| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Vriusbefall - Internetzugang nicht möglich! Was tun?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
24.11.2010, 18:22
| #1 |
 |  Vriusbefall - Internetzugang nicht möglich! Was tun? Hallo Mein Laptop hat sich einen Virus "eingefangen". Jetzt kann ich nicht mehr ins Internet. Der Name des Virus ist "Anti Malware Doctor". Zuerst habe ich rkill.com und Malewarebytes Antimalware runtergeladen und per USB auf den LapTop geladen. Ich habe dem Programm auch einen neuen Namen gegeben. Dann habe ich einen Scan durchgeführt. Als ich fertig war habe ich den LapTOp neugestartet. Der Virus ist aber immer noch da. Alle anderen Programme wie Word, sogar Skype mit Internet kann ich verwenden. Den Explorer kann ich aber nicht öffnen. Hat jemand eine Idee was ich tin kann? Das wäre wirklich super! Vielen Dank schon im voraus. Simon Geändert von pumba83 (24.11.2010 um 18:35 Uhr) Grund: weitere Info |
|
24.11.2010, 18:25
| #2 |
| /// Malware-holic   |  Vriusbefall - Internetzugang nicht möglich! Was tun? ootl:
__________________Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt ziehe die auf deinen stick, poste die. das Malwarebytes log auch, zu finden unter malwarebytes, logdateien.
__________________ |
|
24.11.2010, 19:03
| #3 |
| | Vriusbefall - Internetzugang nicht möglich! Was tun? Hi
__________________Danke!! Hier der Post otl:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11/24/2010 6:57:51 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Bach Mai\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 506.00 Mb Available Physical Memory | 50.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 57.18 Gb Total Space | 43.12 Gb Free Space | 75.42% Space Free | Partition Type: NTFS Drive D: | 48.83 Gb Total Space | 37.82 Gb Free Space | 77.46% Space Free | Partition Type: NTFS Drive E: | 977.69 Mb Total Space | 15.97 Mb Free Space | 1.63% Space Free | Partition Type: FAT Computer Name: BACHMAI-PC | User Name: Bach Mai | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (cmcis) -- C:\Program Files\CMC\Antivirus\cmccore.exe File not found SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe File not found SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe () ========== Driver Services (SafeList) ========== DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (BTKRNL) -- C:\Windows\System32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\Windows\System32\drivers\btwusb.sys (Broadcom Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 E1 DB 9E EB 6E CB 01 [binary data] IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370 O1 HOSTS File: ([2010/11/18 11:23:23 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Vietkey] C:\Vietkey\vknt.exe () O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [CMC Internet Security] C:\Program Files\CMC\Antivirus\CMCTrayIcon.exe File not found O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [UniKey] C:\Users\Bach Mai\Downloads\unikey32\UniKeyNT.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29 - HKLM SecurityProviders - (mjjoarle.dll) - C:\Windows\System32\mjjoarle.dll () O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/02/21 14:57:48 | 000,000,180 | RHS- | M] () - E:\autorun.inf.bak -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/24 18:42:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe [2010/11/24 18:35:03 | 000,000,000 | -H-D | C] -- C:\Windows\PIF [2010/11/24 13:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/24 12:48:19 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Local\Mozilla [2010/11/24 12:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Arwie [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa [2010/11/19 15:55:54 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3 [2010/11/18 10:31:04 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Malwarebytes [2010/11/18 10:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/11/18 09:32:46 | 000,565,248 | ---- | C] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx [2010/11/17 20:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010/11/16 15:24:00 | 000,000,000 | ---D | C] -- C:\Vietkey [2010/11/14 11:49:52 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\home [2010/11/12 15:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010/11/11 14:58:49 | 000,000,000 | -H-D | C] -- C:\Users\Bach Mai\Desktop\.picasaoriginals [2010/11/08 18:04:37 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\CyberLink [2010/11/08 12:30:11 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\.freemind [2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic_Deutsch [2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010/11/07 21:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010/10/28 16:27:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010/10/27 09:41:06 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\VIE7576 [7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/24 18:58:48 | 000,618,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/11/24 18:58:48 | 000,104,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/11/24 18:58:40 | 000,763,904 | ---- | M] () -- C:\Windows\System32\drivers\yfecbo.sys [2010/11/24 18:53:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/11/24 18:53:28 | 803,811,328 | -HS- | M] () -- C:\hiberfil.sys [2010/11/24 18:39:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe [2010/11/24 18:02:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/11/24 17:45:37 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010/11/24 17:45:31 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/11/24 13:09:44 | 000,364,032 | ---- | M] () -- C:\Users\Bach Mai\Desktop\rkill.com [2010/11/24 12:48:22 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010/11/24 12:48:14 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\iExplorer.lnk [2010/11/24 11:55:52 | 197,520,340 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/11/24 11:42:01 | 000,000,162 | -H-- | M] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc [2010/11/22 11:29:47 | 000,049,664 | ---- | M] () -- C:\Windows\System32\mjjoarle.dll [2010/11/19 16:16:52 | 000,001,742 | ---- | M] () -- C:\Windows\lsrslt.ini [2010/11/19 16:02:49 | 000,000,010 | ---- | M] () -- C:\Users\Bach Mai\AppData\Roaming\install [2010/11/19 15:57:59 | 000,030,000 | ---- | M] () -- C:\Windows\System32\gj9r2o.dll [2010/11/18 11:23:23 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/11/18 09:32:46 | 000,565,248 | ---- | M] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx [2010/11/15 11:50:56 | 000,706,560 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc [2010/11/12 15:00:48 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/11/11 14:54:04 | 000,001,088 | ---- | M] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2010/11/11 