|
Vriusbefall - Internetzugang nicht möglich! Was tun? Hallo Mein Laptop hat sich einen Virus "eingefangen". Jetzt kann ich nicht mehr ins Internet. Der Name des Virus ist "Anti Malware Doctor". Zuerst habe ich rkill.com und Malewarebytes Antimalware runtergeladen und per USB auf den LapTop geladen. Ich habe dem Programm auch einen neuen Namen gegeben. Dann habe ich einen Scan durchgeführt. Als ich fertig war habe ich den LapTOp neugestartet. Der Virus ist aber immer noch da. Alle anderen Programme wie Word, sogar Skype mit Internet kann ich verwenden. Den Explorer kann ich aber nicht öffnen. Hat jemand eine Idee was ich tin kann? Das wäre wirklich super! Vielen Dank schon im voraus. Simon |
ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL explorer.exe iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt ziehe die auf deinen stick, poste die. das malwarebytes log auch, zu finden unter malwarebytes, logdateien. |
Hi Danke!! Hier der Post otl:OTL Logfile: Code: OTL logfile created on: 11/24/2010 6:57:51 PM - Run 1PRC - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (cmcis) -- C:\Program Files\CMC\Antivirus\cmccore.exe File not found SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe File not found SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe () ========== Driver Services (SafeList) ========== DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (BTKRNL) -- C:\Windows\System32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\Windows\System32\drivers\btwusb.sys (Broadcom Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 E1 DB 9E EB 6E CB 01 [binary data] IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370 O1 HOSTS File: ([2010/11/18 11:23:23 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Vietkey] C:\Vietkey\vknt.exe () O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [CMC Internet Security] C:\Program Files\CMC\Antivirus\CMCTrayIcon.exe File not found O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [UniKey] C:\Users\Bach Mai\Downloads\unikey32\UniKeyNT.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29 - HKLM SecurityProviders - (mjjoarle.dll) - C:\Windows\System32\mjjoarle.dll () O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/02/21 14:57:48 | 000,000,180 | RHS- | M] () - E:\autorun.inf.bak -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/24 18:42:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe [2010/11/24 18:35:03 | 000,000,000 | -H-D | C] -- C:\Windows\PIF [2010/11/24 13:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/24 12:48:19 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Local\Mozilla [2010/11/24 12:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Arwie [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa [2010/11/19 15:55:54 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3 [2010/11/18 10:31:04 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Malwarebytes [2010/11/18 10:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/11/18 09:32:46 | 000,565,248 | ---- | C] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx [2010/11/17 20:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010/11/16 15:24:00 | 000,000,000 | ---D | C] -- C:\Vietkey [2010/11/14 11:49:52 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\home [2010/11/12 15:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010/11/11 14:58:49 | 000,000,000 | -H-D | C] -- C:\Users\Bach Mai\Desktop\.picasaoriginals [2010/11/08 18:04:37 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\CyberLink [2010/11/08 12:30:11 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\.freemind [2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic_Deutsch [2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010/11/07 21:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010/10/28 16:27:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010/10/27 09:41:06 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\VIE7576 [7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/24 18:59:35 | 000,763,904 | ---- | M] () -- C:\Windows\System32\drivers\yfecbo.sys [2010/11/24 18:58:48 | 000,618,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/11/24 18:58:48 | 000,104,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/11/24 18:53:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/11/24 18:53:28 | 803,811,328 | -HS- | M] () -- C:\hiberfil.sys [2010/11/24 18:39:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe [2010/11/24 18:02:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/11/24 17:45:37 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010/11/24 17:45:31 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/11/24 13:09:44 | 000,364,032 | ---- | M] () -- C:\Users\Bach Mai\Desktop\rkill.com [2010/11/24 12:48:22 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010/11/24 12:48:14 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\iExplorer.lnk [2010/11/24 11:55:52 | 197,520,340 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/11/24 11:42:01 | 000,000,162 | -H-- | M] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc [2010/11/22 11:29:47 | 000,049,664 | ---- | M] () -- C:\Windows\System32\mjjoarle.dll [2010/11/19 16:16:52 | 000,001,742 | ---- | M] () -- C:\Windows\lsrslt.ini [2010/11/19 16:02:49 | 000,000,010 | ---- | M] () -- C:\Users\Bach Mai\AppData\Roaming\install [2010/11/19 15:57:59 | 000,030,000 | ---- | M] () -- C:\Windows\System32\gj9r2o.dll [2010/11/18 11:23:23 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/11/18 09:32:46 | 000,565,248 | ---- | M] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx [2010/11/15 11:50:56 | 000,706,560 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc [2010/11/12 15:00:48 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/11/11 14:54:04 | 000,001,088 | ---- | M] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2010/11/11 14:54:04 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/11/10 15:41:22 | 000,027,136 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc [2010/11/10 12:12:51 | 000,047,616 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc [2010/11/08 13:11:49 | 000,092,899 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf [2010/11/07 21:40:06 | 000,087,036 | ---- | M] () -- C:\Windows\System32\nvapps.xml [2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/11/03 17:31:57 | 000,034,304 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokol.doc [2010/11/03 12:53:23 | 000,027,648 | ---- | M] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc [7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/24 13:09:39 | 000,364,032 | ---- | C] () -- C:\Users\Bach Mai\Desktop\rkill.com [2010/11/24 12:48:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/11/24 12:48:14 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\iExplorer.lnk [2010/11/24 11:42:01 | 000,000,162 | -H-- | C] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc [2010/11/22 11:29:47 | 000,049,664 | ---- | C] () -- C:\Windows\System32\mjjoarle.dll [2010/11/19 16:16:52 | 000,001,742 | ---- | C] () -- C:\Windows\lsrslt.ini [2010/11/19 16:02:49 | 000,000,010 | ---- | C] () -- C:\Users\Bach Mai\AppData\Roaming\install [2010/11/19 15:57:59 | 000,030,000 | ---- | C] () -- C:\Windows\System32\gj9r2o.dll [2010/11/19 15:56:49 | 000,763,904 | ---- | C] () -- C:\Windows\System32\drivers\yfecbo.sys [2010/11/15 11:50:55 | 000,706,560 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc [2010/11/12 15:00:48 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/11/11 14:54:04 | 000,001,088 | ---- | C] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2010/11/11 14:54:04 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/11/10 12:12:50 | 000,047,616 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc [2010/11/10 11:26:03 | 000,027,136 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc [2010/11/08 13:11:48 | 000,092,899 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf [2010/11/03 17:31:57 | 000,034,304 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokol.doc [2010/11/03 12:53:23 | 000,027,648 | ---- | C] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc [2010/10/28 16:27:12 | 197,520,340 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/10/04 07:06:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/07/14 00:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll [2006/05/12 07:23:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll [2006/02/18 17:37:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005/05/06 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010/11/19 16:05:05 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3 [2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg [2010/11/24 11:59:58 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Arwie [2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa [2010/11/24 11:55:10 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe [2010/11/24 11:54:28 | 000,020,268 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < etsvcs > < %ALLUSERSPROFILE%Application Data. > [2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data < %ALLUSERSPROFILE%Application Data.exe s > < %APPDATA%. > < %APPDATA%.exe s > < %SYSTEMDRIVE%.exe > < md5start > < userinit.exe > < eventlog.dll > < scecli.dll > < netlogon.dll > < cngaudit.dll > < ws2ifsl.sys > < sceclt.dll > < ntelogon.dll > < winlogon.exe > < logevent.dll > < user32.DLL > < explorer.exe > < iaStor.sys > < nvstor.sys > < atapi.sys > < IdeChnDr.sys > < viasraid.sys > < AGP440.sys > < vaxscsi.sys > < nvatabus.sys > < viamraid.sys > < nvata.sys > < nvgts.sys > < iastorv.sys > < ViPrt.sys > < eNetHook.dll > < ahcix86.sys > < KR10N.sys > < nvstor32.sys > < ahcix86s.sys > < md5stop > < %systemroot%system32drivers.sys lockedfiles > < %systemroot%System32config.sav > < %systemroot%. mp s > < %systemroot%system32.dll lockedfiles > < End of report > |
