| terpentin80 | 14.01.2013 07:35 |
PC verhält sich wie mit 64MB Ram merkwürdige CPU Auslastung
Hallo,
mein PC macht seit gestern Probleme. Er ist extrem langsam und verhält sich als ob er nur 64MB Ram hätte. Die CPU Auslastung schwankt immer von 40-60% Auslastung obwohl im Taskmanager alle Auslastungen auf 0% stehen.
Der Systemstart dauert schon eine Ewigkeit. Festplatte überprüft mit Crystal Disk Info = Gut
ComboFix, Kaspersky Virus Removal Tool und Mailware Antibytes durchlaufen lassen ohne Befund und ohne Problemlösung.
Eset Online Scan durchgeführt keine ohne erkannte Viren. Code:
OTL logfile created on: 13.01.2013 20:42:46 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\Rose\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,12 Gb Total Physical Memory | 1,89 Gb Available Physical Memory | 60,51% Memory free
4,97 Gb Paging File | 3,77 Gb Available in Paging File | 75,99% Paging File free
Paging file location(s): C:\pagefile.sys 2048 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 155,25 Gb Total Space | 98,67 Gb Free Space | 63,55% Space Free | Partition Type: NTFS
Drive D: | 310,50 Gb Total Space | 132,50 Gb Free Space | 42,67% Space Free | Partition Type: NTFS
Drive E: | 233,58 Gb Total Space | 178,29 Gb Free Space | 76,33% Space Free | Partition Type: NTFS
Drive G: | 232,18 Gb Total Space | 67,34 Gb Free Space | 29,00% Space Free | Partition Type: NTFS
Computer Name: WORKSTATION | User Name: Rose | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - File not found --
PRC - [2013.01.13 21:38:41 | 000,717,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\temp\RarSFX0\5926726.exe
PRC - [2013.01.13 21:38:37 | 000,458,208 | ---- | M] (Kaspersky Lab) -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\temp\9519004\5926726.exe
PRC - [2013.01.13 19:14:50 | 151,797,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\setup_11.0.0.1245.x01_2013_01_13_21_37.exe
PRC - [2013.01.13 19:07:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rose\Desktop\OTL.exe
PRC - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe
PRC - [2012.11.21 13:02:20 | 000,546,504 | ---- | M] (ESET) -- C:\Programme\ESET\ESET Online Scanner\OnlineScannerApp.exe
PRC - [2012.11.21 13:02:14 | 000,579,464 | ---- | M] () -- C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
PRC - [2012.11.01 15:34:30 | 001,162,360 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe
PRC - [2012.11.01 15:34:28 | 002,717,816 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe
PRC - [2012.10.31 09:19:52 | 000,403,416 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe
PRC - [2012.10.23 17:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe
PRC - [2012.09.17 11:41:54 | 000,254,896 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe
PRC - [2012.08.11 15:43:06 | 000,055,184 | ---- | M] (Apple Inc.) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe
PRC - [2011.01.25 11:41:48 | 002,336,072 | ---- | M] (O&O Software GmbH) -- D:\Programme\OO Software\Defrag\oodag.exe
PRC - [2009.10.20 16:25:08 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Gemeinsame Dateien\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE
PRC - [2009.08.18 10:29:22 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVCM.EXE
PRC - [2009.07.20 12:30:50 | 000,813,584 | ---- | M] (Logitech, Inc.) -- C:\Programme\Logitech\SetPoint\SetPoint.exe
PRC - [2008.09.16 14:18:32 | 000,024,653 | ---- | M] (Utimaco Safeware AG) -- C:\Programme\Utimaco\SafeGuard Easy\ecview.exe
PRC - [2008.09.16 14:16:20 | 000,159,835 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SgeClient.exe
PRC - [2008.09.16 14:11:58 | 000,163,931 | ---- | M] (Utimaco Safeware AG) -- C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe
PRC - [2008.09.16 14:11:22 | 000,114,773 | ---- | M] (Utimaco Safeware AG) -- C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe
PRC - [2008.04.14 07:52:46 | 000,979,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2005.03.31 11:27:00 | 000,061,440 | ---- | M] (Utimaco Safeware AG) -- C:\WINDOWS\system32\SgLogPlayer.exe
PRC - [2004.06.01 15:38:16 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\gslsrvn.exe
PRC - [2004.06.01 15:37:42 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\crppsrvn.exe
PRC - [2003.02.22 16:41:18 | 000,045,568 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WFXSNT40.EXE
PRC - [2003.02.22 16:41:18 | 000,027,648 | R--- | M] () -- D:\Programme\winfax\WFXSWTCH.exe
========== Modules (No Company Name) ==========
MOD - [2013.01.13 21:38:41 | 000,717,768 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\temp\RarSFX0\5926726.exe
MOD - [2013.01.13 19:14:50 | 151,797,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\setup_11.0.0.1245.x01_2013_01_13_21_37.exe
MOD - [2012.12.18 15:28:26 | 000,301,056 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\PDFShell.DEU
MOD - [2012.11.21 13:02:14 | 000,579,464 | ---- | M] () -- C:\Programme\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
MOD - [2012.11.01 15:34:02 | 000,092,792 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\avengine\sdkBSCtrl.dll
MOD - [2012.10.23 17:40:08 | 000,109,688 | ---- | M] () -- C:\Program Files\PC Tools\PC Tools Security\BDT\BSPatch.dll
MOD - [2011.11.01 23:26:32 | 000,087,912 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\zlib1.dll
MOD - [2011.11.01 23:26:12 | 001,242,472 | ---- | M] () -- C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\libxml2.dll
MOD - [2011.05.28 21:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.07.20 12:27:14 | 000,017,936 | ---- | M] () -- C:\Programme\Logitech\SetPoint\khalwrapper.dll
MOD - [2008.09.16 14:18:12 | 000,016,477 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\EcView0407.dll
MOD - [2008.09.16 14:17:52 | 000,016,477 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SgUicl.msg
MOD - [2008.09.16 14:16:20 | 000,159,835 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SgeClient.exe
MOD - [2008.09.16 14:16:12 | 000,057,440 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SGE_MSG0407.dll
MOD - [2008.09.16 14:16:08 | 000,082,016 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SGE_ERR0407.dll
MOD - [2008.09.16 14:12:00 | 000,024,576 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrvps.dll
MOD - [2008.09.16 14:11:22 | 000,024,576 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SgeCtlps.Dll
MOD - [2008.09.16 14:10:58 | 000,098,382 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\REFile.dll
MOD - [2008.09.16 14:10:38 | 000,024,576 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SecClassFactoryPs.dll
MOD - [2008.09.16 14:10:18 | 000,016,482 | ---- | M] () -- C:\Programme\Utimaco\SafeGuard Easy\SGE_INFO0407.dll
MOD - [2007.08.16 12:33:38 | 000,024,576 | R--- | M] () -- C:\WINDOWS\system32\loaddlln.dll
MOD - [2007.04.12 11:36:40 | 000,835,584 | ---- | M] () -- C:\WINDOWS\system32\sgsamn.dll
MOD - [2007.04.12 11:35:06 | 000,110,592 | ---- | M] () -- C:\WINDOWS\system32\a11layn.dll
MOD - [2006.11.27 14:11:46 | 000,032,768 | ---- | M] () -- C:\WINDOWS\system32\uswerrln.dll
MOD - [2005.09.24 10:10:56 | 001,212,416 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\AdistRes.DEU
MOD - [2004.06.01 15:38:16 | 000,053,248 | ---- | M] () -- C:\WINDOWS\system32\gslsrvn.exe
MOD - [2004.06.01 15:37:42 | 000,081,920 | ---- | M] () -- C:\WINDOWS\system32\crppsrvn.exe
MOD - [2004.06.01 15:37:24 | 000,102,400 | ---- | M] () -- C:\WINDOWS\system32\craservn.dll
MOD - [2004.06.01 15:37:12 | 000,323,584 | ---- | M] () -- C:\WINDOWS\system32\cmbase2n.dll
MOD - [2004.06.01 15:37:06 | 000,090,112 | ---- | M] () -- C:\WINDOWS\system32\cmbasen.dll
MOD - [2003.02.22 16:41:18 | 000,027,648 | R--- | M] () -- D:\Programme\winfax\WFXSWTCH.exe