14:54:04 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/11/10 15:41:22 | 000,027,136 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc [2010/11/10 12:12:51 | 000,047,616 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc [2010/11/08 13:11:49 | 000,092,899 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf [2010/11/07 21:40:06 | 000,087,036 | ---- | M] () -- C:\Windows\System32\nvapps.xml [2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/11/03 17:31:57 | 000,034,304 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokol.doc [2010/11/03 12:53:23 | 000,027,648 | ---- | M] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc [7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/24 13:09:39 | 000,364,032 | ---- | C] () -- C:\Users\Bach Mai\Desktop\rkill.com [2010/11/24 12:48:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/11/24 12:48:14 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\iExplorer.lnk [2010/11/24 11:42:01 | 000,000,162 | -H-- | C] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc [2010/11/22 11:29:47 | 000,049,664 | ---- | C] () -- C:\Windows\System32\mjjoarle.dll [2010/11/19 16:16:52 | 000,001,742 | ---- | C] () -- C:\Windows\lsrslt.ini [2010/11/19 16:02:49 | 000,000,010 | ---- | C] () -- C:\Users\Bach Mai\AppData\Roaming\install [2010/11/19 15:57:59 | 000,030,000 | ---- | C] () -- C:\Windows\System32\gj9r2o.dll [2010/11/19 15:56:49 | 000,763,904 | ---- | C] () -- C:\Windows\System32\drivers\yfecbo.sys [2010/11/15 11:50:55 | 000,706,560 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc [2010/11/12 15:00:48 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/11/11 14:54:04 | 000,001,088 | ---- | C] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2010/11/11 14:54:04 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/11/10 12:12:50 | 000,047,616 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc [2010/11/10 11:26:03 | 000,027,136 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc [2010/11/08 13:11:48 | 000,092,899 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf [2010/11/03 17:31:57 | 000,034,304 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokol.doc [2010/11/03 12:53:23 | 000,027,648 | ---- | C] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc [2010/10/28 16:27:12 | 197,520,340 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/10/04 07:06:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/07/14 00:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll [2006/05/12 07:23:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll [2006/02/18 17:37:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005/05/06 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010/11/19 16:05:05 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3 [2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg [2010/11/24 11:59:58 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Arwie [2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa [2010/11/24 11:55:10 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe [2010/11/24 11:54:28 | 000,020,268 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < etsvcs > < %ALLUSERSPROFILE%Application Data. > [2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data < %ALLUSERSPROFILE%Application Data.exe s > < %APPDATA%. > < %APPDATA%.exe s > < %SYSTEMDRIVE%.exe > < md5start > < userinit.exe > < eventlog.dll > < scecli.dll > < netlogon.dll > < cngaudit.dll > < ws2ifsl.sys > < sceclt.dll > < ntelogon.dll > < winlogon.exe > < logevent.dll > < user32.DLL > < explorer.exe > < iaStor.sys > < nvstor.sys > < atapi.sys > < IdeChnDr.sys > < viasraid.sys > < AGP440.sys > < vaxscsi.sys > < nvatabus.sys > < viamraid.sys > < nvata.sys > < nvgts.sys > < iastorv.sys > < ViPrt.sys > < eNetHook.dll > < ahcix86.sys > < KR10N.sys > < nvstor32.sys > < ahcix86s.sys > < md5stop > < %systemroot%system32drivers.sys lockedfiles > < %systemroot%System32config.sav > < %systemroot%. mp s > < %systemroot%system32.dll lockedfiles > < End of report > PRC - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (cmcis) -- C:\Program Files\CMC\Antivirus\cmccore.exe File not found SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe File not found SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe () ========== Driver Services (SafeList) ========== DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (BTKRNL) -- C:\Windows\System32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\Windows\System32\drivers\btwusb.sys (Broadcom Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 E1 DB 9E EB 6E CB 01 [binary data] IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370 O1 HOSTS File: ([2010/11/18 11:23:23 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Vietkey] C:\Vietkey\vknt.exe () O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [CMC Internet Security] C:\Program Files\CMC\Antivirus\CMCTrayIcon.exe File not found O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [UniKey] C:\Users\Bach Mai\Downloads\unikey32\UniKeyNT.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29 - HKLM SecurityProviders - (mjjoarle.dll) - C:\Windows\System32\mjjoarle.dll () O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/02/21 14:57:48 | 000,000,180 | RHS- | M] () - E:\autorun.inf.bak -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/24 18:42:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe [2010/11/24 18:35:03 | 000,000,000 | -H-D | C] -- C:\Windows\PIF [2010/11/24 13:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/24 12:48:19 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Local\Mozilla [2010/11/24 12:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Arwie [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa [2010/11/19 15:55:54 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3 [2010/11/18 10:31:04 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Malwarebytes [2010/11/18 10:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/11/18 09:32:46 | 000,565,248 | ---- | C] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx [2010/11/17 20:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010/11/16 15:24:00 | 000,000,000 | ---D | C] -- C:\Vietkey [2010/11/14 11:49:52 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\home [2010/11/12 15:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010/11/11 14:58:49 | 000,000,000 | -H-D | C] -- C:\Users\Bach Mai\Desktop\.picasaoriginals [2010/11/08 18:04:37 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\CyberLink [2010/11/08 12:30:11 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\.freemind [2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic_Deutsch [2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010/11/07 21:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010/10/28 