Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Vriusbefall - Internetzugang nicht möglich! Was tun?

Vriusbefall - Internetzugang nicht möglich! Was tun?


Plagegeister aller Art und deren Bekämpfung: Vriusbefall - Internetzugang nicht möglich! Was tun?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 24.11.2010, 19:03   #3
pumba83
 
Vriusbefall - Internetzugang nicht möglich! Was tun? - Standard

Vriusbefall - Internetzugang nicht möglich! Was tun?


Hi
Danke!!

Hier der Post otl:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11/24/2010 6:57:51 PM - Run 1
OTL by OldTimer - Version 3.2.17.3     Folder = C:\Users\Bach Mai\Desktop
 Ultimate Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
 
1,022.00 Mb Total Physical Memory | 506.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 57.18 Gb Total Space | 43.12 Gb Free Space | 75.42% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 37.82 Gb Free Space | 77.46% Space Free | Partition Type: NTFS
Drive E: | 977.69 Mb Total Space | 15.97 Mb Free Space | 1.63% Space Free | Partition Type: FAT
 
Computer Name: BACHMAI-PC | User Name: Bach Mai | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (cmcis) -- C:\Program Files\CMC\Antivirus\cmccore.exe File not found
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe File not found
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (BTKRNL) -- C:\Windows\System32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\Windows\System32\drivers\btwusb.sys (Broadcom Corporation.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 E1 DB 9E EB 6E CB 01  [binary data]
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370
 
 
 
O1 HOSTS File: ([2010/11/18 11:23:23 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Vietkey] C:\Vietkey\vknt.exe ()
O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [CMC Internet Security] C:\Program Files\CMC\Antivirus\CMCTrayIcon.exe File not found
O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [UniKey] C:\Users\Bach Mai\Downloads\unikey32\UniKeyNT.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe ()
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (mjjoarle.dll) - C:\Windows\System32\mjjoarle.dll ()
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/02/21 14:57:48 | 000,000,180 | RHS- | M] () - E:\autorun.inf.bak -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2010/11/24 18:42:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe
[2010/11/24 18:35:03 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/11/24 13:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/24 12:48:19 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Local\Mozilla
[2010/11/24 12:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Arwie
[2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg
[2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe
[2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa
[2010/11/19 15:55:54 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3
[2010/11/18 10:31:04 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Malwarebytes
[2010/11/18 10:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/18 09:32:46 | 000,565,248 | ---- | C] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx
[2010/11/17 20:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/11/16 15:24:00 | 000,000,000 | ---D | C] -- C:\Vietkey
[2010/11/14 11:49:52 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\home
[2010/11/12 15:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/11 14:58:49 | 000,000,000 | -H-D | C] -- C:\Users\Bach Mai\Desktop\.picasaoriginals
[2010/11/08 18:04:37 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\CyberLink
[2010/11/08 12:30:11 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\.freemind
[2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic_Deutsch
[2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/11/07 21:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/10/28 16:27:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/27 09:41:06 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\VIE7576
[7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2010/11/24 18:58:48 | 000,618,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/24 18:58:48 | 000,104,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/24 18:58:40 | 000,763,904 | ---- | M] () -- C:\Windows\System32\drivers\yfecbo.sys
[2010/11/24 18:53:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/24 18:53:28 | 803,811,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/24 18:39:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe
[2010/11/24 18:02:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/24 17:45:37 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/11/24 17:45:31 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/24 13:09:44 | 000,364,032 | ---- | M] () -- C:\Users\Bach Mai\Desktop\rkill.com
[2010/11/24 12:48:22 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/11/24 12:48:14 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\iExplorer.lnk
[2010/11/24 11:55:52 | 197,520,340 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/24 11:42:01 | 000,000,162 | -H-- | M] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc
[2010/11/22 11:29:47 | 000,049,664 | ---- | M] () -- C:\Windows\System32\mjjoarle.dll
[2010/11/19 16:16:52 | 000,001,742 | ---- | M] () -- C:\Windows\lsrslt.ini
[2010/11/19 16:02:49 | 000,000,010 | ---- | M] () -- C:\Users\Bach Mai\AppData\Roaming\install
[2010/11/19 15:57:59 | 000,030,000 | ---- | M] () -- C:\Windows\System32\gj9r2o.dll
[2010/11/18 11:23:23 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/18 09:32:46 | 000,565,248 | ---- | M] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx
[2010/11/15 11:50:56 | 000,706,560 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc
[2010/11/12 15:00:48 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/11 14:54:04 | 000,001,088 | ---- | M] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/11/11 14:54:04 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/11/10 15:41:22 | 000,027,136 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc
[2010/11/10 12:12:51 | 000,047,616 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc
[2010/11/08 13:11:49 | 000,092,899 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf
[2010/11/07 21:40:06 | 000,087,036 | ---- | M] () -- C:\Windows\System32\nvapps.xml
[2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 17:31:57 | 000,034,304 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokol.doc
[2010/11/03 12:53:23 | 000,027,648 | ---- | M] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc
[7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2010/11/24 13:09:39 | 000,364,032 | ---- | C] () -- C:\Users\Bach Mai\Desktop\rkill.com
[2010/11/24 12:48:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/24 12:48:14 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\iExplorer.lnk
[2010/11/24 11:42:01 | 000,000,162 | -H-- | C] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc
[2010/11/22 11:29:47 | 000,049,664 | ---- | C] () -- C:\Windows\System32\mjjoarle.dll
[2010/11/19 16:16:52 | 000,001,742 | ---- | C] () -- C:\Windows\lsrslt.ini
[2010/11/19 16:02:49 | 000,000,010 | ---- | C] () -- C:\Users\Bach Mai\AppData\Roaming\install
[2010/11/19 15:57:59 | 000,030,000 | ---- | C] () -- C:\Windows\System32\gj9r2o.dll
[2010/11/19 15:56:49 | 000,763,904 | ---- | C] () -- C:\Windows\System32\drivers\yfecbo.sys
[2010/11/15 11:50:55 | 000,706,560 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc
[2010/11/12 15:00:48 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/11 14:54:04 | 000,001,088 | ---- | C] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/11/11 14:54:04 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/11/10 12:12:50 | 000,047,616 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc
[2010/11/10 11:26:03 | 000,027,136 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc
[2010/11/08 13:11:48 | 000,092,899 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf
[2010/11/03 17:31:57 | 000,034,304 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokol.doc
[2010/11/03 12:53:23 | 000,027,648 | ---- | C] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc
[2010/10/28 16:27:12 | 197,520,340 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/04 07:06:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll
[2006/05/12 07:23:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll
[2006/02/18 17:37:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/06 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll
 
