View Full Version : dl[1].htm
Dear caseworker
Tashi advised me to send my question to this part of the forum. Since to me unknown time dl[1].htm is spooking my computer. It was undetected by Microsoft Security Essentials and Spybot. I found it two days ago through strange behaviour of Internet Explorer and slowing down of the computer. In the last couple of days I have observed it and tried to remove it. It executes in combination with IE-Explorer, appears as a process with the same name and creates a file named m23S7Ral.exe; both are found in the process list in the task manager. M23S7Ral.exe uses up to 50% of CPU for short times, especially when it starts or when other programs are being started.
When I close the Internet Explorer, after a few seconds the Internet Explorer opens again showing the following address:
[URL=file:///C:/Dokumente%2520und%2520Einstellungen/Oliver%2520Draxl/Lokale%2520Einstellungen/Temporary%2520Internet%2520Files/Content.IE5/W034DJWL/dl%5B1%5D.htm]
In the browser window appears the program code of m23S7Ral.exe in txt format which is then saved in the location:
[C:\Dokumente und Einstellungen\All Users\Anwendungsdaten]
dl[1].htm is not to find on the hard drive.
It creates a registry entry in:
[HKEY-USERS\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]
the following string:
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten REG_SZ m23S7RaL
This only happens in combination with Internet Explorer and it has so far only happened when the computer is online.
Before using Spybot I tried to remove this program manually but destroying the file and deleting the registry entry does not help as the file recreates through the IE explorer when the browser is online for several minutes.
On the day I discovered it first time, all the browsers temporary data, history, cookies, passwords, etc. where deleted. It may not have anything to do with it as it happened as I frantically tried to shut down the strange activity in the task manager and Internet Explorer which was hard because the computer was so slow.
So far I have not been able to find out what it does.
The system on my computer is Windows XP Service pack 3 with all the updates installed.
The Internet Explorer is version 8.0.6001.18702IC
On the computer is an outdated and inactive version of PC Tools Internet Security. This program has been shut down for about 4 months.
Micro Trend Internet Security does not work because it crashed by the installation and could not be reinstalled because of the left fragments from the previous installation which could not be removed. It still appears in Windows as a fully installed program though.
Since then I use Microsoft Security Essentials.
I have saved print screens of all the entries of the two “strangers” on my computer I found. I can send when needed.
I hope with this information you are able to help me and others who may be in jeopardy about this.
Thank you for your help in this matter.
Best Regards
Oliver
.
DDS (Ver_11-05-19.01) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 18:24:23 on 2011-05-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.416 [GMT 10:00]
.
AV: Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Trend Micro Internet Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Internet Security Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Browser Defender\BDTUpdateService.exe
C:\WINDOWS\system32\CNAC3RPK.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\PC Tools Internet Security\pctsAuxs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programme\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
D:\Eigene Dateien\Download\spybot\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
{14ceeaff-96dd-4101-ae37-d5ecdc23c3f6}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\programme\browser defender\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\programme\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programme\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\programme\browser defender\PCTBrowserDefender.dll
TB: {23B0D39A-E245-41B7-BF86-1238CF62625E} - No File
uRun: [TaskSwitchXP] c:\programme\taskswitchxp\TaskSwitchXP.exe
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\programme\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [ATICCC] "c:\programme\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [UfSeAgnt.exe] "c:\programme\trend micro\internet security\UfSeAgnt.exe"
mRun: [MSC] "c:\programme\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll
LSP: c:\programme\gemeinsame dateien\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Filter: text/html - {e0e86684-af80-4520-b049-326a9cb81c82} - c:\dokume~1\oliver~1\lokale~1\temp\msmonitor
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-1 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-11-1 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-11-1 39200]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl8ce013eb;MpKsl8ce013eb;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKsl8ce013eb.sys [2011-5-21 28752]
R1 MpKslfd10626b;MpKslfd10626b;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKslfd10626b.sys [2011-5-21 28752]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-1 159600]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\browser defender\BDTUpdateService.exe [2009-9-24 112592]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-11-1 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\pc tools internet security\pctsAuxs.exe [2009-11-1 348752]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-7-30 36368]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2009-9-23 1088896]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-7-30 339984]
S1 MpKslc2e1cac1;MpKslc2e1cac1;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\mpkslc2e1cac1.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\MpKslc2e1cac1.sys [?]
S2 AdminSVC;GMX Browser Update;c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe --> c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe [?]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [2001-12-20 7552]
S2 Ca533av;PocketCam 3Mega, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [2010-4-10 514929]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-9-25 16512]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2009-9-26 1183744]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2005-8-24 692992]
S3 EyelineService;Eyeline Video System;c:\programme\nch software\eyeline\eyeline.exe [2009-11-5 643076]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-9-23 32512]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-11-1 95656]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-1 64424]
S3 sdCoreService;PC Tools Security Service;c:\programme\pc tools internet security\pctsSvc.exe [2009-11-1 1095592]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-11-1 33056]
S3 ThreatFire;ThreatFire;c:\programme\pc tools internet security\tfengine\tfservice.exe service --> c:\programme\pc tools internet security\tfengine\TFService.exe service [?]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-4-22 50704]
S3 TmPfw;Trend Micro Personal Firewall;"c:\programme\trend micro\internet security\tmpfw.exe" --> c:\programme\trend micro\internet security\TmPfw.exe [?]
S3 TmProxy;Trend Micro Proxy Service;"c:\programme\trend micro\internet security\tmproxy.exe" --> c:\programme\trend micro\internet security\TmProxy.exe [?]
.
=============== Created Last 30 ================
.
2011-05-22 02:43:55 114690 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\m23S7RaL.exe
2011-05-21 10:33:00 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKslfd10626b.sys
2011-05-21 05:46:43 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKsl8ce013eb.sys
2011-05-21 05:45:40 6962000 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpengine.dll
2011-05-21 03:57:13 -------- d-----w- c:\programme\Spybot - Search & Destroy
2011-05-21 03:57:13 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Spybot - Search & Destroy
2011-05-20 05:58:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-20 05:50:53 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Skype Extras
2011-04-28 09:27:29 6962000 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-04-26 23:39:41 -------- d-----w- c:\programme\IE3_NT
2011-04-26 23:31:42 -------- d-----w- c:\programme\HPSW
2011-04-26 12:12:19 -------- d-----w- C:\IEXPLORE
2011-04-26 11:38:05 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-04-26 11:38:05 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-04-26 11:38:05 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-04-26 11:38:05 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-04-26 11:38:05 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-04-22 09:06:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-22 08:53:18 -------- d-----w- c:\programme\Microsoft Security Client
.
==================== Find3M ====================
.
2011-03-07 05:33:46 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:22 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:00 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:05:50 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:05:50 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:05:50 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:42:00 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 18:25:22.56 ===============
Hello and welcome to the forum.
My name is vict0r and I will help you with the malware issues on your computer.
Please read the following information carefully.
IMPORTANT: Whatever repairs we make, are for fixing this computer only and by no means should be used on another computer.
To make cleaning this machine easier:
Continue to respond to this thread until I I tell you that the logs are clean!
Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
Please follow all instructions in the order posted.
If you have any questions or do not understand instructions, please ask before continuing.
Please reply to this thread. Do not start a new topic.
Your security program(s) may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Uninstall misc programs
Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect.
If you need a pdf reader while we clean your computer, then you can download the standalone version of Foxit PDF Reader (no installation required) in the following link. http://cdn01.foxitsoftware.com/pub/foxi ... 31_enu.zip (http://cdn01.foxitsoftware.com/pub/foxit/reader/desktop/win/4.x/4.3/enu/FoxitReader431_enu.zip)
Please uninstall PCTools since you do not use it anymore and if you did not already try, then try to uninstall Trend Micro.
Please uninstall Viewpoint (you probably didn't install it).
Click on Start > Run.
In the open text box copy/paste appwiz.cpl Then click Ok.
Wait for the list of programs in the Add/Remove control panel to appear, then uninstall the two programs listed below:
Adobe Reader 9.4.4
Java(TM) 6 Update 11
Java(TM) 6 Update 17
PC Tools Internet Security 2009
Trend Micro Internet Security
Viewpoint Media Player
Backup the Registry
Using tools that are modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
Please navigate to Start >> All Programs >> ERUNT >> ERUNT.
Click on OK within the pop-up menu.
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
System registry
Current user registry
Next click on OK
When the Question pop-up appears click on Yes
After a short duration the Registry backup is complete! popup will appear
Now click on OK. A backup has been created.
Trend Micro removal
Save all work and close all programs, a reboot is required after running this tool. Run this tool even if unistalling Trend Micro was successful or failed above.
Download the Trend Micro Diagnostic Toolkit (http://solutionfile.trendmicro.com/solutionfile/EN-1037161/32bit.exe).
When the File Download window appears, click Run.
After the download finishes, the Trend Micro Diagnostic Toolkit window appears.
Click the Uninstall tab, then click the "1. Uninstall software" button.
The Toolkit will automatically detect the Trend Micro program that is currently installed. Click Uninstall.
After the program finishes uninstalling, you will then be asked to restart your computer. Click Yes.
OTL
Download OTL to your desktop from the following link: OTL.exe (http://oldtimer.geekstogo.com/OTL.exe)
Double click on OTL.exe (on your desktop) to run it.
Check the boxes labeled : Scan All Users
LOP check
Purity check
Click on the Run Scan button at the top left hand corner.
OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
They will be saved on your desktop. Please post these logs.
Please use one reply per log and do not attach any logs, but copy and paste them directly into your reply. Some logs can be lengthy, then you have to use more than one reply to post the log. :)
Hello Vict0r
Thank you for looking into this.
This morning by a routine scan Microsoft Security Essentials picked up:
VirTool:Win32/CeeInject.gen!EO
and removed it. Then it showed the log and it was:
Category: Tool
Description: This program is used to create viruses, worms or other malware.
Items:
file:C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKJYBT3C\dl[1].htm
It seams that the virus scanner has finally found it.
But I'm not sure if it is successfully removed because sometimes in the last days the virus also appeared as dl[2].htm
Here is the OTL log part 1:
OTL logfile created on: 27/05/2011 12:18:04 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Eigene Dateien\Computer upgrade
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australien | Language: ENA | Date Format: d/MM/yyyy
1022.04 Mb Total Physical Memory | 388.78 Mb Available Physical Memory | 38.04% Memory free
2.40 Gb Paging File | 1.77 Gb Available in Paging File | 73.62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35.06 Gb Total Space | 11.94 Gb Free Space | 34.06% Space Free | Partition Type: FAT32
Drive D: | 35.55 Gb Total Space | 7.94 Gb Free Space | 22.32% Space Free | Partition Type: FAT32
Drive F: | 125.11 Mb Total Space | 123.38 Mb Free Space | 98.61% Space Free | Partition Type: FAT
Drive J: | 298.09 Gb Total Space | 129.42 Gb Free Space | 43.42% Space Free | Partition Type: NTFS
Computer Name: ACER-2CDC76420C | User Name: Oliver Draxl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/27 12:15:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Computer upgrade\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/22 09:16:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\Browser Defender\BDTUpdateService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Internet Security\pctsAuxs.exe
PRC - [2008/09/22 06:02:20 | 000,054,720 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAC3RPK.EXE
PRC - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Programme\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/14 12:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/05 08:29:14 | 000,062,976 | ---- | M] (Alexander Avdonin) -- C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
PRC - [2005/12/15 19:13:38 | 000,344,064 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2005/12/06 17:11:24 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE
PRC - [2005/12/02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005/12/02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005/12/02 15:42:42 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005/12/02 15:42:28 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005/12/02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005/11/30 20:39:58 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/11/16 17:00:50 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/11/02 00:11:00 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/10/24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005/10/19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005/08/12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
========== Modules (SafeList) ==========
MOD - [2011/05/27 12:15:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Computer upgrade\OTL.exe
MOD - [2011/02/08 23:33:28 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010/08/24 02:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/12/05 16:00:10 | 000,053,248 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\sysenv.dll
MOD - [2005/11/02 00:11:00 | 000,069,723 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005/08/24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2004/08/04 05:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll
MOD - [2003/03/18 21:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71u.dll
MOD - [2003/03/18 20:44:34 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71DEU.DLL
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (LVPrcSrv)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AdminSVC)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/22 09:16:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\Browser Defender\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/05 13:43:14 | 000,643,076 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Programme\NCH Software\Eyeline\eyeline.exe -- (EyelineService)
SRV - [2009/11/01 21:16:56 | 000,070,944 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Internet Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/02/02 10:20:02 | 001,095,592 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Internet Security\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\PC Tools Internet Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Programme\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/04/14 12:22:24 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2005/12/02 15:43:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/12/02 15:43:00 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/12/02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - [2011/05/27 11:56:02 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D9F1F192-FC7D-4B13-9E92-E9235691703F}\MpKsl196d8b0d.sys -- (MpKsl196d8b0d)
DRV - [2010/02/11 22:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/01 21:16:56 | 000,039,200 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/11/01 21:16:48 | 000,033,056 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/11/01 21:16:34 | 000,051,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/01 21:15:24 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/12/18 12:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 08:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/12/10 12:36:06 | 000,064,424 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2008/12/10 12:36:04 | 000,095,656 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2008/09/22 12:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/04/17 15:52:50 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/04/14 04:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/08/29 17:40:34 | 001,183,744 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/12/06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005/12/01 07:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/30 20:45:10 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/11/30 20:45:10 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/11/29 21:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2005/11/29 21:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/26 16:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/17 15:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/11/08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/11/08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/08/24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005/08/03 05:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/06/22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/04/22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/04/22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/04/05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2003/10/24 02:07:38 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/16 16:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2002/11/06 09:42:10 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) DSC Still Image Capture (CA100)
DRV - [2002/07/31 17:48:54 | 000,514,929 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CA533AV.SYS -- (Ca533av)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/02/02 02:29:36 | 000,015,300 | ---- | M] (CANON INC.) [Kernel | Auto | Running] -- C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmpar21.sys -- (cnmpar21)
DRV - [2001/12/20 20:32:20 | 000,007,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\usbprn.sys -- (BulkUsb)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - Reg Error: Value error. File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\..\Toolbar\WebBrowser: (no name) - {23B0D39A-E245-41B7-BF86-1238CF62625E} - No CLSID value found.