16:27:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010/10/27 09:41:06 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\VIE7576 [7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/24 18:59:35 | 000,763,904 | ---- | M] () -- C:\Windows\System32\drivers\yfecbo.sys [2010/11/24 18:58:48 | 000,618,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/11/24 18:58:48 | 000,104,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/11/24 18:53:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/11/24 18:53:28 | 803,811,328 | -HS- | M] () -- C:\hiberfil.sys [2010/11/24 18:39:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe [2010/11/24 18:02:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/11/24 17:45:37 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010/11/24 17:45:31 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/11/24 13:09:44 | 000,364,032 | ---- | M] () -- C:\Users\Bach Mai\Desktop\rkill.com [2010/11/24 12:48:22 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010/11/24 12:48:14 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\iExplorer.lnk [2010/11/24 11:55:52 | 197,520,340 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/11/24 11:42:01 | 000,000,162 | -H-- | M] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc [2010/11/22 11:29:47 | 000,049,664 | ---- | M] () -- C:\Windows\System32\mjjoarle.dll [2010/11/19 16:16:52 | 000,001,742 | ---- | M] () -- C:\Windows\lsrslt.ini [2010/11/19 16:02:49 | 000,000,010 | ---- | M] () -- C:\Users\Bach Mai\AppData\Roaming\install [2010/11/19 15:57:59 | 000,030,000 | ---- | M] () -- C:\Windows\System32\gj9r2o.dll [2010/11/18 11:23:23 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/11/18 09:32:46 | 000,565,248 | ---- | M] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx [2010/11/15 11:50:56 | 000,706,560 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc [2010/11/12 15:00:48 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/11/11 14:54:04 | 000,001,088 | ---- | M] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2010/11/11 14:54:04 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/11/10 15:41:22 | 000,027,136 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc [2010/11/10 12:12:51 | 000,047,616 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc [2010/11/08 13:11:49 | 000,092,899 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf [2010/11/07 21:40:06 | 000,087,036 | ---- | M] () -- C:\Windows\System32\nvapps.xml [2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/11/03 17:31:57 | 000,034,304 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokol.doc [2010/11/03 12:53:23 | 000,027,648 | ---- | M] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc [7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/24 13:09:39 | 000,364,032 | ---- | C] () -- C:\Users\Bach Mai\Desktop\rkill.com [2010/11/24 12:48:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/11/24 12:48:14 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\iExplorer.lnk [2010/11/24 11:42:01 | 000,000,162 | -H-- | C] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc [2010/11/22 11:29:47 | 000,049,664 | ---- | C] () -- C:\Windows\System32\mjjoarle.dll [2010/11/19 16:16:52 | 000,001,742 | ---- | C] () -- C:\Windows\lsrslt.ini [2010/11/19 16:02:49 | 000,000,010 | ---- | C] () -- C:\Users\Bach Mai\AppData\Roaming\install [2010/11/19 15:57:59 | 000,030,000 | ---- | C] () -- C:\Windows\System32\gj9r2o.dll [2010/11/19 15:56:49 | 000,763,904 | ---- | C] () -- C:\Windows\System32\drivers\yfecbo.sys [2010/11/15 11:50:55 | 000,706,560 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc [2010/11/12 15:00:48 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/11/11 14:54:04 | 000,001,088 | ---- | C] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2010/11/11 14:54:04 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/11/10 12:12:50 | 000,047,616 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc [2010/11/10 11:26:03 | 000,027,136 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc [2010/11/08 13:11:48 | 000,092,899 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf [2010/11/03 17:31:57 | 000,034,304 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokol.doc [2010/11/03 12:53:23 | 000,027,648 | ---- | C] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc [2010/10/28 16:27:12 | 197,520,340 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/10/04 07:06:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/07/14 00:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll [2006/05/12 07:23:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll [2006/02/18 17:37:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005/05/06 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010/11/19 16:05:05 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3 [2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg [2010/11/24 11:59:58 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Arwie [2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa [2010/11/24 11:55:10 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe [2010/11/24 11:54:28 | 000,020,268 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < etsvcs > < %ALLUSERSPROFILE%Application Data. > [2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data < %ALLUSERSPROFILE%Application Data.exe s > < %APPDATA%. > < %APPDATA%.exe s > < %SYSTEMDRIVE%.exe > < md5start > < userinit.exe > < eventlog.dll > < scecli.dll > < netlogon.dll > < cngaudit.dll > < ws2ifsl.sys > < sceclt.dll > < ntelogon.dll > < winlogon.exe > < logevent.dll > < user32.DLL > < explorer.exe > < iaStor.sys > < nvstor.sys > < atapi.sys > < IdeChnDr.sys > < viasraid.sys > < AGP440.sys > < vaxscsi.sys > < nvatabus.sys > < viamraid.sys > < nvata.sys > < nvgts.sys > < iastorv.sys > < ViPrt.sys > < eNetHook.dll > < ahcix86.sys > < KR10N.sys > < nvstor32.sys > < ahcix86s.sys > < md5stop > < %systemroot%system32drivers.sys lockedfiles > < %systemroot%System32config.sav > < %systemroot%. mp s > < %systemroot%system32.dll lockedfiles > < End of report > |
|
24.11.2010, 19:04
| #4 |