MOD - [2000.02.14 17:36:20 | 000,012,800 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\WFXPNT40.DLL
========== Services (SafeList) ==========
SRV - File not found [Auto | Stopped] -- C:\Programme\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4)
SRV - File not found [On_Demand | Stopped] -- C:\Programme\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - File not found [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - File not found [Auto | Running] -- C:\Programme\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - File not found [Auto | Stopped] -- C:\WINDOWS\system32\brsvc01a.exe -- (Brother XP spl Service)
SRV - [2013.01.11 11:08:00 | 000,115,760 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.10 13:14:16 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.14 10:17:04 | 003,467,768 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe -- (TeamViewer8)
SRV - [2012.11.01 15:34:30 | 001,162,360 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe -- (sdCoreService)
SRV - [2012.10.31 09:19:52 | 000,403,416 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2012.10.23 17:40:06 | 000,580,728 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files\PC Tools\PC Tools Security\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2012.08.11 15:43:06 | 000,055,184 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- D:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.01 00:58:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.01.25 11:41:48 | 002,336,072 | ---- | M] (O&O Software GmbH) [Auto | Running] -- D:\Programme\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV - [2010.09.08 11:42:39 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\system32\srvany.exe -- (KMService)
SRV - [2010.01.09 20:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.09.10 14:51:39 | 000,361,728 | ---- | M] (TuneUp Software GmbH) [On_Demand | Stopped] -- C:\WINDOWS\system32\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2009.08.18 10:29:22 | 001,529,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.20 12:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2009.03.10 21:27:53 | 000,069,632 | ---- | M] (Adobe Systems) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Adobe Systems Shared\Service\Adobelmsvc.exe -- (Adobe LM Service)
SRV - [2008.09.16 14:16:20 | 000,159,835 | ---- | M] () [Auto | Running] -- C:\Programme\Utimaco\SafeGuard Easy\SgeClient.exe -- (SgeClient)
SRV - [2008.09.16 14:11:58 | 000,163,931 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\Programme\Utimaco\SafeGuard Easy\WksCfgSrv.exe -- (WksCfgSrv)
SRV - [2008.09.16 14:11:22 | 000,114,773 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\Programme\Utimaco\SafeGuard Easy\SgeCtl.exe -- (SgeCtl)
SRV - [2008.05.29 08:28:54 | 000,028,416 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2005.04.04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2005.03.31 11:27:00 | 000,061,440 | ---- | M] (Utimaco Safeware AG) [Auto | Running] -- C:\WINDOWS\system32\SgLogPlayer.exe -- (SgLogPlayer)
SRV - [2004.06.01 15:38:16 | 000,053,248 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\gslsrvn.exe -- (GSLSRV)
SRV - [2004.06.01 15:37:42 | 000,081,920 | ---- | M] () [Auto | Running] -- C:\WINDOWS\system32\crppsrvn.exe -- (CRPPSRV)
SRV - [2000.03.07 15:38:48 | 000,128,512 | ---- | M] (Symantec Corporation) [Disabled | Stopped] -- C:\WINDOWS\system32\WFXSVC.EXE -- (wfxsvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\WinUSB.sys -- (WinUSB)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbmodem.sys -- (USBModem)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbdiag.sys -- (UsbDiag)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lgusbbus.sys -- (usbbus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SjyPkt.sys -- (SjyPkt)
DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\RimUsb.sys -- (RimUsb)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\LV302AV.SYS -- (PID_08A0)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\lv302af.sys -- (pepifilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 5\NTIOLib.sys -- (NTIOLib_1_0_4)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Programme\MSI\Live Update 5\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\massfilter.sys -- (massfilter)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\lvusbsta.sys -- (LVUSBSta)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | Boot | Stopped] -- System32\drivers\ppenysgp.sys -- (jjrd)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ewusbmdm.sys -- (hwdatacard)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\epfwtdir.sys -- (epfwtdir)
DRV - File not found [Kernel | Disabled | Running] -- system32\DRIVERS\ehdrv.sys -- (ehdrv)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\CM108.sys -- (CM1083264)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOKUME~1\Rose\LOKALE~1\Temp\catchme.sys -- (catchme)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\Camdrl.sys -- (CamDrL)
DRV - [2013.01.13 21:37:36 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\06697164.sys -- (06697164)
DRV - [2012.11.01 15:35:20 | 000,068,272 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplsm.sys -- (pctplsm)
DRV - [2012.11.01 15:35:14 | 000,202,280 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2012.10.31 14:21:28 | 000,260,760 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2012.10.28 12:40:26 | 000,025,200 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2012.10.28 12:40:26 | 000,012,400 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2012.10.23 17:40:32 | 000,062,688 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2012.10.22 16:38:28 | 000,368,616 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2012.02.28 11:43:06 | 000,909,728 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2012.02.28 11:43:00 | 000,342,168 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2012.01.18 14:55:56 | 000,016,472 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdrvio.sys -- (pwdrvio)
DRV - [2012.01.18 14:55:54 | 000,011,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\pwdspio.sys -- (pwdspio)
DRV - [2012.01.17 13:45:58 | 000,123,712 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvhda32.sys -- (NVHDA)
DRV - [2011.08.02 17:38:44 | 000,018,432 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\netaapl.sys -- (Netaapl)
DRV - [2010.07.06 11:26:54 | 006,088,296 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService)
DRV - [2010.07.06 11:13:10 | 000,234,392 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2009.12.22 02:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\usbfilter.sys -- (usbfilter)
DRV - [2009.11.18 00:17:00 | 001,395,800 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009.11.18 00:16:00 | 001,691,480 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2009.08.24 16:21:46 | 000,038,944 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv)
DRV - [2009.07.02 15:40:12 | 000,281,760 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\atksgt.sys -- (atksgt)
DRV - [2009.07.02 15:40:12 | 000,025,888 | ---- | M] () [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2009.06.17 17:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV - [2009.06.17 17:56:24 | 000,079,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2009.06.17 17:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 17:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.06.17 17:55:26 | 000,063,248 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042mou.Sys -- (L8042mou)
DRV - [2009.06.17 17:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV - [2009.04.29 14:10:43 | 000,005,248 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\giveio.sys -- (giveio)