Hi Danke!! Hier der Post otl:OTL Logfile: Code: OTL logfile created on: 11/24/2010 6:57:51 PM - Run 1PRC - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (SafeList) ========== MOD - C:\Users\Bach Mai\Desktop\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (cmcis) -- C:\Program Files\CMC\Antivirus\cmccore.exe File not found SRV - (CLCapSvc) CyberLink Background Capture Service (CBCS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe File not found SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (CLSched) CyberLink Task Scheduler (CTS) -- C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe () ========== Driver Services (SafeList) ========== DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\System32\drivers\umpass.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (SrvHsfV92) -- C:\Windows\System32\drivers\VSTDPV3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfWinac) -- C:\Windows\System32\drivers\VSTCNXT3.SYS (Conexant Systems, Inc.) DRV - (SrvHsfHDA) -- C:\Windows\System32\drivers\VSTAZL3.SYS (Conexant Systems, Inc.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (SynTP) -- C:\Windows\System32\drivers\SynTP.sys (Synaptics, Inc.) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (BTKRNL) -- C:\Windows\System32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\Windows\System32\drivers\btwusb.sys (Broadcom Corporation.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN, Messenger und Hotmail sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 44 E1 DB 9E EB 6E CB 01 [binary data] IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google Toolbar IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\URLSearchHook: {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:50370 O1 HOSTS File: ([2010/11/18 11:23:23 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Softonic Deutsch Toolbar) - {8dbb6d8e-e4a6-4e3b-9753-af78b226441c} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\..\Toolbar\WebBrowser: (Softonic Deutsch Toolbar) - {8DBB6D8E-E4A6-4E3B-9753-AF78B226441C} - C:\Program Files\Softonic_Deutsch\tbSoft.dll (Conduit Ltd.) O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [Vietkey] C:\Vietkey\vknt.exe () O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [CMC Internet Security] C:\Program Files\CMC\Antivirus\CMCTrayIcon.exe File not found O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000..\Run: [UniKey] C:\Users\Bach Mai\Downloads\unikey32\UniKeyNT.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 221 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2526837589-383012892-3736149813-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll (Google Inc.) O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {C1FDEE68-98D5-4F42-A4DD-D0BECF5077EB} hxxp://tools.ebayimg.com/eps/wl/activex/eBay_Enhanced_Picture_Control_v1-0-31-0.cab (EPUImageControl Class) O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0-windows-i586.cab (Java Plug-in 1.6.0) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29 - HKLM SecurityProviders - (mjjoarle.dll) - C:\Windows\System32\mjjoarle.dll () O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2009/02/21 14:57:48 | 000,000,180 | RHS- | M] () - E:\autorun.inf.bak -- [ FAT ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/11/24 18:42:27 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe [2010/11/24 18:35:03 | 000,000,000 | -H-D | C] -- C:\Windows\PIF [2010/11/24 13:19:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/11/24 12:48:19 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Local\Mozilla [2010/11/24 12:18:16 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Arwie [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa [2010/11/19 15:55:54 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3 [2010/11/18 10:31:04 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Malwarebytes [2010/11/18 10:27:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2010/11/18 09:32:46 | 000,565,248 | ---- | C] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx [2010/11/17 20:24:36 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2010/11/16 15:24:00 | 000,000,000 | ---D | C] -- C:\Vietkey [2010/11/14 11:49:52 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\home [2010/11/12 15:00:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2010/11/11 14:58:49 | 000,000,000 | -H-D | C] -- C:\Users\Bach Mai\Desktop\.picasaoriginals [2010/11/08 18:04:37 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\CyberLink [2010/11/08 12:30:11 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\.freemind [2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Softonic_Deutsch [2010/11/08 12:29:32 | 000,000,000 | ---D | C] -- C:\Program Files\Conduit [2010/11/07 21:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2010/10/28 16:27:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2010/10/27 09:41:06 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\Desktop\VIE7576 [7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/11/24 18:59:35 | 000,763,904 | ---- | M] () -- C:\Windows\System32\drivers\yfecbo.sys [2010/11/24 18:58:48 | 000,618,026 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/11/24 18:58:48 | 000,104,340 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/11/24 18:53:49 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/11/24 18:53:28 | 803,811,328 | -HS- | M] () -- C:\hiberfil.sys [2010/11/24 18:39:12 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Users\Bach Mai\Desktop\OTL.exe [2010/11/24 18:02:00 | 000,000,890 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/11/24 17:45:37 | 000,000,146 | ---- | M] () -- C:\Users\Public\Documents\hpqp.ini [2010/11/24 17:45:31 | 000,000,886 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/11/24 13:09:44 | 000,364,032 | ---- | M] () -- C:\Users\Bach Mai\Desktop\rkill.com [2010/11/24 12:48:22 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat [2010/11/24 12:48:14 | 000,001,885 | ---- | M] () -- C:\Users\Public\Desktop\iExplorer.lnk [2010/11/24 11:55:52 | 197,520,340 | ---- | M] () -- C:\Windows\MEMORY.DMP [2010/11/24 11:42:01 | 000,000,162 | -H-- | M] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc [2010/11/22 11:29:47 | 000,049,664 | ---- | M] () -- C:\Windows\System32\mjjoarle.dll [2010/11/19 16:16:52 | 000,001,742 | ---- | M] () -- C:\Windows\lsrslt.ini [2010/11/19 16:02:49 | 000,000,010 | ---- | M] () -- C:\Users\Bach Mai\AppData\Roaming\install [2010/11/19 15:57:59 | 000,030,000 | ---- | M] () -- C:\Windows\System32\gj9r2o.dll [2010/11/18 11:23:23 | 000,000,824 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2010/11/18 09:32:46 | 000,565,248 | ---- | M] (khampha7000@yahoo.com.sg) -- C:\Windows\System32\FVUnicodeControl.ocx [2010/11/15 11:50:56 | 000,706,560 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc [2010/11/12 15:00:48 | 000,001,984 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/11/11 14:54:04 | 000,001,088 | ---- | M] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2010/11/11 14:54:04 | 000,001,064 | ---- | M] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/11/10 15:41:22 | 000,027,136 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc [2010/11/10 12:12:51 | 000,047,616 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc [2010/11/08 13:11:49 | 000,092,899 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf [2010/11/07 21:40:06 | 000,087,036 | ---- | M] () -- C:\Windows\System32\nvapps.xml [2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/11/03 21:55:25 | 000,009,584 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/11/03 17:31:57 | 000,034,304 | ---- | M] () -- C:\Users\Bach