O3 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\Eigene Dateien\Eigene Bilder\Sun behind planets desktop.bmp
O24 - Desktop BackupWallPaper: D:\Eigene Dateien\Eigene Bilder\Sun behind planets desktop.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/05 08:20:18 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/12/17 19:10:56 | 000,000,000 | ---D | M] - C:\AUTOTRAX -- [ FAT32 ]
O33 - MountPoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{79949d7d-6ff9-11e0-b9e2-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{79949d7d-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79949d7d-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{807616c6-7850-11df-b959-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{807616c6-7850-11df-b959-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{807616c6-7850-11df-b959-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WHS2108J06098.vbs
O33 - MountPoints2\{d3051bba-8805-11e0-b9eb-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{d3051bba-8805-11e0-b9eb-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3051bba-8805-11e0-b9eb-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
OTL part 2:
========== Files/Folders - Created Within 30 Days ==========
[2011/05/27 12:07:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Dodo Wireless Broadband
[2011/05/27 12:06:54 | 000,872,192 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2011/05/27 12:06:54 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys
[2011/05/27 12:06:54 | 000,101,376 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2011/05/27 12:06:54 | 000,100,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2011/05/27 12:06:54 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2011/05/27 12:06:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/27 11:53:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trend Micro
[2011/05/22 18:24:24 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\Startmenü\Programme\Verwaltung
[2011/05/22 18:03:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011/05/22 18:03:17 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011/05/22 08:36:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop
[2011/05/21 13:57:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011/05/21 13:57:13 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011/05/21 13:57:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011/05/20 15:58:03 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/20 15:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype Extras
[2011/05/20 15:49:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2011/05/09 17:38:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\Desktop\content of alcor 125 090511
[2011/04/27 16:24:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/05/27 12:01:02 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/27 12:00:44 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/05/27 11:58:14 | 000,000,603 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011/05/27 11:55:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/27 11:55:30 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/22 08:39:18 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\goldenvideosShakeIcon.job
[2011/05/21 22:42:40 | 000,011,329 | ---- | M] () -- C:\WINDOWS\IEXPLORE.INI
[2011/05/21 20:38:50 | 000,496,742 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/05/21 20:38:50 | 000,442,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/21 20:38:50 | 000,100,966 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/05/21 20:38:50 | 000,072,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/21 15:30:32 | 000,001,222 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/20 15:58:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/12 19:31:54 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc10876d90845e.job
[2011/05/12 12:36:12 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/05/11 14:52:14 | 000,247,296 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/27 12:59:46 | 000,000,433 | ---- | M] () -- C:\WINDOWS\globhist.htm
[2011/04/27 12:59:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\cookie.jar
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/05/22 08:39:16 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\goldenvideosShakeIcon.job
[2011/05/21 20:32:31 | 1071,763,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/21 14:52:50 | 000,001,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/20 15:49:57 | 000,002,247 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype.lnk
[2011/05/12 19:31:53 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc10876d90845e.job
[2011/04/27 09:32:06 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ob1.INI
[2011/04/26 22:12:19 | 000,011,329 | ---- | C] () -- C:\WINDOWS\IEXPLORE.INI
[2011/04/26 22:12:19 | 000,000,223 | ---- | C] () -- C:\WINDOWS\RA.INI
[2010/07/20 23:25:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/07/20 23:25:53 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/07/20 23:25:53 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/20 23:25:53 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/10 19:09:25 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\aip504.dll
[2010/04/10 19:09:25 | 000,014,381 | ---- | C] () -- C:\WINDOWS\Tw533a.ini
[2010/04/10 19:09:25 | 000,012,201 | ---- | C] () -- C:\WINDOWS\USB_CAM.ini
[2010/04/10 19:09:25 | 000,012,201 | ---- | C] () -- C:\WINDOWS\USB_533.ini
[2010/04/10 19:09:25 | 000,002,141 | ---- | C] () -- C:\WINDOWS\ca533a.ini
[2010/04/10 19:09:25 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Setup533.ini
[2010/04/10 19:09:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll
[2010/04/10 19:09:24 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll
[2010/04/10 19:09:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\VideoThumb.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll
[2010/04/10 19:09:24 | 000,023,602 | ---- | C] () -- C:\WINDOWS\System32\RCfile.ini
[2010/04/02 11:14:32 | 000,460,908 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat
[2010/04/02 11:14:32 | 000,085,594 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat
[2010/01/02 18:39:38 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/29 16:27:08 | 000,010,588 | R--- | C] () -- C:\WINDOWS\System32\drivers\mpfilt.sys
[2009/12/29 14:27:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/29 14:27:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2009/12/03 17:46:51 | 000,000,907 | ---- | C] () -- C:\WINDOWS\MyProg.INI
[2009/11/12 10:07:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2009/11/08 22:31:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/26 22:49:42 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/08 12:22:58 | 000,225,280 | ---- | C] () -- C:\WINDOWS\USB6225phmgunin.exe
[2009/10/07 15:56:05 | 000,000,065 | ---- | C] () -- C:\WINDOWS\NokiaImageConverter.INI
[2009/10/05 16:27:36 | 000,000,022 | ---- | C] () -- C:\WINDOWS\SUMO.INI
[2009/10/05 14:03:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/10/02 15:18:11 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2009/09/26 10:08:54 | 000,247,296 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 00:10:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2009/09/26 00:10:39 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2009/09/26 00:10:34 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2009/09/26 00:10:34 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2009/09/25 16:30:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/09/25 15:54:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/09/25 15:54:50 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/25 15:54:49 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/25 15:51:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/09/25 14:02:28 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/09/24 17:10:08 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/09/24 10:29:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/23 23:20:47 | 000,225,280 | ---- | C] () -- C:\WINDOWS\USBT39phmgunin.exe
[2009/09/23 20:06:08 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/23 18:38:53 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2009/09/23 18:32:31 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009/09/23 18:32:27 | 000,013,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/23 18:30:03 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/23 18:28:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2009/09/23 18:25:53 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2009/09/23 18:25:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2009/09/23 18:25:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2009/09/23 18:25:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2009/09/23 18:25:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2009/09/23 18:25:44 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2009/09/23 18:25:03 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/09/23 09:47:08 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2009/09/23 09:47:08 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2008/09/01 16:13:52 | 000,509,208 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2007/06/14 10:14:12 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/14 10:13:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/12/01 00:24:56 | 000,037,754 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/30 20:45:10 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/11/30 20:45:10 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/11/14 19:26:12 | 000,112,794 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/07/15 01:48:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005/03/28 00:45:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/12/17 01:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 00:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/01/13 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003/04/10 08:33:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/10 08:33:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 08:24:12 | 000,496,742 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/04/10 08:24:12 | 000,442,800 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/10 08:24:12 | 000,100,966 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/04/10 08:24:12 | 000,072,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/10 01:51:24 | 000,375,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/05 08:20:40 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2003/04/05 07:48:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/05 07:47:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/26 19:07:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2002/05/24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/12/20 20:32:20 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprn.sys
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 02:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 02:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/23 04:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
========== LOP Check ==========
[2009/09/23 18:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer
[2009/09/23 20:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT
[2009/09/24 17:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009/09/24 16:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2009/09/25 14:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2009/09/26 00:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVerTV
[2009/09/26 13:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF
[2009/10/31 22:56:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
[2010/02/17 21:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\C-Free
[2010/03/20 19:26:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileCure
[2010/03/20 19:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2010/04/25 13:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Maxtor
[2010/06/11 14:17:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010/07/07 13:18:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/30 13:54:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PCToolsSpamMonitorPlus
[2009/09/30 13:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PCToolsFirewallPlus
[2009/09/23 18:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Acer
[2009/09/23 22:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Zoner
[2009/09/23 22:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Obsidium
[2009/09/23 23:21:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\MobileAction
[2009/09/23 23:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\NCH Swift Sound
[2009/09/24 17:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\PCToolsSpamMonitorPlus
[2009/09/24 17:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\PCToolsFirewallPlus
[2009/09/25 22:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/28 13:43:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Nitro PDF
[2009/10/05 09:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\CoCreate
[2009/10/07 11:03:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\SpamBayes
[2009/10/18 10:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\J. A. Associates
[2009/11/13 11:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\WikidPad
[2010/01/10 13:24:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\wsInspector
[2010/02/17 21:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\C-Free
[2010/03/11 20:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Ashampoo
[2010/03/30 08:50:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\HandBrake
[2010/11/14 21:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\EPSON
[2010/11/11 11:54:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadDowngrade.job
[2010/11/11 11:54:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2011/04/22 23:37:24 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B034EC4-73E5-4F92-8146-AE71BF70500B}.job
[2011/05/22 08:39:18 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\goldenvideosShakeIcon.job
[2011/05/27 12:00:44 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2011/05/27 12:01:02 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
< End of report >
The Trend Micro diagnostic tool has been able to clean up the computer, that worked well.
But since restarting the computer after this, the dial-up for my wireless broad band does not connect any more. Is that co-incidentally or has this something to do with the removal of Trend Micro Internet Security?
I hope that the scanning and removing of that virus by Microsoft Internet Security does not upset any work you have started on your side. I did not recognise that it was dl[1].htm because the name was different in display.
Thanks again
Best regards
Oliver
The Trend Micro diagnostic tool has been able to clean up the computer, that worked well.
But since restarting the computer after this, the dial-up for my wireless broad band does not connect any more. Is that co-incidentally or has this something to do with the removal of Trend Micro Internet Security?
I hope that the scanning and removing of that virus by Microsoft Internet Security does not upset any work you have started on your side. I did not recognise that it was dl[1].htm because the name was different in display.
Thanks again
You're welcome. :)
How did you post the log since the computer does not connect?
Did you try to uninstall PC Tools Internet Security 2009?
It's good that Microsoft Security Essentials picked up the file, however it's probably not the whole story.
You forgot to post Extras.txt. It should be located in the following directory: D:\Eigene Dateien\Computer upgrade\
Please post it. :)
Hi vict0r
I posted it on my little net book. While paste and copying files from one to the other computer I forgot Extras.txt, sorry about that.
Trend Micro crashed on the installation. Re-installation reqired to de-install the previous incomplete installation. The de-installation did not work, it only gave a message that the attempt was unsuccessfull. Spinning in circles I gave the software away.
It appears to me that Trend Micro installs its own network adapter drivers. Those are still shown in the hardware manager with a yellow exclamation mark, saying that the driver is missing in the registry.
I ran the recovery of the registry from the backup I made with Erunt but it still did not make a change.
Here is the Extras.txt:
OTL Extras logfile created on: 27/05/2011 12:18:04 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Eigene Dateien\Computer upgrade
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australien | Language: ENA | Date Format: d/MM/yyyy
1022.04 Mb Total Physical Memory | 388.78 Mb Available Physical Memory | 38.04% Memory free
2.40 Gb Paging File | 1.77 Gb Available in Paging File | 73.62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35.06 Gb Total Space | 11.94 Gb Free Space | 34.06% Space Free | Partition Type: FAT32
Drive D: | 35.55 Gb Total Space | 7.94 Gb Free Space | 22.32% Space Free | Partition Type: FAT32
Drive F: | 125.11 Mb Total Space | 123.38 Mb Free Space | 98.61% Space Free | Partition Type: FAT
Drive J: | 298.09 Gb Total Space | 129.42 Gb Free Space | 43.42% Space Free | Partition Type: NTFS
Computer Name: ACER-2CDC76420C | User Name: Oliver Draxl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [UnzipThemAll] -- "C:\Programme\UnzipThemAll\UnzipThemAll.exe" "%1" (Hervé Thouzard)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-zu-Peer-Gruppierung
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution-Protokoll (PNRP)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-zu-Peer-Gruppierung
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution-Protokoll (PNRP)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\gmx_Update.exe:*:Enabled:GMX Update
"C:\WINDOWS\System32\CNAC3RPK.EXE" = C:\WINDOWS\System32\CNAC3RPK.EXE:*:Disabled:Canon LBP5200 RPC Server Process -- (CANON INC.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{081D00DF-35F0-4570-8037-3E289795928F}" = Nitro PDF Professional
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10EAC7D9-7ED4-425E-8054-643452147D13}" = MyScript Notes Basic Edition
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B2DB36B-1791-480E-988D-53EB55B53463}" = CoCreate Modeling Personal Edition 2.0
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22A83C29-58A8-4CAB-8EDC-918D74F8429E}_is1" = WikidPad 1.8final
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83216011F0}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4E52EC9A-34A6-474F-8D84-4E8CC5D48683}" = Serif PanoramaPlus 1
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5C203ADC-DF15-4A22-A7AF-E727FE604CFF}" = Xara XS
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{642FCF93-54AE-4F75-A2E2-124DE3756C59}" = ATI Catalyst Control Center
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam-Software
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A86E15-20D5-4681-804D-B9A3BBD0AB20}" = Multimedia Remote Controller
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{950B5114-1195-4A6F-8981-803D248FD8B6}" = PowerCam 2.0 Megapixel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D37E8E49-1AA3-401F-BA15-50AB88A2712D}_is1" = Image Comparer v3.0 Free for PC User Readers
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA23F019-B032-4917-97E0-3C5E8E95CE54}" = Mindful Clock
"{ED5F7AF9-347B-4440-A211-C6236508CC08}" = ExpressPCB
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC CIR HID V5.3.2600.2
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"AcerOrbiCamDrv" = Acer OrbiCam-Treiber
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"Ashampoo UnInstaller 3_is1" = Ashampoo UnInstaller 3.12
"Ashampoo WinOptimizer 5_is1" = Ashampoo WinOptimizer 5.05
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"AVerMedia E501 CardBus Analog" = AVerMedia E501 CardBus Analog 3.5.0.69
"AVerMedia MCE Encoder" = AVerMedia MCE Encoder 3.2.1.62
"AVIConverter" = AVIConverter CHN-EN Package
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CamStudio" = CamStudio
"Canon LBP5200" = Canon LBP5200
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CNXT_MODEM_HDAUDIO_AcrS1025" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Debut" = Debut Video Capture Software
"Dexster_is1" = Dexster V2.0
"Dodo Wireless Broadband" = Dodo Wireless Broadband
"ePresentation" = Acer ePresentation Management
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ESCX5700F User's Guide" = ESCX5700F User's Guide
"Eyeline" = Eyeline Video System
"Food Additives" = Food Additives 1.0
"GMX IE7 Browser Update" = GMX IE7 Browser Update
"GoldenVideos" = Golden Videos
"GridVista" = Acer GridVista
"Handbrake" = Handbrake 0.9.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft PhotoDraw 2000" = Microsoft PhotoDraw 2000
"Microsoft Security Client" = Microsoft Security Essentials
"MP3 Repair Tool_is1" = MP3 Repair Tool v1.5.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Natural Biorhythms_is1" = Natural Biorhythms version 3.04
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OrganicArtMS" = Organic Art, Microsoft Edition
"PC Tools Internet Security" = PC Tools Internet Security 2009
"Prism" = Prism Video Converter
"ProInst" = Intel(R) PROSet/Wireless Software
"Recuva" = Recuva
"SpamBayes_is1" = SpamBayes 1.0.4
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T39 USB-Handset Manager" = T39 USB-Handset Manager
"TaskSwitchXP" = TaskSwitchXP
"UnzipThemAll_is1" = UnzipThemAll 1.3
"VideoPad" = VideoPad Video Editor
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Drive Creator_is1" = Virtual Drive Creator V3.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoner 3D Photo Maker_is1" = Zoner 3D Photo Maker
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 26/05/2011 8:08:24 AM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 26/05/2011 8:08:25 AM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 26/05/2011 8:08:49 AM | Computer Name = ACER-2CDC76420C | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.3.0.111, fehlgeschlagenes
Modul skype.exe, Version 5.3.0.111, Fehleradresse 0x006eb5e2.
