![]() |
Log-Analyse und Auswertung: Permanenter seitenaufruf bei eingabe in die Adressleiste von http://woobiu.comWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() |
![]() | #1 |
| ![]() Permanenter seitenaufruf bei eingabe in die Adressleiste von http://woobiu.com Hallo erstmal, vielen Dank schonmal im vorraus. Ich habe mich hier schon ein wenig Durchgelesen. Folgendes Problem Sobald ich in der Adressleiste etwas eingebe sucht der Browser ja normalerweise bei google.de, bei mir leider nichtmehr die suche wird auf hxxp://woobiu.com geleitet. Systeminformationen: Notebook Lenovo B570 Nagelneu Intel Pentium CPU B960 @ 2,20GHz 2,20 GHz Arbeitsspeicher: 4,00 GB (2,92 GB verwendbar) Systemtyp: 32 Bit-Betriebssystem Windows 7 Ultimate Service Pack 1 Internetverbindung Wlan Als Virenscanner läuft Microsoft Essentials und Firewall von Windows habe auch schon Emsisoft Anti Maleware installiert und drüberlaufen lassen leider ohne ergebniss PS: ist mein Firmennotebook über dies Onlinebanking sowie die Komplette buchhaltung laufen diebezüglich die frage ob das Onlinebanking vorrübergehend gesperrt werden sollte?!! OTL habe ich bereits runtergeladen und ausgeführt wie hier beschrieben: http://www.trojaner-board.de/113539-...hergebnis.html otl.txt post da zu groß extras im anhang Code:
ATTFilter OTL logfile created on: 09.06.2012 09:56:09 - Run 1 OTL by OldTimer - Version Folder = C:\Users\Flo\Desktop Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,92 Gb Total Physical Memory | 1,81 Gb Available Physical Memory | 61,99% Memory free 5,83 Gb Paging File | 4,51 Gb Available in Paging File | 77,33% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 146,39 Gb Total Space | 113,36 Gb Free Space | 77,44% Space Free | Partition Type: NTFS Drive D: | 150,52 Gb Total Space | 150,43 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Computer Name: FLO-PC | User Name: Flo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.09 09:53:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe PRC - [2012.06.07 11:12:00 | 000,336,896 | ---- | M] (AVM Berlin) -- C:\Users\Flo\AppData\Local\Apps\2.0\6VY6WEAV.8PR\HYYK19Z5.TEY\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\fritzbox-usb-fernanschluss.exe PRC - [2012.04.21 03:16:21 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.04.20 16:09:02 | 003,065,120 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2service.exe PRC - [2012.04.20 16:09:00 | 003,361,184 | ---- | M] (Emsisoft GmbH) -- C:\Programme\Emsisoft Anti-Malware\a2guard.exe PRC - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.04.01 09:12:16 | 000,147,456 | ---- | M] (IvoSoft) -- C:\Programme\Classic Shell\ClassicStartMenu.exe PRC - [2012.03.26 17:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.03.09 00:00:00 | 000,856,064 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\FAX Utility\FUFAXSTM.exe PRC - [2011.03.09 00:00:00 | 000,495,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\FAX Utility\FUFAXRCV.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.22 03:01:00 | 000,212,480 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIHRE.EXE PRC - [2010.12.22 17:20:52 | 000,047,704 | ---- | M] (Alcor) -- C:\Windows\WebCam\S6000\S6000Mnt.exe PRC - [2010.12.15 16:57:42 | 008,943,520 | ---- | M] (Lenovo (Beijing) Limited) -- C:\Programme\Lenovo\Energy Management\Energy Management.exe PRC - [2010.12.13 23:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) -- C:\Programme\EgisTec BioExcess\EgisService.exe PRC - [2010.12.13 23:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) -- C:\Programme\Common Files\EgisTec\Services\EgisTicketService.exe PRC - [2010.12.13 23:58:20 | 000,383,344 | ---- | M] (Egis Technology Inc. ) -- C:\Programme\EgisTec BioExcess\EgisTSR.exe PRC - [2010.12.13 19:21:28 | 005,117,856 | ---- | M] (Lenovo(beijing) Limited) -- C:\Programme\Lenovo\Energy Management\utility.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.05 18:54:36 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec IPS\PmmUpdate.exe PRC - [2010.11.05 18:54:24 | 000,202,096 | ---- | M] (Egis Technology Inc.) -- C:\Programme\EgisTec IPS\EgisUpdate.exe PRC - [2010.10.28 12:17:06 | 000,054,616 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtProc.exe PRC - [2010.10.05 15:08:46 | 002,655,768 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.05 15:08:42 | 000,325,656 | R--- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.09.13 18:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.07.29 11:59:36 | 000,116,632 | ---- | M] (NewSoft Technology Corporation) -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMSpeed.exe PRC - [2008.05.24 14:34:28 | 000,026,448 | ---- | M] (NewSoft Technology Corporation) -- C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe PRC - [2006.12.20 21:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\SAgent4.exe PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2012.06.07 11:11:49 | 000,368,640 | ---- | M] () -- C:\Users\Flo\AppData\Local\Apps\2.0\6VY6WEAV.8PR\HYYK19Z5.TEY\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\managedupnp.DLL MOD - [2012.05.27 09:45:06 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll MOD - [2012.05.27 09:45:05 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\6c30b231f838269283ee449bbc98b202\IAStorUtil.ni.dll MOD - [2012.05.26 19:54:58 | 008,797,856 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_235.dll MOD - [2012.05.26 19:44:56 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll MOD - [2012.05.26 19:44:40 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.26 19:44:27 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\07f019692c382d588d3c6cb2da2a9ec5\PresentationFramework.ni.dll MOD - [2012.05.26 19:44:01 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\90555968565afd59bce4b0974e9903bd\System.Windows.Forms.ni.dll MOD - [2012.05.26 19:43:50 | 001,590,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\69f6e582cb79f107c61308b468c1a215\System.Drawing.ni.dll MOD - [2012.05.26 19:43:49 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\bf659f9bb758ac14ed7a37bdfe965849\System.Deployment.ni.dll