Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
winvdb.rom

winvdb.rom


Plagegeister aller Art und deren Bekämpfung: winvdb.rom

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 15.06.2010, 21:25   #1
ap89
 
winvdb.rom - Standard

winvdb.rom


Hallo,

habe folgendes Problem:

mein PC (Windows7) zeigt mir nach dem Hochfahren folgendes an:

"Problem beim Starten von winvdb32.rom"

Habe dann cc-cleaner, Malwarebytes und den OTL durchlaufen lassen.
Ist das Problem damit beseitigt?

Über Antworten wäre ich sehr dankbar!

Grüße

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4200

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

15.06.2010 22:05:26
mbam-log-2010-06-15 (22-05-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 238055
Laufzeit: 1 Stunde(n), 21 Minute(n), 58 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 1
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 2

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssmsgs (Backdoor.Bot) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Users\***\AppData\Local\Temp\Jja52B3.exe (Rootkit.TDSS) -> Quarantined and deleted successfully.
C:\Windows\MSetup\BASW-01278A18\FailSafeFactoryInstaller_1017.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Alt 15.06.2010, 21:30   #2
ap89
 
winvdb.rom - Standard

winvdb.rom


Code:
ATTFilter
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" File not found
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{0A353130-D22C-41DD-8C67-1B02A05F2CE0}" = Samsung Support Center
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite
"{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = *** Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CCleaner" = CCleaner
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch
"EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite
"InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marvell Miniport Driver" = Marvell Miniport Driver
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"MSC" = McAfee SecurityCenter
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.0.5
"WinLiveSuite_Wave3" = Windows Live Essentials
"Zattoo4" = Zattoo4 4.0.5
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 6/14/2010 7:20:02 PM | Computer Name = ***-PC | Source = VSS | ID = 8194
Description = 
 
Error - 6/15/2010 4:36:28 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Jja4FD5.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c1735c2  Name des fehlerhaften Moduls: Jja4FD5.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c1735c2  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000526e  ID des fehlerhaften Prozesses:
 0x1564  Startzeit der fehlerhaften Anwendung: 0x01cb0c65d75e0cbf  Pfad der fehlerhaften
 Anwendung: C:\Users\***\AppData\Local\Temp\Jja4FD5.exe  Pfad des fehlerhaften Moduls:
 C:\Users\***\AppData\Local\Temp\Jja4FD5.exe  Berichtskennung: 16b16233-7859-11df-9008-002454828e22
 
Error - 6/15/2010 4:36:28 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xb20  Startzeit der fehlerhaften Anwendung: 0x01cb0c5d8e0804c8  Pfad der
 fehlerhaften Anwendung: C:\windows\Explorer.EXE  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 16b3c393-7859-11df-9008-002454828e22
 
Error - 6/15/2010 4:36:55 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0xef4  Startzeit der fehlerhaften Anwendung: 0x01cb0c65dd6860d4  Pfad der
 fehlerhaften Anwendung: C:\windows\Explorer.EXE  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 27088eb6-7859-11df-9008-002454828e22
 
Error - 6/15/2010 4:36:55 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: JjaC40A.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c1735c2  Name des fehlerhaften Moduls: JjaC40A.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c1735c2  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000526e  ID des fehlerhaften Prozesses:
 0x638  Startzeit der fehlerhaften Anwendung: 0x01cb0c65e9195d4e  Pfad der fehlerhaften
 Anwendung: C:\Users\***\AppData\Local\Temp\JjaC40A.exe  Pfad des fehlerhaften Moduls:
 C:\Users\***\AppData\Local\Temp\JjaC40A.exe  Berichtskennung: 270d5177-7859-11df-9008-002454828e22
 
Error - 6/15/2010 4:37:33 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450,
 Zeitstempel: 0x4aeba271  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften
 Prozesses: 0x2d4  Startzeit der fehlerhaften Anwendung: 0x01cb0c65ed5430ee  Pfad der
 fehlerhaften Anwendung: C:\windows\Explorer.EXE  Pfad des fehlerhaften Moduls: unknown
Berichtskennung:
 3d6c41ce-7859-11df-9008-002454828e22
 