Mai\Desktop\Protokol.doc [2010/11/03 12:53:23 | 000,027,648 | ---- | M] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc [7 C:\Users\Bach Mai\Documents\*.tmp files -> C:\Users\Bach Mai\Documents\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/11/24 13:09:39 | 000,364,032 | ---- | C] () -- C:\Users\Bach Mai\Desktop\rkill.com [2010/11/24 12:48:22 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010/11/24 12:48:14 | 000,001,885 | ---- | C] () -- C:\Users\Public\Desktop\iExplorer.lnk [2010/11/24 11:42:01 | 000,000,162 | -H-- | C] () -- C:\Users\Bach Mai\Desktop\~$rip_Schulpädagogik[1].doc [2010/11/22 11:29:47 | 000,049,664 | ---- | C] () -- C:\Windows\System32\mjjoarle.dll [2010/11/19 16:16:52 | 000,001,742 | ---- | C] () -- C:\Windows\lsrslt.ini [2010/11/19 16:02:49 | 000,000,010 | ---- | C] () -- C:\Users\Bach Mai\AppData\Roaming\install [2010/11/19 15:57:59 | 000,030,000 | ---- | C] () -- C:\Windows\System32\gj9r2o.dll [2010/11/19 15:56:49 | 000,763,904 | ---- | C] () -- C:\Windows\System32\drivers\yfecbo.sys [2010/11/15 11:50:55 | 000,706,560 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Skrip_Schulpädagogik[1].doc [2010/11/12 15:00:48 | 000,001,984 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/11/11 14:54:04 | 000,001,088 | ---- | C] () -- C:\Users\Bach Mai\Application Data\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk [2010/11/11 14:54:04 | 000,001,064 | ---- | C] () -- C:\Users\Public\Desktop\Picasa 3.lnk [2010/11/10 12:12:50 | 000,047,616 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokoll-überarbeitete Version.doc [2010/11/10 11:26:03 | 000,027,136 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Workcamp in Vietnam.doc [2010/11/08 13:11:48 | 000,092,899 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Seminararbeit-offene_Methoden[1].rtf [2010/11/03 17:31:57 | 000,034,304 | ---- | C] () -- C:\Users\Bach Mai\Desktop\Protokol.doc [2010/11/03 12:53:23 | 000,027,648 | ---- | C] () -- C:\Users\Bach Mai\Documents\Protokoll_Psychologie.doc [2010/10/28 16:27:12 | 197,520,340 | ---- | C] () -- C:\Windows\MEMORY.DMP [2010/10/04 07:06:30 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI [2009/07/14 00:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2009/07/14 00:36:08 | 000,193,024 | ---- | C] () -- C:\Windows\System32\sppcomapi.dll [2006/05/12 07:23:22 | 000,090,112 | ---- | C] () -- C:\Windows\System32\btprn2k.dll [2006/02/18 17:37:50 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll [2005/05/06 13:06:00 | 000,016,480 | ---- | C] () -- C:\Windows\System32\rixdicon.dll [2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI [2001/11/14 07:56:00 | 001,802,240 | ---- | C] () -- C:\Windows\System32\lcppn21.dll ========== LOP Check ========== [2010/11/19 16:05:05 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\802E9F5168D2503A664E2090231855C3 [2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg [2010/11/24 11:59:58 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Arwie [2010/11/24 13:45:00 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa [2010/11/24 11:55:10 | 000,000,000 | ---D | M] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe [2010/11/24 11:54:28 | 000,020,268 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < etsvcs > < %ALLUSERSPROFILE%Application Data. > [2009/07/14 05:53:55 | 000,000,000 | -HSD | M] -- C:\ProgramData\Application Data < %ALLUSERSPROFILE%Application Data.exe s > < %APPDATA%. > < %APPDATA%.exe s > < %SYSTEMDRIVE%.exe > < md5start > < userinit.exe > < eventlog.dll > < scecli.dll > < netlogon.dll > < cngaudit.dll > < ws2ifsl.sys > < sceclt.dll > < ntelogon.dll > < winlogon.exe > < logevent.dll > < user32.DLL > < explorer.exe > < iaStor.sys > < nvstor.sys > < atapi.sys > < IdeChnDr.sys > < viasraid.sys > < AGP440.sys > < vaxscsi.sys > < nvatabus.sys > < viamraid.sys > < nvata.sys > < nvgts.sys > < iastorv.sys > < ViPrt.sys > < eNetHook.dll > < ahcix86.sys > < KR10N.sys > < nvstor32.sys > < ahcix86s.sys > < md5stop > < %systemroot%system32drivers.sys lockedfiles > < %systemroot%System32config.sav > < %systemroot%. mp s > < %systemroot%system32.dll lockedfiles > < End of report > |
und hier EXTRAOTL EXTRAS Logfile: Code: OTL Extras logfile created on: 11/24/2010 6:57:51 PM - Run 1========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore] "DisableSR" = 1 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "$NtUninstallMTF197$" = Street-Ads Browser Enhancer "{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java(TM) SE Runtime Environment 6 "{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = HP Integrated Module with Bluetooth wireless technology "{45D707E9-F3C4-11D9-A373-0050BAE317E1}" = HP QuickPlay 3.0 "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.1.00.01A "{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8 "{5CA81D12-9EC2-4082-972B-43ECA63F41F2}" = HP Pavilion Webcam Driver for Vista v061.001.00006 "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.0 "{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "LAC VIET mtd2002-EVA_is1" = Uninstall LAC VIET mtd2002-EVA "MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English) "NVIDIA Drivers" = NVIDIA Drivers "Picasa 3" = Picasa 3 "Softonic_Deutsch Toolbar" = Softonic_Deutsch Toolbar "SynTPDeinstKey" = Synaptics Pointing Device Driver "vShare" = vShare Plugin "WinRAR archiver" = WinRAR archiver "Yahoo! Messenger" = Yahoo! Messenger ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 11/24/2010 7:46:58 AM | Computer Name = BachMai-PC | Source = MsiInstaller | ID = 11935 Description = Error - 11/24/2010 7:51:44 AM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 11/24/2010 7:58:58 AM | Computer Name = BachMai-PC | Source = MsiInstaller | ID = 11935 Description = Error - 11/24/2010 8:11:45 AM | Computer Name = BachMai-PC | Source = Application Error | ID = 1000 Description = Faulting application name: svchost.exe, version: 6.1.7600.16385, time stamp: 0x4a5bc100 Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000 Exception code: 0xc0000005 Fault offset: 0x07ce7fc8 Faulting process id: 0x35c Faulting application start time: 0x01cb8bcdf1566d0e Faulting application path: C:\Windows\system32\svchost.exe Faulting module path: unknown Report Id: 00b65411-f7c4-11df-a0ba-0016d3997f26 Error - 11/24/2010 8:48:06 AM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 11/24/2010 8:51:06 AM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 11/24/2010 8:58:42 AM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 11/24/2010 12:45:25 PM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 11/24/2010 1:34:09 PM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. Error - 11/24/2010 1:54:05 PM | Computer Name = BachMai-PC | Source = Winlogon | ID = 4103 Description = Windows license activation failed. Error 0x80070005. [ System Events ] Error - 11/24/2010 1:54:22 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:54:22 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:54:24 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:54:24 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:54:24 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:54:34 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:54:34 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:54:34 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:56:30 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 Error - 11/24/2010 1:56:30 PM | Computer Name = BachMai-PC | Source = Service Control Manager | ID = 7001 Description = The Computer Browser service depends on the Server service which failed to start because of the following error: %%1068 < End of report > |
Ich verstehe nicht, was du mit malwarebytes log meinst. |
• Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. :OTL O4 - Startup: C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O4 - HKLM..\Run: [gchk] C:\Windows\$NtUninstallMTF197$\upg.exe File not found O4 - Startup: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe () O20 - HKU\.DEFAULT Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O20 - HKU\S-1-5-18 Winlogon: Shell - (C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe) - C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O29 - HKLM SecurityProviders - (mjjoarle.dll) - C:\Windows\System32\mjjoarle.dll () [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Arwie [2010/11/24 11:58:12 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Afuleg [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Yvhe [2010/11/24 11:54:44 | 000,000,000 | ---D | C] -- C:\Users\Bach Mai\AppData\Roaming\Cyvoa [2010/11/16 15:24:00 | 000,000,000 | ---D | C] -- C:\Vietkey [2010/11/19 15:57:59 | 000,030,000 | ---- | M] () -- C:\Windows\System32\gj9r2o.dll [2010/11/24 18:58:40 | 000,763,904 | ---- | M] () -- C:\Windows\System32\drivers\yfecbo.sys :Files C:\Windows\System32\mjjoarle.dll :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort posten. öffne mein computer, c: dann _OTL dort rechtsklick auf moved files wähle zu moved files.rar oder zip hinzufügen. lade das archiv in unserem upload channel hoch. http://www.trojaner-board.de/54791-a...ner-board.html malwarebytes öffnen, logdateien, dann den scan report öffnen und inhalt posten. |