MOD - [2012.05.26 19:43:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.26 19:43:37 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.26 19:43:35 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\2d1fd350e9bc62ce659e5cbcfd555796\PresentationCore.ni.dll MOD - [2012.05.26 19:43:19 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.26 19:43:13 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.26 19:43:01 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2012.04.21 03:16:53 | 001,952,696 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2011.05.28 22:04:56 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2011.03.11 10:47:52 | 000,151,040 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\ScanModule.dll MOD - [2011.01.21 15:05:44 | 000,258,048 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMScnSet.dll MOD - [2010.12.29 18:32:32 | 000,614,400 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMDB_N.dll MOD - [2010.12.29 17:52:08 | 000,147,456 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMCommon.dll MOD - [2010.12.23 13:17:32 | 000,057,344 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMISM.dll MOD - [2010.12.16 10:37:54 | 000,094,208 | ---- | M] () -- C:\Windows\System32\IccLibDll.dll MOD - [2010.11.30 16:42:22 | 000,352,256 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMTree.dll MOD - [2010.11.26 10:45:10 | 000,090,112 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMImageSplitter.dll MOD - [2010.11.26 10:33:20 | 004,583,424 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMView.dll MOD - [2010.11.13 01:19:04 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\\mscorlib.resources.dll MOD - [2010.10.22 10:22:34 | 000,090,112 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMSave.dll MOD - [2010.10.22 10:01:46 | 000,139,264 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMSet.dll MOD - [2010.09.26 11:13:24 | 000,430,080 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMPageVW.dll MOD - [2010.09.26 11:13:02 | 000,184,320 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMImgVW.dll MOD - [2010.09.09 18:00:40 | 000,061,440 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMINSO.dll MOD - [2010.09.08 17:10:10 | 000,073,728 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\OutlookVBA.dll MOD - [2010.09.08 10:52:26 | 000,036,864 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMPDFView.dll MOD - [2010.08.03 10:51:10 | 001,036,288 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\SlideBarDLL.dll MOD - [2010.08.03 10:44:44 | 000,049,152 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMOffice.dll MOD - [2010.07.13 10:48:18 | 000,106,496 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMProp.dll MOD - [2010.05.07 11:46:38 | 000,057,344 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PerformOcr.dll MOD - [2010.04.27 15:20:18 | 000,065,536 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMStatus.dll MOD - [2010.03.02 15:09:08 | 000,102,400 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMDocVW.dll MOD - [2009.12.04 17:20:52 | 000,323,584 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMAnoSet.dll MOD - [2009.11.27 17:38:52 | 000,331,776 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMAppBar.dll MOD - [2009.11.26 17:49:38 | 000,081,920 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\NetFun2K.dll MOD - [2009.09.09 14:44:26 | 000,151,552 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMANO.dll MOD - [2009.08.06 10:22:18 | 000,421,888 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\FT.dll MOD - [2009.07.14 10:47:20 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\\PresentationFramework.resources.dll MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\\System.Runtime.Remoting.resources.dll MOD - [2009.06.26 09:03:42 | 000,086,016 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMApSet.dll MOD - [2008.12.20 03:20:50 | 000,063,304 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\KbdHook.dll MOD - [2008.12.20 03:20:08 | 000,051,016 | ---- | M] () -- C:\Programme\Lenovo\Energy Management\HookLib.dll MOD - [2008.11.17 14:56:24 | 000,102,400 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\nsSign.dll MOD - [2008.08.25 17:19:34 | 000,069,632 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PHooKDlg.dll MOD - [2008.08.25 16:16:44 | 000,040,960 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMIEVW.dll MOD - [2007.08.31 17:51:04 | 000,040,960 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\PMVoice.dll MOD - [2007.03.30 10:24:12 | 000,104,528 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\Qem.dll MOD - [2007.03.30 10:01:28 | 000,038,992 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\NsOEMKey.dll MOD - [2007.03.30 09:57:04 | 000,034,896 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\Import.dll MOD - [2007.03.30 09:49:38 | 000,104,528 | ---- | M] () -- C:\Programme\NewSoft\Presto! PageManager 9.03\ComClass.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.26 19:54:59 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.21 03:16:42 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.20 16:09:02 | 003,065,120 | ---- | M] (Emsisoft GmbH) [Auto | Running] -- C:\Programme\Emsisoft Anti-Malware\a2service.exe -- (a2AntiMalware) SRV - [2012.04.04 07:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.03.19 23:44:18 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IntelCpHeciSvc.exe -- (cphs) Intel(R) SRV - [2012.03.19 13:38:47 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.12.13 23:59:28 | 000,703,856 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Programme\EgisTec BioExcess\EgisService.exe -- (EgisTec Service) SRV - [2010.12.13 23:58:32 | 000,650,096 | ---- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Programme\Common Files\EgisTec\Services\EgisTicketService.exe -- (EgisTec Ticket Service) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.10.05 15:08:46 | 002,655,768 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.10.05 15:08:42 | 000,325,656 