"57297:TCP" = 57297:TCP:*:Enabled:Pando Media Booster
"57297:UDP" = 57297:UDP:*:Enabled:Pando Media Booster
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724
"6881:TCP" = 6881:TCP:*:Enabled:Blizzard Downloader: 6881
"57297:TCP" = 57297:TCP:*:Enabled:Pando Media Booster
"57297:UDP" = 57297:UDP:*:Enabled:Pando Media Booster
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
"D:\Neuer Ordner\ICQ7.2\ICQ.exe" = D:\Neuer Ordner\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
"D:\Neuer Ordner\ICQ7.2\aolload.exe" = D:\Neuer Ordner\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
"C:\Programme\ICQ7.3\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.3\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
"C:\Programme\ICQ7.3\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.3\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Codemasters\Der Herr der Ringe Online\lotroclient.exe" = C:\Programme\Codemasters\Der Herr der Ringe Online\lotroclient.exe:*:Enabled:lotroclient -- (Turbine, Inc.)
"C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat" = C:\Programme\EA GAMES\Die Schlacht um Mittelerde(tm)\game.dat:*:Enabled:Die Schlacht um Mittelerde -- ()
"C:\Programme\Firefly Studios\Stronghold Legends\StrongholdLegends.exe" = C:\Programme\Firefly Studios\Stronghold Legends\StrongholdLegends.exe:*:Enabled:Stronghold Legends -- (Firefly Studios)
"C:\Programme\Java\jre6\bin\java.exe" = C:\Programme\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat" = C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\game.dat:*:Enabled:Die Schlacht um Mittelerde™ II -- (Electronic Arts Inc.)
"C:\Programme\rFactor2\rFactor.exe" = C:\Programme\rFactor2\rFactor.exe:*:Enabled:rFactor
"C:\Programme\rFactor Kopie\rFactor.exe" = C:\Programme\rFactor Kopie\rFactor.exe:*:Enabled:rFactor
"C:\Programme\rFactor\rFactor.exe" = C:\Programme\rFactor\rFactor.exe:*:Enabled:rFactor
"C:\Programme\rFactor FSONE 2008\rFactor.exe" = C:\Programme\rFactor FSONE 2008\rFactor.exe:*:Enabled:rFactor
"C:\Programme\rFactor f12009\rFactor.exe" = C:\Programme\rFactor f12009\rFactor.exe:*:Enabled:rFactor
"C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" = C:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club
"C:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe" = C:\Programme\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV
"C:\Programme\World of Warcraft\Launcher.exe" = C:\Programme\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher -- (Blizzard Entertainment)
"C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.0.9.9551-to-3.1.0.9767-deDE-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Programme\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.0.9767-to-3.1.1.9806-deDE-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Programme\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.1.9806-to-3.1.1.9835-deDE-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Programme\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.1.9835-to-3.1.2.9901-deDE-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Programme\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-deDE-downloader.exe" = C:\Programme\World of Warcraft\WoW-3.1.2.9901-to-3.1.3.9947-deDE-downloader.exe:*:Enabled:Blizzard Downloader
"C:\Programme\TeamViewer\Version4\TeamViewer.exe" = C:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat" = C:\Programme\Electronic Arts\Aufstieg des Hexenkönigs\game.dat:*:Enabled:Der Herr der Ringe™, Aufstieg des Hexenkönigs™ -- (Electronic Arts Inc.)
"C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\patchget.dat" = C:\Programme\Electronic Arts\Die Schlacht um Mittelerde II\patchget.dat:*:Enabled:patchgrabber -- (Electronic Arts)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2009\German\setup.exe:*:Disabled:Installationsprogramm für Kaspersky Internet Security 2009 -- (Kaspersky Lab)
"C:\Programme\uTorrent\uTorrent.exe" = C:\Programme\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\German\setup.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files\Kaspersky Internet Security 2010 9.0.0.736\German\setup.exe:*:Enabled:setup
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = C:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV
"C:\Programme\Skype\Plugin Manager\skypePM.exe" = C:\Programme\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager
"D:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe" = D:\Programme\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV -- (Sony DADC Austria AG)
"C:\Programme\Google\Google Earth\plugin\geplugin.exe" = C:\Programme\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Programme\Pando Networks\Media Booster\PMB.exe" = C:\Programme\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Programme\Codemasters\Der Herr der Ringe Online - Beta\lotroclient.exe" = C:\Programme\Codemasters\Der Herr der Ringe Online - Beta\lotroclient.exe:*:Disabled:lotroclient
"D:\Programme\Codemasters\Der Herr der Ringe Online\lotroclient.exe" = D:\Programme\Codemasters\Der Herr der Ringe Online\lotroclient.exe:*:Enabled:lotroclient
"C:\Programme\World of Warcraft\Launcher.patch.exe" = C:\Programme\World of Warcraft\Launcher.patch.exe:*:Enabled:Blizzard Launcher
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe" = C:\Programme\World of Warcraft\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)
"C:\Programme\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
"C:\Programme\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
"C:\Programme\ICQLite\ICQLite.exe" = C:\Programme\ICQLite\ICQLite.exe:*:Enabled:ICQ Lite
"D:\Neuer Ordner\ICQ7.2\ICQ.exe" = D:\Neuer Ordner\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
"D:\Neuer Ordner\ICQ7.2\aolload.exe" = D:\Neuer Ordner\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
"C:\Programme\BitTorrent\BitTorrent.exe" = C:\Programme\BitTorrent\BitTorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Programme\ICQ7.3\ICQ7.2\ICQ.exe" = C:\Programme\ICQ7.3\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2
"C:\Programme\ICQ7.3\ICQ7.2\aolload.exe" = C:\Programme\ICQ7.3\ICQ7.2\aolload.exe:*:Enabled:aolload.exe
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0C826C5B-B131-423A-A229-C71B3CACCD6A}" = CDDRV_Installer
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18DF6AB4-0CD0-4856-80BA-51F5282EC2B4}" = DameWare NT Utilities
"{1BD07DF4-FB06-41BA-B896-B2DA59000C96}" = Windows Live Toolbar
"{1FDA5A37-B22D-43FF-B582-B8964050DC13}" = Microsoft Games for Windows - LIVE Redistributable
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 13
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2DD388FF-6422-43C9-86A1-C7A99C83E946}" = ASUS nVidia Driver
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{3101CB58-3482-4D21-AF1A-7057FC935355}" = KhalInstallWrapper
"{317058CF-0568-4331-82C0-A08350E3E068}" = CStats
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{350FB27C-CF62-4EF3-AF9D-70FF313FE221}" = iTunes
"{3571656A-575D-4CED-809D-5547587121FF}" = Yu-Gi-Oh! Power of Chaos YUGI THE DESTINY
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{3F290582-3F4E-4B96-009C-E0BABAA40C42}" = Die Schlacht um Mittelerde(tm)
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU
"{49FC50FC-F965-40D9-89B4-CBFF80941031}" = Windows Movie Maker 2.0
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"{5454083B-1308-4485-BF17-111000038701}" = Grand Theft Auto: Episodes from Liberty City
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A2F371F-8B5D-46B4-833C-0612B065BEC7}" = GameShadow
"{5F4B9958-F507-449A-A6E1-FD223314AF5A}" = TMPGEnc 4.0 XPress Testversion
"{5FB31CB9-A4A2-49FD-00AF-41785B21FDEE}" = F1 Challenge 99-02
"{61B8B2F9-D8DA-4B24-89A9-DB09F38A4899}" = Grand Theft Auto: Episodes From Liberty City
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E298B0A-558C-4138-0096-740677B382CD}" = HdR Die Rückkehr des Königs tm
"{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{8544556F-92C9-478E-9ABC-BC2823E39577}" = MAGIX Speed burnR (MSI)
"{86A4C6D9-29EE-4719-AFA1-BA3341862B83}" = Microsoft Games for Windows - LIVE
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8FB1B528-E260-451E-9B55-E9152F94B80B}" = Microsoft Games for Windows - LIVE Redistributable
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-003F-0409-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95120000-0122-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAE31374-02C2-452E-88EC-2F16D92731A9}" = MAGIX Screenshare
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1.3 - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{B10914FD-8812-47A4-85A1-50FCDE7F1F33}" = Windows Live Sync
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = v2011.build.46
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BB394D95-C049-4EA4-00B3-F866A3357CCD}" = F1 2002 WORK IN PROGRESS DEMO
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCA1EEA3-555E-4D05-AC46-4B49C6C5D887}" = Apple Mobile Device Support
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D92FF8EB-BD77-40AE-B68B-A6BFC6F8661D}" = Windows Live Family Safety
"{DAEAFD68-BB4A-4507-A241-C8804D2EA66D}" = Apple Application Support
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}" = NVIDIA PhysX
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{E475BD43-9722-4FAE-BFBE-B8061C34583C}_is1" = Public Edition Version 2
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EB900AF8-CC61-4E15-871B-98D1EA3E8025}" = QuickTime
"{ED1390DC-6910-4C77-97E2-579CAFE82F5B}" = Moorhuhn 4 Teile
"{EE39FFBD-544E-49E4-A999-6819828EAE91}" = Windows Live Photo Gallery
"{EE3A0915-E8E5-4F1C-A048-592B7BD374D7}" = MAGIX Video deluxe 17 Download-Version
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}" = Logitech SetPoint
"{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack
"{F6399E05-9FC3-4C3E-8730-DF786C9D4B31}" = KPSA-home (IE)
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"12345_is1" = WeGame Client Beta 2.1.9
"18 Wheels of Steel: American Long Haul" = 18 Wheels of Steel: American Long Haul 
"18 Wheels of Steel: Haulin'" = 18 Wheels of Steel: Haulin' (remove only)
"4f6dcc3b-179d-4b1b-80f0-b6083a0b3ce6_is1" = DER HERR DER RINGE ONLINE: Die Schatten von Angmar v01.07.01.81
"68a8eb3f-bd2e-4535-a290-d89cf3453924_is1" = Der Herr der Ringe Online v03.02.03.8014
"7-Zip" = 7-Zip 4.57
"AbAlarm_is1" = AbAlarm
"Accent OFFICE Password Recovery" = Accent OFFICE Password Recovery 2.80
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Advanced IP Scanner v1.5" = Advanced IP Scanner v1.5
"AquadelicGT screensaver_is1" =  Aquadelic Screensaver version 1.0
"AVI Splitter_is1" = AVI Splitter
"Azureus" = Azureus
"BFGC" = Big Fish Games: Game Manager
"BFG-Gutterball 2" = Gutterball 2
"BFG-Mein Koenigreich fuer die Prinzessin" = Mein K&ouml;nigreich f&uuml;r die Prinzessin
"BitTorrent" = BitTorrent
"BitTyrant" = BitTyrant
"Bus-Simulator 2008 Demo_is1" = Bus-Simulator 2008 Demo
"Bus-Simulator 2009_is1" = Bus-Simulator 2009
"CamStudio" = CamStudio
"Download Manager" = Download Manager 2.3.10
"Driver Cleaner Pro" = DH Driver Cleaner Professional Edition
"Emicsoft FLV Converter_is1" = Emicsoft FLV Converter
"Euro Truck Simulator 30 Minuten Demo" = Euro Truck Simulator 30 Minuten Demo (entfernen)
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"F1 DELUX FINAL 2009" = F1 DELUX FINAL 2009
"FIS2005_is1" = FIS2005 1.0
"FLV Player" = FLV Player 2.0 (build 25)
"Foxit Reader" = Foxit Reader
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free FLV Converter_is1" = Free FLV Converter V 6.93.0
"Free YouTube Download_is1" = Free YouTube Download 2.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.8
"Freez FLV to AVI/MPEG/WMV Converter v1.6_is1" = Freez FLV to AVI/MPEG/WMV Converter
"FSONE 2008 V1 SINGLE PLAER 1.0 Single Player" = FSONE 2008 V1 SINGLE PLAER 1.0 Single Player
"Game Cam XPress" = Game Cam XPress 2.6.0
"GameSpy Arcade" = GameSpy Arcade
"G-Force" = G-Force
"Google Chrome" = Google Chrome
"Guitar Explorer 1.0" = Guitar Explorer 1.0
"Gutscheinmieze - Toolbar" = Gutscheinmieze - Toolbar
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"IMG Tool" = IMG Tool (remove only)
"Imperium Romanum" = Imperium Romanum 1.02
"InstallWIX_{66F1F013-008F-4875-B283-5A814B820347}" = Kaspersky Internet Security 2011
"IrfanView" = IrfanView (remove only)
"King" = King
"KPSA-home (IE)" = KPSA-home (IE)
"MAGIX_MSI_Videodeluxe17" = MAGIX Video deluxe 17 Download-Version
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.9.13
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"myGamersCam" = myGamersCam 1.5
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.01.1190" = Opera 11.01
"PerformanceTest 7_is1" = PerformanceTest v7.0
"PROR" = Microsoft Office Professional 2007-Testversion
"ProTrain 10  Aachen - Köln 1.0" = ProTrain 10  Aachen - Köln 1.0
"ProTrain 17 München-Salzburg 1.0" = ProTrain 17 München-Salzburg 1.0
"ProTrain 18 Hamburg-Berlin 1.0" = ProTrain 18 Hamburg-Berlin 1.0
"ProTrain 19 Berlin-Rostock 1.0" = ProTrain 19 Berlin-Rostock 1.0
"RealArcade 1.2" = RealArcade
"rFactor" = rFactor (remove only)
"San Andreas Mod Installer1.0" = San Andreas Mod Installer
"Santa Claus in Trouble" = Santa Claus in Trouble
"Santa Claus in trouble ...again! - Demo" = Santa Claus in trouble ...again! - Demo
"SecondLifeViewer2" = SecondLifeViewer2 (remove only)
"Security Task Manager" = Security Task Manager 1.7i
"softonic-de3 Toolbar" = softonic-de3 Toolbar
"Sound Blaster AudioPCI 128" = Sound Blaster AudioPCI 128
"SystemRequirementsLab" = System Requirements Lab
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TeamViewer 4" = TeamViewer 4
"Train Simulator 1.0" = Microsoft Train Simulator
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"uTorrent" = µTorrent
"VLC media player" = VLC media player 1.1.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"Wipeout 2097 Demo" = Wipeout 2097 Demo
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"World of Warcraft" = World of Warcraft
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XMedia Recode" = XMedia Recode 2.2.9.7
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4B35F00C-E63D-40DC-9839-DF15A33EAC46}" = Grand Theft Auto Vice City
"Bus Driver Streckeneditor 0.9.0.0 Alpha" = Bus Driver Streckeneditor 0.9.0.0 Alpha
"Icestar Modifications 1.0.0.0 für Bus Driver" = Icestar Modifications 1.0.0.0 für Bus Driver
"MOD rFactor F1 2009 F1RL V.1.3.2" = MOD rFactor F1 2009 F1RL V.1.3.2
"PhotoFiltre" = PhotoFiltre
"PhotoZoom Pro 3" = BenVista PhotoZoom Pro 3.1
"QIP 2010" = QIP 2010 3.1.4570
"SmartDraw 2010" = SmartDraw 2010
"TA 2.1 Deutsche Übersetzung" = TA 2.1 Deutsche Übersetzung
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Third Age - Total War 2.0 (Part1of2)" = Third Age - Total War 2.0 (Part1of2)
"Third Age - Total War 2.0 (Part2of2)" = Third Age - Total War 2.0 (Part2of2)
"vBus" = vBus
"Yahoo! BrowserPlus" = Yahoo! BrowserPlus 2.9.2
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 05.02.2011 12:24:18 | Computer Name = MIRAU-1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung mshta.exe, Version 8.0.6001.18702, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x6d7d8f3b.
 