Error - 6/15/2010 4:37:33 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Jja54E4.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c1735c2  Name des fehlerhaften Moduls: Jja54E4.exe, Version: 0.0.0.0, Zeitstempel:
 0x4c1735c2  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000526e  ID des fehlerhaften Prozesses:
 0x3a8  Startzeit der fehlerhaften Anwendung: 0x01cb0c65ff30e45d  Pfad der fehlerhaften
 Anwendung: C:\Users\***\AppData\Local\Temp\Jja54E4.exe  Pfad des fehlerhaften Moduls:
 C:\Users\***\AppData\Local\Temp\Jja54E4.exe  Berichtskennung: 3d7365ee-7859-11df-9008-002454828e22
 
[ System Events ]
Error - 6/15/2010 4:45:33 AM | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 6/15/2010 4:45:33 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%776
 
Error - 6/15/2010 2:05:56 PM | Computer Name = ***-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?15.?06.?2010 um 19:58:51 unerwartet heruntergefahren.
 
Error - 6/15/2010 2:06:00 PM | Computer Name = ***-PC | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >
__________________
Alt 15.06.2010, 21:41   #3
ap89
 
winvdb.rom - Standard

winvdb.rom


Code:
ATTFilter
OTL logfile created on: 6/15/2010 10:11:14 PM - Run 1
OTL by OldTimer - Version 3.2.6.0     Folder = C:\Users\***\Downloads
 Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free
6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 147.15 Gb Total Space | 122.66 Gb Free Space | 83.35% Space Free | Partition Type: NTFS
Drive D: | 135.84 Gb Total Space | 135.75 Gb Free Space | 99.93% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 963.70 Mb Total Space | 656.80 Mb Free Space | 68.15% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded
 
Computer Name: ***-PC
Current User Name: ***
Logged in as Administrator.
 
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc.)
PRC - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe ()
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.)
PRC - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC)
PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics)
PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe ()
PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
PRC - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
PRC - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
PRC - C:\Windows\System32\Rezip.exe ()
PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\McAfee\SiteAdvisor\saHook.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (mcmscsvc) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.)
SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.)
SRV - (McODS) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.)
SRV - (McShield) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.)
SRV - (McSysmon) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.)
SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.)
SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.)
SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe ()
SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (McProxy) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.)
SRV - (McNASvc) -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.)
SRV - (Rezip) -- C:\Windows\System32\Rezip.exe ()
SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated)
DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.)
DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.)
DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.)
DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.)
DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.)
DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.)
DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation)
DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation)
DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys ()
DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation)
DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation                                            )
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation)
DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS)
DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3
 
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/15 20:11:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/14 20:54:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/14 20:54:40 | 000,000,000 | ---D | M]
 