DRV - [2009.04.08 13:20:06 | 000,002,368 | ---- | M] (AntiCracking) [Kernel | Auto | Running] -- C:\WINDOWS\system32\SVKP.sys -- (SVKP)
DRV - [2009.03.31 09:39:36 | 000,036,608 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009.03.11 20:15:12 | 000,051,072 | ---- | M] (Animation Technologies Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\M9207_543.sys -- (M9207)
DRV - [2008.10.21 09:22:48 | 000,114,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdm.sys -- (s0017mdm)
DRV - [2008.10.21 09:22:48 | 000,109,736 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017unic.sys -- (s0017unic)
DRV - [2008.10.21 09:22:48 | 000,108,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mgmt.sys -- (s0017mgmt)
DRV - [2008.10.21 09:22:48 | 000,104,616 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017obex.sys -- (s0017obex)
DRV - [2008.10.21 09:22:48 | 000,086,824 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017bus.sys -- (s0017bus)
DRV - [2008.10.21 09:22:48 | 000,026,024 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017nd5.sys -- (s0017nd5)
DRV - [2008.10.21 09:22:48 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0017mdfl.sys -- (s0017mdfl)
DRV - [2008.09.26 09:52:00 | 000,010,384 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2008.09.16 14:19:16 | 000,019,712 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\AES256.sys -- (AES-256)
DRV - [2008.09.16 14:19:12 | 000,063,488 | ---- | M] (Utimaco Safeware AG) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\SGEFLT.sys -- (SgeFlt)
DRV - [2008.08.26 10:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2008.05.27 02:52:18 | 000,051,072 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MHIKEY10.sys -- (MHIKEY10)
DRV - [2008.05.16 11:33:14 | 000,115,752 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016unic.sys -- (s0016unic)
DRV - [2008.05.16 11:33:14 | 000,025,512 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016nd5.sys -- (s0016nd5)
DRV - [2008.05.16 11:33:14 | 000,015,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdfl.sys -- (s0016mdfl)
DRV - [2008.05.16 11:33:12 | 000,120,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mdm.sys -- (s0016mdm)
DRV - [2008.05.16 11:33:12 | 000,114,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016mgmt.sys -- (s0016mgmt)
DRV - [2008.05.16 11:33:12 | 000,110,632 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016obex.sys -- (s0016obex)
DRV - [2008.05.16 11:33:12 | 000,089,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s0016bus.sys -- (s0016bus)
DRV - [2008.04.14 00:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2008.04.14 00:10:32 | 000,096,512 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\atapi.sys -- (atapi)
DRV - [2008.01.24 09:36:16 | 004,127,488 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\alcxwdm.sys -- (ALCXWDM)
DRV - [2008.01.09 12:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.01.11 17:20:06 | 000,194,304 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8187.sys -- (RTLWUSB)
DRV - [2006.09.18 13:48:22 | 000,030,329 | ---- | M] (NAVMAN) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Navcar.sys -- (Navcar)
DRV - [2006.07.24 16:05:00 | 000,005,632 | ---- | M] () [File_System | System | Running] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005.10.16 06:00:00 | 000,012,928 | ---- | M] (Bo Brantén) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\filedisk.sys -- (FileDisk)
DRV - [2004.06.09 02:00:00 | 000,547,840 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fxusbase.sys -- (FXUSBASE)
DRV - [2004.06.09 02:00:00 | 000,053,120 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2004.04.30 09:37:02 | 000,160,640 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347bus.sys -- (a347bus)
DRV - [2004.04.30 09:33:00 | 000,005,248 | ---- | M] ( ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\a347scsi.sys -- (a347scsi)
DRV - [2004.03.10 13:42:24 | 000,012,953 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\itchfltr.sys -- (itchfltr)
DRV - [2001.08.17 12:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\el90xbc5.sys -- (EL90XBC)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {6C87E8C6-E5A7-4E11-BDEB-21D5974A064F}
IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{424A3E04-7B92-4648-A5FB-94DA349A731C}: "URL" = hxxp://redirect.t-online.de/index.php?rdid=8&q={searchTerms}
IE - HKCU\..\SearchScopes\{6C87E8C6-E5A7-4E11-BDEB-21D5974A064F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2504091
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.order.1: "Web Search"
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: jqs%40sun.com:1.0
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: djziggy%40gmail.com:2.0.7
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: de-DE@dictionaries.addons.mozilla.org:2.0.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Programme\DivX\DivX Player\npDivxPlayerPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Programme\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Programme\Picasa2\npPicasa2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.3.21.53\npGoogleUpdate3.dll File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Programme\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.28 22:23:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\PC Tools\PC Tools Security\BDT\Firefox\ [2013.01.13 08:44:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2013.01.11 11:08:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.01.11 11:07:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Programme\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2011.02.21 11:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Extensions
[2011.01.19 08:05:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Extensions\home2@tomtom.com
[2012.12.12 04:44:14 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions
[2010.11.13 14:33:58 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2012.10.14 04:43:46 | 000,000,000 | ---D | M] (German Dictionary) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\de-DE@dictionaries.addons.mozilla.org
[2012.10.12 10:29:45 | 000,000,000 | ---D | M] (LavaFox V2-Blue) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\djziggy@gmail.com
[2012.12.12 04:44:14 | 000,036,098 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.24 08:44:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\Firefox\Profiles\o3mq8qri.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.01.11 11:07:42 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.11 11:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.01.11 11:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.01.11 11:07:42 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.06.16 09:33:37 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2013.01.11 11:08:02 | 000,262,704 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2008.09.15 10:50:46 | 000,376,832 | ---- | M] ( ) -- C:\Programme\mozilla firefox\plugins\npsnapfish.dll
[2012.10.17 18:09:59 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.17 18:09:59 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2012.10.17 18:09:59 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.17 18:09:59 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.17 18:09:59 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.17 18:09:59 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
========== Chrome ==========
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.60\pdf.dll
CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.60\gears.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\Application\11.0.696.60\gcswf32.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Mozilla\plugins\np-mswmp.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Programme\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: DivX Player Netscape Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\npDivxPlayerPlugin.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Programme\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Programme\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit) (Enabled) = C:\Programme\Mozilla Firefox\plugins\nppl3260.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.6.7 (Enabled) = C:\Programme\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprjplug.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Programme\Mozilla Firefox\plugins\nprpjplug.dll
CHR - plugin: Snapfish Plugin for Firefox (Enabled) = C:\Programme\Mozilla Firefox\plugins\npsnapfish.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Programme\Windows Media Player\npwmsdrm.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NexonUS\NGM\npNxGameUS.dll
CHR - plugin: Google Update (Enabled) = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Update\1.2.183.39\npGoogleOneClick8.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Programme\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Programme\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Programme\Microsoft Silverlight\4.0.51204.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Programme\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
O1 HOSTS File: ([2013.01.13 11:25:15 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - No CLSID value found.
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\PC Tools\PC Tools Security\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Programme\Gemeinsame Dateien\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [EdWizard] C:\Programme\Utimaco\SafeGuard Easy\EdWizard.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [ISTray] C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\nvmctray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Programme\NVIDIA Corporation\nview\nwiz.exe ()
O4 - HKLM..\Run: [OODefragTray] D:\Programme\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4 - HKLM..\Run: [SgeEcView] C:\Programme\Utimaco\SafeGuard Easy\Ecview.exe (Utimaco Safeware AG)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [WFXSwtch] d:\Programme\winfax\WFXSWTCH.exe ()
O4 - HKLM..\Run: [WinFaxAppPortStarter] C:\WINDOWS\System32\WFXSNT40.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Logitech SetPoint.lnk = C:\Programme\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\Dropbox.lnk = C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\_uninst_06697164.lnk = C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\temp\_uninst_06697164.bat ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Programme\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Translate - {87680762-4A83-11B4-885B-0000E8ECA40F} - D:\Programme\LingoCom\Translator.lnk File not found
O9 - Extra 'Tools' menuitem : Translator - {87680762-4A83-11B4-885B-0000E8ECA40F} - D:\Programme\LingoCom\Translator.lnk File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.4.2/jinstall-1_4_2_05-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} hxxp://icq.oberon-media.com/Gameshell/GameHost/1.0/OberonGameHost.cab (Oberon Flash Game Host)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.3.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B4E3CF1-7467-44C1-903D-B1290A3EA6E0}: DhcpNameServer = 192.168.3.1
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (SGGINA.DLL) - C:\WINDOWS\System32\Sggina.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\programme\gemeinsame dateien\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Gemeinsame Dateien\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O20 - Winlogon\Notify\NotLog: DllName - (SGLogEx.dll) - C:\WINDOWS\System32\SGLogEx.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\SGLogNotification: DllName - (SGLogNotification.dll) - C:\WINDOWS\System32\SGLogNotification.dll (Utimaco Safeware AG)
O20 - Winlogon\Notify\sgsam: DllName - (sgsamn.dll) - C:\WINDOWS\System32\sgsamn.dll ()
O24 - Desktop Components:0 () - hxxp://i.ebayimg.com/09/%21BV6Ou1QBGk%7E$%28KGrHgoH-D8EjlLlzKDlBKU5kc51yg%7E%7E_12.JPG
O24 - Desktop Components:1 () - hxxp://i.ebayimg.com/16/%21BbEuJTQ%212k%7E$%28KGrHgoH-DMEjlLlvjJvBKuR5ljO9Q%7E%7E_12.JPG
O24 - Desktop Components:2 () - file:///C:/DOKUME~1/Rose/LOKALE~1/Temp/msohtmlclip1/01/clip_image002.jpg
O24 - Desktop Components:3 () - file:///C:/DOKUME~1/Rose/LOKALE~1/Temp/msohtmlclip1/01/clip_image001.jpg
O24 - Desktop Components:4 (Die derzeitige Homepage) - About:Home
O28 - HKLM ShellExecuteHooks: {A213B520-C6C2-11d0-AF9D-008029E1027E} - d:\Programme\winfax\WFXSEH32.DLL (Symantec Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2013.01.13 20:53:54 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.01.13 20:31:43 | 002,322,184 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Rose\Desktop\esetsmartinstaller_enu.exe
[2013.01.13 20:19:35 | 000,000,000 | ---D | C] -- C:\Programme\ESET
[2013.01.13 20:19:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ESET
[2013.01.13 19:45:54 | 001,378,744 | ---- | C] (ESET) -- C:\Dokumente und Einstellungen\Rose\Desktop\eset_nod32_antivirus_live_installer.exe
[2013.01.13 19:24:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013.01.13 19:21:53 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\06697164.sys
[2013.01.13 19:06:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rose\Desktop\OTL.exe
[2013.01.13 14:34:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.13 11:36:20 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2013.01.13 11:36:13 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2013.01.13 11:34:52 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Rose\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.13 11:33:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\Threat Expert
[2013.01.13 10:17:36 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2013.01.13 10:13:29 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2013.01.13 10:13:29 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2013.01.13 10:13:29 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2013.01.13 10:13:29 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2013.01.13 10:12:46 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.01.13 10:12:18 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.01.13 10:10:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2013.01.13 09:37:40 | 005,021,655 | R--- | C] (Swearware) -- C:\Dokumente und Einstellungen\Rose\Desktop\ComboFix.exe
[2013.01.13 08:44:11 | 000,062,688 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2013.01.13 08:44:09 | 002,280,568 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2013.01.13 08:44:09 | 001,690,744 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2013.01.13 08:44:09 | 000,150,648 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2013.01.13 08:34:42 | 000,260,760 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2013.01.13 08:34:01 | 000,019,464 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2013.01.13 08:34:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\PC Tools Security
[2013.01.13 08:33:27 | 000,071,752 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2013.01.13 08:33:26 | 000,068,272 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsm.sys
[2013.01.13 08:22:07 | 000,909,728 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2013.01.13 08:22:07 | 000,342,168 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2013.01.13 08:20:48 | 000,368,616 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2013.01.13 08:20:48 | 000,163,288 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2013.01.13 08:19:29 | 000,202,280 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2013.01.13 08:19:29 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\PC Tools