Error - 06.02.2011 07:40:57 | Computer Name = MIRAU-1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung helpctr.exe, Version 5.1.2600.5512, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x6d7d8f3b.
 
Error - 17.02.2011 13:30:58 | Computer Name = MIRAU-1 | Source = MsiInstaller | ID = 11722
Description = Produkt: Java(TM) 6 Update 24 -- Fehler 1722. Es liegt ein dieses 
Windows Installer-Paket betreffendes Problem vor. Ein Programm, das im Rahmen der
 Installation ausgeführt wurde, wurde nicht erfolgreich abgeschlossen. Wenden Sie
 sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: patchjre, Pfad:
 C:\Programme\Java\jre6\patchjre.exe, Befehl: -s "C:\Programme\Java\jre6" 
 
Error - 19.02.2011 07:18:08 | Computer Name = MIRAU-1 | Source = Bonjour Service | ID = 100
Description = 228: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
Error - 19.02.2011 08:23:16 | Computer Name = MIRAU-1 | Source = MsiInstaller | ID = 11722
Description = Produkt: Java(TM) 6 Update 24 -- Fehler 1722. Es liegt ein dieses 
Windows Installer-Paket betreffendes Problem vor. Ein Programm, das im Rahmen der
 Installation ausgeführt wurde, wurde nicht erfolgreich abgeschlossen. Wenden Sie
 sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: patchjre, Pfad:
 C:\Programme\Java\jre6\patchjre.exe, Befehl: -s "C:\Programme\Java\jre6" 
 
Error - 19.02.2011 18:28:39 | Computer Name = MIRAU-1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung super.exe, Version 2.0.11.46, fehlgeschlagenes
 Modul unknown, Version 0.0.0.0, Fehleradresse 0x00000000.
 
Error - 27.02.2011 08:03:18 | Computer Name = MIRAU-1 | Source = MsiInstaller | ID = 10005
Description = Product: Skype Toolbars -- The installer has encountered an unexpected
 error installing this package. This may indicate a problem with this package. The
 error code is 2738. The arguments are: , , 
 
Error - 27.02.2011 08:05:46 | Computer Name = MIRAU-1 | Source = MsiInstaller | ID = 10005
Description = Product: Skype Toolbars -- The installer has encountered an unexpected
 error installing this package. This may indicate a problem with this package. The
 error code is 2738. The arguments are: , , 
 
Error - 27.02.2011 15:11:45 | Computer Name = MIRAU-1 | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung avp.exe, Version 11.0.2.571, fehlgeschlagenes
 Modul msvcr80.dll, Version 8.0.50727.4053, Fehleradresse 0x00015460.
 
Error - 28.02.2011 12:49:16 | Computer Name = MIRAU-1 | Source = Bonjour Service | ID = 100
Description = 204: ERROR: read_msg errno 10054 (Eine vorhandene Verbindung wurde
 vom Remotehost geschlossen.)
 
[ System Events ]
Error - 09.01.2011 12:36:57 | Computer Name = MIRAU-1 | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 10000
 Millisekunden durchgeführt: Starten Sie den Dienst neu..
 
Error - 09.01.2011 12:37:07 | Computer Name = MIRAU-1 | Source = Service Control Manager | ID = 7032
Description = Der Versuch des Dienststeuerungs-Managers, nach dem unerwarteten Beenden
 des Dienstes "Kaspersky Anti-Virus Service" Korrekturmaßnahmen (Starten Sie den
 Dienst neu.) durchzuführen, ist fehlgeschlagen. Fehler:   %%1056
 
Error - 13.01.2011 13:29:36 | Computer Name = MIRAU-1 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\Programme\Windows Live\Messenger\msnmsgr.exe
 fehlgeschlagen.  Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet.  .
 
Error - 15.01.2011 06:24:12 | Computer Name = MIRAU-1 | Source = SideBySide | ID = 16842811
Description = Generate Activation Context ist für C:\Programme\Windows Live\Messenger\msnmsgr.exe
 fehlgeschlagen.  Referenzfehlermeldung: Der Vorgang wurde erfolgreich beendet.  .
 
Error - 26.01.2011 18:24:35 | Computer Name = MIRAU-1 | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Kaspersky
 Anti-Virus Service.
 
Error - 26.01.2011 18:24:35 | Computer Name = MIRAU-1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Kaspersky Anti-Virus Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 28.01.2011 13:41:45 | Computer Name = MIRAU-1 | Source = Service Control Manager | ID = 7011
Description = Zeitüberschreitung (30000 ms) beim Warten auf eine Transaktionsrückmeldung
 von Dienst nvsvc.
 
Error - 28.01.2011 13:42:14 | Computer Name = MIRAU-1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSDP-Suchdienst" wurde mit folgendem Fehler beendet:   %%32
 
Error - 29.01.2011 09:28:36 | Computer Name = MIRAU-1 | Source = Service Control Manager | ID = 7023
Description = Der Dienst "SSDP-Suchdienst" wurde mit folgendem Fehler beendet:   %%32
 
 
< End of report >
         
__________________

Alt 28.02.2011, 20:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



Beende alle Programme, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)

Code:
ATTFilter
:OTL
@Alternate Data Stream - 205 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D2397415
@Alternate Data Stream - 192 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:743A8968
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.15 17:37:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.12.15 11:38:53 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.03.23 16:07:00 | 000,152,968 | R--- | M] (Take-Two Interactive Software, Inc.) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2010.03.15 17:17:45 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2010.03.23 16:07:00 | 000,152,968 | R--- | M] (Take-Two Interactive Software, Inc.)
:Commands
[purity]
[resethosts]
[emptytemp]
         
Klick dann oben links auf den Button Fix!
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 01.03.2011, 18:26   #5
Danny01
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



als der pc neugestartet ist, ist er beim herunterfahren hängen geblieben, musste dann resetten

Code:
ATTFilter
All processes killed
========== OTL ==========
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:D2397415 deleted successfully.
ADS C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:743A8968 deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\AUTOEXEC.BAT moved successfully.
D:\AUTOEXEC.BAT moved successfully.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
File move failed. E:\Autorun.inf scheduled to be moved on reboot.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c0869c0-cacc-11dd-bb70-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c0869c0-cacc-11dd-bb70-806d6172696f}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0c0869c0-cacc-11dd-bb70-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0c0869c0-cacc-11dd-bb70-806d6172696f}\ not found.
File move failed. E:\Autorun.exe scheduled to be moved on reboot.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
[EMPTYTEMP]
 
User: All Users
 
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 2649722 bytes
->Flash cache emptied: 2523 bytes
 
User: Mirau
->Temp folder emptied: 13374265429 bytes
->Temporary Internet Files folder emptied: 71286507 bytes
->Java cache emptied: 149522220 bytes
->FireFox cache emptied: 97416552 bytes
->Google Chrome cache emptied: 8694696 bytes
->Opera cache emptied: 16294530 bytes
->Flash cache emptied: 330742 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 19118399 bytes
->Flash cache emptied: 1439 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2825327 bytes
%systemroot%\System32 .tmp files removed: 102791 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 776362318 bytes
RecycleBin emptied: 26742968 bytes
 
Total Files Cleaned = 13.872,00 mb
 
 
OTL by OldTimer - Version 3.2.22.2 log created on 03012011_180551

Files\Folders moved on Reboot...
File\Folder E:\Autorun.exe not found!
File\Folder E:\Autorun.inf not found!

