| |
| |||||||
Log-Analyse und Auswertung: PC verhält sich wie mit 64MB Ram merkwürdige CPU AuslastungWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
14.01.2013, 07:35
| #1 |
 |  PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung Hallo, mein PC macht seit gestern Probleme. Er ist extrem langsam und verhält sich als ob er nur 64MB Ram hätte. Die CPU Auslastung schwankt immer von 40-60% Auslastung obwohl im Taskmanager alle Auslastungen auf 0% stehen. Der Systemstart dauert schon eine Ewigkeit. Festplatte überprüft mit Crystal Disk Info = Gut ComboFix, Kaspersky Virus Removal Tool und Mailware Antibytes durchlaufen lassen ohne Befund und ohne Problemlösung. Eset Online Scan durchgeführt keine ohne erkannte Viren. Code:
ATTFilter OTL logfile created on: 13.01.2013 20:42:46 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Rose\Desktop Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,12 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 60,51% Memory free 4,97 Gb Paging File | 3,77 Gb Available in Paging File | 75,99% Paging File free Paging file location(s): C:\pagefile.sys 2048 4096 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 155,25 Gb Total Space | 98,67 Gb Free Space | 63,55% Space Free | Partition Type: NTFS Drive D: | 310,50 Gb Total Space | 132,50 Gb Free Space | 42,67% Space Free | Partition Type: NTFS Drive E: | 233,58 Gb Total Space | 178,29 Gb Free Space | 76,33% Space Free | Partition Type: NTFS Drive G: | 232,18 Gb Total Space | 67,34 Gb Free Space | 29,00% Space Free | Partition Type: NTFS Computer Name: WORKSTATION | User Name: Rose | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - File not found -- PRC - [2013.01.13 21:38:41 | 000,717,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\temp\RarSFX0\5926726.exe PRC - [2013.01.13 21:38:37 | 000,458,208 | ---- | M] (Kaspersky Lab) -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\temp\9519004\5926726.exe PRC - [2013.01.13 19:14:50 | 151,797,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\setup_11.0.0.1245.x01_2013_01_13_21_37.exe PRC - [2013.01.13 19:07:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rose\Desktop\OTL.exe PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe PRC - [2012.11.21 13:02:20 | 000,546,504 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Online Scanner\OnlineScannerApp.exe PRC - [2012.11.21 13:02:14 | 000,579,464 | ---- | M] () -- C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe PRC - [2012.11.01 15:34:30 | 001,162,360 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe PRC - [2012.11.01 15:34:28 | 002,717,816 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe PRC - [2012.10.31 09:19:52 | 000,403,416 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe PRC - [2012.10.23 17:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe PRC - [2012.09.17 11:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe PRC - [2012.08.11 15:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe PRC - [2011.01.25 11:41:48 | 002,336,072 | ---- | M] (O&O Software GmbH) -- D:\Programme\OO Software\Defrag\oodag.exe PRC - [2009.10.20 16:25:08 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe PRC - [2008.09.16 14:18:32 | 000,024,653 | ---- | M] (Utimaco Safeware AG) -- C:\Programme\Utimaco\SafeGuard Easy\ecview.exe PRC - [2008.09.16 14:16:20 | 000,159,835 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SgeClient.exe PRC - [2008.09.16 14:11:58 | 000,163,931 | ---- | M] (Utimaco Safeware AG) -- C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe PRC - [2008.09.16 14:11:22 | 000,114,773 | ---- | M] (Utimaco Safeware AG) -- C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe PRC - [2008.04.14 07:52:46 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe PRC - [2005.03.31 11:27:00 | 000,061,440 | ---- | M] (Utimaco Safeware AG) -- C:\WINDOWS\system32\SgLogPlayer.exe PRC - [2004.06.01 15:38:16 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\gslsrvn.exe PRC - [2004.06.01 15:37:42 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\crppsrvn.exe PRC - [2003.02.22 16:41:18 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WFXSNT40.EXE PRC - [2003.02.22 16:41:18 | 000,027,648 | R--- | M] () -- D:\Programme\winfax\WFXSWTCH.exe ========== Modules (No Company Name) ========== MOD - [2013.01.13 21:38:41 | 000,717,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\temp\RarSFX0\5926726.exe MOD - [2013.01.13 19:14:50 | 151,797,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\setup_11.0.0.1245.x01_2013_01_13_21_37.exe MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU MOD - [2012.11.21 13:02:14 | 000,579,464 | ---- | M] () -- C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe MOD - [2012.11.01 15:34:02 | 000,092,792 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\avengine\sdkBSCtrl.dll MOD - [2012.10.23 17:40:08 | 000,109,688 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll MOD - [2008.09.16 14:18:12 | 000,016,477 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\EcView0407.dll MOD - [2008.09.16 14:17:52 | 000,016,477 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SgUicl.msg MOD - [2008.09.16 14:16:20 | 000,159,835 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SgeClient.exe MOD - [2008.09.16 14:16:12 | 000,057,440 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SGE_MSG0407.dll MOD - [2008.09.16 14:16:08 | 000,082,016 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SGE_ERR0407.dll MOD - [2008.09.16 14:12:00 | 000,024,576 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrvps.dll MOD - [2008.09.16 14:11:22 | 000,024,576 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SgeCtlps.Dll MOD - [2008.09.16 