========== LOP Check ==========
 
[2010/11/19 16:05:05 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3
[2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg
[2010/11/24 11:59:58 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Arwie
[2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa
[2010/11/24 11:55:10 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe
[2010/11/24 11:54:28 | 000,020,268 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< etsvcs >
 
< %ALLUSERSPROFILE%Application Data. >
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data
 
< %ALLUSERSPROFILE%Application Data.exe s >
 
< %APPDATA%. >
 
< %APPDATA%.exe s >
 
< %SYSTEMDRIVE%.exe >
 
< md5start >
 
< userinit.exe >
 
< eventlog.dll >
 
< scecli.dll >
 
< netlogon.dll >
 
< cngaudit.dll >
 
< ws2ifsl.sys >
 
< sceclt.dll >
 
< ntelogon.dll >
 
< winlogon.exe >
 
< logevent.dll >
 
< user32.DLL >
 
< explorer.exe >
 
< iaStor.sys >
 
< nvstor.sys >
 
< atapi.sys >
 
< IdeChnDr.sys >
 
< viasraid.sys >
 
< AGP440.sys >
 
< vaxscsi.sys >
 
< nvatabus.sys >
 
< viamraid.sys >
 
< nvata.sys >
 
< nvgts.sys >
 
< iastorv.sys >
 
< ViPrt.sys >
 
< eNetHook.dll >
 
< ahcix86.sys >
 
< KR10N.sys >
 
< nvstor32.sys >
 
< ahcix86s.sys >
 
< md5stop >
 
< %systemroot%system32drivers.sys lockedfiles >
 
< %systemroot%System32config.sav >
 
< %systemroot%. mp s >
 
< %systemroot%system32.dll lockedfiles >

< End of report >
--- --- ---
PRC - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)