[2013.01.13 08:16:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2013.01.13 08:16:46 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PC Tools
[2013.01.13 08:16:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\TestApp
[2013.01.13 07:43:32 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\McAfee
[2013.01.12 13:03:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Desktop\lenovo
[2013.01.11 11:07:39 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.01.08 10:27:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Desktop\Apple
[2013.01.07 10:13:44 | 000,000,000 | ---D | C] -- C:\Programme\PhonerLite
[2013.01.07 08:47:12 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Desktop\Faxe
[2013.01.06 10:35:06 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\redsn0w
[2012.12.27 16:54:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\NativeFus_Log
[2012.12.27 16:54:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Dokumente\CrashDump
[2012.12.27 16:54:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Eigene Dateien\samsung
[2012.12.26 21:33:54 | 000,000,000 | ---D | C] -- C:\Programme\Dropbox
[2012.12.25 20:02:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
[2012.12.19 20:37:40 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 8
[2012.12.18 13:52:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Desktop\Oase
[2012.12.18 13:31:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\iTunes
[2012.12.18 13:31:06 | 000,000,000 | ---D | C] -- C:\Programme\iPod
[2012.12.18 13:31:01 | 000,000,000 | ---D | C] -- C:\Programme\iTunes
[2012.12.18 13:31:01 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2012.12.18 06:27:43 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Rose\Eigene Dateien\Sony
[14 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013.01.13 21:37:36 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\06697164.sys
[2013.01.13 21:00:32 | 000,000,490 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2013.01.13 20:31:52 | 002,322,184 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Rose\Desktop\esetsmartinstaller_enu.exe
[2013.01.13 20:28:44 | 000,756,999 | ---- | M] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2013.01.13 20:16:24 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.01.13 20:15:30 | 000,001,090 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.13 19:46:11 | 001,378,744 | ---- | M] (ESET) -- C:\Dokumente und Einstellungen\Rose\Desktop\eset_nod32_antivirus_live_installer.exe
[2013.01.13 19:27:53 | 000,000,852 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\_uninst_06697164.lnk
[2013.01.13 19:14:50 | 151,797,136 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\setup_11.0.0.1245.x01_2013_01_13_21_37.exe
[2013.01.13 19:07:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Rose\Desktop\OTL.exe
[2013.01.13 18:46:08 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.01.13 18:43:00 | 000,001,086 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.13 18:42:14 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.01.13 11:35:16 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Rose\Desktop\mbam-setup-1.70.0.1100.exe
[2013.01.13 11:25:15 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2013.01.13 10:18:01 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2013.01.13 10:04:32 | 003,696,736 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013.01.13 09:46:34 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2013.01.13 09:37:51 | 005,021,655 | R--- | M] (Swearware) -- C:\Dokumente und Einstellungen\Rose\Desktop\ComboFix.exe
[2013.01.13 07:58:32 | 000,506,266 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.01.13 07:58:32 | 000,484,566 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.01.13 07:58:32 | 000,080,580 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.01.13 07:58:31 | 000,096,220 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.01.12 21:15:16 | 000,371,063 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Unbenannt-1.jpg
[2013.01.12 21:04:31 | 000,023,586 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\eBay Kleinanzeigen _ Kostenlos. Eipc.pdf
[2013.01.12 20:44:26 | 000,031,458 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\eBay Kleinanzeigen _ Kostenlos. Einfach. Lokal.pdf
[2013.01.10 19:00:14 | 000,081,642 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Mehrfamilienhaus Hemer.pdf
[2013.01.10 15:18:00 | 000,019,229 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\184697.JPG
[2013.01.10 15:15:09 | 000,010,322 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\694908.JPG
[2013.01.10 13:14:16 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013.01.10 13:14:15 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013.01.10 12:35:54 | 000,020,013 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Paketschein(1).pdf
[2013.01.09 18:51:28 | 000,020,050 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Paketschein.pdf
[2013.01.08 20:03:32 | 000,050,570 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\2013-01-08 20.03.32.png
[2013.01.08 14:51:26 | 000,001,086 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.umbrella
[2013.01.08 11:49:02 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013.01.08 09:21:12 | 000,232,373 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ngpowertools.rar
[2013.01.08 09:20:44 | 000,037,744 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\v7xxxbewerbungssystem50.zip
[2013.01.08 09:20:01 | 000,210,047 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\devgermany_5.rar
[2013.01.07 10:21:34 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2013.01.06 07:00:31 | 000,000,413 | ---- | M] () -- C:\wakeuptoken.info
[2013.01.06 06:37:08 | 000,077,856 | ---- | M] () -- C:\BACKUP.svf
[2013.01.04 18:21:38 | 000,155,816 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Eigene Dateien\Werbung.pdf
[2013.01.04 18:20:29 | 001,391,496 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ohne greenwodd werbung.jpg
[2013.01.04 18:18:00 | 021,081,752 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ohne greenwodd werbung.psd
[2012.12.26 21:34:04 | 000,001,011 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\Dropbox.lnk
[2012.12.26 21:33:39 | 000,001,001 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Dropbox.lnk
[2012.12.25 20:02:24 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2012.12.25 19:59:19 | 024,442,792 | ---- | M] () -- C:\Dokumente und Einstellungen\Rose\Desktop\GoogleEarthWin.exe
[2012.12.20 06:36:33 | 000,000,610 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Vuze.lnk
[2012.12.18 13:31:38 | 000,001,522 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.12.18 10:06:54 | 004,659,712 | ---- | M] (Dmitry Streblechenko) -- C:\WINDOWS\System32\Redemption.dll
[2012.12.18 09:57:54 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\dllcache\atmfd.dll
[2012.12.16 13:23:59 | 000,290,560 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\atmfd.dll
[14 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013.01.13 19:27:53 | 000,000,852 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Startmenü\Programme\Autostart\_uninst_06697164.lnk
[2013.01.13 19:08:10 | 151,797,136 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\setup_11.0.0.1245.x01_2013_01_13_21_37.exe
