|
Plagegeister aller Art und deren Bekämpfung: winvdb.romWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
15.06.2010, 21:25 | #1 |
| winvdb.rom Hallo, habe folgendes Problem: mein PC (Windows7) zeigt mir nach dem Hochfahren folgendes an: "Problem beim Starten von winvdb32.rom" Habe dann cc-cleaner, Malwarebytes und den OTL durchlaufen lassen. Ist das Problem damit beseitigt? Über Antworten wäre ich sehr dankbar! Grüße Code:
ATTFilter Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4200 Windows 6.1.7600 Internet Explorer 8.0.7600.16385 15.06.2010 22:05:26 mbam-log-2010-06-15 (22-05-26).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 238055 Laufzeit: 1 Stunde(n), 21 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 1 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 2 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssmsgs (Backdoor.Bot) -> Quarantined and deleted successfully. Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: C:\Users\***\AppData\Local\Temp\Jja52B3.exe (Rootkit.TDSS) -> Quarantined and deleted successfully. C:\Windows\MSetup\BASW-01278A18\FailSafeFactoryInstaller_1017.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully. |
15.06.2010, 21:30 | #2 |
| winvdb.romCode:
ATTFilter txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" File not found Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{0A353130-D22C-41DD-8C67-1B02A05F2CE0}" = Samsung Support Center "{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4 "{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager "{178EE5F4-0F86-4BF0-A0D1-9790AFF409D1}" = EasyBatteryManager "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{1AFA1FEF-8CF9-4A51-AC46-64FAA7F3D9E2}" = AnyPC Client "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{2A88F1BF-7041-4E42-84B1-6B4ACB83AC64}" = EPSON Scan Assistant "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "{34B76DCB-BF7C-440F-B058-C84172C1E338}" = Easy Network Manager "{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3EED7541-55F8-4DC6-B9CD-28762D71310E}" = Samsung R-Series "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger "{42EDF895-158C-484E-A7F2-42B90759F281}" = Camera RAW Plug-In for EPSON Creativity Suite "{46CBBDF8-55B5-40DB-B459-7B848394309C}" = EPSON File Manager "{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent "{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3 "{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call "{63eafc52-b963-4297-a7eb-d412944e7065}_is1" = Game Pack "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = *** Greenfingers "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-114072167}" = Go-Go Gourmet "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash "{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2 "{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A8F8391-4C2C-4BE1-A984-CD4A5A546467}" = EPSON Easy Photo Print "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2) "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007 "{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars "{994223F3-A99B-4DDD-9E1D-0190A17C6860}" = Windows Live Family Safety "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch "{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2 "{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program "{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus "{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2BC3383-F000-410C-A038-3846ADBE8D90}" = REALTEK Wireless LAN Software "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "CCleaner" = CCleaner "EPSON Scanner" = EPSON Scan "EPSON Stylus SX200_SX400_TX200_TX400 Benutzerhandbuch" = EPSON Stylus SX200_SX400_TX200_TX400 Handbuch "EPSON Stylus SX400 Series" = EPSON Stylus SX400 Series Printer Uninstall "HOMESTUDENTR" = Microsoft Office Home and Student 2007 "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite "InstallShield_{20C45B32-5AB6-46A4-94EF-58950CAF05E5}" = EPSON Attach To Email "InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8 "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware "Marvell Miniport Driver" = Marvell Miniport Driver "Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3) "MSC" = McAfee SecurityCenter "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "SynTPDeinstKey" = Synaptics Pointing Device Driver "VLC media player" = VLC media player 1.0.5 "WinLiveSuite_Wave3" = Windows Live Essentials "Zattoo4" = Zattoo4 4.0.5 ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 6/14/2010 7:20:02 PM | Computer Name = ***-PC | Source = VSS | ID = 8194 Description = Error - 6/15/2010 4:36:28 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Jja4FD5.exe, Version: 0.0.0.0, Zeitstempel: 