========== Modules (SafeList) ==========

MOD - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation)
MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation)
MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation)
MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation)
MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation)
MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation)
MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (cmcis) -- C:\Program Files\CMC\Antivirus\cmccore.exe File not found
SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe File not found
SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation)
SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation)
SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation)
SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation)
SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation)
SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation)
SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation)
SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation)
SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation)
SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation)
SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation)
SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation)
SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation)
SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation)
SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation)
SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe ()


========== Driver Services (SafeList) ==========

DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.)
DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.)
DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.)
DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.)
DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.)
DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices)
DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.)
DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices)
DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation)
DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation)
DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation)
DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation)
DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation)
DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.)
DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation)
DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation)
DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation)
DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation)
DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH)
DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation)
DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation)
DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex)
DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.)
DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company)
DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation)
DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd)
DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation)
DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation)
DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation)
DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.)
DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation)
DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation)
DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation)
DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems)
DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation)
DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.)
DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology)
DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation)
DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.)
DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation)
DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation)
DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation)
DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation)
DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation)
DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation)
DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation)
DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation)
DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation)
DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation)
DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation)
DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation)
DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation)
DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation)
DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation)
DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation)
DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.)
DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.)
DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.)
DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.)
DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.)
DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.)
DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.)
DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation)
DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation)
DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC)
DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC)
DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC)
DRV - (BTKRNL) -- C:\Windows\System32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTWUSB) -- C:\Windows\System32\drivers\btwusb.sys (Broadcom Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 E1 DB 9E EB 6E CB 01 [binary data]
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370