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.09.13 18:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2006.12.20 21:14:00 | 000,131,072 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Windows\System32\SAgent4.exe -- (StatusAgent4) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2006.10.26 14:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2006.10.26 13:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\rdvgkmd.sys -- (VGPU) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\tsusbhub.sys -- (tsusbhub) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\drivers\synth3dvsc.sys -- (Synth3dVsc) DRV - [2012.06.07 11:11:52 | 000,101,248 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\avmaudio.sys -- (avmaudio) DRV - [2012.05.26 19:51:44 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.05.26 17:14:38 | 000,062,048 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV - [2012.05.26 17:14:38 | 000,019,304 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV - [2012.05.26 17:14:38 | 000,016,744 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.11.02 11:13:28 | 000,034,768 | ---- | M] (Emsi Software GmbH) [File_System | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2dix86.sys -- (a2injectiondriver) DRV - [2011.11.02 11:13:12 | 000,051,632 | ---- | M] (Emsi Software GmbH) [File_System | On_Demand | Running] -- C:\Programme\Emsisoft Anti-Malware\a2accx86.sys -- (a2acc) DRV - [2011.05.19 14:10:34 | 000,017,904 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2ddax86.sys -- (A2DDA) DRV - [2010.12.23 16:46:02 | 003,264,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\S6000KNT.sys -- (S6000KNT) DRV - [2010.11.24 11:30:40 | 002,128,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 12:21:14 | 000,015,872 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.10.31 10:36:54 | 000,029,296 | ---- | M] (Egis Technology Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) DRV - [2010.10.25 19:44:36 | 000,023,136 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC) DRV - [2010.10.19 23:33:40 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (MEI) Intel(R) DRV - [2010.10.14 18:27:18 | 000,269,824 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV - [2010.08.03 12:43:10 | 000,215,144 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RtsUVStor.sys -- (RSUSBVSTOR) DRV - [2010.05.05 09:40:32 | 000,011,776 | ---- | M] (Emsi Software GmbH) [Kernel | System | Running] -- C:\Programme\Emsisoft Anti-Malware\a2util32.sys -- (a2util) DRV - [2010.01.15 18:08:42 | 000,032,352 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\LhdX86.sys -- (LHDmgr) DRV - [2009.07.21 21:14:58 | 000,081,704 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\wsvd.sys -- (wsvd) DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-1111-472f-A0FF-E1416B8B2E3B} IE - HKCU\..\SearchScopes\{0633EE93-1111-472f-A0FF-E1416B8B2E3B}: "URL" = hxxp://woobiu.com/search?q={searchTerms}&sa=Search&ie=UTF-8&hl=es&cx=&cof=FORID%3A10 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "customized search engine" FF - prefs.js..browser.startup.homepage: "hxxp://google.de" FF - prefs.js..keyword.URL: "hxxp://woobiu.com//result.php?Keywords={searchTerms}" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}: C:\Program Files\EgisTec BioExcess\FFExt [2012.05.26 17:14:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.26 18:14:22 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.26 21:18:02 | 000,000,000 | ---D | M] [2012.05.26 19:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Extensions [2012.05.27 22:41:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Flo\AppData\Roaming\mozilla\Firefox\Profiles\7dehwmzl.default\extensions [2012.05.26 18:14:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.04.21 03:18:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.12.09 19:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2012.04.21 03:54:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.21 03:54:08 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.21 03:54:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.21 03:54:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.21 03:54:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.21 03:54:08 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (EgisPBIE Class) - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Programme\EgisTec BioExcess\EgisPBIE.dll (Egis Technology Inc.) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Classic Start Menu] C:\Programme\Classic Shell\ClassicStartMenu.exe (IvoSoft) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [emsisoft anti-malware] c:\program files\emsisoft anti-malware\a2guard.exe (Emsisoft GmbH) O4 - HKLM..\Run: [Energy Management] C:\Programme\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Programme\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKLM..\Run: [PMSpeed] C:\Programme\NewSoft\Presto! PageManager 9.03\PMSpeed.exe (NewSoft Technology Corporation) O4 - HKLM..\Run: [S6000Mnt] Rundll32.exe S6000Rmv.dll ,WinMainRmv /StartStillMnt File not found O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. ) O4 - HKLM..\Run: [WrtMon.exe] C:\Windows\System32\spool\drivers\w32x86\3\WrtMon.exe (NewSoft Technology Corporation) O4 - HKCU..\Run: [AVMUSBFernanschluss] C:\Users\Flo\AppData\Local\Apps\2.0\6VY6WEAV.8PR\HYYK19Z5.TEY\frit..tion_8488884cfbcefd60_0002.0002_8541bf1f4a1c673d\AVMAutoStart.exe (AVM Berlin) O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [Epson Stylus Office BX305 Plus(Netzwerk)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIHRE.EXE (SEIKO EPSON CORPORATION) O4 - HKCU..\Run: [uTorrent] "C:\Program Files\uTorrent\uTorrent.exe" /MINIMIZED File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A0866471-A8A3-410B-B528-726A91EC9AD3}: DhcpNameServer = O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0aa053bd-a75a-11e1-a6dd-f0def1d86e5a}\Shell - "" = AutoRun O33 - MountPoints2\{0aa053bd-a75a-11e1-a6dd-f0def1d86e5a}\Shell\AutoRun\command - "" = G:\SETUP.EXE O33 - MountPoints2\{0aa053bd-a75a-11e1-a6dd-f0def1d86e5a}\Shell\configure\command - "" = G:\SETUP.EXE O33 - MountPoints2\{0aa053bd-a75a-11e1-a6dd-f0def1d86e5a}\Shell\install\command - "" = G:\SETUP.