Error - 26/05/2011 8:08:57 AM | Computer Name = ACER-2CDC76420C | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich -1844922977.
Error - 26/05/2011 9:56:53 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 26/05/2011 9:57:26 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 26/05/2011 9:58:26 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 26/05/2011 9:58:35 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 26/05/2011 9:58:42 PM | Computer Name = ACER-2CDC76420C | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.3.0.111, fehlgeschlagenes
Modul skype.exe, Version 5.3.0.111, Fehleradresse 0x006eb5e2.
Error - 26/05/2011 10:06:03 PM | Computer Name = ACER-2CDC76420C | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
[ System Events ]
Error - 26/05/2011 8:07:10 AM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GMX Browser Update" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 26/05/2011 8:07:10 AM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PocketCam 3Mega, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 26/05/2011 8:07:10 AM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Trend Micro Central Control Component" wurde aufgrund
folgenden Fehlers nicht gestartet: %%3
Error - 26/05/2011 8:07:10 AM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPSEC-Dienste" wurde mit folgendem Fehler beendet: %%1747
Error - 26/05/2011 9:54:48 PM | Computer Name = ACER-2CDC76420C | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.443.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
Error - 26/05/2011 9:57:31 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Genesys Logic USB Controller NT 5.0" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 26/05/2011 9:57:31 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GMX Browser Update" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 26/05/2011 9:57:31 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PocketCam 3Mega, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 26/05/2011 9:57:31 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPSEC-Dienste" wurde mit folgendem Fehler beendet: %%1747
Error - 26/05/2011 10:06:03 PM | Computer Name = ACER-2CDC76420C | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.443.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
< End of report >
Thanks again
Hi.
I posted it on my little net book. While paste and copying files from one to the other computer I forgot Extras.txt, sorry about that.No problem. Did you use a thumb drive or external hard drive to transfer the files?
Trend Micro crashed on the installation. Re-installation reqired to de-install the previous incomplete installation. The de-installation did not work, it only gave a message that the attempt was unsuccessfull. Spinning in circles I gave the software away.
It appears to me that Trend Micro installs its own network adapter drivers. Those are still shown in the hardware manager with a yellow exclamation mark, saying that the driver is missing in the registry.
Please forget about Trend Micro for the moment. Did you uninstall all of the following programs?
Adobe Reader 9.4.4
Java(TM) 6 Update 11
Java(TM) 6 Update 17
PC Tools Internet Security 2009
Viewpoint Media Player
I used an empty 125mb flash drive to copy the files over.
I de-installed the requested software but I like to keep PC-Tools Internet Security if I'm allowed to. It includes the Browser Defender Tool Bar which marks web-sites which have been reported problematic. This still works und installs new updates.
I de-installed the requested software but I like to keep PC-Tools Internet Security if I'm allowed to. It includes the Browser Defender Tool Bar which marks web-sites which have been reported problematic. This still works und installs new updates.Ok.
You have made 2 backups of the registry with ERUNT? It seems to me that you have restored the first. If this is correct, then you need to restore the second/most recent registry backup and repeat the Trend Micro Removal.
When finished re-scan the computer with OTL (instructions are slightly different from last time):
OTL
Double click on OTL.exe (on your desktop) to run it.
Check the boxes labeled : Scan All Users
LOP check
Purity check
Under Extra Registry section, select Use SafeList.
Click on the Run Scan button at the top left hand corner.
OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
They will be saved on your desktop. Please post these logs.
As I restored the registry I hoped that the files are restored to the point before Trend Micro interfierd with it the internet worked last. I have run the Trend Micro removal again like you said and restored the registry. The internet still doesn't work.
Here is the new OTL scan part 1:
OTL logfile created on: 29/05/2011 8:31:44 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Eigene Dateien\Computer upgrade
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australien | Language: ENA | Date Format: d/MM/yyyy
1022.04 Mb Total Physical Memory | 394.64 Mb Available Physical Memory | 38.61% Memory free
2.40 Gb Paging File | 1.78 Gb Available in Paging File | 73.98% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35.06 Gb Total Space | 12.36 Gb Free Space | 35.26% Space Free | Partition Type: FAT32
Drive D: | 35.55 Gb Total Space | 7.90 Gb Free Space | 22.23% Space Free | Partition Type: FAT32
Drive J: | 298.09 Gb Total Space | 129.42 Gb Free Space | 43.42% Space Free | Partition Type: NTFS
Computer Name: ACER-2CDC76420C | User Name: Oliver Draxl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/27 12:15:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Computer upgrade\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/22 09:16:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\Browser Defender\BDTUpdateService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Internet Security\pctsAuxs.exe
PRC - [2008/09/22 06:02:20 | 000,054,720 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAC3RPK.EXE
PRC - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Programme\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/14 12:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/05 08:29:14 | 000,062,976 | ---- | M] (Alexander Avdonin) -- C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
PRC - [2005/12/15 19:13:38 | 000,344,064 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2005/12/06 17:11:24 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE
PRC - [2005/12/02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005/12/02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005/12/02 15:42:42 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005/12/02 15:42:28 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005/12/02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005/11/30 20:39:58 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/11/16 17:00:50 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/11/02 00:11:00 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/10/24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005/10/19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005/08/12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
========== Modules (SafeList) ==========
MOD - [2011/05/27 12:15:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Computer upgrade\OTL.exe
MOD - [2011/02/08 23:33:28 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010/08/24 02:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/12/05 16:00:10 | 000,053,248 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\sysenv.dll
MOD - [2005/11/02 00:11:00 | 000,069,723 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005/08/24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2004/08/04 05:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll
MOD - [2003/03/18 21:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71u.dll
MOD - [2003/03/18 20:44:34 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71DEU.DLL
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (LVPrcSrv)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AdminSVC)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/22 09:16:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\Browser Defender\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/05 13:43:14 | 000,643,076 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Programme\NCH Software\Eyeline\eyeline.exe -- (EyelineService)
SRV - [2009/11/01 21:16:56 | 000,070,944 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Internet Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/02/02 10:20:02 | 001,095,592 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Internet Security\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\PC Tools Internet Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Programme\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/04/14 12:22:24 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2005/12/02 15:43:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/12/02 15:43:00 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/12/02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - [2011/05/29 08:25:16 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{7B3318F6-ADD9-4043-98AE-1D2D55C971AE}\MpKslfe3ff22d.sys -- (MpKslfe3ff22d)
DRV - [2010/02/11 22:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/01 21:16:56 | 000,039,200 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/11/01 21:16:48 | 000,033,056 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/11/01 21:16:34 | 000,051,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/01 21:15:24 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/12/18 12:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 08:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/12/10 12:36:06 | 000,064,424 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2008/12/10 12:36:04 | 000,095,656 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2008/09/22 12:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/04/17 15:52:50 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/04/14 04:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/08/29 17:40:34 | 001,183,744 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/12/06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005/12/01 07:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/30 20:45:10 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/11/30 20:45:10 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/11/29 21:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2005/11/29 21:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/26 16:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/17 15:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/11/08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/11/08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/08/24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005/08/03 05:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/06/22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/04/22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/04/22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/04/05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2003/10/24 02:07:38 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/16 16:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2002/11/06 09:42:10 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) DSC Still Image Capture (CA100)
DRV - [2002/07/31 17:48:54 | 000,514,929 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CA533AV.SYS -- (Ca533av)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/02/02 02:29:36 | 000,015,300 | ---- | M] (CANON INC.) [Kernel | Auto | Running] -- C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmpar21.sys -- (cnmpar21)
DRV - [2001/12/20 20:32:20 | 000,007,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\usbprn.sys -- (BulkUsb)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - Reg Error: Value error. File not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\..\Toolbar\WebBrowser: (no name) - {23B0D39A-E245-41B7-BF86-1238CF62625E} - No CLSID value found.
O3 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717 (MUWebControl Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\Eigene Dateien\Eigene Bilder\Sun behind planets desktop.bmp
O24 - Desktop BackupWallPaper: D:\Eigene Dateien\Eigene Bilder\Sun behind planets desktop.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/05 08:20:18 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/12/17 19:10:56 | 000,000,000 | ---D | M] - C:\AUTOTRAX -- [ FAT32 ]
O33 - MountPoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{79949d7d-6ff9-11e0-b9e2-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{79949d7d-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79949d7d-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{807616c6-7850-11df-b959-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{807616c6-7850-11df-b959-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{807616c6-7850-11df-b959-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WHS2108J06098.vbs
O33 - MountPoints2\{d3051bba-8805-11e0-b9eb-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{d3051bba-8805-11e0-b9eb-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3051bba-8805-11e0-b9eb-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
OTL scan part 2:
========== Files/Folders - Created Within 30 Days ==========
[2011/05/27 12:07:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Dodo Wireless Broadband
[2011/05/27 12:06:54 | 000,872,192 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2011/05/27 12:06:54 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys
[2011/05/27 12:06:54 | 000,101,376 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2011/05/27 12:06:54 | 000,100,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2011/05/27 12:06:54 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2011/05/22 18:24:24 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\Startmenü\Programme\Verwaltung
[2011/05/22 18:03:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011/05/22 18:03:17 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011/05/22 08:36:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop
[2011/05/21 13:57:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011/05/21 13:57:13 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011/05/21 13:57:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011/05/20 15:58:03 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/20 15:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype Extras
[2011/05/20 15:49:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2011/05/09 17:38:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\Desktop\content of alcor 125 090511
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/05/29 08:30:18 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/29 08:27:48 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/05/29 08:24:46 | 000,000,503 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011/05/29 08:22:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/29 08:22:36 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/28 09:05:22 | 000,496,742 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/05/28 09:05:22 | 000,442,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/28 09:05:22 | 000,100,966 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/05/28 09:05:22 | 000,072,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/27 22:11:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 08:39:18 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\goldenvideosShakeIcon.job
[2011/05/21 22:42:40 | 000,011,329 | ---- | M] () -- C:\WINDOWS\IEXPLORE.INI
[2011/05/21 15:30:32 | 000,001,222 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/20 15:58:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/12 19:31:54 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc10876d90845e.job
[2011/05/12 12:36:12 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/05/11 14:52:14 | 000,247,296 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/05/29 08:07:33 | 1071,763,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/22 08:39:16 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\goldenvideosShakeIcon.job
[2011/05/21 14:52:50 | 000,001,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/20 15:49:57 | 000,002,247 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype.lnk
[2011/05/12 19:31:53 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc10876d90845e.job
[2011/04/27 09:32:06 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ob1.INI
[2011/04/26 22:12:19 | 000,011,329 | ---- | C] () -- C:\WINDOWS\IEXPLORE.INI
[2011/04/26 22:12:19 | 000,000,223 | ---- | C] () -- C:\WINDOWS\RA.INI
[2010/07/20 23:25:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/07/20 23:25:53 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/07/20 23:25:53 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/20 23:25:53 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/10 19:09:25 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\aip504.dll
[2010/04/10 19:09:25 | 000,014,381 | ---- | C] () -- C:\WINDOWS\Tw533a.ini
[2010/04/10 19:09:25 | 000,012,201 | ---- | C] () -- C:\WINDOWS\USB_CAM.ini
[2010/04/10 19:09:25 | 000,012,201 | ---- | C] () -- C:\WINDOWS\USB_533.ini
[2010/04/10 19:09:25 | 000,002,141 | ---- | C] () -- C:\WINDOWS\ca533a.ini
[2010/04/10 19:09:25 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Setup533.ini
[2010/04/10 19:09:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll
[2010/04/10 19:09:24 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll
[2010/04/10 19:09:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\VideoThumb.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll
[2010/04/10 19:09:24 | 000,023,602 | ---- | C] () -- C:\WINDOWS\System32\RCfile.ini
[2010/04/02 11:14:32 | 000,460,908 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat
[2010/04/02 11:14:32 | 000,085,594 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat
[2010/01/02 18:39:38 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/29 16:27:08 | 000,010,588 | R--- | C] () -- C:\WINDOWS\System32\drivers\mpfilt.sys
[2009/12/29 14:27:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/29 14:27:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2009/12/03 17:46:51 | 000,000,907 | ---- | C] () -- C:\WINDOWS\MyProg.INI
[2009/11/12 10:07:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2009/11/08 22:31:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/26 22:49:42 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/08 12:22:58 | 000,225,280 | ---- | C] () -- C:\WINDOWS\USB6225phmgunin.exe
[2009/10/07 15:56:05 | 000,000,065 | ---- | C] () -- C:\WINDOWS\NokiaImageConverter.INI
[2009/10/05 16:27:36 | 000,000,022 | ---- | C] () -- C:\WINDOWS\SUMO.INI