O1 HOSTS File: ([2010/11/18 11:23:23 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.)
O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Vietkey] C:\Vietkey\vknt.exe ()
O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [CMC Internet Security] C:\Program Files\CMC\Antivirus\CMCTrayIcon.exe File not found
O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [UniKey] C:\Users\Bach Mai\Downloads\unikey32\UniKeyNT.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe ()
O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.)
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found
O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29 - HKLM SecurityProviders - (mjjoarle.dll) - C:\Windows\System32\mjjoarle.dll ()
O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2009/02/21 14:57:48 | 000,000,180 | RHS- | M] () - E:\autorun.inf.bak -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/11/24 18:42:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe
[2010/11/24 18:35:03 | 000,000,000 | -H-D | C] -- C:\Windows\PIF
[2010/11/24 13:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/11/24 12:48:19 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Local\Mozilla
[2010/11/24 12:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Arwie
[2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg
[2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe
[2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa
[2010/11/19 15:55:54 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3
[2010/11/18 10:31:04 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Malwarebytes
[2010/11/18 10:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/11/18 09:32:46 | 000,565,248 | ---- | C] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx
[2010/11/17 20:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2010/11/16 15:24:00 | 000,000,000 | ---D | C] -- C:\Vietkey
[2010/11/14 11:49:52 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\home
[2010/11/12 15:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2010/11/11 14:58:49 | 000,000,000 | -H-D | C] -- C:\Users\Bach Mai\Desktop\.picasaoriginals
[2010/11/08 18:04:37 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\CyberLink
[2010/11/08 12:30:11 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\.freemind
[2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic_Deutsch
[2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit
[2010/11/07 21:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2010/10/28 16:27:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2010/10/27 09:41:06 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\VIE7576
[7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/24 18:59:35 | 000,763,904 | ---- | M] () -- C:\Windows\System32\drivers\yfecbo.sys
[2010/11/24 18:58:48 | 000,618,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/24 18:58:48 | 000,104,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/24 18:53:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/24 18:53:28 | 803,811,328 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/24 18:39:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe
[2010/11/24 18:02:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/24 17:45:37 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini
[2010/11/24 17:45:31 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/24 13:09:44 | 000,364,032 | ---- | M] () -- C:\Users\Bach Mai\Desktop\rkill.com
[2010/11/24 12:48:22 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2010/11/24 12:48:14 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\iExplorer.lnk
[2010/11/24 11:55:52 | 197,520,340 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/11/24 11:42:01 | 000,000,162 | -H-- | M] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc
[2010/11/22 11:29:47 | 000,049,664 | ---- | M] () -- C:\Windows\System32\mjjoarle.dll
[2010/11/19 16:16:52 | 000,001,742 | ---- | M] () -- C:\Windows\lsrslt.ini
[2010/11/19 16:02:49 | 000,000,010 | ---- | M] () -- C:\Users\Bach Mai\AppData\Roaming\install
[2010/11/19 15:57:59 | 000,030,000 | ---- | M] () -- C:\Windows\System32\gj9r2o.dll
[2010/11/18 11:23:23 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/11/18 09:32:46 | 000,565,248 | ---- | M] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx
[2010/11/15 11:50:56 | 000,706,560 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc
[2010/11/12 15:00:48 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/11 14:54:04 | 000,001,088 | ---- | M] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/11/11 14:54:04 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/11/10 15:41:22 | 000,027,136 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc
[2010/11/10 12:12:51 | 000,047,616 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc
[2010/11/08 13:11:49 | 000,092,899 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf
[2010/11/07 21:40:06 | 000,087,036 | ---- | M] () -- C:\Windows\System32\nvapps.xml
[2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/03 17:31:57 | 000,034,304 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokol.doc
[2010/11/03 12:53:23 | 000,027,648 | ---- | M] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc
[7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/24 13:09:39 | 000,364,032 | ---- | C] () -- C:\Users\Bach Mai\Desktop\rkill.com
[2010/11/24 12:48:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010/11/24 12:48:14 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\iExplorer.lnk
[2010/11/24 11:42:01 | 000,000,162 | -H-- | C] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc
[2010/11/22 11:29:47 | 000,049,664 | ---- | C] () -- C:\Windows\System32\mjjoarle.dll
[2010/11/19 16:16:52 | 000,001,742 | ---- | C] () -- C:\Windows\lsrslt.ini
[2010/11/19 16:02:49 | 000,000,010 | ---- | C] () -- C:\Users\Bach Mai\AppData\Roaming\install
[2010/11/19 15:57:59 | 000,030,000 | ---- | C] () -- C:\Windows\System32\gj9r2o.dll
[2010/11/19 15:56:49 | 000,763,904 | ---- | C] () -- C:\Windows\System32\drivers\yfecbo.sys
[2010/11/15 11:50:55 | 000,706,560 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc
[2010/11/12 15:00:48 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2010/11/11 14:54:04 | 000,001,088 | ---- | C] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk
[2010/11/11 14:54:04 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk
[2010/11/10 12:12:50 | 000,047,616 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc
[2010/11/10 11:26:03 | 000,027,136 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc
[2010/11/08 13:11:48 | 000,092,899 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf
[2010/11/03 17:31:57 | 000,034,304 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokol.doc
[2010/11/03 12:53:23 | 000,027,648 | ---- | C] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc
[2010/10/28 16:27:12 | 197,520,340 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/04 07:06:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll
[2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll
[2009/07/14 00:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll
[2006/05/12 07:23:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll
[2006/02/18 17:37:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2005/05/06 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll
[2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll

========== LOP Check ==========

[2010/11/19 16:05:05 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3
[2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg
[2010/11/24 11:59:58 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Arwie
[2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa
[2010/11/24 11:55:10 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe
[2010/11/24 11:54:28 | 000,020,268 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< etsvcs >

< %ALLUSERSPROFILE%Application Data. >
[2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data