[2013.01.13 10:18:00 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2013.01.13 10:17:54 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2013.01.13 10:13:29 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2013.01.13 10:13:29 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2013.01.13 10:13:29 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2013.01.13 10:13:29 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2013.01.13 10:13:29 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2013.01.13 08:44:09 | 000,769,144 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2013.01.13 08:44:09 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2013.01.13 08:44:09 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2013.01.13 08:44:09 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2013.01.13 08:44:09 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2013.01.13 08:22:13 | 000,756,999 | ---- | C] () -- C:\WINDOWS\System32\drivers\Cat.DB
[2013.01.12 21:15:07 | 000,371,063 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Unbenannt-1.jpg
[2013.01.12 21:04:31 | 000,023,586 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\eBay Kleinanzeigen _ Kostenlos. Eipc.pdf
[2013.01.12 20:44:26 | 000,031,458 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\eBay Kleinanzeigen _ Kostenlos. Einfach. Lokal.pdf
[2013.01.10 19:00:14 | 000,081,642 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Mehrfamilienhaus Hemer.pdf
[2013.01.10 15:18:00 | 000,019,229 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\184697.JPG
[2013.01.10 15:15:08 | 000,010,322 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\694908.JPG
[2013.01.10 12:35:54 | 000,020,013 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Paketschein(1).pdf
[2013.01.09 18:51:27 | 000,020,050 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\Paketschein.pdf
[2013.01.08 20:05:17 | 000,050,570 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\2013-01-08 20.03.32.png
[2013.01.08 09:21:11 | 000,232,373 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ngpowertools.rar
[2013.01.08 09:20:44 | 000,037,744 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\v7xxxbewerbungssystem50.zip
[2013.01.08 09:20:01 | 000,210,047 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\devgermany_5.rar
[2013.01.06 07:00:31 | 000,000,413 | ---- | C] () -- C:\wakeuptoken.info
[2013.01.04 18:21:38 | 000,155,816 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Eigene Dateien\Werbung.pdf
[2013.01.04 18:20:21 | 001,391,496 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ohne greenwodd werbung.jpg
[2013.01.04 18:18:00 | 021,081,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\ohne greenwodd werbung.psd
[2012.12.30 09:03:15 | 000,484,086 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-S-1-5-21-2052111302-1935655697-725345543-1003-0.dat
[2012.12.25 20:02:24 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2012.12.25 19:59:02 | 024,442,792 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Desktop\GoogleEarthWin.exe
[2012.12.18 13:31:38 | 000,001,522 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\iTunes.lnk
[2012.10.12 16:02:04 | 000,000,218 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\.recently-used.xbel
[2012.10.12 15:55:19 | 000,000,037 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\.gtk-bookmarks
[2012.07.18 09:42:03 | 000,000,256 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2012.06.04 19:01:44 | 000,922,184 | ---- | C] () -- C:\WINDOWS\System32\pwNative.exe
[2012.06.04 19:01:44 | 000,016,472 | ---- | C] () -- C:\WINDOWS\System32\pwdrvio.sys
[2012.06.04 19:01:43 | 000,011,104 | ---- | C] () -- C:\WINDOWS\System32\pwdspio.sys
[2012.05.06 23:52:32 | 000,484,086 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\WPFFontCache_v0400-System.dat
[2012.02.15 06:44:28 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012.01.03 08:28:06 | 002,570,286 | ---- | C] () -- C:\WINDOWS\System32\abgx360.exe
[2011.11.29 20:13:49 | 000,111,932 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2011.11.29 20:13:49 | 000,001,136 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2011.11.29 20:13:49 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_IT.dat
[2011.11.29 20:13:49 | 000,001,107 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_GE.dat
[2011.11.29 20:13:49 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2011.11.29 20:13:49 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2011.11.29 20:13:48 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2011.11.29 20:13:48 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2011.11.29 20:13:48 | 000,026,154 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2011.11.29 20:13:48 | 000,024,903 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2011.11.29 20:13:48 | 000,021,390 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2011.11.29 20:13:48 | 000,020,148 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2011.11.29 20:13:48 | 000,011,811 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2011.11.29 20:13:48 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2011.11.29 20:13:48 | 000,001,146 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_DU.dat
[2011.11.29 20:13:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2011.11.29 20:13:48 | 000,001,139 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2011.11.29 20:13:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2011.11.29 20:13:48 | 000,001,129 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2011.11.28 12:01:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\WTNSETUP.INI
[2011.11.28 11:54:00 | 000,037,888 | ---- | C] () -- C:\WINDOWS\System32\DCCWFP32.DLL
[2011.11.28 11:54:00 | 000,000,250 | ---- | C] () -- C:\WINDOWS\WINFAX.INI
[2011.11.28 11:53:54 | 000,017,920 | ---- | C] () -- C:\WINDOWS\System32\IMPLODE.DLL
[2011.11.08 13:42:11 | 002,784,050 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2011.07.15 13:12:52 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2011.04.27 13:19:30 | 000,974,848 | ---- | C] () -- C:\WINDOWS\System32\cis-2.4.dll
[2011.04.27 13:19:30 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\issacapi_bs-2.3.dll
[2011.04.27 13:19:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\issacapi_pe-2.3.dll
[2011.04.27 13:19:30 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\issacapi_se-2.3.dll
[2011.04.25 13:49:41 | 000,094,208 | ---- | C] () -- C:\WINDOWS\AKDeInstall.exe
[2011.04.23 19:10:51 | 000,164,864 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.EXE
[2011.04.23 19:10:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\hsduinst.exe
[2011.04.23 19:10:51 | 000,006,836 | ---- | C] () -- C:\WINDOWS\System32\UNWISE.INI
[2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2011.03.11 20:21:43 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011.03.11 20:21:40 | 000,293,992 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011.03.11 20:21:40 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011.03.11 20:16:14 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2011.03.11 18:39:38 | 000,080,416 | ---- | C] () -- C:\WINDOWS\System32\RtNicProp32.dll
[2011.03.01 13:57:58 | 000,000,201 | ---- | C] () -- C:\WINDOWS\OPLB.INI
[2011.03.01 13:57:26 | 000,000,808 | ---- | C] () -- C:\WINDOWS\System32\OKIPAR.DAT
[2011.02.24 17:22:07 | 000,109,404 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011.01.28 11:07:31 | 000,000,030 | ---- | C] () -- C:\WINDOWS\USDL_GrandPrix_v1.6.4_XP.INI
[2010.12.29 17:57:37 | 000,000,000 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LauncherAccess.dt
[2010.12.19 10:48:10 | 000,017,408 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\WebpageIcons.db
[2009.07.04 19:05:08 | 000,000,928 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\winsys.lng
[2009.07.04 19:05:08 | 000,000,928 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\krc6utae.usf
[2009.06.17 11:40:28 | 000,002,516 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\KGyGaAvL.sys