[2009/10/05 14:03:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/10/02 15:18:11 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2009/09/26 10:08:54 | 000,247,296 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 00:10:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2009/09/26 00:10:39 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2009/09/26 00:10:34 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2009/09/26 00:10:34 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2009/09/25 16:30:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/09/25 15:54:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/09/25 15:54:50 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/25 15:54:49 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/25 15:51:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/09/25 14:02:28 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/09/24 17:10:08 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/09/24 10:29:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/23 23:20:47 | 000,225,280 | ---- | C] () -- C:\WINDOWS\USBT39phmgunin.exe
[2009/09/23 20:06:08 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/23 18:38:53 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2009/09/23 18:32:31 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009/09/23 18:32:27 | 000,013,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/23 18:30:03 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/23 18:28:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2009/09/23 18:25:53 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2009/09/23 18:25:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2009/09/23 18:25:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2009/09/23 18:25:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2009/09/23 18:25:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2009/09/23 18:25:44 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2009/09/23 18:25:03 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/09/23 09:47:08 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2009/09/23 09:47:08 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2008/09/01 16:13:52 | 000,509,208 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2007/06/14 10:14:12 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/14 10:13:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/12/01 00:24:56 | 000,037,754 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/30 20:45:10 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/11/30 20:45:10 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/11/14 19:26:12 | 000,112,794 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/07/15 01:48:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005/03/28 00:45:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/12/17 01:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 00:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/01/13 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003/04/10 08:33:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/10 08:33:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 08:24:12 | 000,496,742 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/04/10 08:24:12 | 000,442,800 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/10 08:24:12 | 000,100,966 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/04/10 08:24:12 | 000,072,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/10 01:51:24 | 000,375,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/05 08:20:40 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2003/04/05 07:48:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/05 07:47:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/26 19:07:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2002/05/24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/12/20 20:32:20 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprn.sys
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 02:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 02:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/23 04:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
========== LOP Check ==========
[2009/09/23 18:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer
[2009/09/23 20:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT
[2009/09/24 17:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009/09/24 16:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2009/09/25 14:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2009/09/26 00:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVerTV
[2009/09/26 13:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF
[2009/10/31 22:56:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
[2010/02/17 21:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\C-Free
[2010/03/20 19:26:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileCure
[2010/03/20 19:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2010/04/25 13:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Maxtor
[2010/06/11 14:17:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010/07/07 13:18:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/30 13:54:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PCToolsSpamMonitorPlus
[2009/09/30 13:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PCToolsFirewallPlus
[2009/09/23 18:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Acer
[2009/09/23 22:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Zoner
[2009/09/23 22:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Obsidium
[2009/09/23 23:21:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\MobileAction
[2009/09/23 23:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\NCH Swift Sound
[2009/09/24 17:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\PCToolsSpamMonitorPlus
[2009/09/24 17:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\PCToolsFirewallPlus
[2009/09/25 22:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/28 13:43:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Nitro PDF
[2009/10/05 09:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\CoCreate
[2009/10/07 11:03:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\SpamBayes
[2009/10/18 10:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\J. A. Associates
[2009/11/13 11:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\WikidPad
[2010/01/10 13:24:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\wsInspector
[2010/02/17 21:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\C-Free
[2010/03/11 20:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Ashampoo
[2010/03/30 08:50:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\HandBrake
[2010/11/14 21:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\EPSON
[2010/11/11 11:54:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadDowngrade.job
[2010/11/11 11:54:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2011/04/22 23:37:24 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B034EC4-73E5-4F92-8146-AE71BF70500B}.job
[2011/05/22 08:39:18 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\goldenvideosShakeIcon.job
[2011/05/29 08:27:48 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2011/05/29 08:30:18 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
< End of report >
OTL extras.txt:
OTL Extras logfile created on: 29/05/2011 8:31:44 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Eigene Dateien\Computer upgrade
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australien | Language: ENA | Date Format: d/MM/yyyy
1022.04 Mb Total Physical Memory | 394.64 Mb Available Physical Memory | 38.61% Memory free
2.40 Gb Paging File | 1.78 Gb Available in Paging File | 73.98% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35.06 Gb Total Space | 12.36 Gb Free Space | 35.26% Space Free | Partition Type: FAT32
Drive D: | 35.55 Gb Total Space | 7.90 Gb Free Space | 22.23% Space Free | Partition Type: FAT32
Drive J: | 298.09 Gb Total Space | 129.42 Gb Free Space | 43.42% Space Free | Partition Type: NTFS
Computer Name: ACER-2CDC76420C | User Name: Oliver Draxl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [UnzipThemAll] -- "C:\Programme\UnzipThemAll\UnzipThemAll.exe" "%1" (Hervé Thouzard)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-zu-Peer-Gruppierung
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution-Protokoll (PNRP)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-zu-Peer-Gruppierung
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution-Protokoll (PNRP)
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\gmx_Update.exe:*:Enabled:GMX Update
"C:\WINDOWS\System32\CNAC3RPK.EXE" = C:\WINDOWS\System32\CNAC3RPK.EXE:*:Disabled:Canon LBP5200 RPC Server Process -- (CANON INC.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{081D00DF-35F0-4570-8037-3E289795928F}" = Nitro PDF Professional
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10EAC7D9-7ED4-425E-8054-643452147D13}" = MyScript Notes Basic Edition
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B2DB36B-1791-480E-988D-53EB55B53463}" = CoCreate Modeling Personal Edition 2.0
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22A83C29-58A8-4CAB-8EDC-918D74F8429E}_is1" = WikidPad 1.8final
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4E52EC9A-34A6-474F-8D84-4E8CC5D48683}" = Serif PanoramaPlus 1
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5C203ADC-DF15-4A22-A7AF-E727FE604CFF}" = Xara XS
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{642FCF93-54AE-4F75-A2E2-124DE3756C59}" = ATI Catalyst Control Center
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam-Software
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A86E15-20D5-4681-804D-B9A3BBD0AB20}" = Multimedia Remote Controller
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{950B5114-1195-4A6F-8981-803D248FD8B6}" = PowerCam 2.0 Megapixel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D37E8E49-1AA3-401F-BA15-50AB88A2712D}_is1" = Image Comparer v3.0 Free for PC User Readers
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA23F019-B032-4917-97E0-3C5E8E95CE54}" = Mindful Clock
"{ED5F7AF9-347B-4440-A211-C6236508CC08}" = ExpressPCB
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC CIR HID V5.3.2600.2
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"AcerOrbiCamDrv" = Acer OrbiCam-Treiber
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"Ashampoo UnInstaller 3_is1" = Ashampoo UnInstaller 3.12
"Ashampoo WinOptimizer 5_is1" = Ashampoo WinOptimizer 5.05
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"AVerMedia E501 CardBus Analog" = AVerMedia E501 CardBus Analog 3.5.0.69
"AVerMedia MCE Encoder" = AVerMedia MCE Encoder 3.2.1.62
"AVIConverter" = AVIConverter CHN-EN Package
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CamStudio" = CamStudio
"Canon LBP5200" = Canon LBP5200
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CNXT_MODEM_HDAUDIO_AcrS1025" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Debut" = Debut Video Capture Software
"Dexster_is1" = Dexster V2.0
"Dodo Wireless Broadband" = Dodo Wireless Broadband
"ePresentation" = Acer ePresentation Management
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ESCX5700F User's Guide" = ESCX5700F User's Guide
"Eyeline" = Eyeline Video System
"Food Additives" = Food Additives 1.0
"GMX IE7 Browser Update" = GMX IE7 Browser Update
"GoldenVideos" = Golden Videos
"GridVista" = Acer GridVista
"Handbrake" = Handbrake 0.9.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft PhotoDraw 2000" = Microsoft PhotoDraw 2000
"Microsoft Security Client" = Microsoft Security Essentials
"MP3 Repair Tool_is1" = MP3 Repair Tool v1.5.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Natural Biorhythms_is1" = Natural Biorhythms version 3.04
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OrganicArtMS" = Organic Art, Microsoft Edition
"PC Tools Internet Security" = PC Tools Internet Security 2009
"Prism" = Prism Video Converter
"ProInst" = Intel(R) PROSet/Wireless Software
"Recuva" = Recuva
"SpamBayes_is1" = SpamBayes 1.0.4
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T39 USB-Handset Manager" = T39 USB-Handset Manager
"TaskSwitchXP" = TaskSwitchXP
"UnzipThemAll_is1" = UnzipThemAll 1.3
"VideoPad" = VideoPad Video Editor
"Virtual Drive Creator_is1" = Virtual Drive Creator V3.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoner 3D Photo Maker_is1" = Zoner 3D Photo Maker
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 28/05/2011 6:10:49 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 28/05/2011 6:17:21 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 28/05/2011 6:17:55 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 28/05/2011 6:18:45 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 28/05/2011 6:19:17 PM | Computer Name = ACER-2CDC76420C | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.3.0.111, fehlgeschlagenes
Modul skype.exe, Version 5.3.0.111, Fehleradresse 0x006eb5e2.
Error - 28/05/2011 6:24:34 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 28/05/2011 6:25:04 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 28/05/2011 6:25:35 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.
Error - 28/05/2011 6:26:08 PM | Computer Name = ACER-2CDC76420C | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.3.0.111, fehlgeschlagenes
Modul skype.exe, Version 5.3.0.111, Fehleradresse 0x006eb5e2.
Error - 28/05/2011 6:35:23 PM | Computer Name = ACER-2CDC76420C | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.
[ System Events ]
Error - 28/05/2011 6:17:19 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Genesys Logic USB Controller NT 5.0" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 28/05/2011 6:17:19 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GMX Browser Update" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 28/05/2011 6:17:19 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PocketCam 3Mega, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 28/05/2011 6:17:19 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPSEC-Dienste" wurde mit folgendem Fehler beendet: %%1747
Error - 28/05/2011 6:18:00 PM | Computer Name = ACER-2CDC76420C | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
Error - 28/05/2011 6:24:24 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Genesys Logic USB Controller NT 5.0" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 28/05/2011 6:24:24 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GMX Browser Update" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 28/05/2011 6:24:24 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PocketCam 3Mega, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 28/05/2011 6:24:24 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPSEC-Dienste" wurde mit folgendem Fehler beendet: %%1747
Error - 28/05/2011 6:35:22 PM | Computer Name = ACER-2CDC76420C | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.338.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803
User:
NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.
< End of report >
As I restored the registry I hoped that the files are restored to the point before Trend Micro interfierd with it the internet worked last.Please don't restore the registry without asking. No files other than the registry itself will be restored when restoring a registry backup with Erunt. :)
Please download Appremover from here (http://www.appremover.com/) and transfer it to the desktop of the infected computer. Double click the Appremover icon to start the program.
Click Next
Click Clean Up a Failed Uninstall
Click Next and then Continue.
Appremover will now perform a deep scan. This might take a while. When scanning is finished, then select Trend Micro (if found) and follow the prompts for the cleanup/removal process.
If this does not solve the problem, then please tell me if the Trend Micro network adapters are still present in the hardware manager. Also post the make and model of the computer.
Edit: What is the exact name of the Trend Micro devices with the yellow exclamation point in hardware manager?
Hello Vict0r
The idea to restore the registry came from a message about the driver of the real network adaptor that the entries in the registry are missing. I didn't mean to restore actual diver files but to bring the registry back into a state that the drivers are being recognised again.
The internet works again. The installation of a network from the original WinXP cd has restored what was broken.
I will scan the system with the tool you recommend over night.
The idea to restore the registry came from a message about the driver of the real network adaptor that the entries in the registry are missing. I didn't mean to restore actual diver files but to bring the registry back into a state that the drivers are being recognised again.
Hmmm... Please notice that the registry only contains references to driver files, not the actual drivers. Drivers are separate files.
It's good that internet works again, so there's no need to run Appremover anymore.
I will post further instructions as soon as possible.
If this does not solve the problem, then please tell me if the Trend Micro network adapters are still present in the hardware manager. Also post the make and model of the computer.
Edit: What is the exact name of the Trend Micro devices with the yellow exclamation point in hardware manager?[/QUOTE]
The make of the computer is Aspire 5672WMLI
In the "save mode" I inactiveted the adapters and they do not show up in "normal mode" now. But I have an image which show how they looked before.
In the "save mode" I inactiveted the adapters and they do not show up in "normal mode" now. But I have an image which show how they looked before.
Ok.
Please note my previous post: No need to run Appremover now.
I will post further instruction in a couple of hours.
Hmmm... Please notice that the registry only contains references to driver files, not the actual drivers. Drivers are separate files.
It's good that internet works again, so there's no need to run Appremover anymore.
I will post further instructions as soon as possible.
It didn't find anything anyway. I think too we can tick this one off :-)
Hi.
I'm sorry for the delay.
All these instruction must be performed on the infected computer.
Flash Disinfector by sUBs
Please download from HERE (http://download.bleepingcomputer.com/sUBs/Flash_Disinfector.exe) and save to the desktop.
Double click to run it.
You will be prompted to plug in your flash drive. Plug it in.
Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
Click on File > New Task > Run... Type in explorer.exe and press Enter. Your desktop should now appear.
Wait until it has finished scanning and then exit the program.
You can run Flash Disinfector with other flash drives and/or other removable drives. This may include your mobile phone.
Please do so and allow the utility to clean up those drives as well.
Upload File for testing
Copy the following line:
c:\dokume~1\oliver~1\lokale~1\temp\msmonitor
Please go to jotti.org (http://virusscan.jotti.org/en) or Virustotal (http://www.virustotal.com/)
Click the Browse button. A box will open, paste the filepath into the field next to File:. Click OK.
Press Submit - this will submit the file for testing, rescan the file if asked.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
http://img263.imageshack.us/img263/38/61446739.jpg
Repeat the online scan for this file/line:
c:\dokumente und einstellungen\all users\anwendungsdaten\m23S7RaL.exe
Uninstall Spybot Search and Destroy
Please uninstall Spybot Search and Destroy to avoid any interference with the fix.
Click on Start > Run.
In the open text box copy/paste appwiz.cpl Then click Ok.