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.09 09:54:05 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe [2012.06.07 20:49:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware [2012.06.07 20:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\Emsisoft Anti-Malware [2012.06.07 20:47:41 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\Anti-Malware [2012.06.07 15:49:14 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\TeamViewer [2012.06.07 15:43:29 | 000,000,000 | ---D | C] -- C:\Program Files\TeamViewer [2012.06.07 11:12:00 | 000,101,248 | ---- | C] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2012.06.07 11:12:00 | 000,032,256 | ---- | C] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [2012.06.07 11:12:00 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FRITZ!Box [2012.06.07 11:11:37 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Deployment [2012.06.07 11:11:37 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Apps [2012.06.06 19:23:10 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Microsoft Games [2012.06.03 19:37:27 | 000,000,000 | ---D | C] -- C:\Drivers [2012.06.02 16:23:45 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2012.06.02 16:21:09 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\uTorrent [2012.06.02 16:11:55 | 000,000,000 | ---D | C] -- C:\Program Files\eMule [2012.06.02 16:06:48 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\.oit [2012.06.02 16:06:47 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\My PageManager [2012.06.02 16:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Presto! PageManager 9.03 Standard [2012.06.02 16:06:46 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\NewSoft [2012.06.02 16:06:17 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\NewSoft [2012.06.02 16:04:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\NewSoft [2012.06.02 16:03:31 | 000,000,000 | ---D | C] -- C:\Program Files\NewSoft [2012.06.02 16:03:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\color [2012.06.02 15:37:47 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL [2012.06.02 15:34:30 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Epson [2012.06.02 15:34:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software [2012.06.02 15:34:13 | 000,000,000 | ---D | C] -- C:\Program Files\Epson Software [2012.06.02 15:33:00 | 000,000,000 | ---D | C] -- C:\Program Files\EpsonNet [2012.06.02 15:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EPSON [2012.06.02 15:31:54 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2012.06.02 15:31:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2012.06.02 15:31:41 | 000,000,000 | ---D | C] -- C:\Program Files\epson [2012.05.29 20:27:21 | 000,000,000 | ---D | C] -- C:\Program Files\LANPoker [2012.05.27 23:00:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2012.05.27 23:00:15 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.05.27 23:00:12 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Google [2012.05.27 15:33:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012.05.27 15:32:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012.05.27 15:31:48 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0 [2012.05.27 15:20:54 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Adobe [2012.05.27 09:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel Corporation [2012.05.27 01:00:48 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\BMW [2012.05.27 00:57:14 | 000,000,000 | R--D | C] -- C:\Users\Flo\Documents\Scanned Documents [2012.05.27 00:57:14 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\Fax [2012.05.27 00:42:41 | 000,000,000 | ---D | C] -- C:\BMW M3 Challenge [2012.05.27 00:21:28 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink [2012.05.27 00:21:20 | 000,000,000 | -H-D | C] -- C:\Lenovo [2012.05.27 00:16:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell [2012.05.27 00:16:15 | 000,000,000 | ---D | C] -- C:\Program Files\Classic Shell [2012.05.27 00:10:43 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Diagnostics [2012.05.27 00:02:05 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\CWSM [2012.05.26 21:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\P's Mau Mau [2012.05.26 21:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\Pousen [2012.05.26 21:18:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp [2012.05.26 21:18:02 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Winamp Erkennungs-Plug-in [2012.05.26 21:18:02 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect [2012.05.26 21:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\PX Storage Engine [2012.05.26 21:17:51 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Winamp [2012.05.26 21:17:51 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp [2012.05.26 20:50:07 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2012.05.26 20:49:47 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\HP [2012.05.26 20:49:46 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\HP [2012.05.26 20:42:32 | 000,000,000 | ---D | C] -- C:\Users\Flo\Eigene Scans [2012.05.26 20:39:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Hewlett-Packard [2012.05.26 20:39:11 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510g-m [2012.05.26 20:37:32 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2012.05.26 20:36:54 | 000,000,000 | ---D | C] -- C:\Program Files\HP [2012.05.26 20:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2012.05.26 20:33:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.05.26 20:33:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.05.26 20:28:53 | 000,000,000 | ---D | C] -- C:\Users\Flo\Application Data [2012.05.26 20:20:43 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\sonstiges [2012.05.26 20:20:08 | 000,000,000 | ---D | C] -- C:\Users\Flo\Documents\SaMoTec [2012.05.26 20:14:48 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\vlc [2012.05.26 