Registry entries deleted on Reboot...
         
oops sieht so aus als hätt ich nich das ganze logfile gepostet oder? wird das irgendwo abgespeichert?
edit:habs gefunden


Geändert von Danny01 (01.03.2011 um 18:33 Uhr) Grund: vollständiges log gepostet

Alt 01.03.2011, 21:45   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



Dann bitte jetzt CF ausführen:

ComboFix

Ein Leitfaden und Tutorium zur Nutzung von ComboFix
  • Lade dir ComboFix hier herunter auf deinen Desktop. Benenne es beim Runterladen um in cofi.exe.
  • Schliesse alle Programme, vor allem dein Antivirenprogramm und andere Hintergrundwächter sowie deinen Internetbrowser.
  • Starte cofi.exe von deinem Desktop aus, bestätige die Warnmeldungen, führe die Updates durch (falls vorgeschlagen), installiere die Wiederherstellungskonsole (falls vorgeschlagen) und lass dein System durchsuchen.
    Vermeide es auch während Combofix läuft die Maus und Tastatur zu benutzen.
  • Im Anschluss öffnet sich automatisch eine combofix.txt, diesen Inhalt bitte kopieren ([Strg]a, [Strg]c) und in deinen Beitrag einfügen ([Strg]v). Die Datei findest du außerdem unter: C:\ComboFix.txt.
Wichtiger Hinweis:
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.
__________________
--> ieframe.dll acr_error

Alt 02.03.2011, 21:15   #7
Danny01
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



hier gabs soweit keine probleme...

Code:
ATTFilter
ComboFix 11-03-02.01 - Mirau 02.03.2011  20:50:26.1.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1031.18.2047.1580 [GMT 1:00]
ausgeführt von:: c:\dokumente und einstellungen\Mirau\Desktop\cofi.exe
.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\BASSMOD.DLL
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\1.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\a.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\b.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\c.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\d.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\e.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\f.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\g.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\h.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\i.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\J.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\k.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\l.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\m.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\n.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\o.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\p.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\q.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\r.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\s.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\t.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\u.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\v.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\w.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\x.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\y.xml
c:\dokumente und einstellungen\Mirau\Anwendungsdaten\PriceGong\Data\z.xml
c:\dokumente und einstellungen\Mirau\System
c:\dokumente und einstellungen\Mirau\System\win_qs8.jqx
C:\Install.exe
C:\readme.txt

.
(((((((((((((((((((((((   Dateien erstellt von 2011-02-02 bis 2011-03-02  ))))))))))))))))))))))))))))))
.

2011-03-02 19:36 . 2011-03-02 19:36	--------	d-----w-	c:\programme\CCleaner
2011-03-01 17:05 . 2011-03-01 17:05	--------	d-----w-	C:\_OTL
2011-02-27 12:54 . 2011-02-27 12:55	--------	dc-h--w-	c:\windows\ie8
2011-02-19 22:30 . 2004-06-26 16:39	438272	----a-w-	c:\windows\system32\vp6vfw.dll
2011-02-19 22:20 . 2011-02-19 22:20	--------	d-----w-	c:\programme\eRightSoft
2011-02-06 14:33 . 2011-02-06 14:33	--------	d-----w-	c:\windows\system32\NtmsData

.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-21 14:44 . 2004-08-04 12:00	440832	----a-w-	c:\windows\system32\shimgvw.dll
2011-01-19 08:26 . 2011-01-19 08:26	86016	----a-w-	c:\windows\system32\frapsvid.dll
2011-01-09 15:32 . 2011-01-09 15:32	61440	----a-r-	c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Microsoft\Installer\{5F4B9958-F507-449A-A6E1-FD223314AF5A}\NewShortcut2_B8E0232CA79B41989B1C5FF48BD2EA02.exe
2011-01-09 15:32 . 2011-01-09 15:32	61440	----a-r-	c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Microsoft\Installer\{5F4B9958-F507-449A-A6E1-FD223314AF5A}\NewShortcut1_B8E0232CA79B41989B1C5FF48BD2EA02.exe
2011-01-08 17:08 . 2009-03-08 12:53	45056	----a-r-	c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe1_0A3DE514292C4EBA987823B82B0B2BA2.exe
2011-01-08 17:08 . 2009-03-08 12:53	45056	----a-r-	c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\GameShadow.exe_0A3DE514292C4EBA987823B82B0B2BA2.exe
2011-01-08 17:08 . 2009-03-08 12:53	45056	----a-r-	c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Microsoft\Installer\{5A2F371F-8B5D-46B4-833C-0612B065BEC7}\ARPPRODUCTICON.exe
2011-01-07 14:09 . 2004-08-04 12:00	290048	----a-w-	c:\windows\system32\atmfd.dll
2011-01-03 20:22 . 2009-08-18 10:30	564632	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\IdentityCRL\production\wlidui.dll
2011-01-03 20:22 . 2009-08-18 10:24	17816	----a-w-	c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2010-12-31 14:03 . 2004-08-04 12:00	1855104	----a-w-	c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-04 12:00	301568	----a-w-	c:\windows\system32\kerberos.dll
2010-12-20 23:52 . 2004-08-04 12:00	916480	----a-w-	c:\windows\system32\wininet.dll
2010-12-20 23:52 . 2004-08-04 12:00	43520	------w-	c:\windows\system32\licmgr10.dll
2010-12-20 23:52 . 2004-08-04 12:00	1469440	------w-	c:\windows\system32\inetcpl.cpl
2010-12-20 17:25 . 2004-08-04 12:00	737792	----a-w-	c:\windows\system32\lsasrv.dll
2010-12-20 17:09 . 2010-07-30 14:42	38224	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-07-30 14:42	20952	----a-w-	c:\windows\system32\drivers\mbam.sys
2010-12-20 12:55 . 2004-08-04 12:00	385024	------w-	c:\windows\system32\html.iec
2010-12-09 15:15 . 2004-08-04 12:00	743936	----a-w-	c:\windows\system32\ntdll.dll
2010-12-09 15:13 . 2004-08-04 00:50	2029568	----a-w-	c:\windows\system32\ntkrnlpa.exe
2010-12-09 15:13 . 2004-08-04 12:00	2151424	----a-w-	c:\windows\system32\ntoskrnl.exe
2010-12-09 14:29 . 2004-08-04 12:00	33280	----a-w-	c:\windows\system32\csrsrv.dll
2010-06-02 04:22 . 2010-06-02 04:22	89944	----a-w-	c:\programme\DSETUP.dll
2010-06-02 04:22 . 2010-06-02 04:22	537432	----a-w-	c:\programme\DXSETUP.exe
2010-06-02 04:22 . 2010-06-02 04:22	1801048	----a-w-	c:\programme\dsetup32.dll
2010-02-02 17:44 . 2010-02-02 17:44	54206	----a-w-	c:\programme\Cockpit-Install_byIcestar05.exe
2010-02-02 17:28 . 2010-02-02 17:28	79015	----a-w-	c:\programme\Uninstal_Streckeneditor.exe
2010-01-30 17:36 . 2010-01-30 17:36	563872	----a-w-	c:\programme\GoogleEarthSetup.exe
2009-12-23 12:42 . 2009-12-23 12:42	25570478	----a-w-	c:\programme\Santa_Demo_Setup.exe
2009-12-19 11:58 . 2009-12-19 11:57	74326512	----a-w-	c:\programme\kis9.0.0.736deDACH.exe
2009-10-21 19:04 . 2009-10-21 19:04	482624	----a-w-	c:\programme\smartdraw_11E_EAXVG_setup.exe
2009-10-14 10:49 . 2009-10-14 10:49	1369088	----a-w-	c:\programme\CStats 1.0.msi
2009-05-26 14:40 . 2009-05-26 14:40	20617000	----a-w-	c:\programme\SkypeSetupFull.exe
2008-12-26 12:04 . 2008-12-25 17:51	8213504	----a-w-	c:\programme\wz120gev.msi
2008-12-18 19:28 . 2008-12-18 19:28	774144	----a-w-	c:\programme\RngInterstitial.dll
2008-12-16 17:13 . 2008-12-16 17:13	68756776	----a-w-	c:\programme\iTunesSetup.exe
2008-05-28 01:39 . 2009-10-27 17:19	395045070	----a-w-	c:\programme\f-1mania38.exe
2006-05-03 10:06	163328	--sha-r-	c:\windows\system32\flvDX.dll
2007-02-21 11:47	31232	--sha-r-	c:\windows\system32\msfDX.dll
2008-03-16 13:30	216064	--sha-r-	c:\windows\system32\nbDX.dll
.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="d:\programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2008-12-12 306088]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"Pando Media Booster"="c:\programme\Pando Networks\Media Booster\PMB.exe" [2010-10-25 2969496]
"igndlm.exe"="c:\programme\Download Manager\DLM.exe" [2009-10-27 1103216]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-10-25 16855552]
"SkyTel"="SkyTel.EXE" [2007-10-11 1826816]
"Adobe Reader Speed Launcher"="c:\programme\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2007-09-21 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-06-10 13758464]
"nwiz"="nwiz.exe" [2009-06-10 1657376]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-06-10 86016]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-08-10 421888]
"iTunesHelper"="c:\programme\iTunes\iTunesHelper.exe" [2010-09-01 421160]
"TrayServer"="c:\programme\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe" [2008-08-07 90112]
"avp"="c:\programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-02 365336]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\dokumente und einstellungen\Mirau\Startmen\Programme\Autostart\
OpenOffice.org 3.0.lnk - c:\programme\OpenOffice.org 3\program\quickstart.exe [2008-12-15 384000]

c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Logitech SetPoint.lnk - c:\programme\Logitech\SetPoint\SetPoint.exe [2009-7-22 784912]
McAfee Security Scan Plus.lnk - c:\programme\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
Microsoft Office.lnk - c:\programme\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2007-11-15 08:10	72208	----a-w-	c:\programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk /k:CDEFGHIJK *

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Programme\\Codemasters\\Der Herr der Ringe Online\\lotroclient.exe"=
"c:\\Programme\\EA GAMES\\Die Schlacht um Mittelerde(tm)\\game.dat"=
"c:\\Programme\\Firefly Studios\\Stronghold Legends\\StrongholdLegends.exe"=
"c:\\Programme\\Java\\jre6\\bin\\java.exe"=
"c:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\game.dat"=
"c:\\Programme\\World of Warcraft\\Launcher.exe"=
"c:\\Programme\\TeamViewer\\Version4\\TeamViewer.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\RpcAgentSrv.exe"=
"c:\\Programme\\Electronic Arts\\Aufstieg des Hexenkönigs\\game.dat"=
"c:\\Programme\\Electronic Arts\\Die Schlacht um Mittelerde II\\patchget.dat"=
"c:\\Programme\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Dokumente und Einstellungen\\All Users\\Anwendungsdaten\\Kaspersky Lab Setup Files\\Kaspersky Internet Security 2009\\German\\setup.exe"=
"c:\\Programme\\uTorrent\\uTorrent.exe"=
"c:\\Programme\\SiSoftware\\SiSoftware Sandra Lite 2009.SP3c\\WNt500x86\\RpcSandraSrv.exe"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"d:\\Programme\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Programme\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Programme\\Windows Media Player\\wmplayer.exe"=
"c:\\Programme\\Opera\\opera.exe"=
"c:\\Programme\\World of Warcraft\\WoW-x.x.x.x-4.0.0.12911-EU-Downloader.exe"=
"c:\\Programme\\BitTorrent\\BitTorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724
"6881:TCP"= 6881:TCP:Blizzard Downloader: 6881
"57297:TCP"= 57297:TCP:Pando Media Booster
"57297:UDP"= 57297:UDP:Pando Media Booster