< %ALLUSERSPROFILE%Application Data.exe s >

< %APPDATA%. >

< %APPDATA%.exe s >

< %SYSTEMDRIVE%.exe >

< md5start >

< userinit.exe >

< eventlog.dll >

< scecli.dll >

< netlogon.dll >

< cngaudit.dll >

< ws2ifsl.sys >

< sceclt.dll >

< ntelogon.dll >

< winlogon.exe >

< logevent.dll >

< user32.DLL >

< explorer.exe >

< iaStor.sys >

< nvstor.sys >

< atapi.sys >

< IdeChnDr.sys >

< viasraid.sys >

< AGP440.sys >

< vaxscsi.sys >

< nvatabus.sys >

< viamraid.sys >

< nvata.sys >

< nvgts.sys >

< iastorv.sys >

< ViPrt.sys >

< eNetHook.dll >

< ahcix86.sys >

< KR10N.sys >

< nvstor32.sys >

< ahcix86s.sys >

< md5stop >

< %systemroot%system32drivers.sys lockedfiles >

< %systemroot%System32config.sav >

< %systemroot%. mp s >

< %systemroot%system32.dll lockedfiles >

< End of report >
__________________
 

Themen zu Vriusbefall - Internetzugang nicht möglich! Was tun?
andere, anderen, anti, antimalware, antivirus, eingefangen, explorer, geladen, gen, interne, internetzugang, laptop, malware, nicht mehr, nicht möglich, programm, programme, rkill.com, skype, stick, super, usb, usb stick, versucht, virus, was tun, was tun?, wirklich, zugang


« BKA Trojaner Entfernung hat nicht geklappt | Sparkasse TAN Trojaner »


Ähnliche Themen: Vriusbefall - Internetzugang nicht möglich! Was tun?


  1. Kein Direktes aufrufen von Gooogle möglich, weiterleiten auf unbekannte Seiten, FRST Download nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 04.08.2015 (24)
  2. Internetzugang funktioniert nicht immer
    Log-Analyse und Auswertung - 30.03.2015 (14)
  3. Herunterfahren nicht möglich, Versuch über "ausführen" legt alles lahm, nun keine Aktionen mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 10.02.2015 (13)
  4. Nach Virenscan mit Malwarebytes kein Internetzugang möglich
    Alles rund um Windows - 04.04.2014 (5)
  5. GUV-Trojaner; Start in abgesichertem Modus nicht möglich; Start von FRST nicht möglich
    Log-Analyse und Auswertung - 20.12.2013 (1)
  6. weisser Bildschirm, CD/DVD nicht möglich, abgesicherter Modus nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 19.11.2013 (3)
  7. GVU Trojaner – Booten von CD und USB nicht möglich, abgesicherter Modus nur mit Eingabeaufforderung möglich
    Log-Analyse und Auswertung - 06.07.2013 (39)
  8. Virus: Updates nicht möglich und Installation von Malwarebytes Anti-Malware 1.70 nicht möglich
    Plagegeister aller Art und deren Bekämpfung - 17.02.2013 (10)
  9. Win Vista Installationen nicht möglich, Registry wird nicht gefunden, Systemprogramme angeblich nicht vorhanden
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (5)
  10. Scrollen nicht mehr möglich/Google Chrome Rechtsklick nicht mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 03.04.2012 (13)
  11. Firewall Vista funktioniert nicht, kein Internetzugang, Trojaner?
    Plagegeister aller Art und deren Bekämpfung - 06.01.2012 (64)
  12. Kein Internetzugang oder Zugriff auf Router mehr möglich
    Plagegeister aller Art und deren Bekämpfung - 12.12.2011 (22)
  13. WLAN; Router wird erkannt, Internetzugang funzt nicht!
    Log-Analyse und Auswertung - 15.05.2010 (1)
  14. Trojaner auf Festplatte, Internetzugang funktioniert nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 10.02.2010 (3)
  15. Internetzugang funktioniert nicht
    Alles rund um Windows - 09.03.2008 (0)
  16. mobile datenkarte (f. internetzugang) funkt. auf usb1.1. port nicht (spannungsprob.?)
    Alles rund um Windows - 29.09.2007 (4)
  17. Nach Anti-Vir-Update kein Internetzugang mehr & Rechner fährt nicht runter
    Antiviren-, Firewall- und andere Schutzprogramme - 03.02.2006 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Vriusbefall - Internetzugang nicht möglich! Was tun? - Hi Danke!! Hier der Post otl:OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 11/24/2010 6:57:51 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = - Vriusbefall - Internetzugang nicht möglich! Was tun?...
Archiv
Du betrachtest: Vriusbefall - Internetzugang nicht möglich! Was tun? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131