hier der Inhalt des Textdokumentes: Error: Unable to interpret <etsvcs> in the current context! Error: Unable to interpret <msconfig> in the current context! Error: Unable to interpret <safebootminimal> in the current context! Error: Unable to interpret <safebootnetwork> in the current context! Error: Unable to interpret <activex> in the current context! Error: Unable to interpret <drivers32> in the current context! Error: Unable to interpret <%ALLUSERSPROFILE%Application Data.> in the current context! Error: Unable to interpret <%ALLUSERSPROFILE%Application Data.exe s> in the current context! Error: Unable to interpret <%APPDATA%.> in the current context! Error: Unable to interpret <%APPDATA%.exe s> in the current context! Error: Unable to interpret <%SYSTEMDRIVE%.exe> in the current context! Error: Unable to interpret <md5start> in the current context! Error: Unable to interpret <userinit.exe> in the current context! Error: Unable to interpret <eventlog.dll> in the current context! Error: Unable to interpret <scecli.dll> in the current context! Error: Unable to interpret <netlogon.dll> in the current context! Error: Unable to interpret <cngaudit.dll> in the current context! Error: Unable to interpret <ws2ifsl.sys> in the current context! Error: Unable to interpret <sceclt.dll> in the current context! Error: Unable to interpret <ntelogon.dll> in the current context! Error: Unable to interpret <winlogon.exe> in the current context! Error: Unable to interpret <logevent.dll> in the current context! Error: Unable to interpret <user32.DLL> in the current context! Error: Unable to interpret <explorer.exe> in the current context! Error: Unable to interpret <iaStor.sys> in the current context! Error: Unable to interpret <nvstor.sys> in the current context! Error: Unable to interpret <atapi.sys> in the current context! Error: Unable to interpret <IdeChnDr.sys> in the current context! Error: Unable to interpret <viasraid.sys> in the current context! Error: Unable to interpret <AGP440.sys> in the current context! Error: Unable to interpret <vaxscsi.sys> in the current context! Error: Unable to interpret <nvatabus.sys> in the current context! Error: Unable to interpret <viamraid.sys> in the current context! Error: Unable to interpret <nvata.sys> in the current context! Error: Unable to interpret <nvgts.sys> in the current context! Error: Unable to interpret <iastorv.sys> in the current context! Error: Unable to interpret <ViPrt.sys> in the current context! Error: Unable to interpret <eNetHook.dll> in the current context! Error: Unable to interpret <ahcix86.sys> in the current context! Error: Unable to interpret <KR10N.sys> in the current context! Error: Unable to interpret <nvstor32.sys> in the current context! Error: Unable to interpret <ahcix86s.sys> in the current context! Error: Unable to interpret <md5stop> in the current context! Error: Unable to interpret <%systemroot%system32drivers.sys lockedfiles> in the current context! Error: Unable to interpret <%systemroot%System32config.sav> in the current context! Error: Unable to interpret <%systemroot%. mp s> in the current context! Error: Unable to interpret <%systemroot%system32.dll lockedfiles> in the current context! Error: Unable to interpret <CREATERESTOREPOINT> in the current context! OTL by OldTimer - Version 3.2.17.3 log created on 11242010_192848 |
betreff malwarebytes öffnen: Ordner und suchoptionen kann ich nicht öffnen; sind grau; liegt das daran, dass ich im Sicheren Modus bin? |
was hast du da eingefügt? bitte füge ab :OTL bis zur rebot zeile ein und dann noch mal |
ich versuchs nochmal, bin jetzt im normalen modus |
ok ich versuchs nochmal, bin jetzt im normalen modus |
hier: jetzt gings All processes killed ========== OTL ========== C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gchk deleted successfully. File C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe not found. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe deleted successfully. File C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe deleted successfully. File C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mjjoarle.dll deleted successfully. C:\Windows\System32\mjjoarle.dll moved successfully. C:\Users\Bach Mai\AppData\Roaming\Arwie folder moved successfully. C:\Users\Bach Mai\AppData\Roaming\Afuleg folder moved successfully. C:\Users\Bach Mai\AppData\Roaming\Yvhe folder moved successfully. C:\Users\Bach Mai\AppData\Roaming\Cyvoa folder moved successfully. C:\Vietkey folder moved successfully. C:\Windows\System32\gj9r2o.dll moved successfully. File C:\Windows\System32\drivers\yfecbo.sys not found. ========== FILES ========== File\Folder C:\Windows\System32\mjjoarle.dll not found. ========== COMMANDS ========== [EMPTYFLASH] |
der untere teil fehlt |
bzw ists auch in ordnung, wenn du den otl ordner wie beschrieben packst und hochlädst |
ich hab dir das ganze dokument geschickt. den ordner kann ich nicht entpacken, weil Ordner und Suchfunktion grau ist, also man kann nicht draufklicken; was soll ich machen? |
wie meinst du grau. du sollst "mein computer" öffnen, dort c: dort _OTL. dann einmal auf moved files klicken. dann nen rechtsklick und zu moved files.rar oder zip hinzufügen und das archiv hochladen. |
den ersten schritt hab ich gemacht; aber das archiv kann ich nicht hochladen, weil ich eben nicht Ordner und Suchoptionen drücken kann wie auf deinem link beschrieben |
hier der komplette teil, war doch zu wenig sorry All processes killed ========== OTL ========== C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\gchk deleted successfully. File C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\coym.exe not found. Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe deleted successfully. File C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe not found. Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe deleted successfully. File C:\Windows\System32\config\systemprofile\AppData\Roaming\hotfix.exe not found. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:mjjoarle.dll deleted successfully. C:\Windows\System32\mjjoarle.dll moved successfully. C:\Users\Bach Mai\AppData\Roaming\Arwie folder moved successfully. C:\Users\Bach Mai\AppData\Roaming\Afuleg folder moved successfully. C:\Users\Bach Mai\AppData\Roaming\Yvhe folder moved successfully. C:\Users\Bach Mai\AppData\Roaming\Cyvoa folder moved successfully. C:\Vietkey folder moved successfully. C:\Windows\System32\gj9r2o.dll moved successfully. File C:\Windows\System32\drivers\yfecbo.sys not found. ========== FILES ========== File\Folder C:\Windows\System32\mjjoarle.dll not found. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Bach Mai ->Flash cache emptied: 25090 bytes User: Default ->Flash cache emptied: 56504 bytes User: Default User ->Flash cache emptied: 0 bytes User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Bach Mai ->Temp folder emptied: 298348485 bytes ->Temporary Internet Files folder emptied: 19218612 bytes ->Java cache emptied: 9090396 bytes ->Flash cache emptied: 0 bytes User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 1021973 bytes RecycleBin emptied: 740133 bytes Total Files Cleaned = 313.00 mb OTL by OldTimer - Version 3.2.17.3 log created on 11242010_194726 Files\Folders moved on Reboot... C:\Windows\System32\tmp.tmp moved successfully. File\Folder C:\Windows\temp\CMC\AVFS\00001314008D99D1.tmp.906912;k3=3;klg=en;kr=F;kpu=MovieManiacsDE;ko=p;ytps=default;ytvt=w;afct=site_content;k5=3_34_1106;kt=K; u=YvRu8fFRf1U%7C316545;afv=1;dc_dedup=1;as3=1;pos=pre;dc_seed=217976372;tile=1;ord=764800944\00001314008D99D1.tmp not found! File\Folder C:\Windows\temp\CMC\AVFS\00001064009039A8.tmp.906912;k3=3;klg=en;kr=F;kpu=MovieManiacsDE;ko=p;ytps=default;ytvt=w;afct=site_content;k5=3_34_1106;kt=K; u=YvRu8fFRf1U%7C316545;afv=1;dc_dedup=1;as3=1;pos=pre;dc_seed=217976372;tile=1;ord=403564598\00001064009039A8.tmp not found! File\Folder C:\Windows\temp\CMC\AVFS\00000BA4035CBBE0.tmp.atf;sz=300x250;bn=301128;u=cd15542101274115ad6e4352cce716ee;ord=0D92J099V4ZM95TS2DA4;s=i0;s=i2;s=i3;s=i4 ;s=i5;s=i6;s=i7;s=i8;s=i9;s=20;s=602;s=388;s=389;s=u17;s=u5;s=u7;s=u9;s=m1;s=m4;z=1;tile=1\00000BA4035CBBE0.tmp not found! File\Folder C:\Windows\temp\CMC\AVFS\000009F8035CBBE0.tmp.btf;sz=300x250;bn=301128;u=191c4ed3b4c34433b24db898e638ea08;ord=0D92J099V4ZM95TS2DA4;s=i0;s=i2;s=i3;s=i4 ;s=i5;s=i6;s=i7;s=i8;s=i9;s=20;s=602;s=388;s=389;s=u17;s=u5;s=m4;s=u9;s=u7;s=m1;z=2;tile=3\000009F8035CBBE0.tmp not found! File\Folder C:\Windows\temp\CMC\AVFS\0000059800921612.tmp.906912;k3=3;klg=en;kr=F;kpu=hollywoodstreams;ko=p;ytps=default;ytvt=w;afct=site_content;k5=3_34_1106_110 7;kt=K;u=FkdXBsqq1ok%7C9457;afv=1;dc_dedup=1;as3=1;dc_seed=217976775;tile=1;ord=752566638\0000059800921612.tmp not found! Registry entries deleted on Reboot... |