20:13:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2012.05.26 20:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2012.05.26 20:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\MSECache [2012.05.26 20:08:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2012.05.26 20:08:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.05.26 20:06:34 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.05.26 20:05:39 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.05.26 20:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.05.26 20:04:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2012.05.26 20:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio [2012.05.26 20:04:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2012.05.26 20:03:48 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.05.26 20:01:52 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Microsoft Help [2012.05.26 20:01:42 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.05.26 20:01:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2012.05.26 20:01:26 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.05.26 19:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2012.05.26 19:57:06 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.05.26 19:56:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2012.05.26 19:55:16 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Macromedia [2012.05.26 19:55:16 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Adobe [2012.05.26 19:54:57 | 000,000,000 | ---D | C] -- C:\Windows\System32\Macromed [2012.05.26 19:52:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2012.05.26 19:51:44 | 000,242,240 | ---- | C] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2012.05.26 19:51:41 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\DAEMON Tools Lite [2012.05.26 19:51:37 | 000,000,000 | ---D | C] -- C:\Program Files\DAEMON Tools Lite [2012.05.26 19:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.05.26 19:49:46 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client [2012.05.26 19:45:27 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Mozilla [2012.05.26 19:45:27 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Mozilla [2012.05.26 19:44:36 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\WinRAR [2012.05.26 19:44:36 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.05.26 19:44:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2012.05.26 19:44:32 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR [2012.05.26 18:52:05 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2012.05.26 18:51:31 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.05.26 18:40:04 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\System32\fms.dll [2012.05.26 18:25:34 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2012.05.26 18:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.05.26 18:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Maintenance Service [2012.05.26 18:14:22 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2012.05.26 17:33:21 | 000,000,000 | ---D | C] -- C:\ProgramData\OneKey Recovery [2012.05.26 17:31:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp [2012.05.26 17:24:04 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\EgisTec [2012.05.26 17:22:53 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\EgisTec IPS [2012.05.26 17:21:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Energy Management [2012.05.26 17:21:04 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo [2012.05.26 17:20:53 | 000,000,000 | ---D | C] -- C:\Program Files\Lenovo [2012.05.26 17:14:41 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\BioExcess [2012.05.26 17:14:40 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec [2012.05.26 17:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo [2012.05.26 17:14:38 | 000,062,048 | ---- | C] (Egis Technology Inc.) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys [2012.05.26 17:14:38 | 000,019,304 | ---- | C] (Egis Technology Inc.) -- C:\Windows\System32\drivers\mwlPSDFilter.sys [2012.05.26 17:14:38 | 000,016,744 | ---- | C] (Egis Technology Inc.) -- C:\Windows\System32\drivers\mwlPSDNserv.sys [2012.05.26 17:14:18 | 000,000,000 | ---D | C] -- C:\ProgramData\EgisTec IPS [2012.05.26 17:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\EgisTec IPS [2012.05.26 17:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\EgisTec BioExcess [2012.05.26 17:14:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\EgisTec [2012.05.26 17:13:30 | 000,603,248 | ---- | C] (Egis Technology Inc.) -- C:\Windows\System32\NBMatS1SDK.dll [2012.05.26 17:13:00 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2012.05.26 17:12:59 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Downloaded Installations [2012.05.26 17:10:19 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2012.05.26 17:09:12 | 003,264,728 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\System32\drivers\S6000KNT.sys [2012.05.26 17:09:11 | 000,428,632 | ---- | C] (Alcor) -- C:\Windows\System\S6000Dex.dll [2012.05.26 17:09:11 | 000,186,968 | ---- | C] (Alcor Micro, Corp.) -- C:\Windows\System32\S6000DIF.dll [2012.05.26 17:09:11 | 000,064,088 | ---- | C] (ALi) -- C:\Windows\System\S6000Rmv.dll [2012.05.26 17:09:11 | 000,000,000 | ---D | C] -- C:\Windows\WebCam [2012.05.26 17:09:11 | 000,000,000 | ---D | C] -- C:\Windows\S60Setup [2012.05.26 17:09:11 | 000,000,000 | ---D | C] -- C:\Program Files\Alcor [2012.05.26 17:06:52 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics [2012.05.26 17:05:58 | 002,128,384 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\drivers\athr.sys [2012.05.26 17:05:58 | 002,128,384 | ---- | C] (Atheros Communications, Inc.) -- C:\Windows\System32\athr.sys [2012.05.26 17:05:58 | 000,000,000 | ---D | C] -- C:\Windows\Options [2012.05.26 17:05:58 | 000,000,000 | ---D | C] -- C:\Program Files\Atheros [2012.05.26 17:05:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Atheros [2012.05.26 17:04:07 | 000,000,000 | ---D | C] -- C:\Windows\System32\sda [2012.05.26 16:48:43 | 000,000,000 | ---D | C] -- C:\Windows\System32\RTCOM [2012.05.26 16:48:28 | 001,783,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesLib.dll [2012.05.26 16:48:28 | 001,723,536 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\WavesGUILib.dll [2012.05.26 16:48:27 | 000,345,328 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSXT.dll [2012.05.26 16:48:27 | 000,214,352 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFNHK.dll [2012.05.26 16:48:27 | 000,185,584 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSTSHD.dll [2012.05.26 16:48:27 | 000,173,296 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSHP360.dll [2012.05.26 16:48:27 | 000,140,528 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\System32\SRSWOW.dll [2012.05.26 16:48:26 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFCOM.dll [2012.05.26 16:48:26 | 000,068,944 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\System32\SFAPO.dll [2012.05.26 16:48:17 | 000,359,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEP32A.dll [2012.05.26 16:48:17 | 000,170,840 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEED32A.dll [2012.05.26 16:48:17 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEL32A.dll [2012.05.26 16:48:17 | 000,064,856 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RTEEG32A.dll [2012.05.26 16:48:16 | 001,705,816 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEP32A.dll [2012.05.26 16:48:16 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DHT32.dll [2012.05.26 16:48:16 | 000,295,768 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\System32\RP3DAA32.dll [2012.05.26 16:48:16 | 000,096,600 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEL32A.dll [2012.05.26 16:48:16 | 000,061,784 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEG32A.dll [2012.05.26 16:48:15 | 001,439,064 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioRealtek.dll [2012.05.26 16:48:15 | 000,341,848 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EED32A.dll [2012.05.26 16:48:15 | 000,252,760 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxVolumeSDAPO.dll [2012.05.26 16:48:15 | 000,081,240 | ---- | C] (Dolby Laboratories) -- C:\Windows\System32\R4EEA32A.dll [2012.05.26 16:48:14 | 001,938,704 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioEQ.dll [2012.05.26 16:48:14 | 000,259,928 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO30.dll [2012.05.26 16:48:14 | 000,232,792 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO20.dll [2012.05.26 16:48:14 | 000,132,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\System32\MaxxAudioAPO.dll [2012.05.26 16:48:07 | 001,558,944 | ---- | C] (Fortemedia Corporation) -- C:\Windows\System32\FMAPO.dll [2012.05.26 16:48:06 | 000,406,120 | ---- | C] (DTS) -- C:\Windows\System32\DTSVoiceClarityDLL.dll [2012.05.26 16:48:05 | 001,132,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2SpeakerDLL.dll [2012.05.26 16:48:05 | 000,962,664 | ---- | C] (DTS) -- C:\Windows\System32\DTSS2HeadphoneDLL.dll [2012.05.26 16:48:05 | 000,429,160 | ---- | C] (DTS) -- C:\Windows\System32\DTSSymmetryDLL.dll [2012.05.26 16:48:05 | 000,291,432 | ---- | C] (DTS) -- C:\Windows\System32\DTSNeoPCDLL.dll [2012.05.26 16:48:05 | 000,224,360 | ---- | C] (DTS) -- C:\Windows\System32\DTSLimiterDLL.dll [2012.05.26 16:48:05 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSLFXAPO.dll [2012.05.26 16:48:04 | 000,901,224 | ---- | C] (DTS) -- C:\Windows\System32\DTSBoostDLL.dll [2012.05.26 16:48:04 | 000,448,616 | ---- | C] (DTS) -- C:\Windows\System32\DTSBassEnhancementDLL.dll [2012.05.26 16:48:04 | 000,236,648 | ---- | C] (DTS) -- C:\Windows\System32\DTSGainCompensatorDLL.dll [2012.05.26 16:48:04 | 000,107,112 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPO.dll [2012.05.26 16:48:04 | 000,106,600 | ---- | C] (DTS) -- C:\Windows\System32\DTSGFXAPONS.dll [2012.05.26 16:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2012.05.26 16:47:59 | 000,000,000 | -H-D | C] -- C:\Program Files\Temp [2012.05.26 16:47:54 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield [2012.05.26 16:33:57 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Intel [2012.05.26 16:31:45 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Intel Corporation [2012.05.26 16:30:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2012.05.26 16:30:21 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information [2012.05.26 16:30:21 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\InstallShield [2012.05.26 16:29:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\postureAgent [2012.05.26 16:21:47 | 000,053,248 | R--- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\System32\CSVer.dll [2012.05.26 16:21:47 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2012.05.26 16:21:35 | 000,000,000 | ---D | C] -- C:\Intel [2012.05.26 16:18:39 | 000,000,000 | R--D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.05.26 16:18:39 | 000,000,000 | R--D | C] -- C:\Users\Flo\Searches [2012.05.26 16:18:39 | 000,000,000 | R--D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.05.26 16:18:29 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Identities [2012.05.26 16:18:27 | 000,000,000 | R--D | C] -- C:\Users\Flo\Contacts [2012.05.26 16:18:20 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\VirtualStore [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\Vorlagen [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\AppData\Local\Verlauf [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\AppData\Local\Temporary Internet Files [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\Startmenü [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\SendTo [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\Recent [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\Netzwerkumgebung [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\Lokale Einstellungen [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\Documents\Eigene Videos [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\Documents\Eigene Musik [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\Eigene