| | Vriusbefall - Internetzugang nicht möglich! Was tun? Hi Danke!! Hier der Post otl:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11/24/2010 6:57:51 PM - Run 1 OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Bach Mai\Desktop Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1,022.00 Mb Total Physical Memory | 506.00 Mb Available Physical Memory | 50.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 57.18 Gb Total Space | 43.12 Gb Free Space | 75.42% Space Free | Partition Type: NTFS Drive D: | 48.83 Gb Total Space | 37.82 Gb Free Space | 77.46% Space Free | Partition Type: NTFS Drive E: | 977.69 Mb Total Space | 15.97 Mb Free Space | 1.63% Space Free | Partition Type: FAT Computer Name: BACHMAI-PC | User Name: Bach Mai | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (cmcis) -- C:\Program Files\CMC\Antivirus\cmccore.exe File not found SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe File not found SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe () ========== Driver Services (SafeList) ========== DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (BTKRNL) -- C:\Windows\System32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\Windows\System32\drivers\btwusb.sys (Broadcom Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 E1 DB 9E EB 6E CB 01 [binary data] IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370 O1 HOSTS File: ([2010/11/18 11:23:23 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Vietkey] C:\Vietkey\vknt.exe () O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [CMC Internet Security] C:\Program Files\CMC\Antivirus\CMCTrayIcon.exe File not found O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [UniKey] C:\Users\Bach Mai\Downloads\unikey32\UniKeyNT.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29 - HKLM SecurityProviders - (mjjoarle.dll) - C:\Windows\System32\mjjoarle.dll () O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/02/21 14:57:48 | 000,000,180 | RHS- | M] () - E:\autorun.inf.bak -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/24 18:42:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe [2010/11/24 18:35:03 | 000,000,000 | -H-D | C] -- C:\Windows\PIF [2010/11/24 13:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/24 12:48:19 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Local\Mozilla [2010/11/24 12:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Arwie [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa [2010/11/19 15:55:54 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3 [2010/11/18 10:31:04 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Malwarebytes [2010/11/18 10:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/11/18 09:32:46 | 000,565,248 | ---- | C] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx [2010/11/17 20:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010/11/16 15:24:00 | 000,000,000 | ---D | C] -- C:\Vietkey [2010/11/14 11:49:52 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\home [2010/11/12 15:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010/11/11 14:58:49 | 000,000,000 | -H-D | C] -- C:\Users\Bach Mai\Desktop\.picasaoriginals [2010/11/08 18:04:37 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\CyberLink [2010/11/08 12:30:11 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\.freemind [2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic_Deutsch [2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010/11/07 21:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010/10/28 16:27:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010/10/27 09:41:06 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\VIE7576 [7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/24 18:58:48 | 000,618,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/11/24 18:58:48 | 000,104,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/11/24 18:58:40 | 000,763,904 | ---- | M] () -- C:\Windows\System32\drivers\yfecbo.sys [2010/11/24 18:53:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/11/24 18:53:28 | 803,811,328 | -HS- | M] () -- C:\hiberfil.sys [2010/11/24 18:39:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe [2010/11/24 18:02:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/11/24 17:45:37 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010/11/24 17:45:31 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/11/24 13:09:44 | 000,364,032 | ---- | M] () -- C:\Users\Bach Mai\Desktop\rkill.com [2010/11/24 12:48:22 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010/11/24 12:48:14 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\iExplorer.lnk [2010/11/24 11:55:52 | 197,520,340 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/11/24 11:42:01 | 000,000,162 | -H-- | M] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc [2010/11/22 11:29:47 | 000,049,664 | ---- | M] () -- C:\Windows\System32\mjjoarle.dll [2010/11/19 16:16:52 | 000,001,742 | ---- | M] () -- C:\Windows\lsrslt.ini [2010/11/19 16:02:49 | 000,000,010 | ---- | M] () -- C:\Users\Bach Mai\AppData\Roaming\install [2010/11/19 15:57:59 | 000,030,000 | ---- | M] () -- C:\Windows\System32\gj9r2o.dll [2010/11/18 11:23:23 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/11/18 09:32:46 | 000,565,248 | ---- | M] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx [2010/11/15 11:50:56 | 000,706,560 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc [2010/11/12 15:00:48 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/11/11 14:54:04 | 000,001,088 | ---- | M] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2010/11/11 14:54:04 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/11/10 15:41:22 | 000,027,136 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc [2010/11/10 12:12:51 | 000,047,616 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc [2010/11/08 13:11:49 | 000,092,899 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf [2010/11/07 21:40:06 | 000,087,036 | ---- | M] () -- C:\Windows\System32\nvapps.xml [2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/11/03 17:31:57 | 000,034,304 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokol.doc [2010/11/03 12:53:23 | 000,027,648 | ---- | M] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc [7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/24 13:09:39 | 000,364,032 | ---- | C] () -- C:\Users\Bach Mai\Desktop\rkill.com [2010/11/24 12:48:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/11/24 12:48:14 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\iExplorer.lnk [2010/11/24 11:42:01 | 000,000,162 | -H-- | C] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc [2010/11/22 11:29:47 | 000,049,664 | ---- | C] () -- C:\Windows\System32\mjjoarle.dll [2010/11/19 16:16:52 | 000,001,742 | ---- | C] () -- C:\Windows\lsrslt.ini [2010/11/19 16:02:49 | 000,000,010 | ---- | C] () -- C:\Users\Bach Mai\AppData\Roaming\install [2010/11/19 15:57:59 | 000,030,000 | ---- | C] () -- C:\Windows\System32\gj9r2o.dll [2010/11/19 15:56:49 | 000,763,904 | ---- | C] () -- C:\Windows\System32\drivers\yfecbo.sys [2010/11/15 11:50:55 | 000,706,560 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc [2010/11/12 15:00:48 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/11/11 14:54:04 | 000,001,088 | ---- | C] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2010/11/11 14:54:04 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/11/10 12:12:50 | 000,047,616 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc [2010/11/10 11:26:03 | 000,027,136 