Wait for the list of programs in the Add/Remove control panel to appear, then uninstall the two programs listed below:
Spybot - Search & Destroy
Backup the Registry
Using tools that are modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Please navigate to Start >> All Programs >> ERUNT >> ERUNT.
Click on OK within the pop-up menu.
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
System registry
Current user registry
Next click on OK
When the Question pop-up appears click on Yes
After a short duration the Registry backup is complete! popup will appear
Now click on OK. A backup has been created.
Run OTL Script
We need to run an OTL Fix, this one will require a reboot of the computer.
Double-click OTL.exe to start the program.
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word Code
:processes
killallprocesses
:otl
O2 - BHO: (no name) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - Reg Error: Value error. File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\..\Toolbar\WebBrowser: (no name) - {23B0D39A-E245-41B7-BF86-1238CF62625E} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
:reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{807616c6-7850-11df-b959-001636112b93}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3051bba-8805-11e0-b9eb-001636112b93}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}]
:files
c:\dokume~1\oliver~1\lokale~1\temp\msmonitor
c:\dokumente und einstellungen\all users\anwendungsdaten\m23S7RaL.exe
Then click the Run Fix button at the top.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/btnOK.png.
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report into your next reply.
When finished, please test if m23S7RaL.exe gets recreated as usual.
Please post:
Links to online scans.
OTL log.
Does m23S7RaL.exe recreate?
A fresh set of DDS logs (both DDS.txt and Attach.txt in separate replies).
Thank you for this fix.
m23S7RaL.exe has not recreated since Microsoft Security Essentials had removed dl[1].htm. OTL has deleted some files.
...it just recreated! it has not done this for a week! and right under the nose of Microsoft Security Essentials!
msmonitor was in the bin. in order to send it for analysing I recovered it. The scan showed mostly positive. Is this co-incident that dl[1] and m23S7Ral.exe recreated after I recovered msmonitor from the bin?
I destroyed m23S7Ral.exe with Ashampoo Win Optimiser.
Here is the info of the clean up:
msmonitor:
http://www.virustotal.com/file-scan/report.html?id=5ef4e7cf0cf7ee60c5fbd280e53037367a38f5d0a642e831b4fd69d71f140f35-1306909182
m23S7Ral.exe:
http://www.virustotal.com/file-scan/report.html?id=b128fbc12629eb081a3e97620411c0f458b7ec530c3b7c101a77326714295233-1306910359
OTL:
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_USERS\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{23B0D39A-E245-41B7-BF86-1238CF62625E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23B0D39A-E245-41B7-BF86-1238CF62625E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4108fb26-a8e3-11de-b4f2-001636112b93}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51244ec9-b0e2-11de-b4ff-001636112b93}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{807616c6-7850-11df-b959-001636112b93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807616c6-7850-11df-b959-001636112b93}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3051bba-8805-11e0-b9eb-001636112b93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3051bba-8805-11e0-b9eb-001636112b93}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db7ec2ce-bfe1-11df-b98c-001636112b93}\ not found.
========== FILES ==========
c:\dokume~1\oliver~1\lokale~1\temp\msmonitor moved successfully.
File\Folder c:\dokumente und einstellungen\all users\anwendungsdaten\m23S7RaL.exe not found.
OTL by OldTimer - Version 3.2.23.0 log created on 06012011_170043
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
msmonitor was in the bin.
Can you help me understand why it was in the bin?
You forgot to post a fresh set of DDS logs as requested. Please do not attach any of the logs.
Have got no idea why it was in the bin. I didn't delete it, didn't even know it existed.
Do you need the dds logs?
Post the logs if you want me to verify that the fix was successful. :)
While I had dinner the files became active and deleted all browser history. many files with funny names like: AAAssssss.sss have been created in
C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Temp
containing links.
here are the logs: Sorry about the confusion, in the last post you wrote something which made me understand not to attach the logs.
.
DDS (Ver_11-05-19.01) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Oliver Draxl at 0:41:26 on 2011-06-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.364 [GMT 10:00]
.
AV: Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Internet Security Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\CNAC3RPK.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Browser Defender\BDTUpdateService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\PC Tools Internet Security\pctsAuxs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Microsoft Security Client\msseces.exe
C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
D:\Eigene Dateien\Download\spybot\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\programme\browser defender\PCTBrowserDefender.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programme\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\programme\browser defender\PCTBrowserDefender.dll
uRun: [TaskSwitchXP] c:\programme\taskswitchxp\TaskSwitchXP.exe
uRun: [msnmsgr] "c:\programme\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [ATICCC] "c:\programme\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSC] "c:\programme\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
LSP: c:\programme\gemeinsame dateien\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717
TCP: {86C0E1A0-58D0-4AC3-939C-6B15B6C14CD4} = 202.136.43.197 202.136.42.229
Filter: text/html - {e0e86684-af80-4520-b049-326a9cb81c82} - c:\dokume~1\oliver~1\lokale~1\temp\msmonitor
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-1 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-11-1 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-11-1 39200]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslb1fa9e14;MpKslb1fa9e14;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{92d12b40-8fdf-4ad3-bb05-7b10b4c96efd}\MpKslb1fa9e14.sys [2011-6-1 28752]
R1 MpKsled1fda10;MpKsled1fda10;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{92d12b40-8fdf-4ad3-bb05-7b10b4c96efd}\MpKsled1fda10.sys [2011-6-1 28752]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-1 159600]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\browser defender\BDTUpdateService.exe [2009-9-24 112592]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-11-1 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\pc tools internet security\pctsAuxs.exe [2009-11-1 348752]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2009-9-23 1088896]
S1 MpKsl8ce013eb;MpKsl8ce013eb;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpksl8ce013eb.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKsl8ce013eb.sys [?]
S1 MpKslc2e1cac1;MpKslc2e1cac1;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\mpkslc2e1cac1.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\MpKslc2e1cac1.sys [?]
S1 MpKslfd10626b;MpKslfd10626b;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpkslfd10626b.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKslfd10626b.sys [?]
S2 AdminSVC;GMX Browser Update;c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe --> c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe [?]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [2001-12-20 7552]
S2 Ca533av;PocketCam 3Mega, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [2010-4-10 514929]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-9-25 16512]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2009-9-26 1183744]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2005-8-24 692992]
S3 EyelineService;Eyeline Video System;c:\programme\nch software\eyeline\eyeline.exe [2009-11-5 643076]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-9-23 32512]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-11-1 95656]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-1 64424]
S3 sdCoreService;PC Tools Security Service;c:\programme\pc tools internet security\pctsSvc.exe [2009-11-1 1095592]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-11-1 33056]
S3 ThreatFire;ThreatFire;c:\programme\pc tools internet security\tfengine\tfservice.exe service --> c:\programme\pc tools internet security\tfengine\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2011-06-01 13:31:59 403216 ----a-w- c:\windows\system32\msrepl35.dll
2011-06-01 13:31:59 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-06-01 13:31:59 251664 ----a-w- c:\windows\system32\msrd2x35.dll
2011-06-01 13:31:58 25600 ----a-w- c:\programme\gemeinsame dateien\microsoft shared\dao\remove.exe
2011-06-01 13:27:27 -------- d-----w- c:\programme\DevStudio
2011-06-01 12:51:35 114176 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\m23S7RaL.exe
2011-06-01 07:02:48 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{92d12b40-8fdf-4ad3-bb05-7b10b4c96efd}\MpKslb1fa9e14.sys
2011-06-01 06:46:25 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{92d12b40-8fdf-4ad3-bb05-7b10b4c96efd}\MpKsled1fda10.sys
2011-06-01 06:46:09 6962000 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{92d12b40-8fdf-4ad3-bb05-7b10b4c96efd}\mpengine.dll
2011-06-01 06:22:19 -------- d-sh--w- c:\dokumente und einstellungen\oliver draxl\UserData
2011-05-29 11:24:51 -------- d-----r- c:\programme\Skype
2011-05-27 02:06:54 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-05-27 02:06:54 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-05-27 02:06:54 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-05-27 02:06:54 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-05-27 02:06:54 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-05-21 03:57:13 -------- d-----w- c:\programme\Spybot - Search & Destroy
2011-05-21 03:57:13 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Spybot - Search & Destroy
2011-05-20 05:58:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-20 05:50:53 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Skype Extras
.
==================== Find3M ====================
.
2011-03-07 05:33:46 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:22 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 0:42:12.23 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 23/09/2009 6:23:18 PM
System Uptime: 1/06/2011 5:02:02 PM (7 hours ago)
.
Motherboard: Acer, Inc. | | Bodensee
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U2E1 | 1666/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 35 GiB total, 12.178 GiB free.
D: is FIXED (FAT32) - 36 GiB total, 7.794 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 466 GiB total, 137.787 GiB free.
G: is CDROM (CDFS)
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 298 GiB total, 129.48 GiB free.
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Description: Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller
Device ID: PCI\VEN_104C&DEV_803A&SUBSYS_00941025&REV_00\4&6B16D5B&0&49F0
Manufacturer: Texas Instruments
Name: Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller
PNP Device ID: PCI\VEN_104C&DEV_803A&SUBSYS_00941025&REV_00\4&6B16D5B&0&49F0
Service: ohci1394
.
==== System Restore Points ===================
.
RP141: 4/09/2010 11:12:29 AM - Software Distribution Service 3.0
RP142: 10/09/2010 12:31:12 PM - Druckertreiber Canon PIXMA iP3000 installiert
RP143: 10/09/2010 3:28:09 PM - Installation eines unsignierten Treibers
RP144: 20/09/2010 8:19:09 AM - Software Distribution Service 3.0
RP145: 23/09/2010 9:21:52 PM - Software Distribution Service 3.0
RP146: 30/09/2010 6:24:24 PM - Software Distribution Service 3.0
RP147: 2/10/2010 7:40:58 PM - Software Distribution Service 3.0
RP148: 14/10/2010 3:00:30 AM - Software Distribution Service 3.0
RP149: 14/10/2010 4:04:58 AM - Software Distribution Service 3.0
RP150: 15/10/2010 5:44:32 PM - Software Distribution Service 3.0
RP151: 18/10/2010 8:56:17 AM - Software Distribution Service 3.0
RP152: 10/11/2010 9:44:00 PM - Software Distribution Service 3.0
RP153: 26/11/2010 8:21:07 PM - Removed Apple Mobile Device Support
RP154: 26/11/2010 8:21:52 PM - Removed Apple Software Update
RP155: 27/11/2010 12:41:22 PM - Installed Active Wall
RP156: 4/01/2011 8:19:50 PM - Software Distribution Service 3.0
RP157: 5/01/2011 8:01:54 AM - Software Distribution Service 3.0
RP158: 25/01/2011 11:23:45 PM - Software Distribution Service 3.0
RP159: 10/02/2011 6:25:12 PM - Removed Active Wall
RP160: 10/02/2011 6:58:12 PM - Software Distribution Service 3.0
RP161: 10/02/2011 8:36:16 PM - Software Distribution Service 3.0
RP162: 28/02/2011 8:59:07 AM - Software Distribution Service 3.0
RP163: 1/03/2011 9:06:35 AM - Software Distribution Service 3.0
RP164: 17/03/2011 8:04:32 AM - Software Distribution Service 3.0
RP165: 25/03/2011 5:56:20 PM - Software Distribution Service 3.0
RP166: 25/03/2011 5:58:54 PM - Software Distribution Service 3.0
RP167: 1/06/2005 12:09:05 AM - Installation eines unsignierten Treibers
RP168: 16/04/2011 10:46:01 AM - Software Distribution Service 3.0
RP169: 16/04/2011 12:49:29 PM - Software Distribution Service 3.0
RP170: 16/04/2011 5:08:19 PM - Software Distribution Service 3.0
RP171: 18/04/2011 3:26:14 PM - Removed Brother MFL-Pro Suite
RP172: 21/04/2011 9:30:09 PM - Software Distribution Service 3.0
RP173: 22/04/2011 5:16:20 PM - Installed Trend Micro Internet Security
RP174: 22/04/2011 7:06:14 PM - Software Distribution Service 3.0
RP175: 28/04/2011 7:27:07 PM - Software Distribution Service 3.0
RP176: 28/04/2011 7:43:22 PM - Software Distribution Service 3.0
RP177: 1/05/2011 8:39:47 PM - Software Distribution Service 3.0
RP178: 3/05/2011 2:34:05 PM - Software Distribution Service 3.0
RP179: 5/05/2011 5:54:06 PM - Software Distribution Service 3.0
RP180: 10/05/2011 5:42:58 PM - Software Distribution Service 3.0
RP181: 11/05/2011 11:09:05 AM - Software Distribution Service 3.0
RP182: 20/05/2011 3:28:32 PM - Software Distribution Service 3.0
RP183: 21/05/2011 3:45:37 PM - Software Distribution Service 3.0
RP184: 22/05/2011 8:35:53 AM - Removed OpenOffice.org Installer 1.0
RP185: 24/05/2011 8:32:15 AM - Software Distribution Service 3.0
RP186: 25/05/2011 11:48:39 PM - Software Distribution Service 3.0
RP187: 28/05/2011 9:05:09 AM - Removed Java(TM) 6 Update 11
RP188: 28/05/2011 9:06:12 AM - Removed Java(TM) 6 Update 11
RP189: 28/05/2011 9:31:09 AM - Removed Adobe Reader 9.4.4.