Dateien [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\Documents\Eigene Bilder [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\Druckumgebung [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\Cookies [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\AppData\Local\Anwendungsdaten [2012.05.26 16:18:18 | 000,000,000 | -HSD | C] -- C:\Users\Flo\Anwendungsdaten [2012.05.26 16:18:17 | 000,000,000 | --SD | C] -- C:\Users\Flo\AppData\Roaming\Microsoft [2012.05.26 16:18:17 | 000,000,000 | R--D | C] -- C:\Users\Flo\Videos [2012.05.26 16:18:17 | 000,000,000 | R--D | C] -- C:\Users\Flo\Saved Games [2012.05.26 16:18:17 | 000,000,000 | R--D | C] -- C:\Users\Flo\Pictures [2012.05.26 16:18:17 | 000,000,000 | R--D | C] -- C:\Users\Flo\Music [2012.05.26 16:18:17 | 000,000,000 | R--D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.05.26 16:18:17 | 000,000,000 | R--D | C] -- C:\Users\Flo\Links [2012.05.26 16:18:17 | 000,000,000 | R--D | C] -- C:\Users\Flo\Favorites [2012.05.26 16:18:17 | 000,000,000 | R--D | C] -- C:\Users\Flo\Downloads [2012.05.26 16:18:17 | 000,000,000 | R--D | C] -- C:\Users\Flo\Documents [2012.05.26 16:18:17 | 000,000,000 | R--D | C] -- C:\Users\Flo\Desktop [2012.05.26 16:18:17 | 000,000,000 | R--D | C] -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.05.26 16:18:17 | 000,000,000 | -H-D | C] -- C:\Users\Flo\AppData [2012.05.26 16:18:17 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Temp [2012.05.26 16:18:17 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\Microsoft [2012.05.26 16:18:17 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\Media Center Programs [2012.05.26 16:16:53 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.05.26 16:16:53 | 000,000,000 | -HSD | C] -- C:\Programme [2012.05.26 16:16:53 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2012.05.26 16:16:53 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2012.05.26 16:16:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2012.05.26 16:16:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2012.05.26 16:16:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2012.05.26 16:16:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2012.05.26 16:16:52 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2012.05.26 16:16:52 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2012.05.26 16:16:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2012.05.26 16:16:52 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2012.05.26 16:13:50 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2012.05.26 16:11:06 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2012.05.26 16:10:48 | 000,000,000 | -HSD | C] -- C:\System Volume Information ========== Files - Modified Within 30 Days ========== [2012.06.09 10:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.09 10:05:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.09 09:57:34 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.09 09:57:34 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.09 09:53:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Flo\Desktop\OTL.exe [2012.06.09 07:54:00 | 000,656,266 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.09 07:54:00 | 000,618,108 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.09 07:54:00 | 000,131,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.09 07:54:00 | 000,107,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.09 07:48:04 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.09 07:47:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.09 07:47:30 | 2349,969,408 | -HS- | M] () -- C:\hiberfil.sys [2012.06.07 11:11:52 | 000,101,248 | ---- | M] (AVM Berlin) -- C:\Windows\System32\drivers\avmaudio.sys [2012.06.07 11:11:51 | 000,032,256 | ---- | M] (AVM Berlin) -- C:\Windows\System32\MiniInstaller.dll [2012.06.02 16:06:17 | 000,000,264 | ---- | M] () -- C:\Windows\setup.iss [2012.06.02 15:26:13 | 000,355,912 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.27 09:34:24 | 000,000,000 | -H-- | M] () -- C:\Users\Flo\Documents\Default.rdp [2012.05.26 19:51:44 | 000,242,240 | ---- | M] (DT Soft Ltd) -- C:\Windows\System32\drivers\dtsoftbus01.sys [2012.05.26 19:49:57 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif [2012.05.26 19:44:03 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.05.26 18:18:14 | 000,072,822 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2012.05.26 17:14:38 | 000,062,048 | ---- | M] (Egis Technology Inc.) -- C:\Windows\System32\drivers\mwlPSDVDisk.sys [2012.05.26 17:14:38 | 000,019,304 | ---- | M] (Egis Technology Inc.) -- C:\Windows\System32\drivers\mwlPSDFilter.sys [2012.05.26 17:14:38 | 000,016,744 | ---- | M] (Egis Technology Inc.) -- C:\Windows\System32\drivers\mwlPSDNserv.sys [2012.05.26 17:06:54 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2012.05.26 16:36:16 | 000,015,336 | ---- | M] () -- C:\Windows\System32\results.xml [2012.05.26 16:14:53 | 000,057,050 | ---- | M] () -- C:\Windows\System32\license.rtf ========== Files Created - No Company Name ========== [2012.06.07 15:43:39 | 000,001,136 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.06.02 15:36:28 | 000,000,264 | ---- | C] () -- C:\Windows\setup.iss [2012.05.27 23:00:17 | 000,001,092 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.05.27 23:00:17 | 000,001,088 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.05.27 09:34:24 | 000,000,000 | -H-- | C] () -- C:\Users\Flo\Documents\Default.rdp [2012.05.26 19:57:39 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.05.26 19:54:59 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.26 19:49:57 | 000,001,912 | ---- | C] () -- C:\Windows\epplauncher.mif [2012.05.26 19:49:52 | 000,001,915 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk [2012.05.26 19:44:03 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_09_00.Wdf [2012.05.26 18:40:57 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe [2012.05.26 18:40:46 | 000,146,852 | ---- | C] () -- C:\Windows\System32\systemsf.ebd [2012.05.26 18:39:52 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.05.26 