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc [2010/11/08 13:11:48 | 000,092,899 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf [2010/11/03 17:31:57 | 000,034,304 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokol.doc [2010/11/03 12:53:23 | 000,027,648 | ---- | C] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc [2010/10/28 16:27:12 | 197,520,340 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/10/04 07:06:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/07/14 00:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll [2006/05/12 07:23:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll [2006/02/18 17:37:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005/05/06 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010/11/19 16:05:05 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3 [2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg [2010/11/24 11:59:58 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Arwie [2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa [2010/11/24 11:55:10 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe [2010/11/24 11:54:28 | 000,020,268 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < etsvcs > < %ALLUSERSPROFILE%Application Data. > [2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data < %ALLUSERSPROFILE%Application Data.exe s > < %APPDATA%. > < %APPDATA%.exe s > < %SYSTEMDRIVE%.exe > < md5start > < userinit.exe > < eventlog.dll > < scecli.dll > < netlogon.dll > < cngaudit.dll > < ws2ifsl.sys > < sceclt.dll > < ntelogon.dll > < winlogon.exe > < logevent.dll > < user32.DLL > < explorer.exe > < iaStor.sys > < nvstor.sys > < atapi.sys > < IdeChnDr.sys > < viasraid.sys > < AGP440.sys > < vaxscsi.sys > < nvatabus.sys > < viamraid.sys > < nvata.sys > < nvgts.sys > < iastorv.sys > < ViPrt.sys > < eNetHook.dll > < ahcix86.sys > < KR10N.sys > < nvstor32.sys > < ahcix86s.sys > < md5stop > < %systemroot%system32drivers.sys lockedfiles > < %systemroot%System32config.sav > < %systemroot%. mp s > < %systemroot%system32.dll lockedfiles > < End of report > PRC - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (cmcis) -- C:\Program Files\CMC\Antivirus\cmccore.exe File not found SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe File not found SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe () ========== Driver Services (SafeList) ========== DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (BTKRNL) -- C:\Windows\System32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\Windows\System32\drivers\btwusb.sys (Broadcom Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 E1 DB 9E EB 6E CB 01 [binary data] IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370 O1 HOSTS File: ([2010/11/18 11:23:23 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Vietkey] C:\Vietkey\vknt.exe () O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [CMC Internet Security] C:\Program Files\CMC\Antivirus\CMCTrayIcon.exe File not found O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [UniKey] C:\Users\Bach Mai\Downloads\unikey32\UniKeyNT.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29 - HKLM SecurityProviders - (mjjoarle.dll) - C:\Windows\System32\mjjoarle.dll () O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/02/21 14:57:48 | 000,000,180 | RHS- | M] () - E:\autorun.inf.bak -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/24 18:42:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe [2010/11/24 18:35:03 | 000,000,000 | -H-D | C] -- C:\Windows\PIF [2010/11/24 13:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/24 12:48:19 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Local\Mozilla [2010/11/24 12:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Arwie [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa [2010/11/19 15:55:54 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3 [2010/11/18 10:31:04 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Malwarebytes [2010/11/18 10:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/11/18 09:32:46 | 000,565,248 | ---- | C] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx [2010/11/17 20:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010/11/16 15:24:00 | 000,000,000 | ---D | C] -- C:\Vietkey [2010/11/14 11:49:52 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\home [2010/11/12 15:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010/11/11 14:58:49 | 000,000,000 | -H-D | C] -- C:\Users\Bach Mai\Desktop\.picasaoriginals [2010/11/08 18:04:37 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\CyberLink [2010/11/08 12:30:11 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\.freemind [2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic_Deutsch [2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010/11/07 21:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010/10/28 16:27:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010/10/27 09:41:06 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\VIE7576 [7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/24 18:59:35 | 000,763,904 | ---- | M] () -- C:\Windows\System32\drivers\yfecbo.sys [2010/11/24 18:58:48 | 000,618,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/11/24 18:58:48 | 000,104,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/11/24 18:53:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/11/24 18:53:28 | 803,811,328 | -HS- | M] () -- C:\hiberfil.sys [2010/11/24 18:39:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe [2010/11/24 18:02:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/11/24 17:45:37 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010/11/24 17:45:31 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/11/24 13:09:44 | 000,364,032 | ---- | M] () -- C:\Users\Bach Mai\Desktop\rkill.com [2010/11/24 12:48:22 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010/11/24 12:48:14 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\iExplorer.lnk [2010/11/24 11:55:52 | 197,520,340 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/11/24 11:42:01 | 000,000,162 | -H-- | M] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc [2010/11/22 11:29:47 | 000,049,664 | ---- | M] () -- C:\Windows\System32\mjjoarle.dll [2010/11/19 16:16:52 | 000,001,742 | ---- | M] () -- C:\Windows\lsrslt.ini [2010/11/19 16:02:49 | 000,000,010 | ---- | M] () -- C:\Users\Bach Mai\AppData\Roaming\install [2010/11/19 15:57:59 | 000,030,000 | ---- | M] () -- C:\Windows\System32\gj9r2o.dll [2010/11/18 11:23:23 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/11/18 09:32:46 | 000,565,248 | ---- | M] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx [2010/11/15 11:50:56 | 000,706,560 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc [2010/11/12 15:00:48 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/11/11 14:54:04 | 