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

R1 kl2;kl2;c:\windows\system32\drivers\kl2.sys [09.06.2010 16:43 11352]
R2 Fabs;FABS - Helping agent for MAGIX media database;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe [27.08.2009 17:09 1253376]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [14.09.2009 12:42 32856]
S1 ensqio;ensqio;c:\windows\system32\DRIVERS\ensqio.sys --> c:\windows\system32\DRIVERS\ensqio.sys [?]
S1 sbpcint4;SB AudioPCI 128;c:\windows\system32\DRIVERS\sbpcint4.sys --> c:\windows\system32\DRIVERS\sbpcint4.sys [?]
S2 gupdate1c9de1043fda0a;Google Update Service (gupdate1c9de1043fda0a);c:\programme\Google\Update\GoogleUpdate.exe [26.05.2009 15:41 133104]
S3 cdrmkaun;cdrmkaun;\??\c:\dokume~1\Mirau\LOKALE~1\Temp\cdrmkaun.sys --> c:\dokume~1\Mirau\LOKALE~1\Temp\cdrmkaun.sys [?]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe [07.08.2008 11:10 3276800]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [02.10.2009 18:39 19472]
S3 McComponentHostService;McAfee Security Scan Component Host Service;"c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe" --> c:\programme\McAfee Security Scan\2.0.181\McCHSvc.exe [?]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [04.08.2004 13:00 14336]
S3 SandraAgentSrv;SiSoftware Deployment Agent Service;c:\programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe [31.07.2009 11:03 98488]
S4 ICQ Service;ICQ Service;c:\programme\ICQ6Toolbar\ICQ Service.exe --> c:\programme\ICQ6Toolbar\ICQ Service.exe [?]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
nosGetPlusHelper	REG_MULTI_SZ   	nosGetPlusHelper
.
Inhalt des "geplante Tasks" Ordners

2011-01-05 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\programme\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-26 14:41]

2011-03-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\programme\Google\Update\GoogleUpdate.exe [2009-05-26 14:41]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.gmx.de/
IE: Hinzufügen zu Anti-Banner - c:\programme\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
FF - ProfilePath - c:\dokumente und einstellungen\Mirau\Anwendungsdaten\Mozilla\Firefox\Profiles\r6ypehum.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.7&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\programme\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Modul zur Link-Untersuchung: linkfilter@kaspersky.ru - c:\programme\Mozilla Firefox\extensions\linkfilter@kaspersky.ru
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Anti-Banner: KavAntiBanner@Kaspersky.ru - c:\programme\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: DownloadHelper: {b9db16a4-6edc-47ec-a1f4-b86292ed211d} - %profile%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
FF - Ext: DVDVideoSoft Menu: {ACAA314B-EEBA-48e4-AD47-84E31C44796C} - %profile%\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -

Toolbar-Locked - (no file)
WebBrowser-{3041D03E-FD4B-44E0-B742-2D9B88305F98} - c:\programme\AskBarDis\bar\bin\askBar.dll
WebBrowser-{5B291E6C-9A74-4034-971B-A4B007A0B315} - (no file)
WebBrowser-{CC05A3E3-64C3-4AF2-BFC1-AF0D66B69065} - (no file)
HKCU-Run-ICQ - c:\programme\ICQ7.3\ICQ7.2\ICQ.exe
HKLM-Run-NWEReboot - (no file)
HKLM-Run-SpyHunter Security Suite - c:\programme\Enigma Software Group\SpyHunter\SpyHunter3.exe
HKLM-Run-ICQ Lite - c:\programme\ICQLite\ICQLite.exe
AddRemove-18 Wheels of Steel: American Long Haul - c:\programme\18 Wheels of Steel American Long Haul\uninst.exe
AddRemove-18 Wheels of Steel: Haulin' - c:\programme\18 Wheels of Steel Haulin\Uninstall.exe
AddRemove-68a8eb3f-bd2e-4535-a290-d89cf3453924_is1 - c:\programme\Codemasters\Der Herr der Ringe Online - Beta\unins000.exe
AddRemove-AquadelicGT screensaver_is1 - c:\programme\AquadelicGT_Screensaver\unins000.exe
AddRemove-Azureus - c:\programme\Azureus\Uninstall.exe
AddRemove-BFG-Mein Koenigreich fuer die Prinzessin - c:\programme\Mein Koenigreich fuer die Prinzessin\Uninstall.exe
AddRemove-BitTyrant - c:\programme\BitTyrant\Uninstall.exe
AddRemove-Bus-Simulator 2008 Demo_is1 - c:\programme\Bus-Simulator 2008 Demo\unins000.exe
AddRemove-Euro Truck Simulator 30 Minuten Demo - c:\programme\Euro Truck Simulator 30 Minuten Demo\Uninstall.exe
AddRemove-EVEREST Home Edition_is1 - c:\programme\Lavalys\EVEREST Home Edition\unins000.exe
AddRemove-F1 DELUX FINAL 2009 - c:\programme\EA SPORTS\F1 Challenge 99-02\Uninstal.exe
AddRemove-FSONE 2008 V1 SINGLE PLAER 1.0 Single Player - c:\programme\Uninstall.exe
AddRemove-GameSpy Arcade - c:\progra~1\GAMESP~1\UNWISE.EXE
AddRemove-McAfee Security Scan - c:\programme\McAfee Security Scan\uninstall.exe
AddRemove-PerformanceTest 7_is1 - c:\programme\PerformanceTest\unins000.exe
AddRemove-rFactor - c:\programme\rFactor\Uninstall.exe
AddRemove-softonic-de3 Toolbar - c:\progra~1\SOFTON~1\UNWISE.EXE
AddRemove-Teamspeak 2 RC2_is1 - c:\programme\Teamspeak2_RC2\unins000.exe
AddRemove-Wipeout 2097 Demo - c:\program files\Wipeout 2097\DeIsL1.isu
AddRemove-{5FB31CB9-A4A2-49FD-00AF-41785B21FDEE} - c:\programme\EA SPORTS\F1 Challenge 99-02\EAUninstall.exe
AddRemove-{6E298B0A-558C-4138-0096-740677B382CD} - c:\programme\EA GAMES\HdR Die Rückkehr des Königs tm\EAUninstall.exe
AddRemove-{E475BD43-9722-4FAE-BFBE-B8061C34583C}_is1 - c:\programme\rFactor1\unins000.exe
AddRemove-Icestar Modifications 1.0.0.0 für Bus Driver - d:\programme\Bus Driver\Uninstal.exe
AddRemove-MOD rFactor F1 2009 F1RL V.1.3.2 - c:\program files\Unistall_modf12009l.exe
AddRemove-QIP 2010 - c:\programme\QIP 2010\unins000.exe
AddRemove-SmartDraw 2010 - c:\programme\SmartDraw 2010\Uninstall.exe
AddRemove-TA 2.1 Deutsche Übersetzung - c:\programme\SEGA\Medieval II Total War\mods\Third_Age\data\Uninstal.exe
AddRemove-Third Age - Total War 2.0 (Part1of2) - c:\programme\SEGA\Medieval II Total War\Uninstal.exe
AddRemove-Third Age - Total War 2.0 (Part2of2) - c:\programme\SEGA\Medieval II Total War\Uninstal.exe
AddRemove-vBus - d:\programme\Bus Driver\vbus\Uninstal.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-03-02 21:03
Windows 5.1.2600 Service Pack 3 NTFS

Scanne versteckte Prozesse... 

Scanne versteckte Autostarteinträge... 

Scanne versteckte Dateien... 

Scan erfolgreich abgeschlossen
versteckte Dateien: 0

**************************************************************************
.
--------------------- Gesperrte Registrierungsschluessel ---------------------

[HKEY_USERS\S-1-5-21-1708537768-1383384898-839522115-1004\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_USERS\S-1-5-21-1708537768-1383384898-839522115-1004\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:ea,1b,6c,be,98,d2,9f,3e,de,e2,70,f5,74,32,24,9a,b2,78,66,36,3d,cc,dd,
   48,f8,c3,94,70,95,f3,73,ae,64,45,19,5b,73,ce,f2,5f,0c,95,28,bf,01,61,50,da,\
"??"=hex:b1,82,6f,f8,1f,55,dd,3a,f2,4c,ec,72,5b,20,80,c7

[HKEY_USERS\S-1-5-21-1708537768-1383384898-839522115-1004\Software\SecuROM\License information*]
"datasecu"=hex:79,40,c7,2e,0d,48,8b,4a,35,2c,99,41,88,2d,65,db,b1,ce,06,9d,a5,
   c5,c0,02,c4,c8,24,80,dc,5a,7e,55,bf,d1,5d,4c,eb,1a,d2,29,21,cd,6b,6b,93,fc,\
"rkeysecu"=hex:45,95,a9,51,e0,10,98,aa,a4,99,be,2f,70,61,1f,24

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------

- - - - - - - > 'winlogon.exe'(1052)
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll
c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTServ.dll

- - - - - - - > 'explorer.exe'(468)
c:\programme\Logitech\SetPoint\GameHook.dll
c:\programme\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\programme\Ahead\InCD\InCDsrv.exe
c:\programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.EXE
c:\programme\iPod\bin\iPodService.exe
c:\programme\OpenOffice.org 3\program\soffice.exe
c:\programme\OpenOffice.org 3\program\soffice.bin
c:\windows\system32\wscntfy.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-03-02  21:08:36 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2011-03-02 20:08

Vor Suchlauf: 16 Verzeichnis(se), 38.030.962.688 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 38.003.580.928 Bytes frei

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

- - End Of File - - 6A1CFD7B2B66D3EFCA9648CD787DAEB0
         

Alt 02.03.2011, 21:30   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



Ok. Bitte nun Logs mit GMER und OSAM erstellen und posten.
GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen.
Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst.