RP190: 29/05/2011 9:15:42 AM - Installation eines unsignierten Treibers
RP191: 29/05/2011 9:22:27 PM - Removed Skype™ 5.3
RP192: 29/05/2011 9:23:55 PM - Removed Skype Toolbars
RP193: 29/05/2011 9:24:43 PM - Installed Skype™ 5.3
RP194: 29/05/2011 9:28:43 PM - Installed Skype Toolbars
RP195: 31/05/2011 7:03:50 PM - Removed Skype™ 5.3
RP196: 31/05/2011 7:04:42 PM - Installed Skype™ 5.1
RP197: 31/05/2011 7:10:37 PM - Removed Skype™ 5.1
RP198: 31/05/2011 7:11:51 PM - Removed Skype Toolbars
RP199: 31/05/2011 7:17:50 PM - Installed Skype™ 4.2
RP200: 31/05/2011 8:09:06 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acer Arcade
Acer eDataSecurity Management
Acer eDataSecurity Management 1.00.23
Acer eLock Management
Acer Empowering Technology framework
Acer eNet Management
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer OrbiCam-Software
Acer OrbiCam-Treiber
Acer Screensaver
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0
Adobe Photoshop Elements 2.0
Adobe Shockwave Player 11.5
Apple Application Support
Ashampoo Burning Studio 2009
Ashampoo UnInstaller 3.12
Ashampoo WinOptimizer 5.05
ATI - Dienstprogramm zur Deinstallation der Software
ATI Catalyst Control Center
ATI Display Driver
Audiograbber 1.83 SE
AVerMedia E501 CardBus Analog 3.5.0.69
AVerMedia MCE Encoder 3.2.1.62
AVerTV
AVIConverter CHN-EN Package
Bonjour
Browser Defender 2.0.6.15
CamStudio
Canon iP4500 series
Canon iP4800 series Printer Driver
Canon LBP5200
Canon PIXMA iP3000
Chinese Simplified Fonts Support For Adobe Reader 9
CoCreate Modeling Personal Edition 2.0
Compatibility Pack for the 2007 Office system
Data Access Objects (DAO) 3.5
Debut Video Capture Software
Dexster V2.0
DivX Codec
Dodo Wireless Broadband
e-tax 2010
EPSON Printer Software
EPSON Scan
ERUNT 1.1j
ESCX5700F User's Guide
ExpressPCB
Eyeline Video System
Food Additives 1.0
GMX IE7 Browser Update
Golden Videos
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Handbrake 0.9.4
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB2158563)
Hotfix für Windows XP (KB2443685)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix für Windows XP (KB981793)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Image Comparer v3.0 Free for PC User Readers
Intel(R) PROSet/Wireless Software
iTunes
K-Lite Codec Pack 6.2.0 (Full)
Launch Manager
Maxtor Manager
mCore
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office XP Professional mit FrontPage
Microsoft PhotoDraw 2000
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 5.0
Microsoft Windows Media Video 9 VCM
Mindful Clock
mMHouse
MP3 Repair Tool v1.5.2
mPfMgr
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Remote Controller
mWlsSafe
mXML
MyScript Notes Basic Edition
Natural Biorhythms version 3.04
Nitro PDF Professional
Nokia Connectivity Adapter Cable DKU-5
NTI CD & DVD-Maker
Organic Art, Microsoft Edition
PaperPort
PC Tools Internet Security 2009
PowerCam 2.0 Megapixel
PowerProducer
Prism Video Converter
QuickTime
Realtek High Definition Audio Driver
Recuva
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Serif PanoramaPlus 1
Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381)
Sicherheitsupdate für Windows Media Player (KB2378111)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB975558)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows XP (KB2079403)
Sicherheitsupdate für Windows XP (KB2115168)
Sicherheitsupdate für Windows XP (KB2121546)
Sicherheitsupdate für Windows XP (KB2160329)
Sicherheitsupdate für Windows XP (KB2229593)
Sicherheitsupdate für Windows XP (KB2259922)
Sicherheitsupdate für Windows XP (KB2279986)
Sicherheitsupdate für Windows XP (KB2286198)
Sicherheitsupdate für Windows XP (KB2296011)
Sicherheitsupdate für Windows XP (KB2296199)
Sicherheitsupdate für Windows XP (KB2347290)
Sicherheitsupdate für Windows XP (KB2360937)
Sicherheitsupdate für Windows XP (KB2387149)
Sicherheitsupdate für Windows XP (KB2393802)
Sicherheitsupdate für Windows XP (KB2412687)
Sicherheitsupdate für Windows XP (KB2419632)
Sicherheitsupdate für Windows XP (KB2423089)
Sicherheitsupdate für Windows XP (KB2436673)
Sicherheitsupdate für Windows XP (KB2440591)
Sicherheitsupdate für Windows XP (KB2443105)
Sicherheitsupdate für Windows XP (KB2476687)
Sicherheitsupdate für Windows XP (KB2478960)
Sicherheitsupdate für Windows XP (KB2478971)
Sicherheitsupdate für Windows XP (KB2479628)
Sicherheitsupdate für Windows XP (KB2479943)
Sicherheitsupdate für Windows XP (KB2481109)
Sicherheitsupdate für Windows XP (KB2483185)
Sicherheitsupdate für Windows XP (KB2485376)
Sicherheitsupdate für Windows XP (KB2485663)
Sicherheitsupdate für Windows XP (KB2491683)
Sicherheitsupdate für Windows XP (KB2503658)
Sicherheitsupdate für Windows XP (KB2506212)
Sicherheitsupdate für Windows XP (KB2506223)
Sicherheitsupdate für Windows XP (KB2507618)
Sicherheitsupdate für Windows XP (KB2508272)
Sicherheitsupdate für Windows XP (KB2508429)
Sicherheitsupdate für Windows XP (KB2509553)
Sicherheitsupdate für Windows XP (KB2511455)
Sicherheitsupdate für Windows XP (KB2524375)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464-v2)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371-v2)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB971961)
Sicherheitsupdate für Windows XP (KB972260)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975562)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977816)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978338)
Sicherheitsupdate für Windows XP (KB978542)
Sicherheitsupdate für Windows XP (KB978601)
Sicherheitsupdate für Windows XP (KB978706)
Sicherheitsupdate für Windows XP (KB979309)
Sicherheitsupdate für Windows XP (KB979482)
Sicherheitsupdate für Windows XP (KB979559)
Sicherheitsupdate für Windows XP (KB979683)
Sicherheitsupdate für Windows XP (KB979687)
Sicherheitsupdate für Windows XP (KB980195)
Sicherheitsupdate für Windows XP (KB980218)
Sicherheitsupdate für Windows XP (KB980232)
Sicherheitsupdate für Windows XP (KB980436)
Sicherheitsupdate für Windows XP (KB981322)
Sicherheitsupdate für Windows XP (KB981852)
Sicherheitsupdate für Windows XP (KB981957)
Sicherheitsupdate für Windows XP (KB981997)
Sicherheitsupdate für Windows XP (KB982132)
Sicherheitsupdate für Windows XP (KB982214)
Sicherheitsupdate für Windows XP (KB982665)
Sicherheitsupdate für Windows XP (KB982802)
Skype™ 5.3
SMSC CIR HID V5.3.2600.2
SpamBayes 1.0.4
StreamTransport version: 1.0.2.2171
Switch Sound File Converter
Synaptics Pointing Device Driver
T39 USB-Handset Manager
TaskSwitchXP
Texas Instruments PCIxx21/x515 drivers.
TIxx21
Uninstall Startup Inspector
UnzipThemAll 1.3
Update für Microsoft Windows (KB971513)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows Internet Explorer 8 (KB980182)
Update für Windows XP (KB2141007)
Update für Windows XP (KB2345886)
Update für Windows XP (KB2467659)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB961503)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971029)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoPad Video Editor
Virtual Drive Creator V3.0.1
WebFldrs XP
WikidPad 1.8final
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools
Windows XP Service Pack 3
Xara XS
Zoner 3D Photo Maker
.
==== End Of File ===========================
Thanks
Hi.
Please do not uninstall/install any programs, run any scans other than those requested or use any tools unless asked to.
Doing the above will cause confusion/complicate the process and will slow down the process of cleaning the computer.
Important!: Run all tools/scans/fixes once and once only. If problems, then post back with a description of the problem. The exact wording of any error messages will be helpful.
MBRBackup
Download MBRBackup (http://www.misec.net/products/MBRBackup.exe) to your Desktop.
Double-click MBRBackup.exe to launch the program.
Click SaveMBR (top left corner) and save the backup file to your Desktop.
It will have a name similar to MBR_2010-10-06.bin where the numbers correspond to the date the backup was made.
Exit the program.
I strongly suggest you keep a copy of this backup stored on an external device.
TDSSKiller
Please download TDSSKiller.exe (http://support.kaspersky.com/downloads/utils/tdsskiller.exe) and save it to your Desktop.
Double click on TDSSKiller.exe to launch it.
Click on Start Scan, the scan will run.
A box will appear saying System scan completed.
If any Malicious objects are found, click the default action Cure > Continue > Reboot now.
If any suspicious objects are detected the default action will be Skip, ensure Skip is selected then click Continue.
A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
To find the log click Start > Computer > C:.
Please post the contents of that log in your next reply.
Backup the Registry
Using tools that are modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.
Please navigate to Start >> All Programs >> ERUNT >> ERUNT.
Click on OK within the pop-up menu.
In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
System registry
Current user registry
Next click on OK
When the Question pop-up appears click on Yes
After a short duration the Registry backup is complete! popup will appear
Now click on OK. A backup has been created.
Run OTL Script
We need to run another OTL Fix, this one will require a reboot of the computer.
Double-click OTL.exe to start the program.
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word Code
:processes
killallprocesses
:reg
[-HKEY_CURRENT_USER\Software\Classes\PROTOCOLS\Filter\text/html]
:files
c:\dokume~1\oliver~1\lokale~1\temp\msmonitor
c:\dokumente und einstellungen\all users\anwendungsdaten\m23S7RaL.exe
Then click the Run Fix button at the top.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/btnOK.png.
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot.Copy and Paste that report into your next reply.
When finished post:
TDSSKiller log
OTL (script) log
A fresh DDS log (DDS.txt only)
Hi Vict0r
Here hare the log files. The Virus was so persistent in doing its "thing" that I decided to delete the files: m23S7RaL.exe, dl[1].htm, dl[1].swf, msmonitor manually yesterday and deleted all entries related to this file-names of in the registry because I needed to use the computer. I didn't use any other removal tools as those you have advised me to and the last kit you gave me I did only once. I hope all is ok.
2011/06/03 13:05:27.0515 1304 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/03 13:05:29.0546 1304 ================================================================================
2011/06/03 13:05:29.0546 1304 SystemInfo:
2011/06/03 13:05:29.0546 1304
2011/06/03 13:05:29.0546 1304 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/03 13:05:29.0546 1304 Product type: Workstation
2011/06/03 13:05:29.0546 1304 ComputerName: ACER-2CDC76420C
2011/06/03 13:05:29.0546 1304 UserName: Oliver Draxl
2011/06/03 13:05:29.0546 1304 Windows directory: C:\WINDOWS
2011/06/03 13:05:29.0546 1304 System windows directory: C:\WINDOWS
2011/06/03 13:05:29.0546 1304 Processor architecture: Intel x86
2011/06/03 13:05:29.0546 1304 Number of processors: 2
2011/06/03 13:05:29.0546 1304 Page size: 0x1000
2011/06/03 13:05:29.0546 1304 Boot type: Normal boot
2011/06/03 13:05:29.0546 1304 ================================================================================
2011/06/03 13:05:32.0609 1304 Initialize success
2011/06/03 13:05:47.0875 4252 ================================================================================
2011/06/03 13:05:47.0875 4252 Scan started
2011/06/03 13:05:47.0875 4252 Mode: Manual;
2011/06/03 13:05:47.0875 4252 ================================================================================
2011/06/03 13:05:49.0218 4252 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/03 13:05:49.0296 4252 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/03 13:05:49.0359 4252 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/03 13:05:49.0546 4252 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/03 13:05:49.0671 4252 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/03 13:05:49.0843 4252 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/03 13:05:50.0078 4252 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/03 13:05:50.0218 4252 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/03 13:05:50.0343 4252 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/03 13:05:50.0500 4252 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/03 13:05:50.0640 4252 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/03 13:05:50.0796 4252 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/03 13:05:50.0890 4252 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/03 13:05:51.0031 4252 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/03 13:05:51.0156 4252 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/03 13:05:51.0328 4252 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/03 13:05:51.0421 4252 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/03 13:05:51.0593 4252 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/03 13:05:51.0765 4252 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/03 13:05:51.0937 4252 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/03 13:05:52.0109 4252 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
2011/06/03 13:05:52.0203 4252 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/03 13:05:52.0281 4252 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/03 13:05:52.0671 4252 ati2mtag (d81980c64543ba5c39dd2a92dc1d2daf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/03 13:05:53.0031 4252 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/03 13:05:53.0203 4252 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/03 13:05:53.0406 4252 AVerBDA3x (1dcee9bf401a3bbd746dc018b63e32fc) C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys
2011/06/03 13:05:53.0656 4252 AVerM115 (118804bbfddf42c45db3c3d410f6a256) C:\WINDOWS\system32\DRIVERS\AVerM115.sys
2011/06/03 13:05:53.0859 4252 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/06/03 13:05:53.0968 4252 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/03 13:05:54.0156 4252 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2011/06/03 13:05:54.0328 4252 BulkUsb (16a5df6e8f9275410cf7ebe2bc12e5fe) C:\WINDOWS\system32\Drivers\usbprn.sys
2011/06/03 13:05:54.0515 4252 Ca533av (cb767b4677e95ab30c9634acc7e8539d) C:\WINDOWS\system32\Drivers\Ca533av.sys
2011/06/03 13:05:54.0718 4252 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/03 13:05:54.0859 4252 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/03 13:05:55.0125 4252 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/03 13:05:55.0281 4252 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/03 13:05:55.0343 4252 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/03 13:05:55.0593 4252 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/03 13:05:55.0843 4252 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/03 13:05:56.0328 4252 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/03 13:05:56.0468 4252 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/03 13:05:56.0640 4252 cnmpar21 (e4bb71f1b2606d79f1687151ff0c629d) C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmpar21.sys
2011/06/03 13:05:56.0953 4252 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/03 13:05:57.0109 4252 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/03 13:05:57.0281 4252 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/03 13:05:57.0453 4252 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/03 13:05:57.0687 4252 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/03 13:05:57.0890 4252 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2011/06/03 13:05:58.0187 4252 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/03 13:05:58.0468 4252 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/03 13:05:58.0531 4252 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/03 13:05:58.0796 4252 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/03 13:05:58.0984 4252 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/03 13:05:59.0218 4252 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/03 13:05:59.0390 4252 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