[2009.05.27 13:01:49 | 000,069,632 | ---- | C] () -- C:\Programme\system.mdw
[2009.05.09 20:22:19 | 000,002,528 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Anwendungsdaten\$_hpcst$.hpc
[2009.03.03 23:35:43 | 000,000,137 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009.03.03 12:24:57 | 000,061,952 | ---- | C] () -- C:\Dokumente und Einstellungen\Rose\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2009.03.03 15:01:26 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.10.16 02:00:25 | 001,778,688 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.02.09 11:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2008.04.14 07:52:34 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== Alternate Data Streams ==========
@Alternate Data Stream - 479 bytes -> C:\Dokumente und Einstellungen\Rose\Desktop\2013-01-08 20.03.32.png:com.dropbox.attributes
@Alternate Data Stream - 163 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:430C6D84
< End of report >
Hoffe ihr könnt mir weiterhelfen. Das Posten von Logfiles könnte etwas dauern, da der PC extrem langsam ist, und Kaspersky und Eset 12Stunden zum scannen gebraucht haben :wtf: Code:
GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-14 07:41:07
Windows 5.1.2600 Service Pack 3 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 SAMSUNG_HD502IJ rev.1AA01112 465,76GB
Running: gmer-2.0.18444.exe; Driver: C:\DOKUME~1\Rose\LOKALE~1\Temp\kgrorpow.sys
---- Kernel code sections - GMER 2.0 ----
.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB1D223C0, 0x95B7EA, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\atksgt.sys section is writeable [0xACB24300, 0x3B6D8, 0xE8000020]
.text C:\WINDOWS\system32\DRIVERS\lirsgt.sys section is writeable [0xAE77F300, 0x1BEE, 0xE8000020]
? system32\DRIVERS\5926726drv.sys Das System kann den angegebenen Pfad nicht finden. !
---- User code sections - GMER 2.0 ----
.text D:\Programme\OO Software\Defrag\oodag.exe[1668] kernel32.dll!SetUnhandledExceptionFilter 7C8449CD 5 Bytes JMP 00401340 D:\Programme\OO Software\Defrag\oodag.exe (O&O Defrag Free Edition Agent (Win32)/O&O Software GmbH)
.text C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe[1964] kernel32.dll!CreateThread + 1A 7C810721 4 Bytes CALL 00450055 C:\Program Files\PC Tools\PC Tools Security\pctsSvc.exe (PC Tools Security Component/PC Tools)
? C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] C:\WINDOWS\system32\ntdll.dll time/date stamp mismatch;
? C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] C:\WINDOWS\system32\kernel32.dll time/date stamp mismatch;
.text C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] USER32.dll!AlignRects 7E362A78 4 Bytes [70, 11, 34, 6C] {JO 0x13; XOR AL, 0x6c}
.text C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe[3348] kernel32.dll!CreateThread + 1A 7C810721 4 Bytes CALL 004508F9 C:\Program Files\PC Tools\PC Tools Security\pctsGui.exe (PC Tools Security Component/PC Tools)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] ntdll.dll!LdrLoadDll 7C92632D 5 Bytes JMP 0150ED80 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] kernel32.dll!lstrlenW + 43 7C809AEC 7 Bytes JMP 01855505 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] kernel32.dll!MapViewOfFileEx + 6A 7C80B9A0 7 Bytes JMP 018554E2 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] kernel32.dll!ValidateLocale + B1C8 7C8449C8 7 Bytes JMP 015253B7 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Programme\Mozilla Firefox\firefox.exe[3412] GDI32.dll!SetDIBitsToDevice + 20A 77EF9E14 7 Bytes JMP 01855463 C:\Programme\Mozilla Firefox\xul.dll (Mozilla Foundation)
---- User IAT/EAT - GMER 2.0 ----
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlAllocateHeap] 000301D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlFreeHeap] 00030240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlSizeHeap] 000302B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\kernel32.dll [ntdll.dll!RtlReAllocateHeap] 00030320
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetModuleFileNameA] 00BD0860
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryA] 00BD08D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!LoadLibraryW] 00BD0940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!GetProcAddress] 00BD09B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!FreeLibrary] 00BD0A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BD0A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualAlloc] 00030550
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [KERNEL32.dll!VirtualFree] 000305C0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlFreeHeap] 00030630
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\RPCRT4.dll [ntdll.dll!RtlAllocateHeap] 000306A0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetErrorMode] 00BD0B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryExW] 00BD0B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetModuleFileNameW] 00BD0BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BD0C50
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryW] 00BD0CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!FreeLibrary] 00BD0D30
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!LoadLibraryA] 00BD0DA0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!GetProcAddress] 00BD0E10
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualAlloc] 000307F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [KERNEL32.dll!VirtualFree] 00030860
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlFreeHeap] 000308D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlAllocateHeap] 00030940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ADVAPI32.dll [ntdll.dll!RtlReAllocateHeap] 000309B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BD0E80
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryA] 00BD0EF0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!LoadLibraryW] 00BD0F60
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetModuleFileNameW] 7C9E0550
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!GetProcAddress] 7C9E05C0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [KERNEL32.dll!FreeLibrary] 7C9E0630
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlFreeHeap] 00030A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\Secur32.dll [ntdll.dll!RtlAllocateHeap] 00030A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryExW] 7C9E06A0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!CreateProcessW] 7C9E0710
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0780
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryA] 7C9E07F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0860
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetProcAddress] 7C9E08D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!LoadLibraryW] 7C9E0940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!FreeLibrary] 7C9E09B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [KERNEL32.dll!GetModuleFileNameW] 7C9E0A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlAllocateHeap] 00030CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\USER32.dll [ntdll.dll!RtlFreeHeap] 00030D30
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E0A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryExW] 7C9E0B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryA] 7C9E0B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!FreeLibrary] 7C9E0BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!GetProcAddress] 7C9E0C50
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [KERNEL32.dll!LoadLibraryW] 7C9E0CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlAllocateHeap] 00030DA0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\GDI32.dll [ntdll.dll!RtlFreeHeap] 00030E10