Downloade Dir danach bitte MBRCheck (by a_d_13) und speichere die Datei auf dem Desktop.
  • Doppelklick auf die MBRCheck.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Das Tool braucht nur einige Sekunden.
  • Danach solltest du eine MBRCheck_<Datum>_<Uhrzeit>.txt auf dem Desktop finden.
Poste mir bitte den Inhalt des .txt Dokumentes
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 04.03.2011, 21:50   #9
Danny01
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



schonmal GMER

Code:
ATTFilter
GMER 1.0.15.15530 - hxxp://www.gmer.net
Rootkit scan 2011-03-04 21:34:55
Windows 5.1.2600 Service Pack 3 
Running: 9wwk15un.exe; Driver: C:\DOKUME~1\Mirau\LOKALE~1\Temp\pgtdypow.sys


---- System - GMER 1.0.15 ----

SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwAdjustPrivilegesToken [0xB39515FA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwClose [0xB3951EFE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwConnectPort [0xB3952D32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwCreateEvent [0xB395327C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwCreateFile [0xB39521DA]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwCreateKey [0xB395046A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwCreateMutant [0xB3953162]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwCreateNamedPipeFile [0xB39511E8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwCreatePort [0xB3953036]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwCreateSection [0xB3951390]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwCreateSemaphore [0xB395339C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwCreateThread [0xB3951B86]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwCreateWaitablePort [0xB39530CC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwDebugActiveProcess [0xB3954A84]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwDeleteKey [0xB3950A74]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwDeleteValueKey [0xB3950E28]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwDeviceIoControlFile [0xB395265C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwDuplicateObject [0xB3955C90]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwEnumerateKey [0xB3950F74]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwEnumerateValueKey [0xB395100C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwFsControlFile [0xB395246A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwLoadDriver [0xB3954B76]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwLoadKey [0xB3950446]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwLoadKey2 [0xB3950458]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwMapViewOfSection [0xB39552DE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwNotifyChangeKey [0xB3951138]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwOpenEvent [0xB3953312]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwOpenFile [0xB3951F80]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwOpenKey [0xB395062A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwOpenMutant [0xB39531F2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwOpenProcess [0xB3951836]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwOpenSection [0xB3955078]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwOpenSemaphore [0xB3953432]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwOpenThread [0xB3951728]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwQueryKey [0xB39510A4]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwQueryMultipleValueKey [0xB3950CDC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwQuerySection [0xB3955618]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwQueryValueKey [0xB3950906]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwQueueApcThread [0xB3954F0A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwRenameKey [0xB3950B96]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwReplaceKey [0xB394FE80]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwReplyPort [0xB3953796]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwReplyWaitReceivePort [0xB395365C]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwRequestWaitReplyPort [0xB395481E]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwRestoreKey [0xB39501F8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwResumeThread [0xB3955B32]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwSaveKey [0xB394FE18]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwSecureConnectPort [0xB3952A78]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwSetContextThread [0xB3951DA2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwSetInformationToken [0xB39540BE]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwSetSecurityObject [0xB3954D14]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwSetSystemInformation [0xB3955768]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwSetValueKey [0xB3950780]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwSuspendProcess [0xB395585A]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwSuspendThread [0xB3955994]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwSystemDebugControl [0xB39549A8]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwTerminateProcess [0xB39519D2]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwTerminateThread [0xB3951932]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwUnmapViewOfSection [0xB39554BC]
SSDT            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   ZwWriteVirtualMemory [0xB3951ABC]

Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   FsRtlCheckLockForReadAccess
Code            \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)                                                                   IoIsOperationSynchronous
Code            6C6B5DAC                                                                                                                                                KeFindConfigurationEntry

---- Kernel code sections - GMER 1.0.15 ----

.text           ntoskrnl.exe!ZwYieldExecution + 1FA                                                                                                                     804E4A54 12 Bytes  [76, 4B, 95, B3, 46, 04, 95, ...]
.text           ntoskrnl.exe!ZwYieldExecution + 376                                                                                                                     804E4BD0 16 Bytes  [96, 0B, 95, B3, 80, FE, 94, ...]
.text           ntoskrnl.exe!ZwYieldExecution + 46A                                                                                                                     804E4CC4 12 Bytes  [5A, 58, 95, B3, 94, 59, 95, ...]
.text           ntoskrnl.exe!IoIsOperationSynchronous                                                                                                                   804EAFCE 5 Bytes  JMP B39443C8 \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           ntoskrnl.exe!FsRtlCheckLockForReadAccess                                                                                                                804F45B3 5 Bytes  JMP B3943FEC \SystemRoot\system32\DRIVERS\klif.sys (Klif Mini-Filter [fre_wnet_x86]/Kaspersky Lab)
.text           C:\WINDOWS\system32\DRIVERS\nv4_mini.sys                                                                                                                section is writeable [0xB6182360, 0x3D46A5, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

?               C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] C:\WINDOWS\system32\ntdll.dll                                                  time/date stamp mismatch; 
?               C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] C:\WINDOWS\system32\kernel32.dll                                               time/date stamp mismatch; 
.text           C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] USER32.dll!AlignRects + FFFA5598                                               7E362A78 4 Bytes  [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB }
?               C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] C:\WINDOWS\system32\ntdll.dll                                                  time/date stamp mismatch; 
?               C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] C:\WINDOWS\system32\kernel32.dll                                               time/date stamp mismatch; 
.text           C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] USER32.dll!AlignRects + FFFA5598                                               7E362A78 4 Bytes  [E0, 13, 48, 6C] {LOOPNZ 0x15; DEC EAX; INSB }

---- Kernel IAT/EAT - GMER 1.0.15 ----

IAT             \SystemRoot\system32\DRIVERS\ipsec.sys[ntoskrnl.exe!IoCreateDevice]                                                                                     [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[ntoskrnl.exe!IoCreateDevice]                                                                                     [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\tcpip.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                                 [B8320D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\netbt.sys[ntoskrnl.exe!IoCreateDevice]                                                                                     [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\netbt.sys[TDI.SYS!TdiRegisterDeviceObject]                                                                                 [B8320D50] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\ipnat.sys[ntoskrnl.exe!IoCreateDevice]                                                                                     [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\wanarp.sys[ntoskrnl.exe!IoCreateDevice]                                                                                    [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\System32\drivers\afd.sys[ntoskrnl.exe!IoCreateDevice]                                                                                       [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\netbios.sys[ntoskrnl.exe!IoCreateDevice]                                                                                   [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\rdbss.sys[ntoskrnl.exe!IoCreateDevice]                                                                                     [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\mrxsmb.sys[ntoskrnl.exe!IoCreateDevice]                                                                                    [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\System32\Drivers\Fips.SYS[ntoskrnl.exe!IoCreateDevice]                                                                                      [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\usbccgp.sys[NTOSKRNL.EXE!IoCreateDevice]                                                                                   [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\Wdf01000.sys[ntoskrnl.exe!IoCreateDevice]                                                                                  [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\HIDCLASS.SYS[ntoskrnl.exe!IoCreateDevice]                                                                                  [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\mouhid.sys[ntoskrnl.exe!IoCreateDevice]                                                                                    [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\kbdhid.sys[ntoskrnl.exe!IoCreateDevice]                                                                                    [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\System32\Drivers\Cdfs.SYS[ntoskrnl.exe!IoCreateDevice]                                                                                      [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys[ntoskrnl.exe!IoCreateDevice]                                                                               [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\irda.sys[ntoskrnl.exe!IoCreateDevice]                                                                                      [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\ndisuio.sys[ntoskrnl.exe!IoCreateDevice]                                                                                   [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\mrxdav.sys[ntoskrnl.exe!IoCreateDevice]                                                                                    [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\System32\Drivers\ParVdm.SYS[ntoskrnl.exe!IoCreateDevice]                                                                                    [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\DRIVERS\srv.sys[ntoskrnl.exe!IoCreateDevice]                                                                                       [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\drivers\wdmaud.sys[ntoskrnl.exe!IoCreateDevice]                                                                                    [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
IAT             \SystemRoot\system32\drivers\sysaudio.sys[ntoskrnl.exe!IoCreateDevice]                                                                                  [B8320C00] kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- User IAT/EAT - GMER 1.0.15 ----

IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap]                 01170240
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap]                     011702B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap]                     01170320
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap]               01170390
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode]                   013504E0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01350550
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                 013505C0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary]                    01350630
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA]               013506A0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy]                    01170940
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate]                     011709B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree]                    01170A20
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc]                   01170A90
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread]                   01170B70
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                 013508D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread]                 01170CC0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW]             01350940
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  013509B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA]             01350A20
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  01350A90
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]               01350B00
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc]                 01170E10
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                  01170E80
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                     01170EF0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                 01170F60
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap]               7C9D0400
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                 01350B70
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                    01350BE0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    01350C50
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread]                   7C9D0550
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW]               01350CC0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc]                   7C9D05C0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree]                    7C9D0630
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                       7C9D06A0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                   7C9D0710
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01350D30
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW]              01350DA0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                01350E10
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary]                   01350E80
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap]                      7C9D0780
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap]                  7C9D07F0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary]                   01350EF0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                01350F60
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7C9E02B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread]                  7C9D0860
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA]              7C9E0320
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW]               7C9E04E0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread]                   7C9D08D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA]               7C9E0550
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7C9E05C0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                 7C9E0630
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary]                    7C9E06A0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap]                   7C9D0B00
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap]                       7C9D0B70
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     7C9E0710
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]                     7C9E0780
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                  7C9E07F0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap]                    7C9D0BE0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap]                        7C9D0C50
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode]                  7C9E0D30
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread]                  01180320
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress]                7C9E0DA0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary]                   7C9E0E10
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7C9E0E80
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap]                      01180390
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  013600F0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!FreeLibrary]                  01360160
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress]               013601D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!CreateThread]                 01180470
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlAllocateHeap]                 011805C0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlFreeHeap]                     01180630
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary]                     01360390
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress]                  01360400
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter]     01360470
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   013604E0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  01360550
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA]              013605C0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW]              01360630
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                   013606A0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                  011808D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy]                   01180940
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate]                    01180A20
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                01360710
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc]                  01180EF0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA]              01360B70
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate]                    01180F60
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree]                   01190010
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy]                   011901D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01360BE0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW]              01360C50
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode]                  01360CC0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                01360D30
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread]                  01190240
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]                   01360DA0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap]                      011902B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                  01360E10
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW]                01360E80
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary]                     01360EF0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread]                    011904E0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc]                    01190550
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     01360F60
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap]                        011905C0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate]                     7C9D0240
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy]                    7C9D02B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                 7C9E0160
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread]                   7C9D01D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary]                    7C9E0010
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7C9E0240
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary]                   7C9E0010
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7C9E0240
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA]              7C9E0080
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread]                  7C9D01D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[264] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]                7C9E0160
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap]                 00F20240
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap]                     00F202B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap]                     00F20320
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap]               00F20390
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode]                   011F04E0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    011F0550
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress]                 011F05C0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary]                    011F0630
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleHandleA]               011F06A0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy]                    00F20940
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapCreate]                     00F209B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree]                    00F20A20
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc]                   00F20A90
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateThread]                   00F20B70
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode]                 011F08D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!CreateThread]                 00F20CC0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleW]             011F0940
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  011F09B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleHandleA]             011F0A20
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary]                  011F0A90
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress]               011F0B00
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc]                 00F20E10
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree]                  00F20E80
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap]                     00F20EF0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap]                 00F20F60
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap]               7C9D0400
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress]                 011F0B70
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary]                    011F0BE0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    011F0C50
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!CreateThread]                   7C9D0550
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleHandleW]               011F0CC0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc]                   7C9D05C0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree]                    7C9D0630
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap]                       7C9D06A0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap]                   7C9D0710
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   011F0D30
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleHandleW]              011F0DA0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress]                011F0E10
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary]                   011F0E80
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap]                      7C9D0780
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap]                  7C9D07F0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary]                   011F0EF0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress]                011F0F60
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7C9E02B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!CreateThread]                  7C9D0860
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleHandleA]              7C9E0320
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleW]               7C9E04E0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateThread]                   7C9D08D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleHandleA]               7C9E0550
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7C9E05C0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress]                 7C9E0630
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary]                    7C9E06A0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap]                   7C9D0B00
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap]                       7C9D0B70
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     7C9E0710
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary]                     7C9E0780
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress]                  7C9E07F0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap]                    7C9D0BE0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap]                        7C9D0C50
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode]                  7C9E0EF0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateThread]                  00F30470
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress]                7C9E0F60
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary]                   01200010
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01200080
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap]                      00F304E0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  012002B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!FreeLibrary]                  01200320
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!GetProcAddress]               01200390
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\netapi32.dll [KERNEL32.dll!CreateThread]                 00F305C0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlAllocateHeap]                 00F30710
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\netapi32.dll [ntdll.dll!RtlFreeHeap]                     00F30780
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary]                     01200550
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress]                  012005C0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter]     01200630
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   012006A0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode]                  01200710
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleA]              01200780
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleHandleW]              012007F0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary]                   01200860
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateThread]                  00F30A20
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy]                   00F30A90
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapCreate]                    00F30B70
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress]                012008D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc]                  00F40080
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleA]              01200D30
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapCreate]                    00F400F0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree]                   00F40160
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy]                   00F40320
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   01200DA0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleHandleW]              01200E10
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode]                  01200E80
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress]                01200EF0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateThread]                  00F40390
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary]                   01200F60
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap]                      00F40400
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress]                  01210010
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleHandleW]                01210080
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary]                     012100F0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateThread]                    00F40630
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc]                    00F406A0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]     01210160
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap]                        00F40710
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapCreate]                     7C9D0240
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy]                    7C9D02B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress]                 7C9E0160
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!CreateThread]                   7C9D01D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary]                    7C9E0010
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7C9E0240
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary]                   7C9E0010
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7C9E0240
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleHandleA]              7C9E0080
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!CreateThread]                  7C9D01D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress]                7C9E0160
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter]  7C9E0240
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary]                  7C9E0010
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapCreate]                   7C9D0240
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy]                  7C9D02B0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress]               7C9E0160
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap]                     7C9D0080
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap]                 7C9D0010
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter]    7C9E0240
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree]                    7C9D0390
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc]                   7C9D0320
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!CreateThread]                  7C9D01D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetErrorMode]                  7C9E01D0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleA]              7C9E0080
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetModuleHandleW]              7C9E00F0
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!SetUnhandledExceptionFilter]   7C9E0240
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!GetProcAddress]                7C9E0160
IAT             C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe[388] @ C:\WINDOWS\system32\WININET.dll [KERNEL32.dll!FreeLibrary]                   7C9E0010