2011/06/03 13:05:59.0546 4252 EpmShd (50425cbd80468bf53ba90f0d7cc61805) C:\WINDOWS\system32\drivers\epm-shd.sys
2011/06/03 13:05:59.0812 4252 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/03 13:06:00.0062 4252 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/03 13:06:00.0312 4252 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/03 13:06:00.0562 4252 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/03 13:06:00.0671 4252 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/03 13:06:00.0750 4252 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/03 13:06:00.0859 4252 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/03 13:06:01.0078 4252 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/03 13:06:01.0328 4252 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/03 13:06:01.0437 4252 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/03 13:06:01.0656 4252 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/03 13:06:01.0843 4252 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/03 13:06:02.0031 4252 HSFHWAZL (a30d7011c1b80a0bc16602d99218d522) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/06/03 13:06:02.0250 4252 HSF_DPV (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/03 13:06:02.0500 4252 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/03 13:06:02.0625 4252 hwdatacard (07853191b1bdee5b39be4cfcfe3b9ad4) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/06/03 13:06:02.0875 4252 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/03 13:06:03.0093 4252 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/03 13:06:03.0343 4252 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/03 13:06:03.0593 4252 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/03 13:06:03.0781 4252 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/03 13:06:04.0125 4252 IntcAzAudAddService (4078d4795e394bf2adbed6fcc9827f78) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/03 13:06:04.0546 4252 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/03 13:06:04.0625 4252 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/03 13:06:04.0750 4252 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/03 13:06:04.0843 4252 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/03 13:06:05.0078 4252 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/03 13:06:05.0328 4252 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/03 13:06:05.0562 4252 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/03 13:06:05.0812 4252 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/06/03 13:06:06.0046 4252 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/03 13:06:06.0296 4252 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/03 13:06:06.0515 4252 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/03 13:06:06.0750 4252 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/03 13:06:06.0968 4252 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/03 13:06:07.0093 4252 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/03 13:06:07.0562 4252 lv321av (8e983f827edab91baa424977c6efddee) C:\WINDOWS\system32\Drivers\lv321av.sys
2011/06/03 13:06:07.0968 4252 lvmvdrv (5492f579ad7bf7dd61be35ad18ff0ad7) C:\WINDOWS\system32\drivers\lvmvdrv.sys
2011/06/03 13:06:08.0312 4252 LVPrcMon (d8cf31431aa398c1d79931203a75332f) C:\WINDOWS\system32\drivers\LVPrcMon.sys
2011/06/03 13:06:08.0515 4252 LVUSBSta (2a3a8361192de05de7d51d1f04f58b28) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/06/03 13:06:08.0703 4252 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/03 13:06:08.0781 4252 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/03 13:06:09.0015 4252 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/03 13:06:09.0218 4252 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/03 13:06:09.0375 4252 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/03 13:06:09.0609 4252 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/03 13:06:09.0875 4252 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/06/03 13:06:10.0093 4252 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/03 13:06:10.0265 4252 MpKsl2ec5b30a (5f53edfead46fa7adb78eee9ecce8fdf) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{92D12B40-8FDF-4AD3-BB05-7B10B4C96EFD}\MpKsl2ec5b30a.sys
2011/06/03 13:06:10.0421 4252 MpKslcd8807d1 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{92D12B40-8FDF-4AD3-BB05-7B10B4C96EFD}\MpKslcd8807d1.sys
2011/06/03 13:06:10.0656 4252 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/03 13:06:10.0890 4252 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/03 13:06:11.0046 4252 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/03 13:06:11.0312 4252 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/03 13:06:11.0578 4252 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/03 13:06:11.0828 4252 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/03 13:06:12.0062 4252 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/03 13:06:12.0156 4252 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/03 13:06:12.0406 4252 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/03 13:06:12.0640 4252 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/03 13:06:12.0828 4252 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2011/06/03 13:06:13.0046 4252 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/03 13:06:13.0312 4252 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/03 13:06:13.0515 4252 NdisFilt (1f76996253071cbae0a5ab5d8551ef88) C:\WINDOWS\system32\Drivers\NdisFilt.sys
2011/06/03 13:06:13.0750 4252 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/03 13:06:13.0984 4252 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/03 13:06:14.0203 4252 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/03 13:06:14.0421 4252 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/03 13:06:14.0640 4252 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/03 13:06:14.0890 4252 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/03 13:06:15.0125 4252 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/03 13:06:15.0375 4252 NETMNT (6a25f27202f3122a44a6b74ee46e7a76) C:\WINDOWS\system32\DRIVERS\NETMNT.sys
2011/06/03 13:06:15.0609 4252 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/03 13:06:15.0828 4252 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
2011/06/03 13:06:16.0046 4252 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/03 13:06:16.0343 4252 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/03 13:06:16.0593 4252 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2011/06/03 13:06:16.0656 4252 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/03 13:06:16.0734 4252 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/03 13:06:16.0781 4252 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/03 13:06:17.0015 4252 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/03 13:06:17.0265 4252 OsaFsLoc (26c4a4b64d1dd8e6fdfb2f4897be029c) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
2011/06/03 13:06:17.0500 4252 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
2011/06/03 13:06:17.0671 4252 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
2011/06/03 13:06:17.0937 4252 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/03 13:06:18.0203 4252 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/03 13:06:18.0265 4252 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/03 13:06:18.0484 4252 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/03 13:06:18.0875 4252 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/03 13:06:19.0078 4252 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/03 13:06:19.0328 4252 PCTAppEvent (3379e7a840de135fb7a829e03bc9cc25) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011/06/03 13:06:19.0531 4252 PCTCore (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/06/03 13:06:19.0718 4252 pctgntdi (bf770a5817fa8fba1402b2286a7f394c) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/06/03 13:06:19.0921 4252 pctplfw (debf0e70586507333f34c71d80f22194) C:\WINDOWS\system32\drivers\pctplfw.sys
2011/06/03 13:06:20.0109 4252 pctplsg (617f028b9f8e5336a9b46944fa2a44d8) C:\WINDOWS\system32\drivers\pctplsg.sys
2011/06/03 13:06:21.0218 4252 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/03 13:06:21.0375 4252 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/03 13:06:21.0609 4252 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/03 13:06:21.0843 4252 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/03 13:06:22.0078 4252 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/03 13:06:22.0140 4252 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/03 13:06:22.0296 4252 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/03 13:06:22.0453 4252 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/03 13:06:22.0625 4252 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/03 13:06:22.0781 4252 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/03 13:06:22.0953 4252 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/03 13:06:23.0015 4252 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/03 13:06:23.0187 4252 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/06/03 13:06:23.0390 4252 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/03 13:06:23.0625 4252 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/03 13:06:23.0671 4252 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/03 13:06:23.0906 4252 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/03 13:06:24.0000 4252 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/03 13:06:24.0265 4252 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/03 13:06:24.0500 4252 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/03 13:06:24.0796 4252 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/03 13:06:24.0906 4252 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/06/03 13:06:25.0046 4252 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/06/03 13:06:25.0296 4252 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/03 13:06:25.0468 4252 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/06/03 13:06:25.0671 4252 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/03 13:06:25.0906 4252 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/03 13:06:26.0156 4252 SFilter (975f4e44fd48c36beed30c96a115b2b8) C:\WINDOWS\system32\DRIVERS\pctfw.sys
2011/06/03 13:06:26.0421 4252 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/06/03 13:06:26.0765 4252 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/03 13:06:27.0015 4252 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/03 13:06:27.0171 4252 SMCB000 (56642f0391ca5176f8cc1432e559ad00) C:\WINDOWS\system32\DRIVERS\hidsmsc.sys
2011/06/03 13:06:27.0359 4252 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/06/03 13:06:27.0515 4252 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/03 13:06:27.0750 4252 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/03 13:06:27.0953 4252 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/03 13:06:28.0109 4252 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/03 13:06:28.0359 4252 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/03 13:06:28.0609 4252 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/03 13:06:28.0828 4252 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/03 13:06:29.0015 4252 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/03 13:06:29.0203 4252 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/03 13:06:29.0359 4252 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/03 13:06:29.0531 4252 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/03 13:06:29.0703 4252 SynTP (a63401d180863a2cefce51798542ae5f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/03 13:06:29.0953 4252 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/03 13:06:30.0125 4252 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/03 13:06:30.0343 4252 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/06/03 13:06:30.0578 4252 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/03 13:06:30.0781 4252 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/03 13:06:30.0984 4252 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/03 13:06:31.0171 4252 TfFsMon (52d1882d3e90718483a1321ca5ce1aea) C:\WINDOWS\system32\drivers\TfFsMon.sys
2011/06/03 13:06:31.0343 4252 TfNetMon (8eb02d60909345ee4f2be78a11364bcf) C:\WINDOWS\system32\drivers\TfNetMon.sys
2011/06/03 13:06:31.0500 4252 TfSysMon (24ea02fd9663ccef16c114211cd9d5f4) C:\WINDOWS\system32\drivers\TfSysMon.sys
2011/06/03 13:06:31.0750 4252 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
2011/06/03 13:06:31.0812 4252 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/03 13:06:31.0921 4252 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/06/03 13:06:32.0062 4252 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2011/06/03 13:06:32.0281 4252 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/03 13:06:32.0468 4252 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/03 13:06:32.0593 4252 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/03 13:06:33.0031 4252 USBCamera (0c28dd9ec68ccb6e95d49bfd24fd2c11) C:\WINDOWS\system32\Drivers\Bulk533.sys
2011/06/03 13:06:33.0171 4252 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/03 13:06:33.0281 4252 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/03 13:06:33.0484 4252 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/03 13:06:33.0656 4252 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/03 13:06:33.0859 4252 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/03 13:06:34.0093 4252 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/03 13:06:34.0312 4252 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/03 13:06:34.0515 4252 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/03 13:06:34.0593 4252 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/03 13:06:34.0796 4252 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/03 13:06:35.0000 4252 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/03 13:06:35.0250 4252 w39n51 (73395a19fc86461a151d3c330604e8b3) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/06/03 13:06:35.0562 4252 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/03 13:06:36.0015 4252 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/03 13:06:36.0218 4252 winachsf (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/03 13:06:36.0515 4252 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/03 13:06:36.0609 4252 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/03 13:06:36.0828 4252 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/03 13:06:37.0046 4252 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/03 13:06:37.0250 4252 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/03 13:06:37.0375 4252 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
2011/06/03 13:06:37.0718 4252 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4
2011/06/03 13:06:37.0734 4252 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk2\DR14
2011/06/03 13:06:38.0546 4252 MBR (0x1B8) (7a6080de83f9b89a09ed166c3db8b654) \Device\Harddisk3\DR6
2011/06/03 13:06:38.0812 4252 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk4\DR7
2011/06/03 13:06:38.0843 4252 ================================================================================
2011/06/03 13:06:38.0843 4252 Scan finished
2011/06/03 13:06:38.0843 4252 ================================================================================
2011/06/03 13:06:38.0859 1044 Detected object count: 0
2011/06/03 13:06:38.0859 1044 Actual detected object count: 0
2011/06/03 13:07:17.0125 2072 Deinitialize success
========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Classes\PROTOCOLS\Filter\text/html\ deleted successfully.
========== FILES ==========
File\Folder c:\dokume~1\oliver~1\lokale~1\temp\msmonitor not found.
File\Folder c:\dokumente und einstellungen\all users\anwendungsdaten\m23S7RaL.exe not found.