0x4c1735c2 Name des fehlerhaften Moduls: Jja4FD5.exe, Version: 0.0.0.0, Zeitstempel: 0x4c1735c2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000526e ID des fehlerhaften Prozesses: 0x1564 Startzeit der fehlerhaften Anwendung: 0x01cb0c65d75e0cbf Pfad der fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\Jja4FD5.exe Pfad des fehlerhaften Moduls: C:\Users\***\AppData\Local\Temp\Jja4FD5.exe Berichtskennung: 16b16233-7859-11df-9008-002454828e22 Error - 6/15/2010 4:36:28 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450, Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0xb20 Startzeit der fehlerhaften Anwendung: 0x01cb0c5d8e0804c8 Pfad der fehlerhaften Anwendung: C:\windows\Explorer.EXE Pfad des fehlerhaften Moduls: unknown Berichtskennung: 16b3c393-7859-11df-9008-002454828e22 Error - 6/15/2010 4:36:55 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450, Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0xef4 Startzeit der fehlerhaften Anwendung: 0x01cb0c65dd6860d4 Pfad der fehlerhaften Anwendung: C:\windows\Explorer.EXE Pfad des fehlerhaften Moduls: unknown Berichtskennung: 27088eb6-7859-11df-9008-002454828e22 Error - 6/15/2010 4:36:55 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: JjaC40A.exe, Version: 0.0.0.0, Zeitstempel: 0x4c1735c2 Name des fehlerhaften Moduls: JjaC40A.exe, Version: 0.0.0.0, Zeitstempel: 0x4c1735c2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000526e ID des fehlerhaften Prozesses: 0x638 Startzeit der fehlerhaften Anwendung: 0x01cb0c65e9195d4e Pfad der fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\JjaC40A.exe Pfad des fehlerhaften Moduls: C:\Users\***\AppData\Local\Temp\JjaC40A.exe Berichtskennung: 270d5177-7859-11df-9008-002454828e22 Error - 6/15/2010 4:37:33 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Explorer.EXE, Version: 6.1.7600.16450, Zeitstempel: 0x4aeba271 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x2d4 Startzeit der fehlerhaften Anwendung: 0x01cb0c65ed5430ee Pfad der fehlerhaften Anwendung: C:\windows\Explorer.EXE Pfad des fehlerhaften Moduls: unknown Berichtskennung: 3d6c41ce-7859-11df-9008-002454828e22 Error - 6/15/2010 4:37:33 AM | Computer Name = ***-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: Jja54E4.exe, Version: 0.0.0.0, Zeitstempel: 0x4c1735c2 Name des fehlerhaften Moduls: Jja54E4.exe, Version: 0.0.0.0, Zeitstempel: 0x4c1735c2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000526e ID des fehlerhaften Prozesses: 0x3a8 Startzeit der fehlerhaften Anwendung: 0x01cb0c65ff30e45d Pfad der fehlerhaften Anwendung: C:\Users\***\AppData\Local\Temp\Jja54E4.exe Pfad des fehlerhaften Moduls: C:\Users\***\AppData\Local\Temp\Jja54E4.exe Berichtskennung: 3d7365ee-7859-11df-9008-002454828e22 [ System Events ] Error - 6/15/2010 4:45:33 AM | Computer Name = ***-PC | Source = DCOM | ID = 10005 Description = Error - 6/15/2010 4:45:33 AM | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "UPnP-Gerätehost" wurde aufgrund folgenden Fehlers nicht gestartet: %%776 Error - 6/15/2010 2:05:56 PM | Computer Name = ***-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?15.?06.?2010 um 19:58:51 unerwartet heruntergefahren. Error - 6/15/2010 2:06:00 PM | Computer Name = ***-PC | Source = BugCheck | ID = 1001 Description = < End of report > |
15.06.2010, 21:41 | #3 |
| winvdb.romCode:
ATTFilter OTL logfile created on: 6/15/2010 10:11:14 PM - Run 1 OTL by OldTimer - Version 3.2.6.0 Folder = C:\Users\***\Downloads Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 68.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 82.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files Drive C: | 147.15 Gb Total Space | 122.66 Gb Free Space | 83.35% Space Free | Partition Type: NTFS Drive D: | 135.84 Gb Total Space | 135.75 Gb Free Space | 99.93% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded Drive G: | 963.70 Mb Total Space | 656.80 Mb Free Space | 68.15% Space Free | Partition Type: FAT H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: ***-PC Current User Name: *** Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - c:\PROGRA~1\mcafee.com\agent\mcagent.exe (McAfee, Inc.) PRC - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) PRC - C:\Program Files\Samsung\Samsung Update Plus\SUPBackground.exe () PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.) PRC - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.) PRC - C:\Program Files\Samsung\Samsung Recovery Solution 4\WCScheduler.exe (SEC) PRC - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\Samsung\Samsung Support Center\SSCKbdHk.exe (SAMSUNG Electronics) PRC - C:\Program Files\Samsung\Easy Display Manager\dmhkcore.exe (Samsung Electronics