musst du nicht. einfach in den upload channel, durchsuchen, navigiere auf c:\_OTL und dort das archiv anklicken und hochladen, das sollte funktionieren nehme ich an? |
Sorry ich hab von Computern nicht so die ahnung; kannst du genauer beschreiben, was der uploadchannel ist, und wie man den durchsucht, und wie man dann c:\_OTL navigiert. Wäre super :) |
na öffne doch vllt mal den link den ich dir gegeben hab http://www.trojaner-board.de/54791-a...ner-board.html da unter punkt 2 den link wählen durchsuchen klicken, dann auf c: navigieren, den ordner _OTL öffnen und moved files.rar oder zip, je nach dem was für nen archiv du erstellt hast anklicken etc. steht alles in der anleitung. |
Hi Sorry für die verspätete Antwort, war das Wochende unterwegs. das Problem ist folgendes. Ich habe windows 7. In eurer Anleitung für den Upload channeld steht, dass ich auf Organisieren gehen soll und dann auf Ordner und Suchoptionen. Aber das ist eben nicht möglich!!! Ordner und Suchoptionen kann ich nicht anklicken!! Das heisst ich komme nicht in die Ordneroptionen. Bei meinem Laptop, der den Virus hat komm ich übrigens immer noch nicht ins Internet. Ich kann also mit den Upload CHannel nur auf dem anderem Laptop arbeiten. Gruß SImon |
es müsste auch so gehen, überspringe den schritt einfach. |
Ich glaube wir reden aneinander vorbei. Auf dem Laptop, der einen Virus hat, geht Internet nicht. Dort kann ich also auch keinen Upoad Chanel öffenen. oder kann ich den über nen Stick rüberladen? Wenn ja, wie? |
was soll ich jetzt machen? weiss nicht weiter?? |
Markus Kannst du mir weiterhelfen? Wäre wirklich nett? |
das hast du aber nicht geschrieben, oder ich habs überlesen. naja einfach den ordner moved files packen, stick rein. moved files.rar oder zip, rechtsklick, kopieren. dann öffne den usb stick, rechtsklick einfügen, auf anderem pc öffnen und hier hochladen im upload. |
ok. habs gemacht |
müsste eigentlich funktioniert haben?! |
jo. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix zum kopieren usb stick nutzen |
ok ich werd das machen; jetzt schaff ichs nicht mehr; entweder in 2 stunden wieder oder morgen; Gruß Simon P.S. Danke |
Olé Internet geht wieder!! Vielen Danke:taenzer: Hier der Bericht: Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-12 581693] [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32] "aux"=wdmaud.drv [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] SecurityProviders credssp.dll, [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Messenger (Yahoo!)] 2009-11-10 08:39 5244216 ----a-w- c:\program files\Yahoo!\Messenger\YahooMessenger.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mtd2002Svr] 2002-10-05 06:05 544768 ----a-w- c:\program files\mtd2002\mtdserver.exe [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2010-10-03 09:41 77824 ----a-w- c:\program files\Java\jre1.6.0\bin\jusched.exe R1 ndisrd;ndisrd; [x] R1 NtTdiDr;NtTdiDr;hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,6 9,00,44,00,72,00,2e,00,73,00,79,00,73,00,00,00 [x] R2 cmcis;CMC Internet Security Core;c:\program files\CMC\Antivirus\cmccore.exe [x] R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-10-04 136176] S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504] --- Other Services/Drivers In Memory --- *Deregistered* - yfecbo . Contents of the 'Scheduled Tasks' folder 2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-04 09:48] 2010-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-10-04 09:48] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.google.de/ uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyServer = http=127.0.0.1:50370 uSearchAssistant = hxxp://www.google.com/ie uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200 IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html IE: Send To &Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm . - - - - ORPHANS REMOVED - - - - HKCU-Run-CMC Internet Security - c:\program files\CMC\Antivirus\CMCTrayIcon.exe HKLM-Run-Vietkey - c:\vietkey\vknt.exe ************************************************************************** Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, hxxp://www.gmer.net Windows 6.1.7600 Disk: WDC_WD1200BEVS-60RST0 rev.04.01G04 -> Harddisk0\DR0 -> \Device\Ide\IdePort1 P1T0L0-2 device: opened successfully user: MBR read successfully Disk trace: called modules: ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x85396446]<< _asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x8539c504]; MOV EAX, [0x8539c580]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; } 1 ntkrnlpa!IofCallDriver[0x82A3F458] -> \Device\Harddisk0\DR0[0x8536E670] 3 CLASSPNP[0x874A859E] -> ntkrnlpa!IofCallDriver[0x82A3F458] -> [0x854C0028] \Driver\atapi[0x85374838] -> IRP_MJ_CREATE -> 0x85396446 kernel: MBR read successfully _asm { XOR AX, AX; MOV SS, AX; MOV SP, 0x7c00; MOV ES, AX; MOV DS, AX; MOV SI, 0x7c00; MOV DI, 0x600; MOV CX, 0x200; CLD ; REP MOVSB ; PUSH AX; PUSH 0x61c; RETF ; STI ; PUSHA ; MOV CX, 0x137; MOV BP, 0x62a; ROR BYTE [BP+0x0], CL; INC BP; } detected disk devices: \Device\Ide\IdeDeviceP1T0L0-2 -> \??\IDE#DiskWDC_WD1200BEVS-60RST0___________________04.01G04#5&1111429e&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found detected hooks: user != kernel MBR !!! copy of MBR has been found in sector 9 ! sectors 234441646 (+255): user != kernel Warning: possible TDL4 rootkit infection ! TDL4 rootkit infection detected ! Use: "mbr.exe -f" to fix. ************************************************************************** [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NtTdiDr] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,0 0,44,00,72,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NtTdiDr] "ImagePath"="hex(2):73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,64,00,72,00,69,00,76,00,65,00,72,00,73,00,5c,00,4e,00,74,00,54,00,64,00,69,0 0,44,00,72,00,2e,00,73,00,79,00,73,00,00,00" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\yfecbo] . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2010-11-28 22:56:04 ComboFix-quarantined-files.txt 2010-11-28 21:56 Pre-Run: 46,554,865,664 bytes free Post-Run: 46,464,086,016 bytes free - - End Of File - - D3FC151E2050A2BD12D3386F3EF34E0E |
ich brauch schon das ganze log, von anfang an :-) |
ich dachte ich haette das ganze log kopiert. das dokument hab ich leider nicht gespeichert. Wie kann ich das wiederherrstellen? |
öffne c:\qoobox packe den ordner quarantain und lad ihn hoch. dateiupload: http://www.trojaner-board.de/54791-a...ner-board.html bitte sichere dann mal alle daten, beim nächsten notwendigem schritt besteht durchaus die gefahr, das es das system zerschießt. wenn fertig, bescheid saen. |
habs hochgeladen |
hast du deine wichtigen daten gesichert? und lies bitte was habe ich geschrieben, sollst du hochladen? du hast nicht das von mir gewünschte hochgeladen. |
jo, alles gesichert |
hi, jetzt packe den ordner quarantain er ist unter c:\qoobox zu finden und lad ihn hoch. du hast mir nur ne textdatei hochgeladen |
jetzt sag mal, ich verlange doch nichts unmögliches von dir. markiere doch einfach den ordner quarantain, also einmal drauf klicken, dann rechtsklick und zu quarantain.rar oder zip hinzufügen, ist doch nichts schwieriges. |
wie kann ich dir den kompletten Ordner senden? |
liest du überhaupt was ich schreibe? ich habs bereits 3 mal mindestens geschrieben |
na also. nutze den kaspersky tdss killer Wie werden Schadprogramme der Familie Rootkit.Win32.TDSS bekämpft? in der anleitung steht wie er zu verwenden ist. poste den bericht und zwar vollständig |