[2010/06/14 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2010/06/15 21:10:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7h1cswz6.default\extensions
[2010/06/15 11:02:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7h1cswz6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/06/15 11:02:57 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7h1cswz6.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}
[2010/06/14 21:14:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7h1cswz6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/06/14 22:40:39 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2010/06/14 22:40:40 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/04/01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2010/04/01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/04/01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2010/04/01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2010/04/01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [fsi] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe ()
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [{E71DD9E4-BA39-428B-FC7C-567AC1A096F6}] C:\Users\***\AppData\Roaming\Arcioh\tiyt.exe ()
O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll ()
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/06/15 20:40:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2010/06/15 20:40:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys
[2010/06/15 20:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/06/15 20:40:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys
[2010/06/15 20:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/15 20:05:53 | 000,000,000 | ---D | C] -- C:\windows\Minidump
[2010/06/15 19:01:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Games
[2010/06/15 02:46:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Arcioh
[2010/06/15 01:19:10 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\PICSDK2.dll
[2010/06/15 01:19:10 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\EpPicPrt.dll
[2010/06/15 01:19:10 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\PICEntry.dll
[2010/06/15 01:19:10 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\PICSDK.dll
[2010/06/15 01:19:10 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\EPPicMgr.dll
[2010/06/15 01:19:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield
[2010/06/15 01:17:50 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\windows\System32\E_DCINST.DLL
[2010/06/15 01:17:42 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\E_FLBEGE.DLL
[2010/06/15 01:17:39 | 000,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\E_FD4BEGE.DLL
[2010/06/15 01:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON
[2010/06/15 01:17:14 | 000,071,680 | ---- | C] (SEIKO EPSON CORP.) -- C:\windows\System32\escwiad.dll
[2010/06/15 01:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2010/06/15 01:09:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2010/06/15 01:07:25 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe
[2010/06/15 01:06:28 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsasrv.dll
[2010/06/15 01:06:27 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ksecpkg.sys
[2010/06/15 01:05:49 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys
[2010/06/15 01:05:45 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll
[2010/06/15 01:05:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll
[2010/06/15 01:05:42 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll
[2010/06/15 01:05:40 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll
[2010/06/15 01:05:40 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll
[2010/06/15 01:05:40 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll
[2010/06/15 01:05:39 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2010/06/15 01:05:27 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll
[2010/06/15 01:05:27 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\avifil32.dll
[2010/06/15 01:05:27 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciavi32.dll
[2010/06/15 01:05:25 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2010/06/15 01:05:24 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2010/06/15 01:05:23 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CPFilters.dll
[2010/06/15 01:05:22 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisdecd.dll
[2010/06/15 01:05:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll
[2010/06/15 01:05:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax
[2010/06/15 01:04:30 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll
[2010/06/15 01:04:29 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll
[2010/06/15 01:04:29 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll
[2010/06/15 01:04:29 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe
[2010/06/15 01:04:29 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe
[2010/06/15 01:04:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll
[2010/06/15 01:04:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll
[2010/06/15 01:04:28 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe
[2010/06/15 01:04:28 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe
[2010/06/15 01:04:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll
[2010/06/15 01:04:18 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010/06/15 01:04:17 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fontsub.dll
[2010/06/15 01:04:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010/06/15 01:03:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Youcam
[2010/06/15 00:59:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2010/06/15 00:58:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Google
[2010/06/15 00:58:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google
[2010/06/15 00:43:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Wovec
[2010/06/15 00:27:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Power2Go
[2010/06/15 00:26:32 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2010/06/15 00:26:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2010/06/15 00:26:21 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2010/06/15 00:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Phoenix Technologies Ltd
[2010/06/15 00:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2010/06/15 00:24:03 | 000,054,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\fssfltr.sys
[2010/06/15 00:24:03 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE
[2010/06/15 00:23:11 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_32.dll
[2010/06/15 00:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2010/06/15 00:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2010/06/15 00:21:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2010/06/15 00:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive
[2010/06/15 00:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2010/06/15 00:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live
[2010/06/15 00:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Suite Activation Assistant
[2010/06/15 00:18:10 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msonpmon.dll
[2010/06/15 00:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2010/06/15 00:17:16 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH
[2010/06/15 00:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET
[2010/06/15 00:16:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help
[2010/06/15 00:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2010/06/15 00:15:39 | 000,000,000 | RH-D | C] -- C:\MSOCache
[2010/06/15 00:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2010/06/15 00:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works
[2010/06/15 00:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung Casual Games
[2010/06/15 00:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media
[2010/06/15 00:08:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2010/06/15 00:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2010/06/15 00:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/06/15 00:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2010/06/15 00:07:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2010/06/15 00:07:50 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2010/06/15 00:07:50 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2010/06/15 00:07:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2010/06/15 00:07:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2010/06/15 00:07:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2010/06/15 00:06:21 | 000,000,000 | -HSD | C] -- C:\Recovery
[2010/06/14 23:51:22 | 000,000,000 | ---D | C] -- C:\Users\***\Tracing
[2010/06/14 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\skypePM
[2010/06/14 22:48:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype
[2010/06/14 22:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2010/06/14 22:40:26 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2010/06/14 22:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2010/06/14 22:10:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GameConsole
[2010/06/14 22:10:26 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Roaming\.#
[2010/06/14 22:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio
[2010/06/14 22:03:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2010/06/14 22:03:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live Writer
[2010/06/14 22:03:00 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Weblog Posts
[2010/06/14 21:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Arcade Lab
[2010/06/14 21:21:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2010/06/14 21:04:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browserchoice.exe
[2010/06/14 20:54:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2010/06/14 20:54:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla
[2010/06/14 20:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/14 20:52:39 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Uni Kram
[2010/06/14 20:51:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2010/06/14 20:48:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\EPSON
[2010/06/14 20:38:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Zattoo
[2010/06/14 20:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Zattoo4
[2010/06/14 20:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010/06/14 20:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/06/14 19:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL
[2010/06/14 19:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint
[2010/06/03 04:41:44 | 003,600,384 | ---- | C] (Google Inc.) -- C:\windows\System32\GPhotos.scr
 