18:39:49 | 000,010,429 | ---- | C] () -- C:\Windows\System32\ScavengeSpace.xml [2012.05.26 18:39:39 | 000,105,559 | ---- | C] () -- C:\Windows\System32\RacRules.xml [2012.05.26 18:18:14 | 000,072,822 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2012.05.26 18:14:24 | 000,001,104 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.05.26 17:09:12 | 000,012,376 | ---- | C] () -- C:\Windows\System\S6000Remov.exe [2012.05.26 17:09:11 | 000,141,912 | ---- | C] () -- C:\Windows\System\S6000Vex.dll [2012.05.26 17:09:11 | 000,015,190 | ---- | C] () -- C:\Windows\S6000Twn.ini [2012.05.26 17:09:11 | 000,013,448 | ---- | C] () -- C:\Windows\S6000Twn.src [2012.05.26 17:06:54 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2012.05.26 17:05:59 | 000,401,774 | ---- | C] () -- C:\Windows\System32\netathr.inf [2012.05.26 17:05:59 | 000,061,456 | ---- | C] () -- C:\Windows\System32\athrext.cat [2012.05.26 16:36:16 | 000,015,336 | ---- | C] () -- C:\Windows\System32\results.xml [2012.05.26 16:33:35 | 000,094,208 | ---- | C] () -- C:\Windows\System32\IccLibDll.dll [2012.05.26 16:33:34 | 000,145,804 | ---- | C] () -- C:\Windows\System32\igcompkrng600.bin [2012.05.26 16:29:15 | 000,008,192 | R--- | C] () -- C:\Windows\System32\drivers\IntelMEFWVer.dll [2012.05.26 16:18:41 | 000,001,413 | ---- | C] () -- C:\Users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.05.26 16:14:44 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2012.05.26 16:14:32 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2012.05.26 16:10:48 | 2349,969,408 | -HS- | C] () -- C:\hiberfil.sys [2012.03.19 23:26:06 | 000,963,912 | ---- | C] () -- C:\Windows\System32\igkrng600.bin [2012.03.19 23:26:06 | 000,261,208 | ---- | C] () -- C:\Windows\System32\igfcg600m.bin [2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\System32\igdde32.dll [2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\System32\ig4icd32.dll [2012.03.19 22:11:22 | 000,009,216 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2012.03.19 22:09:28 | 000,000,264 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll ========== LOP Check ========== [2012.06.09 07:49:18 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\.oit [2012.05.26 19:58:58 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\DAEMON Tools Lite [2012.06.02 15:34:30 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\Epson [2012.06.02 16:06:17 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\NewSoft [2012.06.07 15:56:20 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\TeamViewer [2012.06.02 16:22:58 | 000,000,000 | ---D | M] -- C:\Users\Flo\AppData\Roaming\uTorrent [2009.07.14 06:53:46 | 000,016,756 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.05.26 16:18:27 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.06.03 15:58:29 | 000,000,000 | ---D | M] -- C:\BMW M3 Challenge [2012.06.03 16:12:05 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.05.26 16:16:52 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.06.03 19:37:27 | 000,000,000 | ---D | M] -- C:\Drivers [2012.05.26 16:32:56 | 000,000,000 | ---D | M] -- C:\Intel [2012.05.27 00:21:20 | 000,000,000 | -H-D | M] -- C:\Lenovo [2012.05.26 20:01:26 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.06.07 20:47:41 | 000,000,000 | R--D | M] -- C:\Program Files [2012.06.02 15:37:47 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.05.26 16:16:53 | 000,000,000 | -HSD | M] -- C:\Programme [2012.05.26 16:16:53 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.06.09 10:01:11 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.05.26 16:18:17 | 000,000,000 | R--D | M] -- C:\Users [2012.06.07 11:12:06 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2010.09.13 18:18:16 | 000,353,304 | ---- | M] (Intel Corporation) MD5=F4F4CBC7F6C7CB940AA9F0AAF3EF1104 -- C:\Windows\System32\drivers\iaStor.sys [2010.09.13 18:18:16 | 000,353,304 | ---- | M] (Intel Corporation) MD5=F4F4CBC7F6C7CB940AA9F0AAF3EF1104 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_bb6288d7d4f7d2fd\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.06.02 08:11:07 | 000,000,036 | ---- | M] () -- C:\Users\Flo\Neues Textdokument.txt [2012.06.09 10:16:25 | 001,048,576 | -HS- | M] () -- C:\Users\Flo\NTUSER.DAT [2012.06.09 10:16:25 | 000,262,144 | -HS- | M] () -- C:\Users\Flo\ntuser.dat.LOG1 [2012.05.26 16:18:17 | 000,000,000 | -HS- | M] () -- C:\Users\Flo\ntuser.dat.LOG2 [2012.05.26 16:18:49 | 000,065,536 | -HS- | M] () -- C:\Users\Flo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2012.05.26 16:18:49 | 000,524,288 | -HS- | M] () -- C:\Users\Flo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2012.05.26 16:18:49 | 000,524,288 | -HS- | M] () -- C:\Users\Flo\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2012.05.26 16:18:18 | 000,000,020 | -HS- | M] () -- C:\Users\Flo\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
![]() | #2 |
/// Malwareteam ![]() ![]() ![]() ![]() | ![]() Permanenter seitenaufruf bei eingabe in die Adressleiste von http://woobiu.com CkScan
__________________Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
__________________ |
![]() | #3 |
/// Malwareteam ![]() ![]() ![]() ![]() | ![]() Permanenter seitenaufruf bei eingabe in die Adressleiste von http://woobiu.com Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ |
![]() | #4 |
/// Malwareteam ![]() ![]() ![]() ![]() | ![]() Permanenter seitenaufruf bei eingabe in die Adressleiste von http://woobiu.com Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ Kein Asylrecht für Trojaner! ![]() Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
![]() |
Themen zu Permanenter seitenaufruf bei eingabe in die Adressleiste von http://woobiu.com |
adobe, anti maleware, autorun, bho, browser, cpu, defender, ebanking, emsisoft, explorer, firefox, firewall, focus, frage, gesperrt, google earth, helper, lenovo, logfile, maleware, microsoft essentials, mozilla, netzwerk, nvstor.sys, plug-in, problem, realtek, registry, required, rundll, scan, searchscopes, security, seitenaufruf, software, version=1.0, windows xp, winlogon.exe |