---- Devices - GMER 1.0.15 ----

AttachedDevice  \Driver\Tcpip \Device\Ip                                                                                                                                kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\Tcpip \Device\Tcp                                                                                                                               kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\Tcpip \Device\Udp                                                                                                                               kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)
AttachedDevice  \Driver\Tcpip \Device\RawIp                                                                                                                             kl1.sys (Kaspersky Unified Driver/Kaspersky Lab ZAO)

---- EOF - GMER 1.0.15 ----
         
Code:
ATTFilter
Report of OSAM: Autorun Manager v5.0.11926.0
hxxp://www.online-solutions.ru/en/
Saved at 21:52:14 on 04.03.2011

OS: Windows XP Home Edition Service Pack 3 (Build 2600)
Default Browser: Microsoft Corporation Internet Explorer 8.00.6001.18702

Scanner Settings
[x] Rootkits detection (hidden registry)
[x] Rootkits detection (hidden files)
[x] Retrieve files information
[x] Check Microsoft signatures

Filters
[ ] Trusted entries
[ ] Empty entries
[x] Hidden registry entries (rootkit activity)
[x] Exclusively opened files
[x] Not found files
[x] Files without detailed information
[x] Existing files
[ ] Non-startable services
[ ] Non-startable drivers
[x] Active entries
[x] Disabled entries


[AppInit DLLs]
-----( HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows )-----
"AppInit_DLLs" - "Kaspersky Lab ZAO" - C:\PROGRA~1\KASPER~1\KASPER~3\kloehk.dll

[Common]
-----( %SystemRoot%\Tasks )-----
"AppleSoftwareUpdate.job" - "Apple Inc." - C:\Programme\Apple Software Update\SoftwareUpdate.exe
"GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe

[Control Panel Objects]
-----( %SystemRoot%\system32 )-----
"infocardcpl.cpl" - "Microsoft Corporation" - C:\WINDOWS\system32\infocardcpl.cpl
"javacpl.cpl" - "Sun Microsystems, Inc." - C:\WINDOWS\system32\javacpl.cpl
"nvcpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.cpl
"nvtuicpl.cpl" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvtuicpl.cpl
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )-----
"mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLCFG32.CPL
"Pando" - "Pando Networks" - C:\Programme\Pando Networks\Media Booster\PMB.cpl
"QuickTime" - "Apple Inc." - C:\Programme\QuickTime\QTSystem\QuickTime.cpl

[Drivers]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
"catchme" (catchme) - ? - C:\cofi\catchme.sys  (File not found)
"cdrmkaun" (cdrmkaun) - ? - C:\DOKUME~1\Mirau\LOKALE~1\Temp\cdrmkaun.sys  (File not found)
"Changer" (Changer) - ? - C:\WINDOWS\system32\drivers\Changer.sys  (File not found)
"ensqio" (ensqio) - ? - C:\WINDOWS\System32\DRIVERS\ensqio.sys  (File not found)
"FssFltr" (fssfltr) - "Microsoft Corporation" - C:\WINDOWS\System32\DRIVERS\fssfltr_tdi.sys
"GVCplDrv" (GVCplDrv) - ? - C:\WINDOWS\system32\drivers\GVCplDrv.sys  (File found, but it contains no detailed information)
"i2omgmt" (i2omgmt) - ? - C:\WINDOWS\system32\drivers\i2omgmt.sys  (File not found)
"InCD File System" (InCDfs) - "Ahead Software AG" - C:\WINDOWS\system32\drivers\InCDfs.sys
"InCD Reader" (incdrm) - "Ahead Software AG" - C:\WINDOWS\system32\drivers\incdrm.sys
"InCDPass" (InCDPass) - "Ahead Software AG" - C:\WINDOWS\System32\DRIVERS\InCDPass.sys
"InCDrec" (InCDrec) - "Ahead Software AG" - C:\WINDOWS\system32\drivers\InCDrec.sys
"lbrtfdc" (lbrtfdc) - ? - C:\WINDOWS\system32\drivers\lbrtfdc.sys  (File not found)
"PCIDump" (PCIDump) - ? - C:\WINDOWS\system32\drivers\PCIDump.sys  (File not found)
"PDCOMP" (PDCOMP) - ? - C:\WINDOWS\system32\drivers\PDCOMP.sys  (File not found)
"PDFRAME" (PDFRAME) - ? - C:\WINDOWS\system32\drivers\PDFRAME.sys  (File not found)
"PDRELI" (PDRELI) - ? - C:\WINDOWS\system32\drivers\PDRELI.sys  (File not found)
"PDRFRAME" (PDRFRAME) - ? - C:\WINDOWS\system32\drivers\PDRFRAME.sys  (File not found)
"pgtdypow" (pgtdypow) - ? - C:\DOKUME~1\Mirau\LOKALE~1\Temp\pgtdypow.sys  (Hidden registry entry, rootkit activity | File not found)
"SB AudioPCI 128" (sbpcint4) - ? - C:\WINDOWS\System32\DRIVERS\sbpcint4.sys  (File not found)
"WDICA" (WDICA) - ? - C:\WINDOWS\system32\drivers\WDICA.sys  (File not found)

[Explorer]
-----( HKCU\Software\Classes\Folder\shellex\ColumnHandlers )-----
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? -   (File not found | COM-object registry key not found)
-----( HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{BDEADF00-C265-11d0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
-----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )-----
{89B4C1CD-B018-4511-B0A1-5476DBF70820} "StubPath" - "Microsoft Corporation" - C:\WINDOWS\system32\Rundll32.exe C:\WINDOWS\system32\mscories.dll,Install
-----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )-----
{F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.dll
-----( HKLM\Software\Classes\Protocols\Filter )-----
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{1E66F26B-79EE-11D2-8710-00C04F79ED0D} "Cor MIME Filter, CorFltr, CorFltr 1" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\MSOXMLMF.DLL
-----( HKLM\Software\Classes\Protocols\Handler )-----
{314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll
{828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WINDOW~4\MESSEN~1\MSGRAP~1.DLL
{03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )-----
{23170F69-40C1-278A-1000-000100020000} "7-Zip Shell Extension" - "Igor Pavlov" - C:\Programme\7-Zip\7-zip.dll
{0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Programme\Windows Live\Mail\mailcomm.dll
{42071714-76d4-11d1-8b24-00a0c9068ff3} "CPL-Erweiterung für Anzeigeverschiebung" - ? - deskpan.dll  (File not found)
{1CDB2949-8F65-4355-8456-263E7C208A5D} "Desktop Explorer" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A47} "Desktop Explorer Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1D2680C9-0E2A-469d-B787-065558BC7D43} "Fusion Cache" - "Microsoft Corporation" - C:\WINDOWS\system32\mscoree.dll
{88895560-9AA2-1069-930E-00AA0030EBC8} "HyperTerminal Icon Ext" - ? - C:\WINDOWS\system32\hticons.dll  (File not found)
{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} "IE User Assist" - ? -   (File not found | COM-object registry key not found)
{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Programme\iTunes\iTunesMiniPlayer.dll
{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} "KbLogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\kbcplext.dll
{853FE2B1-B769-11d0-9C4E-00C04FB6C6FA} "Kontextmenü für die Verschlüsselung" - ? -   (File not found | COM-object registry key not found)
{B9B9F083-2B04-452A-8691-83694AC1037B} "LogiExt Class" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\mcplext.dll
{73B24247-042E-4EF5-ADC2-42F62E6FD654} "MCLiteShellExt Class" - ? - C:\Programme\ICQLite\ICQLiteShell.dll  (File not found)
{42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office12\msohevi.dll
{993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\MLSHEXT.DLL
{C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~1\GEMEIN~1\MICROS~1\OFFICE12\msoshext.dll
{FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvcpl.dll
{1E9B04FB-F9E5-4718-997B-B8DA88302A48} "nView Desktop Context Menu" - "NVIDIA Corporation" - C:\WINDOWS\system32\nvshell.dll
{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? -   (File not found | COM-object registry key not found)
{087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? -   (File not found | COM-object registry key not found)
{63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? -   (File not found | COM-object registry key not found)
{3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? -   (File not found | COM-object registry key not found)
{0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\OLKFSTUB.DLL
{950FF917-7A57-46BC-8017-59D9BF474000} "Shell Extension for CDRW" - "Ahead Software AG" - C:\Programme\Ahead\InCD\incdshx.dll
{E37E2028-CE1A-4f42-AF05-6CEABC4E5D75} "Shell Icon Handler for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{764BF0E1-F219-11ce-972D-00AA00A14F56} "Shellerweiterungen für die Dateikomprimierung" - ? -   (File not found | COM-object registry key not found)
{e82a2d71-5b2f-43a0-97b8-81be15854de8} "ShellLink for Application References" - "Microsoft Corporation" - C:\WINDOWS\system32\dfshim.dll
{66F1DE40-D550-4119-9120-6592E3390623} "SmartDraw Thumbnail Handler" - ? - C:\Programme\SmartDraw 2010\SDThumbnail.dll  (File not found)
{85E0B171-04FA-11D1-B7DA-00A0C90348D6} "Statistik für den Schutz des Web-Datenverkehrs" - ? -   (File not found | COM-object registry key not found)
{BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Web Folders" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\MSONSEXT.DLL
{2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoGallery.exe
{00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\PhotoViewerShim.dll
{B41DB860-8EE4-11D2-9906-E49FADC173CA} "WinRAR" - ? - C:\Programme\WinRAR\rarext.dll
{06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Programme\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe

[Internet Explorer]
-----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )-----
<binary data> "&Google" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
<binary data> "Gutscheinmieze" - ? - C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Gutscheinmieze\toolbar.dll  (File not found)
ITBar7Height "ITBar7Height" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBar7Layout" - ? -   (File not found | COM-object registry key not found)
<binary data> "ITBarLayout" - ? -   (File not found | COM-object registry key not found)
-----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )-----
{8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_13" - "Sun Microsystems, Inc." - C:\Programme\Java\jre6\bin\npjpi160_13.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab
{166B1BCA-3F9C-11CF-8075-444553540000} "Shockwave ActiveX Control" - "Adobe Systems, Inc." - C:\WINDOWS\system32\Adobe\Director\SwDir.dll / hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
{1E54D648-B804-468d-BC78-4AFFED8E262F} "System Requirements Lab Class" - "Husdawg, LLC" - C:\WINDOWS\Downloaded Program Files\sysreqlab_nvd.dll / hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab
{8FFBE65D-2C9C-4669-84BD-5829DC0B603C} "{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}" - ? -   (File not found | COM-object registry key not found) / hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )-----
{4248FE82-7FCB-46AC-B270-339F08212110} "&Virtuelle Tastatur" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
{5F7B1267-94A9-47F5-98DB-E99415F33AEC} "Blog This" - "Microsoft Corporation" - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll
{CCF151D8-D089-449F-A5A4-D9909053F20F} "Li&nks untersuchen" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
{FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
-----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )-----
<binary data> "&Windows Live Toolbar" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )-----
{18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
{E33CF602-D945-461A-83F0-819F76A199F8} "FilterBHO Class" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtbbho.dll
{AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Germany GmbH" - c:\programme\google\googletoolbar1.dll
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Programme\Google\GoogleToolbarNotifier\5.6.5612.1312\swg.dll
{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} "IEVkbdBHO Class" - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\ievkbd.dll
{6EBF7485-159F-4bff-A14F-B9E3AAC4465B} "Search Helper" - "Microsoft Corp." - C:\Programme\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll
{9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID Sign-in Helper" - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} "Windows Live Toolbar Helper" - "Microsoft Corporation" - C:\Programme\Windows Live\Toolbar\wltcore.dll
{5C255C8A-E604-49b4-9D64-90988571CECB} "{5C255C8A-E604-49b4-9D64-90988571CECB}" - ? -   (File not found | COM-object registry key not found)

[Logon]
-----( %AllUsersProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\desktop.ini
"Logitech SetPoint.lnk" - "Logitech, Inc." - C:\Programme\Logitech\SetPoint\SetPoint.exe  (Shortcut exists | File exists)
"McAfee Security Scan Plus.lnk" - ? - C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\McAfee Security Scan Plus.lnk  (Shortcut exists | File not found)
"Microsoft Office.lnk" - "Microsoft Corporation" - C:\Programme\Microsoft Office\Office\OSA9.EXE  (Shortcut exists | File exists)
-----( %UserProfile%\Startmenü\Programme\Autostart )-----
"desktop.ini" - ? - C:\Dokumente und Einstellungen\Mirau\Startmenü\Programme\Autostart\desktop.ini
"OpenOffice.org 3.0.lnk" - ? - C:\Programme\OpenOffice.org 3\program\quickstart.exe  (Shortcut exists | File found, but it contains no detailed information | File exists)
-----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )-----
"igndlm.exe" - "IGN Entertainment" - C:\Programme\Download Manager\DLM.exe /windowsstart /startifwork
"msnmsgr" - "Microsoft Corporation" - "C:\Programme\Windows Live\Messenger\msnmsgr.exe" /background
"Pando Media Booster" - ? - C:\Programme\Pando Networks\Media Booster\PMB.exe
"RGSC" - "Take-Two Interactive Software, Inc." - D:\Programme\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
-----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )-----
"Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Programme\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"avp" - "Kaspersky Lab ZAO" - "C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe"
"iTunesHelper" - "Apple Inc." - "C:\Programme\iTunes\iTunesHelper.exe"
"NvCplDaemon" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
"NvMediaCenter" - "NVIDIA Corporation" - RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
"nwiz" - "NVIDIA Corporation" - nwiz.exe /install
"QuickTime Task" - "Apple Inc." - "C:\Programme\QuickTime\qttask.exe" -atboottime
"TrayServer" - "MAGIX AG" - C:\Programme\MAGIX\Video_deluxe_17_Download-Version\TrayServer.exe

[Services]
-----( HKLM\SYSTEM\CurrentControlSet\Services )-----
".NET Runtime Optimization Service v2.0.50727_X86" (clr_optimization_v2.0.50727_32) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
"Anwendungsverwaltung" (AppMgmt) - ? - C:\WINDOWS\System32\appmgmts.dll  (File not found)
"Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
"ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe
"Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Programme\Bonjour\mDNSResponder.exe
"FABS - Helping agent for MAGIX media database" (Fabs) - "MAGIX AG" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
"Firebird Server - MAGIX Instance" (FirebirdServerMAGIXInstance) - "MAGIX®" - C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\fbserver.exe
"getPlus(R) Helper 3004" (nosGetPlusHelper) - "NOS Microsystems Ltd." - C:\Programme\NOS\bin\getPlus_Helper_3004.dll
"Google Update Service (gupdate1c9de1043fda0a)" (gupdate1c9de1043fda0a) - "Google Inc." - C:\Programme\Google\Update\GoogleUpdate.exe
"Google Updater Service" (gusvc) - "Google" - C:\Programme\Google\Common\Google Updater\GoogleUpdaterService.exe
"InCD Helper (read only)" (InCDsrvR) - "Ahead Software AG" - C:\Programme\Ahead\InCD\InCDsrv.exe
"InstallDriver Table Manager" (IDriverT) - "Macrovision Corporation" - C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe
"iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Programme\iPod\bin\iPodService.exe
"Kaspersky Anti-Virus Service" (AVP) - "Kaspersky Lab ZAO" - C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
"Logitech Bluetooth Service" (LBTServ) - "Logitech, Inc." - C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe
"McAfee Security Scan Component Host Service" (McComponentHostService) - ? - "C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe"  (File not found)
"Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE
"NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\WINDOWS\system32\nvsvc32.exe
"Office Source Engine" (ose) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE
"SeaPort" (SeaPort) - "Microsoft Corp." - C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
"SiSoftware Deployment Agent Service" (SandraAgentSrv) - "SiSoftware" - C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe
"Windows CardSpace" (idsvc) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
"Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Programme\Windows Live\Family Safety\fsssvc.exe
"Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corporation" - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
"Windows Presentation Foundation Font Cache 3.0.0.0" (FontCache3.0.0.0) - "Microsoft Corporation" - C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe

[Winlogon]
-----( HKCU\Control Panel\IOProcs )-----
"MVB" - ? - mvfs32.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\GPExtensions )-----
{c6dc5466-785a-11d2-84d0-00c04fb169f7} "Softwareinstallation" - ? - appmgmts.dll  (File not found)
-----( HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify )-----
"LBTWlgn" - "Logitech, Inc." - c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll

[Winsock Providers]
-----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )-----
"mdnsNSP" - "Apple Inc." - C:\Programme\Bonjour\mdnsNSP.dll

===[ Logfile end ]=========================================[ Logfile end ]===

If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru
         

Geändert von Danny01 (04.03.2011 um 21:57 Uhr)

Alt 04.03.2011, 22:54   #10
Danny01
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



und mbr

Code:
ATTFilter
MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:			
Windows Version:		Windows XP Home Edition
Windows Information:		Service Pack 3 (build 2600)
Logical Drives Mask:		0x0000003c