========== Files - Modified Within 30 Days ==========
 
[2010/06/15 22:15:18 | 003,085,342 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI
[2010/06/15 22:15:18 | 000,684,954 | ---- | M] () -- C:\windows\System32\perfh00C.dat
[2010/06/15 22:15:18 | 000,680,010 | ---- | M] () -- C:\windows\System32\perfh010.dat
[2010/06/15 22:15:18 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat
[2010/06/15 22:15:18 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2010/06/15 22:15:18 | 000,127,070 | ---- | M] () -- C:\windows\System32\perfc00C.dat
[2010/06/15 22:15:18 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat
[2010/06/15 22:15:18 | 000,124,006 | ---- | M] () -- C:\windows\System32\perfc010.dat
[2010/06/15 22:15:18 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2010/06/15 22:15:13 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/06/15 22:15:13 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/06/15 22:08:50 | 000,003,837 | ---- | M] () -- C:\windows\System32\Config.MPF
[2010/06/15 22:08:10 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/15 22:08:02 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT
[2010/06/15 22:07:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2010/06/15 22:07:40 | 3209,216,000 | -HS- | M] () -- C:\hiberfil.sys
[2010/06/15 22:06:53 | 001,310,720 | -HS- | M] () -- C:\Users\***\NTUSER.DAT
[2010/06/15 22:06:51 | 001,394,020 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db
[2010/06/15 22:05:01 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/15 20:40:16 | 000,104,400 | ---- | M] () -- C:\Users\***\Documents\cc_20100615_203959.reg
[2010/06/15 20:33:35 | 000,001,831 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010/06/15 01:19:03 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Stylus SX200_SX400_TX200_TX400 Handbuch.lnk
[2010/06/15 01:17:14 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/06/15 01:16:53 | 000,000,025 | ---- | M] () -- C:\windows\CDE SX400DEFGIPS.ini
[2010/06/15 01:00:00 | 000,000,368 | ---- | M] () -- C:\windows\tasks\McDefragTask.job
[2010/06/15 00:29:30 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 00:29:30 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 00:29:30 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/06/15 00:27:15 | 000,001,075 | ---- | M] () -- C:\Users\***\Desktop\CyberLink YouCam.lnk
[2010/06/15 00:27:12 | 000,001,130 | ---- | M] () -- C:\Users\***\Desktop\CyberLink DVD Suite.lnk
[2010/06/15 00:26:08 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\FailSafe Setup.lnk
[2010/06/15 00:22:44 | 000,000,020 | ---- | M] () -- C:\windows\àó¥
[2010/06/15 00:20:24 | 000,084,224 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT
[2010/06/15 00:10:27 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Game Pack.lnk
[2010/06/15 00:08:42 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/15 00:08:15 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\144D_SAMSUNG_N_R530_01KQ.mrk
[2010/06/15 00:07:51 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini
[2010/06/14 22:48:49 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat
[2010/06/14 22:40:29 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/06/14 21:29:42 | 000,019,456 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010/06/14 21:17:25 | 000,350,288 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT
[2010/06/14 20:54:42 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/06/14 20:38:07 | 000,001,814 | ---- | M] () -- C:\Users\***\Desktop\Zattoo.lnk
[2010/06/14 20:37:32 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/06/14 17:05:31 | 000,052,870 | ---- | M] () -- C:\windows\System32\license.rtf
[2010/06/10 20:42:16 | 000,030,208 | ---- | M] () -- C:\Users\***\Documents\bewerbung als praktikantin hannoverimpuls.doc
[2010/06/03 04:41:44 | 003,600,384 | ---- | M] (Google Inc.) -- C:\windows\System32\GPhotos.scr
[2010/05/27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\System32\atmlib.dll
[2010/05/27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll
[2010/05/21 07:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
 