14:10:58 | 000,098,382 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\REFile.dll MOD - [2008.09.16 14:10:38 | 000,024,576 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SecClassFactoryPs.dll MOD - [2008.09.16 14:10:18 | 000,016,482 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SGE_INFO0407.dll MOD - [2007.08.16 12:33:38 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\loaddlln.dll MOD - [2007.04.12 11:36:40 | 000,835,584 | ---- | M] () -- C:\WINDOWS\system32\sgsamn.dll MOD - [2007.04.12 11:35:06 | 000,110,592 | ---- | M] () -- C:\WINDOWS\system32\a11layn.dll MOD - [2006.11.27 14:11:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\uswerrln.dll MOD - [2005.09.24 10:10:56 | 001,212,416 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU MOD - [2004.06.01 15:38:16 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\gslsrvn.exe MOD - [2004.06.01 15:37:42 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\crppsrvn.exe MOD - [2004.06.01 15:37:24 | 000,102,400 | ---- | M] () -- C:\WINDOWS\system32\craservn.dll MOD - [2004.06.01 15:37:12 | 000,323,584 | ---- | M] () -- C:\WINDOWS\system32\cmbase2n.dll MOD - [2004.06.01 15:37:06 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\cmbasen.dll MOD - [2003.02.22 16:41:18 | 000,027,648 | R--- | M] () -- D:\Programme\winfax\WFXSWTCH.exe MOD - [2000.02.14 17:36:20 | 000,012,800 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WFXPNT40.DLL ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService) SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - File not found [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn) SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service) SRV - [2013.01.11 11:08:00 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.10 13:14:16 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8) SRV - [2012.11.01 15:34:30 | 001,162,360 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService) SRV - [2012.10.31 09:19:52 | 000,403,416 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService) SRV - [2012.10.23 17:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service) SRV - [2012.08.11 15:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.03.01 00:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.01.25 11:41:48 | 002,336,072 | ---- | M] (O&O Software GmbH) [Auto | Running] -- D:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent) SRV - [2010.09.08 11:42:39 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (KMService) SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.09.10 14:51:39 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag) SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ) SRV - [2009.03.10 21:27:53 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service) SRV - [2008.09.16 14:16:20 | 000,159,835 | ---- | M] () [Auto | Running] -- C:\Programme\Utimaco\SafeGuard Easy\SgeClient.exe -- (SgeClient) SRV - [2008.09.16 14:11:58 | 000,163,931 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe -- (WksCfgSrv) SRV - [2008.09.16 14:11:22 | 000,114,773 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe -- (SgeCtl) SRV - [2008.05.29 08:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp) SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM) SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2005.03.31 11:27:00 | 000,061,440 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\WINDOWS\system32\SgLogPlayer.exe -- (SgLogPlayer) SRV - [2004.06.01 15:38:16 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\gslsrvn.exe -- (GSLSRV) SRV - [2004.06.01 15:37:42 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\crppsrvn.exe -- (CRPPSRV) SRV - [2000.03.07 15:38:48 | 000,128,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WinUSB.sys -- (WinUSB) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302AV.SYS -- (PID_08A0) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP) DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta) DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc) DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ppenysgp.sys -- (jjrd) DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard) DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\epfwtdir.sys -- (epfwtdir) DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\ehdrv.sys -- (ehdrv) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CM108.sys -- (CM1083264) DRV - File not found [Kernel | System | Stopped] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Rose\LOKALE~1\Temp\catchme.sys -- (catchme) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Camdrl.sys -- (CamDrL) DRV - [2013.01.13 21:37:36 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\06697164.sys -- (06697164) DRV - [2012.11.01 15:35:20 | 000,068,272 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsm.sys -- (pctplsm) DRV - [2012.11.01 15:35:14 | 000,202,280 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD) DRV - [2012.10.31 14:21:28 | 000,260,760 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi) DRV - [2012.10.28 12:40:26 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc) DRV - [2012.10.28 12:40:26 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt) DRV - [2012.10.23 17:40:32 | 000,062,688 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD) DRV - [2012.10.22 16:38:28 | 000,368,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore) DRV - [2012.02.28 11:43:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA) DRV - [2012.02.28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS) DRV - [2012.01.18 14:55:56 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio) DRV - [2012.01.18 14:55:54 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio) DRV - [2012.01.17 13:45:58 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA) DRV - [2011.08.02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl) DRV - [2010.07.06 11:26:54 | 006,088,296 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) DRV - [2010.07.06 11:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp) DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter) DRV - [2009.11.18 00:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt) DRV - [2009.11.18 00:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt) DRV - [2009.08.24 16:21:46 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2009.07.02 15:40:12 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt) DRV - [2009.07.02 15:40:12 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt) DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt) DRV - [2009.06.17 17:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE) DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.06.17 17:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou) DRV - [2009.06.17 17:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd) DRV - [2009.04.29 14:10:43 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio) DRV - [2009.04.08 13:20:06 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP) DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk) DRV - [2009.03.11 20:15:12 | 000,051,072 | ---- | M] (Animation Technologies Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\M9207_543.sys -- (M9207) DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm) DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic) DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt) DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex) DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus) DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5) DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl) DRV - [2008.09.26 09:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE) DRV - [2008.09.16 14:19:16 | 000,019,712 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AES256.sys -- (AES-256) DRV - [2008.09.16 14:19:12 | 000,063,488 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SGEFLT.sys -- (SgeFlt) DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd) DRV - [2008.05.27 02:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MHIKEY10.sys -- (MHIKEY10) DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic) DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5) DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl) DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm) DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt) DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex) DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus) DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE) DRV - [2008.04.14 00:10:32 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi) DRV - [2008.01.24 09:36:16 | 004,127,488 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM) DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri) DRV - [2007.01.11 17:20:06 | 000,194,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB) DRV - [2006.09.18 13:48:22 | 000,030,329 | ---- | M] (NAVMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Navcar.sys -- (Navcar) DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen) DRV - [2005.10.16 06:00:00 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk) DRV - [2004.06.09 02:00:00 | 000,547,840 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (FXUSBASE) DRV - [2004.06.09 02:00:00 | 000,053,120 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN) DRV - [2004.04.30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus) DRV - [2004.04.30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi) DRV - [2004.03.10 13:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr) DRV - [2001.08.17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {6C87E8C6-E5A7-4E11-BDEB-21D5974A064F} IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC IE - HKCU\..\SearchScopes\{424A3E04-7B92-4648-A5FB-94DA349A731C}: "URL" = hxxp://redirect.t-online.de/index.php?rdid=8&q={searchTerms} IE - HKCU\..\SearchScopes\{6C87E8C6-E5A7-4E11-BDEB-21D5974A064F}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Web Search" FF - prefs.js..browser.search.order.1: "Web Search" FF - prefs.js..browser.search.selectedEngine: "Web Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: djziggy%40gmail.com:2.0.7 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\npNxGameUS.dll (Nexon) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.28 22:23:58 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2013.01.13 08:44:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.11 11:08:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.11 11:07:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird [2011.02.21 11:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Extensions [2011.01.19 08:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com [2012.12.12 04:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions [2010.11.13 14:33:58 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66} [2012.10.14 04:43:46 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\de-DE@dictionaries.addons.mozilla.org [2012.10.12 10:29:45 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\djziggy@gmail.com [2012.12.12 04:44:14 | 000,036,098 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.24 08:44:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.01.11 11:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.01.11 11:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2013.01.11 11:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.01.11 11:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012.06.16 09:33:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2013.01.11 11:08:02 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll [2008.09.15 10:50:46 | 000,376,832 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npsnapfish.dll [2012.10.17 18:09:59 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.17 18:09:59 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml [2012.10.17 18:09:59 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml [2012.10.17 18:09:59 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.17 18:09:59 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.17 18:09:59 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.60\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.60\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.60\gcswf32.dll CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\plugins\np-mswmp.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Programme\Mozilla Firefox\plugins\npsnapfish.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll CHR - plugin: Nexon Game Controller (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\npNxGameUS.dll CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.0.51204.0\npctrl.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ O1 HOSTS File: ([2013.01.13 11:25:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found. O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.) O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [EdWizard] C:\Programme\Utimaco\SafeGuard Easy\EdWizard.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools) O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe () O4 - HKLM..\Run: [OODefragTray] D:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [SgeEcView] C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe (Utimaco Safeware AG) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [WFXSwtch] d:\Programme\winfax\WFXSWTCH.exe () O4 - HKLM..\Run: [WinFaxAppPortStarter] C:\WINDOWS\System32\WFXSNT40.EXE (Microsoft Corporation) O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\_uninst_06697164.lnk = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\temp\_uninst_06697164.bat () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - D:\Programme\LingoCom\Translator.lnk File not found O9 - Extra 'Tools' menuitem : Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - D:\Programme\LingoCom\Translator.lnk File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37) O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B4E3CF1-7467-44C1-903D-B1290A3EA6E0}: DhcpNameServer = 192.168.3.1 O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: GinaDLL - (SGGINA.DLL) - C:\WINDOWS\System32\Sggina.dll (Utimaco Safeware AG) O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O20 - Winlogon\Notify\NotLog: DllName - (SGLogEx.dll) - C:\WINDOWS\System32\SGLogEx.dll (Utimaco Safeware AG) O20 - Winlogon\Notify\SGLogNotification: DllName - (SGLogNotification.dll) - C:\WINDOWS\System32\SGLogNotification.dll (Utimaco Safeware AG) O20 - Winlogon\Notify\sgsam: DllName - (sgsamn.dll) - C:\WINDOWS\System32\sgsamn.dll () O24 - Desktop Components:0 () - hxxp://i.ebayimg.com/09/%21BV6Ou1QBGk%7E$%28KGrHgoH-D8EjlLlzKDlBKU5kc51yg%7E%7E_12.JPG O24 - Desktop Components:1 () - hxxp://i.ebayimg.com/16/%21BbEuJTQ%212k%7E$%28KGrHgoH-DMEjlLlvjJvBKuR5ljO9Q%7E%7E_12.JPG O24 - Desktop Components:2 () - file:///C:/DOKUME~1/Rose/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg O24 - Desktop Components:3 () - file:///C:/DOKUME~1/Rose/LOKALE~1/Temp/msohtmlclip1/01/clip_image001.jpg O24 - Desktop Components:4 (Die derzeitige Homepage) - About:Home O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - d:\Programme\winfax\WFXSEH32.DLL (Symantec Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.01.13 20:53:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER [2013.01.13 20:31:43 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Rose\Desktop\esetsmartinstaller_enu.exe [2013.01.13 20:19:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET [2013.01.13 20:19:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET [2013.01.13 19:45:54 | 001,378,744 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Rose\Desktop\eset_nod32_antivirus_live_installer.exe [2013.01.13 19:24:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood [2013.01.13 19:21:53 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\06697164.sys [2013.01.13 19:06:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rose\Desktop\OTL.exe [2013.01.13 14:34:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.01.13 11:36:20 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2013.01.13 11:36:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware [2013.01.13 11:34:52 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Rose\Desktop\mbam-setup-1.70.0.1100.exe [2013.01.13 11:33:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Threat Expert [2013.01.13 10:17:36 | 000,000,000 | RHSD | C] -- C:\cmdcons [2013.01.13 10:13:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2013.01.13 10:13:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2013.01.13 10:13:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2013.01.13 10:13:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2013.01.13 10:12:46 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.01.13 10:12:18 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.01.13 10:10:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt [2013.01.13 09:37:40 | 005,021,655 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Rose\Desktop\ComboFix.exe [2013.01.13 08:44:11 | 000,062,688 