000,001,088 | ---- | M] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2010/11/11 14:54:04 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/11/10 15:41:22 | 000,027,136 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc [2010/11/10 12:12:51 | 000,047,616 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc [2010/11/08 13:11:49 | 000,092,899 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf [2010/11/07 21:40:06 | 000,087,036 | ---- | M] () -- C:\Windows\System32\nvapps.xml [2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/11/03 17:31:57 | 000,034,304 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokol.doc [2010/11/03 12:53:23 | 000,027,648 | ---- | M] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc [7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/24 13:09:39 | 000,364,032 | ---- | C] () -- C:\Users\Bach Mai\Desktop\rkill.com [2010/11/24 12:48:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/11/24 12:48:14 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\iExplorer.lnk [2010/11/24 11:42:01 | 000,000,162 | -H-- | C] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc [2010/11/22 11:29:47 | 000,049,664 | ---- | C] () -- C:\Windows\System32\mjjoarle.dll [2010/11/19 16:16:52 | 000,001,742 | ---- | C] () -- C:\Windows\lsrslt.ini [2010/11/19 16:02:49 | 000,000,010 | ---- | C] () -- C:\Users\Bach Mai\AppData\Roaming\install [2010/11/19 15:57:59 | 000,030,000 | ---- | C] () -- C:\Windows\System32\gj9r2o.dll [2010/11/19 15:56:49 | 000,763,904 | ---- | C] () -- C:\Windows\System32\drivers\yfecbo.sys [2010/11/15 11:50:55 | 000,706,560 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc [2010/11/12 15:00:48 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/11/11 14:54:04 | 000,001,088 | ---- | C] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2010/11/11 14:54:04 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/11/10 12:12:50 | 000,047,616 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc [2010/11/10 11:26:03 | 000,027,136 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc [2010/11/08 13:11:48 | 000,092,899 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf [2010/11/03 17:31:57 | 000,034,304 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokol.doc [2010/11/03 12:53:23 | 000,027,648 | ---- | C] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc [2010/10/28 16:27:12 | 197,520,340 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/10/04 07:06:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/07/14 00:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll [2006/05/12 07:23:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll [2006/02/18 17:37:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005/05/06 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010/11/19 16:05:05 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3 [2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg [2010/11/24 11:59:58 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Arwie [2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa [2010/11/24 11:55:10 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe [2010/11/24 11:54:28 | 000,020,268 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < etsvcs > < %ALLUSERSPROFILE%Application Data. > [2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data < %ALLUSERSPROFILE%Application Data.exe s > < %APPDATA%. > < %APPDATA%.exe s > < %SYSTEMDRIVE%.exe > < md5start > < userinit.exe > < eventlog.dll > < scecli.dll > < netlogon.dll > < cngaudit.dll > < ws2ifsl.sys > < sceclt.dll > < ntelogon.dll > < winlogon.exe > < logevent.dll > < user32.DLL > < explorer.exe > < iaStor.sys > < nvstor.sys > < atapi.sys > < IdeChnDr.sys > < viasraid.sys > < AGP440.sys > < vaxscsi.sys > < nvatabus.sys > < viamraid.sys > < nvata.sys > < nvgts.sys > < iastorv.sys > < ViPrt.sys > < eNetHook.dll > < ahcix86.sys > < KR10N.sys > < nvstor32.sys > < ahcix86s.sys > < md5stop > < %systemroot%system32drivers.sys lockedfiles > < %systemroot%System32config.sav > < %systemroot%. mp s > < %systemroot%system32.dll lockedfiles > < End of report > |
|
24.11.2010, 19:05
| #5 |
| | Vriusbefall - Internetzugang nicht möglich! Was tun? und hier EXTRAOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 11/24/2010 6:57:51 PM - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Users\Bach Mai\Desktop
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1,022.00 Mb Total Physical Memory | 506.00 Mb Available Physical Memory | 50.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 57.18 Gb Total Space | 43.12 Gb Free Space | 75.42% Space Free | Partition Type: NTFS
Drive D: | 48.83 Gb Total Space | 37.82 Gb Free Space | 77.46% Space Free | Partition Type: NTFS
Drive E: | 977.69 Mb Total Space | 15.97 Mb Free Space | 1.63% Space Free | Partition Type: FAT
Computer Name: BACHMAI-PC | User Name: Bach Mai | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 1
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"$NtUninstallMTF197$" = Street-Ads Browser Enhancer
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology
"{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.1.00.01A
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00006
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"LAC VIET mtd2002-EVA_is1" = Uninstall LAC VIET mtd2002-EVA
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"vShare" = vShare Plugin
"WinRAR archiver" = WinRAR archiver
"Yahoo! Messenger" = Yahoo! Messenger
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 11/24/2010 7:46:58 AM | Computer Name = BachMai-PC | Source = MsiInstaller | ID = 11935
Description =
Error - 11/24/2010 7:51:44 AM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 11/24/2010 7:58:58 AM | Computer Name = BachMai-PC | Source = MsiInstaller | ID = 11935
Description =
Error - 11/24/2010 8:11:45 AM | Computer Name = BachMai-PC | Source = Application Error | ID = 1000
Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time
stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception
code: 0xc0000005 Fault offset: 0x07ce7fc8 Faulting process id: 0x35c Faulting application
start time: 0x01cb8bcdf1566d0e Faulting application path: C:\Windows\system32\svchost.exe
Faulting
module path: unknown Report Id: 00b65411-f7c4-11df-a0ba-0016d3997f26
Error - 11/24/2010 8:48:06 AM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 11/24/2010 8:51:06 AM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 11/24/2010 8:58:42 AM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 11/24/2010 12:45:25 PM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 11/24/2010 1:34:09 PM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
Error - 11/24/2010 1:54:05 PM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103
Description = Windows license activation failed. Error 0x80070005.