========== Files Created - No Company Name ==========
 
[2010/06/15 20:40:03 | 000,104,400 | ---- | C] () -- C:\Users\***\Documents\cc_20100615_203959.reg
[2010/06/15 20:33:35 | 000,001,831 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk
[2010/06/15 01:19:10 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat
[2010/06/15 01:19:10 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat
[2010/06/15 01:19:10 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat
[2010/06/15 01:19:10 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat
[2010/06/15 01:19:10 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat
[2010/06/15 01:19:10 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat
[2010/06/15 01:19:10 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat
[2010/06/15 01:19:10 | 000,013,732 | ---- | C] () -- C:\windows\System32\EPPICLocal_EN.cfg
[2010/06/15 01:19:10 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat
[2010/06/15 01:19:10 | 000,006,442 | ---- | C] () -- C:\windows\System32\EPPICLocal_IT.cfg
[2010/06/15 01:19:10 | 000,006,347 | ---- | C] () -- C:\windows\System32\EPPICLocal_PT.cfg
[2010/06/15 01:19:10 | 000,006,347 | ---- | C] () -- C:\windows\System32\EPPICLocal_BP.cfg
[2010/06/15 01:19:10 | 000,006,335 | ---- | C] () -- C:\windows\System32\EPPICLocal_GE.cfg
[2010/06/15 01:19:10 | 000,006,195 | ---- | C] () -- C:\windows\System32\EPPICLocal_FR.cfg
[2010/06/15 01:19:10 | 000,006,195 | ---- | C] () -- C:\windows\System32\EPPICLocal_CF.cfg
[2010/06/15 01:19:10 | 000,006,122 | ---- | C] () -- C:\windows\System32\EPPICLocal_DU.cfg
[2010/06/15 01:19:10 | 000,006,103 | ---- | C] () -- C:\windows\System32\EPPICLocal_ES.cfg
[2010/06/15 01:19:10 | 000,005,817 | ---- | C] () -- C:\windows\System32\EPPICLocal_KO.cfg
[2010/06/15 01:19:10 | 000,005,436 | ---- | C] () -- C:\windows\System32\EPPICLocal_SC.cfg
[2010/06/15 01:19:10 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat
[2010/06/15 01:19:10 | 000,002,889 | ---- | C] () -- C:\windows\System32\EPPICLocal_RU.cfg
[2010/06/15 01:19:10 | 000,002,426 | ---- | C] () -- C:\windows\System32\EPPICLocal_TC.cfg
[2010/06/15 01:19:10 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat
[2010/06/15 01:19:10 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat
[2010/06/15 01:19:10 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat
[2010/06/15 01:19:10 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat
[2010/06/15 01:19:10 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat
[2010/06/15 01:19:10 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat
[2010/06/15 01:19:10 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat
[2010/06/15 01:19:10 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat
[2010/06/15 01:19:10 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat
[2010/06/15 01:19:10 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini
[2010/06/15 01:19:03 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Stylus SX200_SX400_TX200_TX400 Handbuch.lnk
[2010/06/15 01:17:14 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk
[2010/06/15 01:16:53 | 000,000,025 | ---- | C] () -- C:\windows\CDE SX400DEFGIPS.ini
[2010/06/15 00:26:08 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\FailSafe Setup.lnk
[2010/06/15 00:25:59 | 000,562,718 | ---- | C] () -- C:\windows\surbey.ico
[2010/06/15 00:25:30 | 000,001,075 | ---- | C] () -- C:\Users\***\Desktop\CyberLink YouCam.lnk
[2010/06/15 00:22:43 | 000,000,020 | ---- | C] () -- C:\windows\àó¥