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys [2013.01.13 08:44:09 | 002,280,568 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll [2013.01.13 08:44:09 | 001,690,744 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll [2013.01.13 08:44:09 | 000,150,648 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll [2013.01.13 08:34:42 | 000,260,760 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys [2013.01.13 08:34:01 | 000,019,464 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys [2013.01.13 08:34:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PC Tools Security [2013.01.13 08:33:27 | 000,071,752 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys [2013.01.13 08:33:26 | 000,068,272 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsm.sys [2013.01.13 08:22:07 | 000,909,728 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys [2013.01.13 08:22:07 | 000,342,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys [2013.01.13 08:20:48 | 000,368,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys [2013.01.13 08:20:48 | 000,163,288 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys [2013.01.13 08:19:29 | 000,202,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys [2013.01.13 08:19:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools [2013.01.13 08:16:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP [2013.01.13 08:16:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools [2013.01.13 08:16:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\TestApp [2013.01.13 07:43:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee [2013.01.12 13:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Desktop\lenovo [2013.01.11 11:07:39 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox [2013.01.08 10:27:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Desktop\Apple [2013.01.07 10:13:44 | 000,000,000 | ---D | C] -- C:\Programme\PhonerLite [2013.01.07 08:47:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Desktop\Faxe [2013.01.06 10:35:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\redsn0w [2012.12.27 16:54:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\NativeFus_Log [2012.12.27 16:54:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\CrashDump [2012.12.27 16:54:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Eigene Dateien\samsung [2012.12.26 21:33:54 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox [2012.12.25 20:02:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth [2012.12.19 20:37:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8 [2012.12.18 13:52:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Desktop\Oase [2012.12.18 13:31:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes [2012.12.18 13:31:06 | 000,000,000 | ---D | C] -- C:\Programme\iPod [2012.12.18 13:31:01 | 000,000,000 | ---D | C] -- C:\Programme\iTunes [2012.12.18 13:31:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2012.12.18 06:27:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Eigene Dateien\Sony [14 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.13 21:37:36 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\06697164.sys [2013.01.13 21:00:32 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job [2013.01.13 20:31:52 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Rose\Desktop\esetsmartinstaller_enu.exe [2013.01.13 20:28:44 | 000,756,999 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB [2013.01.13 20:16:24 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job [2013.01.13 20:15:30 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2013.01.13 19:46:11 | 001,378,744 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Rose\Desktop\eset_nod32_antivirus_live_installer.exe [2013.01.13 19:27:53 | 000,000,852 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\_uninst_06697164.lnk [2013.01.13 19:14:50 | 151,797,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\setup_11.0.0.1245.x01_2013_01_13_21_37.exe [2013.01.13 19:07:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rose\Desktop\OTL.exe [2013.01.13 18:46:08 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013.01.13 18:43:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2013.01.13 18:42:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013.01.13 11:35:16 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Rose\Desktop\mbam-setup-1.70.0.1100.exe [2013.01.13 11:25:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2013.01.13 10:18:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini [2013.01.13 10:04:32 | 003,696,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2013.01.13 09:46:34 | 000,000,210 | ---- | M] () -- C:\Boot.bak [2013.01.13 09:37:51 | 005,021,655 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Rose\Desktop\ComboFix.exe [2013.01.13 07:58:32 | 000,506,266 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2013.01.13 07:58:32 | 000,484,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2013.01.13 07:58:32 | 000,080,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2013.01.13 07:58:31 | 000,096,220 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2013.01.12 21:15:16 | 000,371,063 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Unbenannt-1.jpg [2013.01.12 21:04:31 | 000,023,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\eBay Kleinanzeigen _ Kostenlos. Eipc.pdf [2013.01.12 20:44:26 | 000,031,458 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\eBay Kleinanzeigen _ Kostenlos. Einfach. Lokal.pdf [2013.01.10 19:00:14 | 000,081,642 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Mehrfamilienhaus Hemer.pdf [2013.01.10 15:18:00 | 000,019,229 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\184697.JPG [2013.01.10 15:15:09 | 000,010,322 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\694908.JPG [2013.01.10 13:14:16 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe [2013.01.10 13:14:15 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl [2013.01.10 12:35:54 | 000,020,013 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Paketschein(1).pdf [2013.01.09 18:51:28 | 000,020,050 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Paketschein.pdf [2013.01.08 20:03:32 | 000,050,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\2013-01-08 20.03.32.png [2013.01.08 14:51:26 | 000,001,086 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella [2013.01.08 11:49:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2013.01.08 09:21:12 | 000,232,373 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ngpowertools.rar [2013.01.08 09:20:44 | 000,037,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\v7xxxbewerbungssystem50.zip [2013.01.08 09:20:01 | 000,210,047 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\devgermany_5.rar [2013.01.07 10:21:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini [2013.01.06 07:00:31 | 000,000,413 | ---- | M] () -- C:\wakeuptoken.info [2013.01.06 06:37:08 | 000,077,856 | ---- | M] () -- C:\BACKUP.svf [2013.01.04 18:21:38 | 000,155,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Eigene Dateien\Werbung.pdf [2013.01.04 18:20:29 | 001,391,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ohne greenwodd werbung.jpg [2013.01.04 18:18:00 | 021,081,752 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ohne greenwodd werbung.psd [2012.12.26 21:34:04 | 000,001,011 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\Dropbox.lnk [2012.12.26 21:33:39 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Dropbox.lnk [2012.12.25 20:02:24 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2012.12.25 19:59:19 | 024,442,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\GoogleEarthWin.exe [2012.12.20 06:36:33 | 000,000,610 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk [2012.12.18 13:31:38 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.12.18 10:06:54 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll [2012.12.18 09:57:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll [2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll [14 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.13 19:27:53 | 000,000,852 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\_uninst_06697164.lnk [2013.01.13 19:08:10 | 151,797,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\setup_11.0.0.1245.x01_2013_01_13_21_37.exe [2013.01.13 10:18:00 | 000,000,210 | ---- | C] () -- C:\Boot.bak [2013.01.13 10:17:54 | 000,262,448 | RHS- | C] () -- C:\cmldr [2013.01.13 10:13:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe [2013.01.13 10:13:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe [2013.01.13 10:13:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe [2013.01.13 10:13:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe [2013.01.13 10:13:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe [2013.01.13 08:44:09 | 000,769,144 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll [2013.01.13 08:44:09 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip [2013.01.13 08:44:09 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml [2013.01.13 08:44:09 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml [2013.01.13 08:44:09 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip [2013.01.13 08:22:13 | 000,756,999 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB [2013.01.12 21:15:07 | 000,371,063 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Unbenannt-1.jpg [2013.01.12 21:04:31 | 000,023,586 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\eBay Kleinanzeigen _ Kostenlos. Eipc.pdf [2013.01.12 20:44:26 | 000,031,458 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\eBay Kleinanzeigen _ Kostenlos. Einfach. Lokal.pdf [2013.01.10 19:00:14 | 000,081,642 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Mehrfamilienhaus Hemer.pdf [2013.01.10 15:18:00 | 000,019,229 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\184697.JPG [2013.01.10 15:15:08 | 000,010,322 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\694908.JPG [2013.01.10 12:35:54 | 000,020,013 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Paketschein(1).pdf [2013.01.09 18:51:27 | 000,020,050 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Paketschein.pdf [2013.01.08 20:05:17 | 000,050,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\2013-01-08 20.03.32.png [2013.01.08 09:21:11 | 000,232,373 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ngpowertools.rar [2013.01.08 09:20:44 | 000,037,744 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\v7xxxbewerbungssystem50.zip [2013.01.08 09:20:01 | 000,210,047 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\devgermany_5.rar [2013.01.06 07:00:31 | 000,000,413 | ---- | C] () -- C:\wakeuptoken.info [2013.01.04 18:21:38 | 000,155,816 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Eigene Dateien\Werbung.pdf [2013.01.04 18:20:21 | 001,391,496 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ohne greenwodd werbung.jpg [2013.01.04 18:18:00 | 021,081,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ohne greenwodd werbung.psd [2012.12.30 09:03:15 | 000,484,086 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2052111302-1935655697-725345543-1003-0.dat [2012.12.25 20:02:24 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk [2012.12.25 19:59:02 | 024,442,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\GoogleEarthWin.exe [2012.12.18 13:31:38 