[ System Events ]
Error - 11/24/2010 1:54:22 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/24/2010 1:54:22 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/24/2010 1:54:24 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/24/2010 1:54:24 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/24/2010 1:54:24 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/24/2010 1:54:34 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/24/2010 1:54:34 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/24/2010 1:54:34 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/24/2010 1:56:30 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
Error - 11/24/2010 1:56:30 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001
Description = The Computer Browser service depends on the Server service which failed
to start because of the following error: %%1068
< End of report >
========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "$NtUninstallMTF197$" = Street-Ads Browser Enhancer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.1.00.01A "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00006 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "LAC VIET mtd2002-EVA_is1" = Uninstall LAC VIET mtd2002-EVA "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English) "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar "SynTPDeinstKey" = Synaptics Pointing Device Driver "vShare" = vShare Plugin "WinRAR archiver" = WinRAR archiver "Yahoo! Messenger" = Yahoo! Messenger ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/24/2010 7:46:58 AM | Computer Name = BachMai-PC | Source = MsiInstaller | ID = 11935 Description = Error - 11/24/2010 7:51:44 AM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 11/24/2010 7:58:58 AM | Computer Name = BachMai-PC | Source = MsiInstaller | ID = 11935 Description = Error - 11/24/2010 8:11:45 AM | Computer Name = BachMai-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x07ce7fc8 Faulting process id: 0x35c Faulting application start time: 0x01cb8bcdf1566d0e Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: unknown Report Id: 00b65411-f7c4-11df-a0ba-0016d3997f26 Error - 11/24/2010 8:48:06 AM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 11/24/2010 8:51:06 AM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 11/24/2010 8:58:42 AM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 11/24/2010 12:45:25 PM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 11/24/2010 1:34:09 PM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 11/24/2010 1:54:05 PM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. [ System Events ] Error - 11/24/2010 1:54:22 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:54:22 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:54:24 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:54:24 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:54:24 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:54:34 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:54:34 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:54:34 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:56:30 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:56:30 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 < End of report > |
|
24.11.2010, 19:10
| #6 |
| | Vriusbefall - Internetzugang nicht möglich! Was tun? Ich verstehe nicht, was du mit Malwarebytes log meinst. |
|
24.11.2010, 19:23
| #7 |
| /// Malware-holic | Vriusbefall - Internetzugang nicht möglich! Was tun? • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29 - HKLM SecurityProviders - (mjjoarle.dll) - C:\Windows\System32\mjjoarle.dll () [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Arwie [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa [2010/11/16 15:24:00 | 000,000,000 | ---D | C] -- C:\Vietkey [2010/11/19 15:57:59 | 000,030,000 | ---- | M] () -- C:\Windows\System32\gj9r2o.dll [2010/11/24 18:58:40 | 000,763,904 | ---- | M] () -- C:\Windows\System32\drivers\yfecbo.sys :Files C:\Windows\System32\mjjoarle.dll :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten. öffne mein computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html malwarebytes öffnen, logdateien, dann den scan report öffnen und inhalt posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet Geändert von markusg (24.11.2010 um 19:39 Uhr) |
|
24.11.2010, 19:31
| #8 |
| | Vriusbefall - Internetzugang nicht möglich! Was tun? hier der Inhalt des Textdokumentes: Error: Unable to interpret <etsvcs> in the current context! Error: Unable to interpret <msconfig> in the current context! Error: Unable to interpret <safebootminimal> in the current context! Error: Unable to interpret <safebootnetwork> in the current context! Error: Unable to interpret <activex> in the current context! Error: Unable to interpret <drivers32> in the current context! Error: Unable to interpret <%ALLUSERSPROFILE%Application Data.> in the current context! Error: Unable to interpret <%ALLUSERSPROFILE%Application Data.exe s> in the current context! Error: Unable to interpret <%APPDATA%.