Co., Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) PRC - C:\Program Files\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe (Samsung Electronics Co., Ltd.) PRC - C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe () PRC - C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe () PRC - C:\Windows\System32\sppsvc.exe (Microsoft Corporation) PRC - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.) PRC - c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) PRC - C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) PRC - C:\Windows\System32\Rezip.exe () PRC - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () ========== Modules (SafeList) ========== MOD - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) MOD - C:\Program Files\McAfee\SiteAdvisor\saHook.dll () ========== Win32 Services (SafeList) ========== SRV - (mcmscsvc) -- C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe (McAfee, Inc.) SRV - (Partner Service) -- C:\ProgramData\Partner\Partner.exe (Google Inc.) SRV - (McODS) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe (McAfee, Inc.) SRV - (McShield) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe (McAfee, Inc.) SRV - (McSysmon) -- C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe (McAfee, Inc.) SRV - (MpfService) -- C:\Program Files\McAfee\MPF\MPFSrv.exe (McAfee, Inc.) SRV - (MSK80Service) -- C:\Program Files\McAfee\MSK\MskSrver.exe (McAfee, Inc.) SRV - (OberonGameConsoleService) -- C:\Program Files\Samsung Casual Games\GameConsole\OberonGameConsoleService.exe () SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX-Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (McProxy) -- c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe (McAfee, Inc.) SRV - (McNASvc) -- c:\PROGRA~1\COMMON~1\mcafee\mna\mcnasvc.exe (McAfee, Inc.) SRV - (Rezip) -- C:\Windows\System32\Rezip.exe () SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe () ========== Driver Services (SafeList) ========== DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics Incorporated) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfesmfk) -- C:\Windows\System32\drivers\mfesmfk.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mferkdk) -- C:\Windows\System32\drivers\mferkdk.sys (McAfee, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\Windows\System32\drivers\RTKVHDA.sys (Realtek Semiconductor Corp.) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) DRV - (KSecPkg) -- C:\windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation) DRV - (iaStor) -- C:\windows\system32\DRIVERS\iaStor.sys (Intel Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (fssfltr) -- C:\Windows\System32\drivers\fssfltr.sys (Microsoft Corporation) DRV - (cmdide) -- C:\windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vhdmp) -- C:\windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\windows\system32\DRIVERS\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\windows\system32\DRIVERS\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (igfx) -- C:\Windows\System32\drivers\igdkmd32.sys (Intel Corporation) DRV - (SABI) -- C:\Windows\System32\drivers\SABI.sys (SAMSUNG ELECTRONICS) DRV - (MPFP) -- C:\Windows\System32\drivers\Mpfp.sys (McAfee, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:2.8 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170634FE}:3.3.3 FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/06/15 20:11:37 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/14 20:54:41 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/14 20:54:40 | 000,000,000 | ---D | M] [2010/06/14 20:54:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2010/06/15 21:10:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7h1cswz6.default\extensions [2010/06/15 11:02:58 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7h1cswz6.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c} [2010/06/15 11:02:57 | 000,000,000 | ---D | M] (ImTranslator) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7h1cswz6.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE} [2010/06/14 21:14:39 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\7h1cswz6.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2010/06/14 22:40:39 | 000,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions [2010/06/14 22:40:40 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/04/01 18:54:38 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2010/04/01 18:54:38 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2010/04/01 18:54:38 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2010/04/01 18:54:38 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2010/04/01 18:54:38 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll () O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptsn.dll (McAfee, Inc.) O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.5.5126.1836\swg.dll (Google Inc.) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll () O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O4 - HKLM..\Run: [APLangApp] C:\Program Files\AnyPC Client\APLangApp.exe (DoctorSoft) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [fsi] C:\Program Files\Phoenix Technologies Ltd\FailSafe\FailSafeLauncher.exe () O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [PDVD8LanguageShortcut] C:\Program Files\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl8] C:\Program Files\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files\CyberLink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [{E71DD9E4-BA39-428B-FC7C-567AC1A096F6}] C:\Users\***\AppData\Roaming\Arcioh\tiyt.exe () O4 - HKCU..\Run: [EPSON Stylus SX400 Series] C:\windows\System32\spool\DRIVERS\W32X86\3\E_FATIEGE.EXE (SEIKO EPSON CORPORATION) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_2EC7709873947E87.dll (Google Inc.) O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll () O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O30 - LSA: Security Packages - (pku2u) - C:\windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/06/15 20:40:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2010/06/15 20:40:34 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbamswissarmy.sys [2010/06/15 20:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/06/15 20:40:32 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\windows\System32\drivers\mbam.sys [2010/06/15 20:40:32 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/06/15 20:05:53 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2010/06/15 19:01:20 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Games [2010/06/15 02:46:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Arcioh [2010/06/15 01:19:10 | 000,501,912 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\PICSDK2.dll [2010/06/15 01:19:10 | 000,120,992 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\EpPicPrt.dll [2010/06/15 01:19:10 | 000,108,704 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\PICEntry.dll [2010/06/15 01:19:10 | 000,080,024 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\PICSDK.dll [2010/06/15 01:19:10 | 000,071,840 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\EPPicMgr.dll [2010/06/15 01:19:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\InstallShield [2010/06/15 01:17:50 | 000,008,192 | ---- | C] (SEIKO EPSON CORP.) -- C:\windows\System32\E_DCINST.DLL [2010/06/15 01:17:42 | 000,086,528 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\E_FLBEGE.DLL [2010/06/15 01:17:39 | 000,078,848 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\windows\System32\E_FD4BEGE.DLL [2010/06/15 01:17:26 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2010/06/15 01:17:14 | 000,071,680 | ---- | C] (SEIKO EPSON CORP.) -- C:\windows\System32\escwiad.dll [2010/06/15 01:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\epson [2010/06/15 01:09:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2010/06/15 01:07:25 | 002,614,272 | ---- | C] (Microsoft Corporation) -- C:\windows\explorer.exe [2010/06/15 01:06:28 | 001,037,312 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\lsasrv.dll [2010/06/15 01:06:27 | 000,133,720 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\ksecpkg.sys [2010/06/15 01:05:49 | 002,326,528 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\win32k.sys [2010/06/15 01:05:45 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\asycfilt.dll [2010/06/15 01:05:44 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jscript.dll [2010/06/15 01:05:42 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\t2embed.dll [2010/06/15 01:05:40 | 000,606,208 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mstime.dll [2010/06/15 01:05:40 | 000,381,440 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\iedkcs32.dll [2010/06/15 01:05:40 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeedsbs.dll [2010/06/15 01:05:39 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll [2010/06/15 01:05:27 | 001,328,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\quartz.dll [2010/06/15 01:05:27 | 000,091,648 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\avifil32.dll [2010/06/15 01:05:27 | 000,084,480 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mciavi32.dll [2010/06/15 01:05:25 | 003,899,280 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe [2010/06/15 01:05:24 | 003,954,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe [2010/06/15 01:05:23 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\CPFilters.dll [2010/06/15 01:05:22 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\psisdecd.dll [2010/06/15 01:05:22 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msdri.dll [2010/06/15 01:05:22 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MSNP.ax [2010/06/15 01:04:30 | 000,427,520 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\vbscript.dll [2010/06/15 01:04:29 | 000,369,152 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc.dll [2010/06/15 01:04:29 | 000,365,568 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_isv.dll [2010/06/15 01:04:29 | 000,324,608 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_isv.exe [2010/06/15 01:04:29 | 000,320,512 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate.exe [2010/06/15 01:04:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp_isv.dll [2010/06/15 01:04:29 | 000,085,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\secproc_ssp.dll [2010/06/15 01:04:28 | 000,280,064 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp.exe [2010/06/15 01:04:28 | 000,277,504 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\RMActivate_ssp_isv.exe [2010/06/15 01:04:27 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\tzres.dll [2010/06/15 01:04:18 | 000,293,888 | ---- | C] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll [2010/06/15 01:04:17 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\fontsub.dll [2010/06/15 01:04:17 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\windows\System32\atmlib.dll [2010/06/15 01:03:30 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Youcam [2010/06/15 00:59:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe [2010/06/15 00:58:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Google [2010/06/15 00:58:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2010/06/15 00:43:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Wovec [2010/06/15 00:27:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Power2Go [2010/06/15 00:26:32 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2010/06/15 00:26:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities [2010/06/15 00:26:21 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2010/06/15 00:26:07 | 000,000,000 | ---D | C] -- C:\Program Files\Phoenix Technologies Ltd [2010/06/15 00:24:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2010/06/15 00:24:03 | 000,054,632 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\drivers\fssfltr.sys [2010/06/15 00:24:03 | 000,000,000 | ---D | C] -- C:\windows\System32\DRVSTORE [2010/06/15 00:23:11 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\d3dx9_32.dll [2010/06/15 00:22:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition [2010/06/15 00:21:59 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2010/06/15 00:21:50 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft [2010/06/15 00:21:45 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive [2010/06/15 00:21:30 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live [2010/06/15 00:20:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live [2010/06/15 00:20:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office Suite Activation Assistant [2010/06/15 00:18:10 | 000,032,656 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msonpmon.dll [2010/06/15 00:17:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER [2010/06/15 00:17:16 | 000,000,000 | ---D | C] -- C:\windows\PCHEALTH [2010/06/15 00:17:16 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft.NET [2010/06/15 00:16:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft Help [2010/06/15 00:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2010/06/15 00:15:39 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010/06/15 00:14:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2010/06/15 00:13:56 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2010/06/15 00:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Samsung Casual Games [2010/06/15 00:09:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media [2010/06/15 00:08:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe [2010/06/15 00:08:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2010/06/15 00:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010/06/15 00:08:35 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2010/06/15 00:07:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2010/06/15 00:07:51 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2010/06/15 00:07:50 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Videos [2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures [2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Music [2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2010/06/15 00:07:50 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2010/06/15 00:07:50 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2010/06/15 00:07:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2010/06/15 00:07:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft [2010/06/15 00:07:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2010/06/15 00:06:21 | 000,000,000 | -HSD | C] -- C:\Recovery [2010/06/14 23:51:22 | 000,000,000 | ---D | C] -- C:\Users\***\Tracing [2010/06/14 22:48:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\skypePM [2010/06/14 22:48:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype [2010/06/14 22:40:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2010/06/14 22:40:26 | 000,000,000 | R--D | C] -- C:\Program Files\Skype [2010/06/14 22:40:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2010/06/14 22:10:35 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\GameConsole [2010/06/14 22:10:26 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Roaming\.# [2010/06/14 22:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SWF Studio [2010/06/14 22:03:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2010/06/14 22:03:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live Writer [2010/06/14 22:03:00 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\My Weblog Posts [2010/06/14 21:31:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Arcade Lab [2010/06/14 21:21:08 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink [2010/06/14 21:04:49 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\browserchoice.exe [2010/06/14 20:54:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2010/06/14 20:54:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Mozilla [2010/06/14 20:54:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2010/06/14 20:52:39 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Uni Kram [2010/06/14 20:51:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc [2010/06/14 20:48:42 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\EPSON [2010/06/14 20:38:57 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Zattoo [2010/06/14 20:38:05 | 000,000,000 | ---D | C] -- C:\Program Files\Zattoo4 [2010/06/14 20:37:17 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN [2010/06/14 20:36:55 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/06/14 19:37:30 | 000,000,000 | ---D | C] -- C:\ProgramData\UDL [2010/06/14 19:34:27 | 000,000,000 | ---D | C] -- C:\Program Files\ABBYY FineReader 6.0 Sprint [2010/06/03 04:41:44 | 003,600,384 | ---- | C] (Google Inc.) -- C:\windows\System32\GPhotos.scr ========== Files - Modified Within 30 Days ========== [2010/06/15 22:15:18 | 003,085,342 | ---- | M] () -- C:\windows\System32\PerfStringBackup.INI [2010/06/15 22:15:18 | 000,684,954 | ---- | M] () -- C:\windows\System32\perfh00C.dat [2010/06/15 22:15:18 | 000,680,010 | ---- | M] () -- C:\windows\System32\perfh010.dat [2010/06/15 22:15:18 | 000,643,866 | ---- | M] () -- C:\windows\System32\perfh007.dat [2010/06/15 22:15:18 | 000,607,190 | ---- | M] () -- C:\windows\System32\perfh009.dat [2010/06/15 22:15:18 | 000,127,070 | ---- | M] () -- C:\windows\System32\perfc00C.dat [2010/06/15 22:15:18 | 000,126,394 | ---- | M] () -- C:\windows\System32\perfc007.dat [2010/06/15 22:15:18 | 000,124,006 | ---- | M] () -- C:\windows\System32\perfc010.dat [2010/06/15 22:15:18 | 000,103,568 | ---- | M] () -- C:\windows\System32\perfc009.dat [2010/06/15 22:15:13 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/06/15 22:15:13 | 000,014,512 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/06/15 22:08:50 | 000,003,837 | ---- | M] () -- C:\windows\System32\Config.MPF [2010/06/15 22:08:10 | 000,001,092 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2010/06/15 22:08:02 | 000,000,006 | -H-- | M] () -- C:\windows\tasks\SA.DAT [2010/06/15 22:07:47 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2010/06/15 22:07:40 | 3209,216,000 | -HS- | M] () -- C:\hiberfil.sys [2010/06/15 22:06:53 | 001,310,720 | -HS- | M] () -- C:\Users\***\NTUSER.DAT [2010/06/15 22:06:51 | 001,394,020 | -H-- | M] () -- C:\Users\***\AppData\Local\IconCache.db [2010/06/15 22:05:01 | 000,001,096 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2010/06/15 20:40:16 | 000,104,400 | ---- | M] () -- C:\Users\***\Documents\cc_20100615_203959.reg [2010/06/15 20:33:35 | 000,001,831 | ---- | M] () -- C:\Users\***\Desktop\CCleaner.lnk [2010/06/15 01:19:03 | 000,002,193 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Stylus SX200_SX400_TX200_TX400 Handbuch.lnk [2010/06/15 01:17:14 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2010/06/15 01:16:53 | 000,000,025 | ---- | M] () -- C:\windows\CDE SX400DEFGIPS.ini [2010/06/15 01:00:00 | 000,000,368 | ---- | M] () -- C:\windows\tasks\McDefragTask.job [2010/06/15 00:29:30 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010/06/15 00:29:30 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/06/15 00:29:30 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/06/15 00:27:15 | 000,001,075 | ---- | M] () -- C:\Users\***\Desktop\CyberLink YouCam.lnk [2010/06/15 00:27:12 | 000,001,130 | ---- | M] () -- C:\Users\***\Desktop\CyberLink DVD Suite.lnk [2010/06/15 00:26:08 | 000,001,145 | ---- | M] () -- C:\Users\Public\Desktop\FailSafe Setup.lnk [2010/06/15 00:22:44 | 000,000,020 | ---- | M] () -- C:\windows\àó¥ [2010/06/15 00:20:24 | 000,084,224 | ---- | M] () -- C:\Users\***\AppData\Local\GDIPFONTCACHEV1.DAT [2010/06/15 00:10:27 | 000,002,121 | ---- | M] () -- C:\Users\Public\Desktop\Game Pack.lnk [2010/06/15 00:08:42 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/15 00:08:15 | 000,000,000 | ---- | M] () -- C:\windows\System32\drivers\144D_SAMSUNG_N_R530_01KQ.mrk [2010/06/15 00:07:51 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini [2010/06/14 22:48:49 | 000,000,056 | -H-- | M] () -- C:\ProgramData\ezsidmv.dat [2010/06/14 22:40:29 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2010/06/14 21:29:42 | 000,019,456 | ---- | M] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2010/06/14 21:17:25 | 000,350,288 | ---- | M] () -- C:\windows\System32\FNTCACHE.DAT [2010/06/14 20:54:42 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/06/14 20:38:07 | 000,001,814 | ---- | M] () -- C:\Users\***\Desktop\Zattoo.lnk [2010/06/14 20:37:32 | 000,001,024 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010/06/14 17:05:31 | 000,052,870 | ---- | M] () -- C:\windows\System32\license.rtf [2010/06/10 20:42:16 | 000,030,208 | ---- | M] () -- C:\Users\***\Documents\bewerbung als praktikantin hannoverimpuls.doc [2010/06/03 04:41:44 | 003,600,384 | ---- | M] (Google Inc.) -- C:\windows\System32\GPhotos.scr [2010/05/27 09:24:13 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\windows\System32\atmlib.dll [2010/05/27 05:49:37 | 000,293,888 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\atmfd.dll [2010/05/21 07:14:50 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll ========== Files Created - No Company Name ========== [2010/06/15 20:40:03 | 000,104,400 | ---- | C] () -- C:\Users\***\Documents\cc_20100615_203959.reg [2010/06/15 20:33:35 | 000,001,831 | ---- | C] () -- C:\Users\***\Desktop\CCleaner.lnk [2010/06/15 01:19:10 | 000,111,932 | ---- | C] () -- C:\windows\System32\EPPICPrinterDB.dat [2010/06/15 01:19:10 | 000,031,053 | ---- | C] () -- C:\windows\System32\EPPICPattern131.dat [2010/06/15 01:19:10 | 000,027,417 | ---- | C] () -- C:\windows\System32\EPPICPattern121.dat [2010/06/15 01:19:10 | 000,026,154 | ---- | C] () -- C:\windows\System32\EPPICPattern1.dat [2010/06/15 01:19:10 | 000,024,903 | ---- | C] () -- C:\windows\System32\EPPICPattern3.dat [2010/06/15 01:19:10 | 000,021,390 | ---- | C] () -- C:\windows\System32\EPPICPattern5.dat [2010/06/15 01:19:10 | 000,020,148 | ---- | C] () -- C:\windows\System32\EPPICPattern2.dat [2010/06/15 01:19:10 | 000,013,732 | ---- | C] () -- C:\windows\System32\EPPICLocal_EN.cfg [2010/06/15 01:19:10 | 000,011,811 | ---- | C] () -- C:\windows\System32\EPPICPattern4.dat [2010/06/15 01:19:10 | 000,006,442 | ---- | C] () -- C:\windows\System32\EPPICLocal_IT.cfg [2010/06/15 01:19:10 | 000,006,347 | ---- | C] () -- C:\windows\System32\EPPICLocal_PT.cfg [2010/06/15 01:19:10 | 000,006,347 | ---- | C] () -- C:\windows\System32\EPPICLocal_BP.cfg [2010/06/15 01:19:10 | 000,006,335 | ---- | C] () -- C:\windows\System32\EPPICLocal_GE.cfg [2010/06/15 01:19:10 | 000,006,195 | ---- | C] () -- C:\windows\System32\EPPICLocal_FR.cfg [2010/06/15 01:19:10 | 000,006,195 | ---- | C] () -- C:\windows\System32\EPPICLocal_CF.cfg [2010/06/15 01:19:10 | 000,006,122 | ---- | C] () -- C:\windows\System32\EPPICLocal_DU.cfg [2010/06/15 01:19:10 | 000,006,103 | ---- | C] () -- C:\windows\System32\EPPICLocal_ES.cfg [2010/06/15 01:19:10 | 000,005,817 | ---- | C] () -- C:\windows\System32\EPPICLocal_KO.cfg [2010/06/15 01:19:10 | 000,005,436 | ---- | C] () -- C:\windows\System32\EPPICLocal_SC.cfg [2010/06/15 01:19:10 | 000,004,943 | ---- | C] () -- C:\windows\System32\EPPICPattern6.dat [2010/06/15 01:19:10 | 000,002,889 | ---- | C] () -- C:\windows\System32\EPPICLocal_RU.cfg [2010/06/15 01:19:10 | 000,002,426 | ---- | C] () -- C:\windows\System32\EPPICLocal_TC.cfg [2010/06/15 01:19:10 | 000,001,146 | ---- | C] () -- C:\windows\System32\EPPICPresetData_DU.dat [2010/06/15 01:19:10 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_PT.dat [2010/06/15 01:19:10 | 000,001,139 | ---- | C] () -- C:\windows\System32\EPPICPresetData_BP.dat [2010/06/15 01:19:10 | 000,001,136 | ---- | C] () -- C:\windows\System32\EPPICPresetData_ES.dat [2010/06/15 01:19:10 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_FR.dat [2010/06/15 01:19:10 | 000,001,129 | ---- | C] () -- C:\windows\System32\EPPICPresetData_CF.dat [2010/06/15 01:19:10 | 000,001,120 | ---- | C] () -- C:\windows\System32\EPPICPresetData_IT.dat [2010/06/15 01:19:10 | 000,001,107 | ---- | C] () -- C:\windows\System32\EPPICPresetData_GE.dat [2010/06/15 01:19:10 | 000,001,104 | ---- | C] () -- C:\windows\System32\EPPICPresetData_EN.dat [2010/06/15 01:19:10 | 000,000,097 | ---- | C] () -- C:\windows\System32\PICSDK.ini [2010/06/15 01:19:03 | 000,002,193 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Stylus SX200_SX400_TX200_TX400 Handbuch.lnk [2010/06/15 01:17:14 | 000,000,930 | ---- | C] () -- C:\Users\Public\Desktop\EPSON Scan.lnk [2010/06/15 01:16:53 | 000,000,025 | ---- | C] () -- C:\windows\CDE SX400DEFGIPS.ini [2010/06/15 00:26:08 | 000,001,145 | ---- | C] () -- C:\Users\Public\Desktop\FailSafe Setup.lnk [2010/06/15 00:25:59 | 000,562,718 | ---- | C] () -- C:\windows\surbey.ico [2010/06/15 00:25:30 | 000,001,075 | ---- | C] () -- C:\Users\***\Desktop\CyberLink YouCam.lnk [2010/06/15 00:22:43 | 000,000,020 | ---- | C] () -- C:\windows\àó¥ [2010/06/15 00:10:27 | 000,002,121 | ---- | C] () -- C:\Users\Public\Desktop\Game Pack.lnk [2010/06/15 00:09:19 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010/06/15 00:08:42 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/15 00:08:15 | 000,000,000 | ---- | C] () -- C:\windows\System32\drivers\144D_SAMSUNG_N_R530_01KQ.mrk [2010/06/15 00:07:51 | 000,000,020 | -HS- | C] () -- C:\Users\***\ntuser.ini [2010/06/15 00:07:50 | 001,310,720 | -HS- | C] () -- C:\Users\***\NTUSER.DAT [2010/06/15 00:07:50 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010/06/15 00:07:50 | 000,524,288 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010/06/15 00:07:50 | 000,262,144 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG1 [2010/06/15 00:07:50 | 000,065,536 | -HS- | C] () -- C:\Users\***\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010/06/15 00:07:50 | 000,001,130 | ---- | C] () -- C:\Users\***\Desktop\CyberLink DVD Suite.lnk [2010/06/15 00:07:50 | 000,000,000 | -HS- | C] () -- C:\Users\***\ntuser.dat.LOG2 [2010/06/14 22:48:49 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010/06/14 22:40:29 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2010/06/14 21:00:11 | 000,001,096 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2010/06/14 21:00:11 | 000,001,092 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2010/06/14 20:54:42 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2010/06/14 20:38:57 | 000,019,456 | ---- | C] () -- C:\Users\***\AppData\Local\WebpageIcons.db [2010/06/14 20:38:07 | 000,001,814 | ---- | C] () -- C:\Users\***\Desktop\Zattoo.lnk [2010/06/14 20:37:31 | 000,001,024 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2010/06/14 20:08:01 | 000,030,208 | ---- | C] () -- C:\Users\***\Documents\bewerbung als praktikantin hannoverimpuls.doc [2010/03/05 06:56:58 | 000,000,426 | ---- | C] () -- C:\windows\HotFixList.ini [2009/09/28 11:22:00 | 000,315,392 | ---- | C] () -- C:\windows\System32\drivers\yk62x86.sys [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll [2006/10/08 19:33:54 | 000,000,000 | ---- | C] () -- C:\windows\R-series.ini ========== LOP Check ========== [2010/06/14 22:10:50 | 000,000,000 | -HSD | M] -- C:\Users\***\AppData\Roaming\.# [2010/06/15 02:46:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Arcioh [2010/06/14 20:48:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\EPSON [2010/06/14 22:10:35 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GameConsole [2010/06/14 22:03:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2010/06/15 22:14:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Wovec [2010/06/15 01:00:00 | 000,000,368 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job [2010/03/05 07:55:52 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job [2009/07/14 06:53:46 | 000,008,116 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 136 bytes -> C:\ProgramData\Temp:4CF61E54 @Alternate Data Stream - 130 bytes -> C:\ProgramData\Temp:ABE89FFE < End of report > |
Themen zu winvdb.rom |
anti-malware, antworten, appdata, backdoor.bot, beim starten, beseitigt, bösartige, dateien, explorer, folge, folgendes, hochfahren, local\temp, malwarebytes, malwarebytes' anti-malware, microsoft, minute, problem, software, starte, starten, temp, troja, trojan.fakealert, version, windows, worte |