Kernel Drivers (total 123):
  0x804D7000 \WINDOWS\system32\ntoskrnl.exe
  0x80701000 \WINDOWS\system32\hal.dll
  0xF7987000 \WINDOWS\system32\KDCOM.DLL
  0xF7897000 \WINDOWS\system32\BOOTVID.dll
  0xB82DE000 kl1.sys
  0xB82AF000 ACPI.sys
  0xF7989000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
  0xB829E000 pci.sys
  0xF75F7000 isapnp.sys
  0xF7A4F000 pciide.sys
  0xF7707000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
  0xF7607000 MountMgr.sys
  0xB81DF000 ftdisk.sys
  0xF770F000 PartMgr.sys
  0xF7617000 VolSnap.sys
  0xB81C7000 atapi.sys
  0xF7627000 disk.sys
  0xF7637000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
  0xB81A7000 fltmgr.sys
  0xB8195000 sr.sys
  0xB817E000 KSecDD.sys
  0xB80F1000 Ntfs.sys
  0xB80C4000 NDIS.sys
  0xB80AA000 Mup.sys
  0xF76A7000 \SystemRoot\system32\DRIVERS\intelppm.sys
  0xB6182000 \SystemRoot\system32\DRIVERS\nv4_mini.sys
  0xB616E000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
  0xB6146000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
  0xF77BF000 \SystemRoot\system32\DRIVERS\usbuhci.sys
  0xB6108000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
  0xF77C7000 \SystemRoot\system32\DRIVERS\usbehci.sys
  0xF76C7000 \SystemRoot\system32\DRIVERS\serial.sys
  0xF77D7000 \SystemRoot\system32\DRIVERS\irsir.sys
  0xF792F000 \SystemRoot\system32\DRIVERS\irenum.sys
  0xB60F4000 \SystemRoot\system32\DRIVERS\parport.sys
  0xB6F24000 \SystemRoot\system32\DRIVERS\serenum.sys
  0xF76D7000 \SystemRoot\system32\DRIVERS\cdrom.sys
  0xF76E7000 \SystemRoot\system32\DRIVERS\redbook.sys
  0xB60D1000 \SystemRoot\system32\DRIVERS\ks.sys
  0xF77E7000 \SystemRoot\System32\DRIVERS\InCDPass.sys
  0xF77EF000 \SystemRoot\System32\Drivers\incdrm.SYS
  0xF77FF000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
  0xF76F7000 \SystemRoot\system32\DRIVERS\imapi.sys
  0xB828E000 \SystemRoot\system32\DRIVERS\klim5.sys
  0xF7AA4000 \SystemRoot\system32\DRIVERS\audstub.sys
  0xF780F000 \SystemRoot\system32\DRIVERS\rasirda.sys
  0xF781F000 \SystemRoot\system32\DRIVERS\TDI.SYS
  0xB827E000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
  0xF7937000 \SystemRoot\system32\DRIVERS\ndistapi.sys
  0xB60BA000 \SystemRoot\system32\DRIVERS\ndiswan.sys
  0xB826E000 \SystemRoot\system32\DRIVERS\raspppoe.sys
  0xB825E000 \SystemRoot\system32\DRIVERS\raspptp.sys
  0xB60A9000 \SystemRoot\system32\DRIVERS\psched.sys
  0xB824E000 \SystemRoot\system32\DRIVERS\msgpc.sys
  0xB757D000 \SystemRoot\system32\DRIVERS\ptilink.sys
  0xB756D000 \SystemRoot\system32\DRIVERS\raspti.sys
  0xB823E000 \SystemRoot\system32\DRIVERS\termdd.sys
  0xB755D000 \SystemRoot\system32\DRIVERS\kbdclass.sys
  0xB7555000 \SystemRoot\system32\DRIVERS\mouclass.sys
  0xF79E5000 \SystemRoot\system32\DRIVERS\swenum.sys
  0xB5FAB000 \SystemRoot\system32\DRIVERS\update.sys
  0xF7943000 \SystemRoot\system32\DRIVERS\mssmbios.sys
  0xB821E000 \SystemRoot\System32\Drivers\NDProxy.SYS
  0xB39F0000 \SystemRoot\system32\drivers\RtkHDAud.sys
  0xB39CC000 \SystemRoot\system32\drivers\portcls.sys
  0xB820E000 \SystemRoot\system32\drivers\drmk.sys
  0xB81FE000 \SystemRoot\system32\DRIVERS\usbhub.sys
  0xF799D000 \SystemRoot\system32\DRIVERS\USBD.SYS
  0xB3925000 \SystemRoot\system32\DRIVERS\klif.sys
  0xF79A3000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
  0xB6D07000 \SystemRoot\System32\Drivers\Null.SYS
  0xF79A7000 \SystemRoot\System32\Drivers\Beep.SYS
  0xF77CF000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
  0xF77DF000 \SystemRoot\System32\drivers\vga.sys
  0xF79AB000 \SystemRoot\System32\Drivers\mnmdd.SYS
  0xF79AF000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
  0xF79B1000 \SystemRoot\System32\Drivers\InCDrec.SYS
  0xB38C6000 \SystemRoot\System32\Drivers\InCDfs.SYS
  0xF7817000 \SystemRoot\System32\Drivers\Msfs.SYS
  0xB758D000 \SystemRoot\System32\Drivers\Npfs.SYS
  0xB8082000 \SystemRoot\system32\DRIVERS\rasacd.sys
  0xB7585000 \SystemRoot\system32\DRIVERS\kl2.sys
  0xB388B000 \SystemRoot\system32\DRIVERS\ipsec.sys
  0xB3832000 \SystemRoot\system32\DRIVERS\tcpip.sys
  0xB380A000 \SystemRoot\system32\DRIVERS\netbt.sys
  0xB37E4000 \SystemRoot\system32\DRIVERS\ipnat.sys
  0xB7FFA000 \SystemRoot\system32\DRIVERS\wanarp.sys
  0xB37C2000 \SystemRoot\System32\drivers\afd.sys
  0xB7FEA000 \SystemRoot\system32\DRIVERS\netbios.sys
  0xB3797000 \SystemRoot\system32\DRIVERS\rdbss.sys
  0xB3727000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
  0xB7FDA000 \SystemRoot\System32\Drivers\Fips.SYS
  0xF7757000 \SystemRoot\system32\DRIVERS\usbccgp.sys
  0xF7767000 \SystemRoot\System32\Drivers\LUsbFilt.Sys
  0xB7FAA000 \SystemRoot\System32\Drivers\WDFLDR.SYS
  0xB365C000 \SystemRoot\system32\DRIVERS\Wdf01000.sys
  0xB3919000 \SystemRoot\system32\DRIVERS\hidusb.sys
  0xB7F9A000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
  0xF7777000 \SystemRoot\system32\DRIVERS\LHidFilt.Sys
  0xB3915000 \SystemRoot\system32\DRIVERS\mouhid.sys
  0xF777F000 \SystemRoot\system32\DRIVERS\LMouFilt.Sys
  0xB390D000 \SystemRoot\system32\DRIVERS\kbdhid.sys
  0xF7667000 \SystemRoot\System32\Drivers\Cdfs.SYS
  0xB361C000 \SystemRoot\System32\Drivers\dump_atapi.sys
  0xF79C3000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
  0xBF800000 \SystemRoot\System32\win32k.sys
  0xB38C2000 \SystemRoot\System32\drivers\Dxapi.sys
  0xF77A7000 \SystemRoot\System32\watchdog.sys
  0xBD000000 \SystemRoot\System32\drivers\dxg.sys
  0xB699C000 \SystemRoot\System32\drivers\dxgthk.sys
  0xBD012000 \SystemRoot\System32\nv4_disp.dll
  0xBD5B5000 \SystemRoot\System32\ATMFD.DLL
  0xB6009000 \SystemRoot\system32\DRIVERS\fssfltr_tdi.sys
  0xB310E000 \SystemRoot\system32\DRIVERS\irda.sys
  0xB3174000 \SystemRoot\system32\DRIVERS\ndisuio.sys
  0xB2F01000 \SystemRoot\system32\DRIVERS\mrxdav.sys
  0xF7993000 \SystemRoot\System32\Drivers\ParVdm.SYS
  0xB2C01000 \SystemRoot\system32\DRIVERS\srv.sys
  0xB2890000 \SystemRoot\system32\drivers\wdmaud.sys
  0xB32E4000 \SystemRoot\system32\drivers\sysaudio.sys
  0xB0721000 \??\C:\DOKUME~1\Mirau\LOKALE~1\Temp\pgtdypow.sys
  0xB01F8000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
  0x7C910000 \WINDOWS\system32\ntdll.dll

Processes (total 38):
       0 System Idle Process
       4 System
     960 C:\WINDOWS\system32\smss.exe
    1028 csrss.exe
    1052 C:\WINDOWS\system32\winlogon.exe
    1096 C:\WINDOWS\system32\services.exe
    1108 C:\WINDOWS\system32\lsass.exe
    1268 C:\WINDOWS\system32\nvsvc32.exe
    1308 C:\WINDOWS\system32\svchost.exe
    1416 svchost.exe
    1544 C:\WINDOWS\system32\svchost.exe
    1580 C:\Programme\Ahead\InCD\InCDsrv.exe
    1804 svchost.exe
    2032 C:\WINDOWS\system32\spoolsv.exe
     340 svchost.exe
     376 C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
     388 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
     472 C:\Programme\Bonjour\mDNSResponder.exe
     508 C:\Programme\Gemeinsame Dateien\MAGIX Services\Database\bin\FABS.exe
     892 C:\Programme\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
    1528 C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
    1564 C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE
    3528 alg.exe
    2308 C:\WINDOWS\explorer.exe
    1760 C:\WINDOWS\RTHDCPL.exe
    2884 C:\WINDOWS\system32\rundll32.exe
    3060 C:\Programme\iTunes\iTunesHelper.exe
     264 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe
    3516 C:\WINDOWS\system32\ctfmon.exe
    3800 C:\Programme\Logitech\SetPoint\SetPoint.exe
    1456 C:\Programme\OpenOffice.org 3\program\soffice.exe
     972 C:\Programme\OpenOffice.org 3\program\soffice.bin
    2188 C:\Programme\iPod\bin\iPodService.exe
    1100 C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
    2952 PresentationFontCache.exe
     844 C:\Programme\Mozilla Firefox\firefox.exe
     668 C:\Programme\Kaspersky Lab\Kaspersky Internet Security 2011\klwtblfs.exe
    2628 C:\Dokumente und Einstellungen\Mirau\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`007e0000  (NTFS)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000020`a686b200  (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 3.AAF   

      Size  Device Name          MBR Status
  --------------------------------------------
    232 GB  \\.\PhysicalDrive0   Windows XP MBR code detected
            SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11


Done!
         

Alt 04.03.2011, 23:02   #11
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



Sieht ok aus. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs.
Denk dran beide Tools zu updaten vor dem Scan!!
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.03.2011, 11:46   #12
Danny01
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



hier schonmal malewarebytes

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Datenbank Version: 5972

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

06.03.2011 11:45:06
mbam-log-2011-03-06 (11-45-06).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Durchsuchte Objekte: 262948
Laufzeit: 1 Stunde(n), 50 Minute(n), 53 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
         
problem ist erstmal beseitigt, heisst icq geht wieder, internet explorer geht auch wieder.

Alt 06.03.2011, 14:24   #13
Danny01
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 03/06/2011 at 02:11 PM

Application Version : 4.49.1000

Core Rules Database Version : 6538
Trace Rules Database Version: 4350

Scan type       : Complete Scan
Total Scan Time : 02:16:35

Memory items scanned      : 500
Memory threats detected   : 0
Registry items scanned    : 7384
Registry threats detected : 5
File items scanned        : 181754
File threats detected     : 6

Adware.IST/ISTBar (Slotch Bar)
	HKCR\Pugi.PugiObj
	HKCR\Pugi.PugiObj\CLSID
	HKCR\Pugi.PugiObj\CurVer
	HKCR\Pugi.PugiObj.1
	HKCR\Pugi.PugiObj.1\CLSID

Adware.Tracking Cookie
	www.naiadsystems.com [ C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\BFGTW76Z ]
	agf.com [ C:\Dokumente und Einstellungen\Mirau\Anwendungsdaten\Macromedia\Flash Player\#SharedObjects\BFGTW76Z ]

Trojan.Agent/Gen-FakeDrop
	C:\PROGRAMME\UNINSTAL_STRECKENEDITOR.EXE
	C:\SYSTEM VOLUME INFORMATION\_RESTORE{DF01F75A-8918-4465-A337-7FE57BB2E57D}\RP605\A0863095.EXE
	D:\SYSTEM VOLUME INFORMATION\_RESTORE{DF01F75A-8918-4465-A337-7FE57BB2E57D}\RP610\A0864382.EXE

Trojan.Agent/Gen-FakeAV
	C:\PROGRAMME\WINRAR\DEFAULT.SFX
         

Alt 07.03.2011, 15:56   #14
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



Nur Überreste und Cookies, ist harmlos.
Noch Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 07.03.2011, 17:33   #15
Danny01
 
ieframe.dll acr_error - Standard

ieframe.dll acr_error



nö zur zeit ist alles wieder schick... hoffentlich brauch ich hier nich nochmal hilfe tolles forum!


Antwort

Themen zu ieframe.dll acr_error
anti-malware, computer, error, explorer, gmx, google, icq, ie7, ieframe.dll, internet, internet explorer, live, meldung, messenger, nicht mehr, problem, probleme, programm, programme, registerkarte, seite, seiten, windows, windows live, youtube, öffnen



Ähnliche Themen: ieframe.dll acr_error


  1. Problem res://ieframe.dll/acr_error
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (6)
  2. IE9 Windows 7: res://ieframe.dll.acr_depnx_error.htm
    Plagegeister aller Art und deren Bekämpfung - 12.11.2012 (5)
  3. res://ieframe.dll/acr_error.htm#, IE 9
    Plagegeister aller Art und deren Bekämpfung - 28.08.2012 (3)
  4. Internet Explorer öffnet Webseite auf Vollbild die zu einem DNS ERROR führt: res://ieframe.dll
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (3)
  5. res://ieframe.dll/acr_error.htm#google.de
    Plagegeister aller Art und deren Bekämpfung - 12.01.2011 (7)
  6. res://ieframe.dll.acr_error Internet Explorer
    Plagegeister aller Art und deren Bekämpfung - 04.01.2011 (1)
  7. was für ein Problem res://ieframe.dll/navcancl.htm#xxxx://wi
    Log-Analyse und Auswertung - 23.11.2008 (2)

Zum Thema ieframe.dll acr_error - hallo. ich habe mir heut dummerweise auf einer forenseite irgendwas eingefangen. Die hab ich öfter besucht, aber nie war etwas. Google hat zwar vorher gewarnt aber ich hab mir nix - ieframe.dll acr_error...
Archiv
Du betrachtest: ieframe.dll acr_error auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.