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk [2012.10.12 16:02:04 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\.recently-used.xbel [2012.10.12 15:55:19 | 000,000,037 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\.gtk-bookmarks [2012.07.18 09:42:03 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini [2012.06.04 19:01:44 | 000,922,184 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe [2012.06.04 19:01:44 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys [2012.06.04 19:01:43 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys [2012.05.06 23:52:32 | 000,484,086 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat [2012.02.15 06:44:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2012.01.03 08:28:06 | 002,570,286 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe [2011.11.29 20:13:49 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat [2011.11.29 20:13:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat [2011.11.29 20:13:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat [2011.11.29 20:13:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat [2011.11.29 20:13:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat [2011.11.29 20:13:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini [2011.11.29 20:13:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat [2011.11.29 20:13:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat [2011.11.29 20:13:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat [2011.11.29 20:13:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat [2011.11.29 20:13:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat [2011.11.29 20:13:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat [2011.11.29 20:13:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat [2011.11.29 20:13:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat [2011.11.29 20:13:48 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat [2011.11.29 20:13:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat [2011.11.29 20:13:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat [2011.11.29 20:13:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat [2011.11.29 20:13:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat [2011.11.28 12:01:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI [2011.11.28 11:54:00 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL [2011.11.28 11:54:00 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI [2011.11.28 11:53:54 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL [2011.11.08 13:42:11 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data [2011.07.15 13:12:52 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin [2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll [2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll [2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll [2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll [2011.04.25 13:49:41 | 000,094,208 | ---- | C] () -- C:\WINDOWS\AKDeInstall.exe [2011.04.23 19:10:51 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE [2011.04.23 19:10:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hsduinst.exe [2011.04.23 19:10:51 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat [2011.03.11 20:21:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin [2011.03.11 20:21:40 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin [2011.03.11 20:21:40 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin [2011.03.11 20:16:14 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe [2011.03.11 18:39:38 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll [2011.03.01 13:57:58 | 000,000,201 | ---- | C] () -- C:\WINDOWS\OPLB.INI [2011.03.01 13:57:26 | 000,000,808 | ---- | C] () -- C:\WINDOWS\System32\OKIPAR.DAT [2011.02.24 17:22:07 | 000,109,404 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat [2011.01.28 11:07:31 | 000,000,030 | ---- | C] () -- C:\WINDOWS\USDL_GrandPrix_v1.6.4_XP.INI [2010.12.29 17:57:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt [2010.12.19 10:48:10 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db [2009.07.04 19:05:08 | 000,000,928 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\winsys.lng [2009.07.04 19:05:08 | 000,000,928 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\krc6utae.usf [2009.06.17 11:40:28 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys [2009.05.27 13:01:49 | 000,069,632 | ---- | C] () -- C:\Programme\system.mdw [2009.05.09 20:22:19 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\$_hpcst$.hpc [2009.03.03 23:35:43 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.03.03 12:24:57 | 000,061,952 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.03.03 15:01:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.10.16 02:00:25 | 001,778,688 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 479 bytes -> C:\Dokumente und Einstellungen\Rose\Desktop\2013-01-08 20.03.32.png:com.dropbox.attributes @Alternate Data Stream - 163 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2 @Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:430C6D84 < End of report >  Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-14 07:41:07
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_HD502IJ rev.1AA01112 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\DOKUME~1\Rose\LOKALE~1\Temp\kgrorpow.sys
---- Kernel code sections - GMER 2.0 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB1D223C0, 0x95B7EA, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xACB24300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xAE77F300, 0x1BEE, 0xE8000020]
? system32\DRIVERS\5926726drv.sys Das System kann den angegebenen Pfad nicht finden. !