> in the current context! Error: Unable to interpret <%APPDATA%.exe s> in the current context! Error: Unable to interpret <%SYSTEMDRIVE%.exe> in the current context! Error: Unable to interpret <md5start> in the current context! Error: Unable to interpret <userinit.exe> in the current context! Error: Unable to interpret <eventlog.dll> in the current context! Error: Unable to interpret <scecli.dll> in the current context! Error: Unable to interpret <netlogon.dll> in the current context! Error: Unable to interpret <cngaudit.dll> in the current context! Error: Unable to interpret <ws2ifsl.sys> in the current context! Error: Unable to interpret <sceclt.dll> in the current context! Error: Unable to interpret <ntelogon.dll> in the current context! Error: Unable to interpret <winlogon.exe> in the current context! Error: Unable to interpret <logevent.dll> in the current context! Error: Unable to interpret <user32.DLL> in the current context! Error: Unable to interpret <explorer.exe> in the current context! Error: Unable to interpret <iaStor.sys> in the current context! Error: Unable to interpret <nvstor.sys> in the current context! Error: Unable to interpret <atapi.sys> in the current context! Error: Unable to interpret <IdeChnDr.sys> in the current context! Error: Unable to interpret <viasraid.sys> in the current context! Error: Unable to interpret <AGP440.sys> in the current context! Error: Unable to interpret <vaxscsi.sys> in the current context! Error: Unable to interpret <nvatabus.sys> in the current context! Error: Unable to interpret <viamraid.sys> in the current context! Error: Unable to interpret <nvata.sys> in the current context! Error: Unable to interpret <nvgts.sys> in the current context! Error: Unable to interpret <iastorv.sys> in the current context! Error: Unable to interpret <ViPrt.sys> in the current context! Error: Unable to interpret <eNetHook.dll> in the current context! Error: Unable to interpret <ahcix86.sys> in the current context! Error: Unable to interpret <KR10N.sys> in the current context! Error: Unable to interpret <nvstor32.sys> in the current context! Error: Unable to interpret <ahcix86s.sys> in the current context! Error: Unable to interpret <md5stop> in the current context! Error: Unable to interpret <%systemroot%system32drivers.sys lockedfiles> in the current context! Error: Unable to interpret <%systemroot%System32config.sav> in the current context! Error: Unable to interpret <%systemroot%. mp s> in the current context! Error: Unable to interpret <%systemroot%system32.dll lockedfiles> in the current context! Error: Unable to interpret <CREATERESTOREPOINT> in the current context! OTL by OldTimer - Version 3.2.17.3 log created on 11242010_192848 |
|
24.11.2010, 19:36
| #9 |
| | Vriusbefall - Internetzugang nicht möglich! Was tun? betreff malwarebytes öffnen: Ordner und suchoptionen kann ich nicht öffnen; sind grau; liegt das daran, dass ich im Sicheren Modus bin? |
|
24.11.2010, 19:39
| #10 |
| /// Malware-holic | Vriusbefall - Internetzugang nicht möglich! Was tun? was hast du da eingefügt? bitte füge ab :OTL bis zur rebot zeile ein und dann noch mal
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.11.2010, 19:48
| #11 |
| | Vriusbefall - Internetzugang nicht möglich! Was tun? ich versuchs nochmal, bin jetzt im normalen modus |
|
24.11.2010, 19:49
| #12 |
| | Vriusbefall - Internetzugang nicht möglich! Was tun? ok ich versuchs nochmal, bin jetzt im normalen modus |
|
24.11.2010, 19:51
| #13 |
| | Vriusbefall - Internetzugang nicht möglich! Was tun? hier: jetzt gings All processes killed ========== OTL ========== C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gchk deleted successfully. File C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe not found. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe deleted successfully. File C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe deleted successfully. File C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mjjoarle.dll deleted successfully. C:\Windows\System32\mjjoarle.dll moved successfully. C:\Users\Bach Mai\AppData\Roaming\Arwie folder moved successfully. C:\Users\Bach Mai\AppData\Roaming\Afuleg folder moved successfully. C:\Users\Bach Mai\AppData\Roaming\Yvhe folder moved successfully. C:\Users\Bach Mai\AppData\Roaming\Cyvoa folder moved successfully. C:\Vietkey folder moved successfully. C:\Windows\System32\gj9r2o.dll moved successfully. File C:\Windows\System32\drivers\yfecbo.sys not found. ========== FILES ========== File\Folder C:\Windows\System32\mjjoarle.dll not found. ========== COMMANDS ========== [EMPTYFLASH] |
|
24.11.2010, 19:56
| #14 |
| /// Malware-holic | Vriusbefall - Internetzugang nicht möglich! Was tun? der untere teil fehlt
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
24.11.2010, 20:01
| #15 |
| /// Malware-holic | Vriusbefall - Internetzugang nicht möglich! Was tun? bzw ists auch in ordnung, wenn du den otl ordner wie beschrieben packst und hochlädst
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Vriusbefall - Internetzugang nicht möglich! Was tun? |
| andere, anderen, anti, antimalware, antivirus, eingefangen, explorer, geladen, gen, interne, internetzugang, laptop, malware, nicht mehr, nicht möglich, programm, programme, rkill.com, skype, stick, super, usb, usb stick, versucht, virus, was tun, was tun?, wirklich, zugang |
Linear-Darstellung