sorry hatte erst jetzt Zeit. hier der Bericht: 2010/12/05 21:36:01.0704 TDSS rootkit removing tool 2.4.10.1 Dec 2 2010 12:28:01 2010/12/05 21:36:01.0704 ================================================================================ 2010/12/05 21:36:01.0704 SystemInfo: 2010/12/05 21:36:01.0704 2010/12/05 21:36:01.0704 OS Version: 6.1.7600 ServicePack: 0.0 2010/12/05 21:36:01.0704 Product type: Workstation 2010/12/05 21:36:01.0704 ComputerName: BACHMAI-PC 2010/12/05 21:36:01.0705 UserName: Bach Mai 2010/12/05 21:36:01.0705 Windows directory: C:\Windows 2010/12/05 21:36:01.0705 System windows directory: C:\Windows 2010/12/05 21:36:01.0705 Processor architecture: Intel x86 2010/12/05 21:36:01.0705 Number of processors: 2 2010/12/05 21:36:01.0705 Page size: 0x1000 2010/12/05 21:36:01.0705 Boot type: Normal boot 2010/12/05 21:36:01.0705 ================================================================================ 2010/12/05 21:36:02.0172 Initialize success 2010/12/05 21:36:16.0215 ================================================================================ 2010/12/05 21:36:16.0215 Scan started 2010/12/05 21:36:16.0215 Mode: Manual; 2010/12/05 21:36:16.0215 ================================================================================ 2010/12/05 21:36:17.0528 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys 2010/12/05 21:36:17.0582 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys 2010/12/05 21:36:17.0628 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys 2010/12/05 21:36:17.0675 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 2010/12/05 21:36:17.0716 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 2010/12/05 21:36:17.0742 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 2010/12/05 21:36:17.0790 AFD (ddc040fdb01ef1712a6b13e52afb104c) C:\Windows\system32\drivers\afd.sys 2010/12/05 21:36:17.0826 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys 2010/12/05 21:36:17.0864 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 2010/12/05 21:36:17.0923 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys 2010/12/05 21:36:17.0943 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys 2010/12/05 21:36:17.0979 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys 2010/12/05 21:36:18.0006 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 2010/12/05 21:36:18.0028 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 2010/12/05 21:36:18.0069 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys 2010/12/05 21:36:18.0091 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 2010/12/05 21:36:18.0126 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys 2010/12/05 21:36:18.0172 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys 2010/12/05 21:36:18.0236 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 2010/12/05 21:36:18.0257 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 2010/12/05 21:36:18.0293 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 2010/12/05 21:36:18.0323 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys 2010/12/05 21:36:18.0401 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 2010/12/05 21:36:18.0458 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 2010/12/05 21:36:18.0506 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 2010/12/05 21:36:18.0554 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 2010/12/05 21:36:18.0585 bowser (fcafaef6798d7b51ff029f99a9898961) C:\Windows\system32\DRIVERS\bowser.sys 2010/12/05 21:36:18.0603 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 2010/12/05 21:36:18.0625 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 2010/12/05 21:36:18.0677 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 2010/12/05 21:36:18.0699 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 2010/12/05 21:36:18.0724 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 2010/12/05 21:36:18.0746 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 2010/12/05 21:36:18.0800 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys 2010/12/05 21:36:18.0819 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 2010/12/05 21:36:18.0875 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys 2010/12/05 21:36:18.0979 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys 2010/12/05 21:36:19.0043 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys 2010/12/05 21:36:19.0126 BTKRNL (9515d10ceaf284ab1a21934e1958d4fd) C:\Windows\system32\DRIVERS\btkrnl.sys 2010/12/05 21:36:19.0202 BTWUSB (4272bab9291d26da5ac913bc79c3ce85) C:\Windows\system32\Drivers\btwusb.sys 2010/12/05 21:36:19.0452 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 2010/12/05 21:36:19.0512 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys 2010/12/05 21:36:19.0553 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 2010/12/05 21:36:19.0619 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 2010/12/05 21:36:19.0678 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 2010/12/05 21:36:19.0725 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys 2010/12/05 21:36:19.0769 CNG (1b675691ed940766149c93e8f4488d68) C:\Windows\system32\Drivers\cng.sys 2010/12/05 21:36:19.0821 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 2010/12/05 21:36:19.0845 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys 2010/12/05 21:36:19.0898 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 2010/12/05 21:36:19.0970 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys 2010/12/05 21:36:20.0034 DfsC (8e09e52ee2e3ceb199ef3dd99cf9e3fb) C:\Windows\system32\Drivers\dfsc.sys 2010/12/05 21:36:20.0067 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 2010/12/05 21:36:20.0131 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 2010/12/05 21:36:20.0217 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 2010/12/05 21:36:20.0268 DXGKrnl (39806cfeddcc55e686a49bccd2972f23) C:\Windows\System32\drivers\dxgkrnl.sys 2010/12/05 21:36:20.0341 E100B (20de769b84960606d8dbb2aec123021a) C:\Windows\system32\DRIVERS\e100b325.sys 2010/12/05 21:36:20.0514 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 2010/12/05 21:36:20.0677 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 2010/12/05 21:36:20.0712 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys 2010/12/05 21:36:20.0754 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 2010/12/05 21:36:20.0790 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 2010/12/05 21:36:20.0816 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 2010/12/05 21:36:20.0855 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 2010/12/05 21:36:20.0882 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 2010/12/05 21:36:20.0904 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 2010/12/05 21:36:20.0949 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 2010/12/05 21:36:20.0992 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 2010/12/05 21:36:21.0038 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys 2010/12/05 21:36:21.0128 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys 2010/12/05 21:36:21.0313 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 2010/12/05 21:36:21.0388 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 2010/12/05 21:36:21.0460 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 2010/12/05 21:36:21.0504 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys 2010/12/05 21:36:21.0524 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 2010/12/05 21:36:21.0564 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 2010/12/05 21:36:21.0613 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 2010/12/05 21:36:21.0656 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 2010/12/05 21:36:21.0713 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys 2010/12/05 21:36:21.0764 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys 2010/12/05 21:36:21.0803 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys 2010/12/05 21:36:21.0852 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys 2010/12/05 21:36:21.0877 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys 2010/12/05 21:36:21.0914 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 2010/12/05 21:36:21.0951 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys 2010/12/05 21:36:22.0001 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 2010/12/05 21:36:22.0040 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 2010/12/05 21:36:22.0075 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys 2010/12/05 21:36:22.0108 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 2010/12/05 21:36:22.0137 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 2010/12/05 21:36:22.0166 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys 2010/12/05 21:36:22.0201 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys 2010/12/05 21:36:22.0245 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 2010/12/05 21:36:22.0285 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 2010/12/05 21:36:22.0317 KSecDD (e36a061ec11b373826905b21be10948f) C:\Windows\system32\Drivers\ksecdd.sys 2010/12/05 21:36:22.0352 KSecPkg (26c046977e85b95036453d7b88ba1820) C:\Windows\system32\Drivers\ksecpkg.sys 2010/12/05 21:36:22.0422 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 2010/12/05 21:36:22.0485 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 2010/12/05 21:36:22.0523 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 2010/12/05 21:36:22.0557 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 2010/12/05 