---- User code sections - GMER 2.0 ----
.text D:\Programme\OO Software\Defrag\oodag.exe[1668] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes JMP 00401340 D:\Programme\OO Software\Defrag\oodag.exe (O&O Defrag Free Edition Agent (Win32)/O&O Software GmbH)
.text C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe[1964] kernel32.dll!CreateThread + 1A 7C810721 4 Bytes CALL 00450055 C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools Security Component/PC Tools)
? C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] USER32.dll!AlignRects 7E362A78 4 Bytes [70, 11, 34, 6C] {JO 0x13; XOR AL, 0x6c}
.text C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe[3348] kernel32.dll!CreateThread + 1A 7C810721 4 Bytes CALL 004508F9 C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools Security Component/PC Tools)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 0150ED80 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01855505 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018554E2 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 015253B7 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] GDI32.dll!SetDIBitsToDevice + 20A 77EF9E14 7 Bytes JMP 01855463 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- User IAT/EAT - GMER 2.0 ----
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 000301D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00030240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 000302B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00030320
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00BD0860
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00BD08D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00BD0940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00BD09B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00BD0A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BD0A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 00030550
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 000305C0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00030630
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 000306A0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00BD0B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00BD0B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00BD0BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BD0C50
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00BD0CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00BD0D30
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00BD0DA0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00BD0E10
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 000307F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00030860
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 000308D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 00030940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 000309B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BD0E80
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00BD0EF0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00BD0F60
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7C9E0550
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7C9E05C0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7C9E0630
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 00030A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 00030A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 7C9E06A0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 7C9E0710
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0780
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7C9E07F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0860
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7C9E08D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7C9E0940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7C9E09B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 7C9E0A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00030CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00030D30
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 7C9E0B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7C9E0B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7C9E0BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7C9E0C50
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7C9E0CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00030DA0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00030E10
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 00BE0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BE02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00BE0320
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00BE0390
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00BE0400
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00BE0470
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00BE04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00BE0550
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7C9D0630
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 7C9D06A0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 7C9D0710
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00BE05C0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7C9D08D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7C9D0940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7C9D0B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BE0710
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00BE0780
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00BE07F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00BE0860
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00BE08D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00BE0940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00BE09B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00BE0A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00BE0A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00BE0B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7C9D0B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BE0B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00BE0BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00BE0C50
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00BE0CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00BE0D30
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00BE0DA0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00BE0E10
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00BE0E80
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00BE0EF0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7C9D0BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00BE0F60
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00BF0010
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00BF0080
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00BF00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00BF0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00BF01D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00BF0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00BF02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00BF0320
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00BF0390
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00BF0400
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 7C9D0E80
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BF0470
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7C9D0EF0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C00A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree] 7C9D02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc] 7C9D0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00C104E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00C10550
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00C105C0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00C10630
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00C10A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00C10A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00C10B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00C10B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00C10BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00C10C50
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00C10CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00C10D30
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C10DA0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7C9D0080
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7C9E0400
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7C9D0010
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7C9D0080
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7C9D01D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7C9D01D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7C9D0080
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7C9D0010
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 7C9E0320
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 7C9E0390
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 7C9E01D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 7C9E0400
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 7C9E0470
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 7C9E0390
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW] 7C9E01D0
---- Modules - GMER 2.0 ----
Module _________ B79A0000-B79B8000 (98304 bytes)
---- Registry - GMER 2.0 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 96
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\iexplore@Count 1880
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49B4-9D64-90988571CECB}\iexplore@Count 1880
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Count 1880
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59D52CC8-1505-7D01-261A-434289051449}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59D52CC8-1505-7D01-261A-434289051449}@iakcjfdcohfglejhif 0x69 0x61 0x6D 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59D52CC8-1505-7D01-261A-434289051449}@haecpblmnmlkmfmh 0x6A 0x61 0x67 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59D52CC8-1505-7D01-261A-434289051449}@iagfbebkddiiekdloc 0x63 0x61 0x6E 0x6C ...
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 2.0 ----
|
| Themen zu PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung |
| antivirus, auslastung, bho, bonjour, browser, converter, error, eset nod32, festplatte, firefox, flash player, gebraucht, helper, kaspersky, langsam, logfile, microsoft office 2003, mozilla, mp3, nodrives, ntdll.dll, nvidia update, ohne befund, plug-in, realtek, registry, scan, security, software, symantec, taskmanager, virus |
Baum-Darstellung