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetErrorMode] 00BE0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BE02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetProcAddress] 00BE0320
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!LoadLibraryA] 00BE0390
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!FreeLibrary] 00BE0400
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessA] 00BE0470
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!CreateProcessW] 00BE04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameA] 00BE0550
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!HeapDestroy] 7C9D0630
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualFree] 7C9D06A0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!VirtualAlloc] 7C9D0710
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\msvcrt.dll [KERNEL32.dll!GetModuleFileNameW] 00BE05C0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualAlloc] 7C9D08D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!VirtualFree] 7C9D0940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!HeapDestroy] 7C9D0B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BE0710
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryA] 00BE0780
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!CreateProcessW] 00BE07F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetModuleFileNameW] 00BE0860
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!SetErrorMode] 00BE08D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryW] 00BE0940
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!GetProcAddress] 00BE09B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExW] 00BE0A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!FreeLibrary] 00BE0A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [KERNEL32.dll!LoadLibraryExA] 00BE0B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHELL32.dll [ntdll.dll!RtlFreeHeap] 7C9D0B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BE0B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!SetErrorMode] 00BE0BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameW] 00BE0C50
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExA] 00BE0CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryExW] 00BE0D30
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryW] 00BE0DA0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessA] 00BE0E10
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!CreateProcessW] 00BE0E80
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!FreeLibrary] 00BE0EF0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!HeapDestroy] 7C9D0BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!LoadLibraryA] 00BE0F60
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetProcAddress] 00BF0010
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SHLWAPI.dll [KERNEL32.dll!GetModuleFileNameA] 00BF0080
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetProcAddress] 00BF00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryA] 00BF0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!FreeLibrary] 00BF01D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryW] 00BF0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!GetModuleFileNameW] 00BF02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExW] 00BF0320
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!LoadLibraryExA] 00BF0390
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!CreateProcessW] 00BF0400
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!VirtualAlloc] 7C9D0E80
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00BF0470
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\ole32.dll [ntdll.dll!RtlFreeHeap] 7C9D0EF0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C00A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualFree] 7C9D02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\SAMLIB.dll [KERNEL32.dll!VirtualAlloc] 7C9D0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!LoadLibraryA] 00C104E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!FreeLibrary] 00C10550
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!GetProcAddress] 00C105C0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\PSAPI.DLL [KERNEL32.dll!SetUnhandledExceptionFilter] 00C10630
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetErrorMode] 00C10A20
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryW] 00C10A90
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryExA] 00C10B00
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!CreateProcessW] 00C10B70
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetModuleFileNameW] 00C10BE0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!GetProcAddress] 00C10C50
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!FreeLibrary] 00C10CC0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!LoadLibraryA] 00C10D30
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 00C10DA0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\userenv.dll [ntdll.dll!RtlFreeHeap] 7C9D0080
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryW] 7C9E0400
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlAllocateHeap] 7C9D0010
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\NETAPI32.dll [ntdll.dll!RtlFreeHeap] 7C9D0080
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!HeapDestroy] 7C9D01D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2_32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\WS2HELP.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!HeapDestroy] 7C9D01D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlFreeHeap] 7C9D0080
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\iphlpapi.dll [ntdll.dll!RtlAllocateHeap] 7C9D0010
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExA] 7C9E0320
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!LoadLibraryExW] 7C9E0390
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameW] 7C9E01D0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\CRYPT32.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryW] 7C9E0400
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetErrorMode] 7C9E0470
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameA] 7C9E0160
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!SetUnhandledExceptionFilter] 7C9E04E0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryExW] 7C9E0390
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetProcAddress] 7C9E0240
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!LoadLibraryA] 7C9E02B0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!FreeLibrary] 7C9E00F0
IAT C:\DOKUME~1\Rose\LOKALE~1\Temp\9519004\5926726.exe[2876] @ C:\WINDOWS\system32\wininet.dll [KERNEL32.dll!GetModuleFileNameW] 7C9E01D0
---- Modules - GMER 2.0 ----
Module _________ B79A0000-B79B8000 (98304 bytes)
---- Registry - GMER 2.0 ----
Reg HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Prefetcher@TracesProcessed 96
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}\iexplore@Count 1880
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5C255C8A-E604-49B4-9D64-90988571CECB}\iexplore@Count 1880
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\iexplore@Count 1880
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59D52CC8-1505-7D01-261A-434289051449}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59D52CC8-1505-7D01-261A-434289051449}@iakcjfdcohfglejhif 0x69 0x61 0x6D 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59D52CC8-1505-7D01-261A-434289051449}@haecpblmnmlkmfmh 0x6A 0x61 0x67 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{59D52CC8-1505-7D01-261A-434289051449}@iagfbebkddiiekdloc 0x63 0x61 0x6E 0x6C ...
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior
---- EOF - GMER 2.0 ----
|