[2010/06/15 00:10:27 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Game Pack.lnk
[2010/06/15 00:09:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010/06/15 00:08:42 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/06/15 00:08:15 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\144D_SAMSUNG_N_R530_01KQ.mrk
[2010/06/15 00:07:51 | 000,000,020 | -HS- | C] () -- C:\Users\***\ntuser.ini
[2010/06/15 00:07:50 | 001,310,720 | -HS- | C] () -- C:\Users\***\NTUSER.DAT
[2010/06/15 00:07:50 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2010/06/15 00:07:50 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2010/06/15 00:07:50 | 000,262,144 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG1
[2010/06/15 00:07:50 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2010/06/15 00:07:50 | 000,001,130 | ---- | C] () -- C:\Users\***\Desktop\CyberLink DVD Suite.lnk
[2010/06/15 00:07:50 | 000,000,000 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG2
[2010/06/14 22:48:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010/06/14 22:40:29 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2010/06/14 21:00:11 | 000,001,096 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/06/14 21:00:11 | 000,001,092 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/06/14 20:54:42 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2010/06/14 20:38:57 | 000,019,456 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db
[2010/06/14 20:38:07 | 000,001,814 | ---- | C] () -- C:\Users\***\Desktop\Zattoo.lnk
[2010/06/14 20:37:31 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2010/06/14 20:08:01 | 000,030,208 | ---- | C] () -- C:\Users\***\Documents\bewerbung als praktikantin hannoverimpuls.doc
[2010/03/05 06:56:58 | 000,000,426 | ---- | C] () -- C:\windows\HotFixList.ini
[2009/09/28 11:22:00 | 000,315,392 | ---- | C] () -- C:\windows\System32\drivers\yk62x86.sys
[2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2006/10/08 19:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini
 
========== LOP Check ==========
 
[2010/06/14 22:10:50 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.#
[2010/06/15 02:46:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arcioh
[2010/06/14 20:48:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON
[2010/06/14 22:10:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameConsole
[2010/06/14 22:03:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2010/06/15 22:14:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wovec
[2010/06/15 01:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2010/03/05 07:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2009/07/14 06:53:46 | 000,008,116 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE
< End of report >
__________________
Antwort

Themen zu winvdb.rom
anti-malware, antworten, appdata, backdoor.bot, beim starten, beseitigt, bösartige, dateien, explorer, folge, folgendes, hochfahren, local\temp, malwarebytes, malwarebytes' anti-malware, microsoft, minute, problem, software, starte, starten, temp, troja, trojan.fakealert, version, windows, worte


« ICQ spamt | "Wie findest du dieses Bild" »

Zum Thema winvdb.rom - Hallo, habe folgendes Problem: mein PC (Windows7) zeigt mir nach dem Hochfahren folgendes an: "Problem beim Starten von winvdb32.rom" Habe dann cc-cleaner, Malwarebytes und den OTL durchlaufen lassen. Ist das - winvdb.rom...
Archiv
Du betrachtest: winvdb.rom auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129