21:36:22.0585 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 2010/12/05 21:36:22.0632 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 2010/12/05 21:36:22.0665 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 2010/12/05 21:36:22.0698 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 2010/12/05 21:36:22.0733 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 2010/12/05 21:36:22.0752 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 2010/12/05 21:36:22.0775 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 2010/12/05 21:36:22.0810 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 2010/12/05 21:36:22.0840 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys 2010/12/05 21:36:22.0867 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys 2010/12/05 21:36:22.0897 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 2010/12/05 21:36:22.0940 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys 2010/12/05 21:36:22.0985 mrxsmb (f4a054be78af7f410129c4b64b07dc9b) C:\Windows\system32\DRIVERS\mrxsmb.sys 2010/12/05 21:36:23.0008 mrxsmb10 (deffa295bd1895c6ed8e3078412ac60b) C:\Windows\system32\DRIVERS\mrxsmb10.sys 2010/12/05 21:36:23.0040 mrxsmb20 (24d76abe5dcad22f19d105f76fdf0ce1) C:\Windows\system32\DRIVERS\mrxsmb20.sys 2010/12/05 21:36:23.0070 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys 2010/12/05 21:36:23.0090 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys 2010/12/05 21:36:23.0127 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 2010/12/05 21:36:23.0159 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 2010/12/05 21:36:23.0189 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys 2010/12/05 21:36:23.0249 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 2010/12/05 21:36:23.0281 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 2010/12/05 21:36:23.0306 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 2010/12/05 21:36:23.0340 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 2010/12/05 21:36:23.0376 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys 2010/12/05 21:36:23.0401 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 2010/12/05 21:36:23.0431 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 2010/12/05 21:36:23.0475 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 2010/12/05 21:36:23.0537 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 2010/12/05 21:36:23.0596 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys 2010/12/05 21:36:23.0653 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 2010/12/05 21:36:23.0734 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 2010/12/05 21:36:23.0767 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys 2010/12/05 21:36:23.0798 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys 2010/12/05 21:36:23.0830 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys 2010/12/05 21:36:23.0865 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 2010/12/05 21:36:23.0900 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys 2010/12/05 21:36:24.0107 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys 2010/12/05 21:36:24.0277 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 2010/12/05 21:36:24.0317 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 2010/12/05 21:36:24.0347 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 2010/12/05 21:36:24.0427 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys 2010/12/05 21:36:24.0530 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 2010/12/05 21:36:24.0750 nvlddmkm (4b07dee7e87d217640591280cefc425b) C:\Windows\system32\DRIVERS\nvlddmkm.sys 2010/12/05 21:36:24.0920 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys 2010/12/05 21:36:24.0980 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys 2010/12/05 21:36:25.0020 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys 2010/12/05 21:36:25.0050 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys 2010/12/05 21:36:25.0110 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 2010/12/05 21:36:25.0140 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys 2010/12/05 21:36:25.0180 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 2010/12/05 21:36:25.0220 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys 2010/12/05 21:36:25.0250 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys 2010/12/05 21:36:25.0290 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 2010/12/05 21:36:25.0320 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 2010/12/05 21:36:25.0370 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 2010/12/05 21:36:25.0516 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 2010/12/05 21:36:25.0553 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 2010/12/05 21:36:25.0615 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 2010/12/05 21:36:25.0692 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 2010/12/05 21:36:25.0787 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 2010/12/05 21:36:25.0824 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 2010/12/05 21:36:25.0845 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 2010/12/05 21:36:25.0902 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 2010/12/05 21:36:25.0941 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 2010/12/05 21:36:25.0983 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 2010/12/05 21:36:26.0015 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 2010/12/05 21:36:26.0055 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys 2010/12/05 21:36:26.0089 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 2010/12/05 21:36:26.0116 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys 2010/12/05 21:36:26.0163 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys 2010/12/05 21:36:26.0209 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 2010/12/05 21:36:26.0240 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 2010/12/05 21:36:26.0361 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys 2010/12/05 21:36:26.0420 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys 2010/12/05 21:36:26.0482 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys 2010/12/05 21:36:26.0559 rimmptsk (d85e3fa9f5b1f29bb4ed185c450d1470) C:\Windows\system32\DRIVERS\rimmptsk.sys 2010/12/05 21:36:26.0616 rimsptsk (db8eb01c58c9fada00c70b1775278ae0) C:\Windows\system32\DRIVERS\rimsptsk.sys 2010/12/05 21:36:26.0664 rismxdp (6c1f93c0760c9f79a1869d07233df39d) C:\Windows\system32\DRIVERS\rixdptsk.sys 2010/12/05 21:36:26.0742 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 2010/12/05 21:36:26.0779 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys 2010/12/05 21:36:26.0844 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys 2010/12/05 21:36:26.0887 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys 2010/12/05 21:36:26.0940 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys 2010/12/05 21:36:26.0990 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 2010/12/05 21:36:27.0038 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 2010/12/05 21:36:27.0076 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 2010/12/05 21:36:27.0097 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 2010/12/05 21:36:27.0158 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys 2010/12/05 21:36:27.0178 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys 2010/12/05 21:36:27.0208 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys 2010/12/05 21:36:27.0229 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 2010/12/05 21:36:27.0265 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys 2010/12/05 21:36:27.0316 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 2010/12/05 21:36:27.0349 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 2010/12/05 21:36:27.0399 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 2010/12/05 21:36:27.0451 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 2010/12/05 21:36:27.0542 srv (2ba4ebc7dfba845a1edbe1f75913be33) C:\Windows\system32\DRIVERS\srv.sys 2010/12/05 21:36:27.0591 srv2 (dce7e10feaabd4cae95948b3de5340bb) C:\Windows\system32\DRIVERS\srv2.sys 2010/12/05 21:36:27.0659 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS 2010/12/05 21:36:27.0718 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS 2010/12/05 21:36:27.0795 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 2010/12/05 21:36:27.0844 srvnet (b5665baa2120b8a54e22e9cd07c05106) C:\Windows\system32\DRIVERS\srvnet.sys 2010/12/05 21:36:27.0890 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 2010/12/05 21:36:27.0948 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys 2010/12/05 21:36:27.0985 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys 2010/12/05 21:36:28.0012 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys 2010/12/05 21:36:28.0089 SynTP (81cf7aa63bb3cca31e1d1944c0a45fc7) C:\Windows\system32\DRIVERS\SynTP.sys 2010/12/05 21:36:28.0193 Tcpip (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\drivers\tcpip.sys 2010/12/05 21:36:28.0353 TCPIP6 (2cc3d75488abd3ec628bbb9a4fc84efc) C:\Windows\system32\DRIVERS\tcpip.sys 2010/12/05 21:36:28.0411 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys 2010/12/05 21:36:28.0469 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys 2010/12/05 21:36:28.0488 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys 2010/12/05 21:36:28.0520 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys 2010/12/05 21:36:28.0568 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys 2010/12/05 21:36:28.0632 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys 2010/12/05 21:36:28.0685 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys 2010/12/05 21:36:28.0727 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 2010/12/05 21:36:28.0764 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys 2010/12/05 21:36:28.0829 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys 2010/12/05 21:36:28.0891 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys 2010/12/05 21:36:28.0948 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 2010/12/05 21:36:29.0002 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 2010/12/05 21:36:29.0050 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys 2010/12/05 21:36:29.0081 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys 2010/12/05 21:36:29.0113 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys 2010/12/05 21:36:29.0152 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys 2010/12/05 21:36:29.0175 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 2010/12/05 21:36:29.0214 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 2010/12/05 21:36:29.0244 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys 2010/12/05 21:36:29.0295 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys 2010/12/05 21:36:29.0337 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys 2010/12/05 21:36:29.0382 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 2010/12/05 21:36:29.0416 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 2010/12/05 21:36:29.0446 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys 2010/12/05 21:36:29.0515 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys 2010/12/05 21:36:29.0548 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 2010/12/05 21:36:29.0568 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys 2010/12/05 21:36:29.0700 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys 2010/12/05 21:36:29.0759 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys 2010/12/05 21:36:29.0793 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys 2010/12/05 21:36:29.0844 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 2010/12/05 21:36:29.0909 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys 2010/12/05 21:36:29.0958 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 2010/12/05 21:36:29.0997 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 2010/12/05 21:36:30.0040 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 2010/12/05 21:36:30.0077 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2010/12/05 21:36:30.0091 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys 2010/12/05 21:36:30.0213 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 2010/12/05 21:36:30.0273 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 2010/12/05 21:36:30.0366 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 2010/12/05 21:36:30.0402 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 2010/12/05 21:36:30.0482 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys 2010/12/05 21:36:30.0542 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 2010/12/05 21:36:30.0599 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys 2010/12/05 21:36:30.0632 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys 2010/12/05 21:36:30.0679 Suspicious service (NoAccess): yfecbo 2010/12/05 21:36:30.0871 yfecbo (7c39394ba2d63ae1ae7a81a4054b67f4) C:\Windows\system32\drivers\yfecbo.sys 2010/12/05 21:36:30.0871 Suspicious file (NoAccess): C:\Windows\system32\drivers\yfecbo.sys. md5: 7c39394ba2d63ae1ae7a81a4054b67f4 2010/12/05 21:36:30.0882 yfecbo - detected Locked service (1) 2010/12/05 21:36:30.0948 \HardDisk0 - detected Rootkit.Win32.TDSS.tdl4 (0) 2010/12/05 21:36:30.0953 ================================================================================ 2010/12/05 21:36:30.0953 Scan finished 2010/12/05 21:36:30.0953 ================================================================================ 2010/12/05 21:36:30.0969 Detected object count: 2 2010/12/05 21:36:50.0963 Locked service(yfecbo) - User select action: Skip 2010/12/05 21:36:51.0006 \HardDisk0 - will be cured after reboot 2010/12/05 21:36:51.0006 Rootkit.Win32.TDSS.tdl4(\HardDisk0) - User select action: Cure 2010/12/05 21:37:28.0261 Deinitialize success |
wie läuft er jetzt? |
bis jetzt gut: also keine Probleme; Danke fuer die ganze Hilfe!! |
lade den ccleaner slim: Piriform - Builds falls der ccleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten. |
wie komm ich von dem Schritt öffnen zu extras ß kann ich in piriform ccleaner nicht finden! |
Hi bei dem cleaner gibt es kein extras ! der Lap Top stuertzt immer wieder ab. was soll ich jetzt tun? |
Internet Explorer - Temporary Internet Files 100,553 KB 7,554 files unnötig Internet Explorer - History 1,275 KB 28 files unnötig Internet Explorer - Cookies 313 KB 940 files unnötig Windows Explorer - Recent Documents 25 KB 45 unbekannt Windows Explorer - Thumbnail Cache 77,003 KB 6 files unbekannt System - Empty Recycle Bin 5,476 KB 9 files unnätig System - Temporary Files 22,382 KB 244 files System - Memory Dumps 188,668 KB 19 files unbekannt System - Windows Log Files 4 KB 2 files notwendig Google Chrome - Internet Cache 164,362 KB 130 files Google Chrome - Internet History 1,012 KB 6 files unnötig Google Chrome - Cookies 0 KB 14 files unnötig Google Chrome - Session 50 KB 2 files unbekannt Applications - Office 2003 25 KB 16 files notwendig Applications - Office 2007 25 KB 16 files notwendig Internet - Google Toolbar IE 14 KB 2 files notwendig Multimedia - Adobe Flash Player 5 KB 44 files notwendig Utilities - Windows Defender 61 KB 9 files unbekannt wie gesagt; bei manchen Seiten z.B. kicker live stürzt er Lap top ab |
die muss es aber geben, aber wenn dein laptop nach all der zeit immernoch nicht läuft sollten wir kurzen prozess machen und neu aufsetzen |
und wie sollen wir jetzt vorgehen? |
sichere deine daten und suche deine windows cd raus dann meld dich. |
ich hab die cd leider nicht mehrö gehts nicht irgendwie anders? |
wie viele monate willst du denn noch basteln, wir sitzen da seit 2 monaten drann. dann musst du dir ne neue cd besorgen, keine instalation hällt lebenslang... |
hi, ich versuch jetzt nochmal den Lap Top zum laufen zum bringen; den Lap Top konnte man nicht mehr starten; deshalb hab ich jetzt ne windows vista cd rein um neu zu installieren; leider bleibt er bei folgendem Punkt hängen: windows installing ok copying files ok expanding files - hier bleibt er hängen; Fehlermeldung: Windows cannot install required files. Make sure all reiquired files for installation are available code: 0* 8007045D Was kann man da tun? VG Pumba |
ist die cd sauber? also ich meine staub technisch, keine fingerabdrücke etc |
ja; ist sauber, mit der windows xp cd gehts auch nicht; kommt auch ne Fehler Meldung; ich glaub der Virus hat was bei der hardware kaputt gemacht |
nein das geht eig nicht. hast du die schnelle oder langsame formatierung genutzt? hast du evtl. ein zweites laufwerk zur verfügung? ich meine cd oder dvd laufwerk |
hi da gibts keine Wahlmöglichkeit für schnelle oder langsame Formatierung; wie kann man das einstellen? |
nee, es gibt nur ein Laufwerk |
also folgende Fehler meldung wenn ich mit win xp cd starten will: comp wird heruntergefahren, damit comp nicht beschödigt wird Stellen Sie sicher, dass ausreichen Festplattenspeicher zur Vrefügung steht; Deakrivieren sie den Treiber oder fragen Sie den Hersteller nach einem Update. Tauschen Sie die Videokarten aus; Fragen Sie Hersteller nach Bios-Updates ... |
formatierst du denn auch richtig... Festplatte formatieren und Windows XP installieren |
das Problem ist, dass während das Setup Programm durchlaufen wird, der lap top abstürzt- es kommt dann die Fehlermeldung |
noch garantie auf das gerät? |
leider nicht... hast noch nen Tipp, oder kleine chance? |
hmm, keinen fach mann in der nähe, vllt ists ein hardware schaden |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 07:33 Uhr. |
Copyright ©2000-2025, Trojaner-Board