OTL by OldTimer - Version 3.2.23.0 log created on 06032011_131113
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
OTL logfile created on: 3/06/2011 1:22:32 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Eigene Dateien\Download\spybot
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australien | Language: ENA | Date Format: d/MM/yyyy
1022.04 Mb Total Physical Memory | 182.66 Mb Available Physical Memory | 17.87% Memory free
2.40 Gb Paging File | 1.55 Gb Available in Paging File | 64.65% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35.06 Gb Total Space | 12.03 Gb Free Space | 34.31% Space Free | Partition Type: FAT32
Drive D: | 35.55 Gb Total Space | 7.75 Gb Free Space | 21.81% Space Free | Partition Type: FAT32
Drive F: | 465.76 Gb Total Space | 137.77 Gb Free Space | 29.58% Space Free | Partition Type: NTFS
Drive G: | 12.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 3.83 Gb Total Space | 1.42 Gb Free Space | 37.04% Space Free | Partition Type: FAT32
Drive J: | 298.09 Gb Total Space | 129.48 Gb Free Space | 43.44% Space Free | Partition Type: NTFS
Drive K: | 125.11 Mb Total Space | 102.91 Mb Free Space | 82.25% Space Free | Partition Type: FAT
Computer Name: ACER-2CDC76420C | User Name: Oliver Draxl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/05/27 12:15:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Download\spybot\OTL.exe
PRC - [2011/05/27 12:06:40 | 000,126,976 | ---- | M] () -- C:\Programme\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/22 09:16:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\Browser Defender\BDTUpdateService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Internet Security\pctsAuxs.exe
PRC - [2008/09/22 06:02:20 | 000,054,720 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAC3RPK.EXE
PRC - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Programme\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/14 12:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/05 08:29:14 | 000,062,976 | ---- | M] (Alexander Avdonin) -- C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
PRC - [2005/12/15 19:13:38 | 000,344,064 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2005/12/06 17:11:24 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE
PRC - [2005/12/02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005/12/02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005/12/02 15:42:42 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005/12/02 15:42:28 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005/12/02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005/11/30 20:39:58 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/11/16 17:00:50 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/11/02 00:11:00 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/10/24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005/10/19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005/08/12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
========== Modules (SafeList) ==========
MOD - [2011/05/27 12:15:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Download\spybot\OTL.exe
MOD - [2011/02/08 23:33:28 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010/08/24 02:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/12/05 16:00:10 | 000,053,248 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\sysenv.dll
MOD - [2005/11/02 00:11:00 | 000,069,723 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005/08/24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2004/08/04 05:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll
MOD - [2003/03/18 21:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71u.dll
MOD - [2003/03/18 20:44:34 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71DEU.DLL
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (LVPrcSrv)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AdminSVC)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/22 09:16:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\Browser Defender\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/05 13:43:14 | 000,643,076 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Programme\NCH Software\Eyeline\eyeline.exe -- (EyelineService)
SRV - [2009/11/01 21:16:56 | 000,070,944 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Internet Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/02/02 10:20:02 | 001,095,592 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Internet Security\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\PC Tools Internet Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Programme\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/04/14 12:22:24 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2005/12/02 15:43:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/12/02 15:43:00 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/12/02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)
========== Driver Services (SafeList) ==========
DRV - [2011/06/03 13:13:16 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{92D12B40-8FDF-4AD3-BB05-7B10B4C96EFD}\MpKsl868d730b.sys -- (MpKsl868d730b)
DRV - [2011/06/02 22:45:58 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{92D12B40-8FDF-4AD3-BB05-7B10B4C96EFD}\MpKslcd8807d1.sys -- (MpKslcd8807d1)
DRV - [2010/02/11 22:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/01 21:16:56 | 000,039,200 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/11/01 21:16:48 | 000,033,056 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/11/01 21:16:34 | 000,051,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/01 21:15:24 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/12/18 12:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 08:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/12/10 12:36:06 | 000,064,424 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2008/12/10 12:36:04 | 000,095,656 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2008/09/22 12:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/04/17 15:52:50 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/04/14 04:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/08/29 17:40:34 | 001,183,744 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/12/06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005/12/01 07:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/30 20:45:10 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/11/30 20:45:10 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/11/29 21:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2005/11/29 21:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/26 16:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/17 15:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/11/08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/11/08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/08/24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005/08/03 05:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/06/22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/04/22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/04/22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/04/05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2003/10/24 02:07:38 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2002/11/06 09:42:10 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) DSC Still Image Capture (CA100)
DRV - [2002/07/31 17:48:54 | 000,514,929 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CA533AV.SYS -- (Ca533av)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/02/02 02:29:36 | 000,015,300 | ---- | M] (CANON INC.) [Kernel | Auto | Running] -- C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmpar21.sys -- (cnmpar21)
DRV - [2001/12/20 20:32:20 | 000,007,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\usbprn.sys -- (BulkUsb)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717 (MUWebControl Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\Eigene Dateien\Eigene Bilder\Sun behind planets desktop.bmp
O24 - Desktop BackupWallPaper: D:\Eigene Dateien\Eigene Bilder\Sun behind planets desktop.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/05 08:20:18 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/06/01 16:21:46 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/12/17 19:10:56 | 000,000,000 | ---D | M] - C:\AUTOTRAX -- [ FAT32 ]
O32 - AutoRun File - [2011/06/01 16:21:46 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2007/05/10 08:48:26 | 000,000,032 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/04/24 07:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/08/21 21:27:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/11/19 13:42:36 | 000,000,000 | ---D | M] - I:\autotrax -- [ FAT32 ]
O32 - AutoRun File - [2009/08/21 14:25:38 | 000,000,100 | ---- | M] () - I:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2011/06/01 16:21:45 | 000,000,000 | RHSD | M] - J:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/06/01 16:21:46 | 000,000,000 | RHSD | M] - K:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/24 07:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2011/06/02 09:45:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011/06/01 23:32:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Visual C++ 5.0
[2011/06/01 23:31:59 | 000,403,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrepl35.dll
[2011/06/01 23:31:59 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2011/06/01 23:31:59 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll
[2011/06/01 23:27:27 | 000,000,000 | ---D | C] -- C:\Programme\DevStudio
[2011/06/01 16:22:19 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\UserData
[2011/06/01 16:21:44 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2011/05/31 19:46:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2011/05/31 19:46:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2011/05/29 21:24:51 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2011/05/29 19:29:01 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spiele
[2011/05/29 09:13:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\Startmenü\Programme\T39 USB-Handset Manager
[2011/05/27 12:07:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Dodo Wireless Broadband
[2011/05/27 12:06:54 | 000,872,192 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2011/05/27 12:06:54 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys
[2011/05/27 12:06:54 | 000,101,376 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2011/05/27 12:06:54 | 000,100,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2011/05/27 12:06:54 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2011/05/22 18:24:24 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\Startmenü\Programme\Verwaltung
[2011/05/22 18:03:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011/05/22 18:03:17 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011/05/22 08:36:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop
[2011/05/21 13:57:13 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011/05/21 13:57:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011/05/20 15:58:03 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/20 15:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype Extras
[2011/05/09 17:38:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\Desktop\content of alcor 125 090511
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/06/03 13:18:16 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/03 13:17:56 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/06/03 13:15:00 | 000,000,769 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011/06/03 13:12:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/03 13:12:44 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/01 23:45:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SPYXX.INI
[2011/06/01 23:30:14 | 000,004,346 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/01 23:10:04 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc205d386b3860.job
[2011/05/29 23:11:22 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/05/29 20:41:14 | 000,001,622 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
[2011/05/29 19:32:44 | 000,496,742 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/05/29 19:32:44 | 000,442,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/29 19:32:44 | 000,100,966 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/05/29 19:32:44 | 000,072,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/27 22:11:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 08:39:18 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\goldenvideosShakeIcon.job
[2011/05/21 22:42:40 | 000,011,329 | ---- | M] () -- C:\WINDOWS\IEXPLORE.INI
[2011/05/21 15:30:32 | 000,001,222 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/20 15:58:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/11 14:52:14 | 000,247,296 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/06/02 09:20:26 | 1071,763,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/01 23:45:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SPYXX.INI
[2011/06/01 23:10:03 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc205d386b3860.job
[2011/05/22 08:39:16 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\goldenvideosShakeIcon.job
[2011/05/21 14:52:50 | 000,001,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/20 15:49:57 | 000,002,247 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2011/04/27 09:32:06 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ob1.INI
[2011/04/26 22:12:19 | 000,011,329 | ---- | C] () -- C:\WINDOWS\IEXPLORE.INI
[2011/04/26 22:12:19 | 000,000,223 | ---- | C] () -- C:\WINDOWS\RA.INI
[2010/07/20 23:25:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/07/20 23:25:53 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/07/20 23:25:53 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/20 23:25:53 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/10 19:09:25 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\aip504.dll
[2010/04/10 19:09:25 | 000,014,381 | ---- | C] () -- C:\WINDOWS\Tw533a.ini
[2010/04/10 19:09:25 | 000,012,201 | ---- | C] () -- C:\WINDOWS\USB_CAM.ini
[2010/04/10 19:09:25 | 000,012,201 | ---- | C] () -- C:\WINDOWS\USB_533.ini
[2010/04/10 19:09:25 | 000,002,141 | ---- | C] () -- C:\WINDOWS\ca533a.ini
[2010/04/10 19:09:25 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Setup533.ini
[2010/04/10 19:09:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll
[2010/04/10 19:09:24 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll
[2010/04/10 19:09:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\VideoThumb.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll
[2010/04/10 19:09:24 | 000,023,602 | ---- | C] () -- C:\WINDOWS\System32\RCfile.ini
[2010/04/02 11:14:32 | 000,460,908 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat
[2010/04/02 11:14:32 | 000,085,594 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat
[2010/01/02 18:39:38 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/29 16:27:08 | 000,010,588 | R--- | C] () -- C:\WINDOWS\System32\drivers\mpfilt.sys
[2009/12/29 14:27:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/29 14:27:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2009/12/03 17:46:51 | 000,000,907 | ---- | C] () -- C:\WINDOWS\MyProg.INI
[2009/11/12 10:07:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2009/11/08 22:31:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/26 22:49:42 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/08 12:22:58 | 000,225,280 | ---- | C] () -- C:\WINDOWS\USB6225phmgunin.exe
[2009/10/07 15:56:05 | 000,000,065 | ---- | C] () -- C:\WINDOWS\NokiaImageConverter.INI
[2009/10/05 16:27:36 | 000,000,022 | ---- | C] () -- C:\WINDOWS\SUMO.INI
[2009/10/05 14:03:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/10/02 15:18:11 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2009/09/26 10:08:54 | 000,247,296 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 00:10:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2009/09/26 00:10:39 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2009/09/26 00:10:34 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2009/09/26 00:10:34 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2009/09/25 16:30:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/09/25 15:54:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/09/25 15:54:50 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/25 15:54:49 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/25 15:51:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/09/25 14:02:28 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/09/24 17:10:08 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/09/24 10:29:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/23 23:20:47 | 000,225,280 | ---- | C] () -- C:\WINDOWS\USBT39phmgunin.exe
[2009/09/23 20:06:08 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/23 18:38:53 | 000,000,769 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2009/09/23 18:32:31 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009/09/23 18:32:27 | 000,013,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/23 18:30:03 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/23 18:28:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2009/09/23 18:25:53 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2009/09/23 18:25:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2009/09/23 18:25:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2009/09/23 18:25:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2009/09/23 18:25:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2009/09/23 18:25:44 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2009/09/23 18:25:03 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/09/23 09:47:08 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2009/09/23 09:47:08 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2008/09/01 16:13:52 | 000,509,208 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2007/06/14 10:14:12 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/14 10:13:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/12/01 00:24:56 | 000,037,754 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/30 20:45:10 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/11/30 20:45:10 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/11/14 19:26:12 | 000,112,794 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/07/15 01:48:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005/03/28 00:45:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/12/17 01:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 00:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/01/13 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003/04/10 08:33:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/10 08:33:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 08:24:12 | 000,496,742 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/04/10 08:24:12 | 000,442,800 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/10 08:24:12 | 000,100,966 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/04/10 08:24:12 | 000,072,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/10 01:51:24 | 000,375,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/05 08:20:40 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2003/04/05 07:48:36 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/05 07:47:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/26 19:07:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2002/05/24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/12/20 20:32:20 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprn.sys
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 02:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 02:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/23 04:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
========== LOP Check ==========
[2009/09/23 18:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer
[2009/09/23 20:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT
[2009/09/24 17:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009/09/24 16:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2009/09/25 14:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2009/09/26 00:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVerTV
[2009/09/26 13:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF
[2009/10/31 22:56:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
[2010/02/17 21:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\C-Free
[2010/03/20 19:26:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileCure
[2010/03/20 19:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2010/04/25 13:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Maxtor
[2010/06/11 14:17:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010/07/07 13:18:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/30 13:54:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PCToolsSpamMonitorPlus
[2009/09/30 13:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PCToolsFirewallPlus
[2009/09/23 18:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Acer
[2009/09/23 22:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Zoner
[2009/09/23 22:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Obsidium
[2009/09/23 23:21:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\MobileAction
[2009/09/23 23:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\NCH Swift Sound
[2009/09/24 17:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\PCToolsSpamMonitorPlus
[2009/09/24 17:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\PCToolsFirewallPlus
[2009/09/25 22:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/28 13:43:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Nitro PDF
[2009/10/05 09:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\CoCreate
[2009/10/07 11:03:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\SpamBayes
[2009/10/18 10:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\J. A. Associates
[2009/11/13 11:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\WikidPad
[2010/01/10 13:24:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\wsInspector
[2010/02/17 21:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\C-Free
[2010/03/11 20:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Ashampoo
[2010/03/30 08:50:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\HandBrake
[2010/11/14 21:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\EPSON
[2010/11/11 11:54:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadDowngrade.job
[2010/11/11 11:54:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2011/04/22 23:37:24 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B034EC4-73E5-4F92-8146-AE71BF70500B}.job
[2011/05/22 08:39:18 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\goldenvideosShakeIcon.job
[2011/06/03 13:17:56 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2011/06/03 13:18:16 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
========== Purity Check ==========
< End of report >
Thank you very much for your help
Hi Vict0r
Here hare the log files. The Virus was so persistent in doing its "thing" that I decided to delete the files: m23S7RaL.exe, dl[1].htm, dl[1].swf, msmonitor manually yesterday and deleted all entries related to this file-names of in the registry because I needed to use the computer. I didn't use any other removal tools as those you have advised me to and the last kit you gave me I did only once. I hope all is ok.
Ok, it was probably before I posted. :)
Scan With RKUnHooker
Please Download Rootkit Unhooker (http://www.kernelmode.info/ARKs/RKUnhookerLE.EXE) Save it to your desktop.
Now double-click on RKUnhookerLE.exe to run it.
Click the Report tab, then click Scan.
Check (Tick) Drivers, Stealth Code, Files, Code Hooks. Uncheck the rest. then Click OK.
Wait until the scanner has finished and then click File, Save Report.
* This can take a while. Please be patient *.
Save the report somewhere where you can find it. Click Close.
Copy the entire contents of this log in your next reply.
This log can be lengthy you may have to post it in separate replies.
Note: If you get the following warning, just ignore it:
"Rootkit Unhooker has detected a parasite inside itself!
It is recommended to remove parasite, okay?"
MBRCheck
Download MBRCheck from Here (http://download.bleepingcomputer.com/rootrepeal/MBRCheck.exe) & save it to your desktop.
Disable your security programs so they do not interfere with the tool. Double click on the file to run it.
A window will open on your desktop.
If an unknown bootcode is found, do not proceed with any further options at this time. For now, type in N then press Enter twice to exit the program.
If nothing unusual is found just press Enter.
A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
Post the contents of that file in your next reply.
Malwarebytes' Anti-Malware
Please download Malwarebytes' Anti-Malware Free (http://www.malwarebytes.org/products/malwarebytes_free) and save to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to:
Update Malwarebytes' Anti-Malware
Launch Malwarebytes' Anti-Malware
Then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform Quick Scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
When finished please post:
the RKUnHooker log.
the MBRCheck log
the MBAM log.
Describe any problems while following the instructions (if any).
Hi Vict0r, that was quite some "homework" :-)
Here are the logs:
RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xEE7E9000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4194304 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF0C4000 C:\WINDOWS\System32\ati3duag.dll 2519040 bytes (ATI Technologies Inc. , ati3duag.dll)
0xEE020000 C:\WINDOWS\system32\drivers\lvmvdrv.sys 2400256 bytes (-, -)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2158592 bytes (Microsoft Corporation, NT-Kernel und -System)
0x804D7000 PnpManager 2158592 bytes
0x804D7000 RAW 2158592 bytes
0x804D7000 WMIxWDM 2158592 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)
0xF6FEF000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1470464 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF6E56000 C:\WINDOWS\system32\DRIVERS\w39n51.sys 1429504 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0xBF32B000 C:\WINDOWS\System32\ativvaxx.dll 1105920 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xEDF16000 C:\WINDOWS\System32\Drivers\lv321av.sys 1089536 bytes (Logitech, USB Camera Driver)
0xEE69F000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 999424 bytes (Conexant Systems, Inc., HSF_DP driver)
0xEE5EE000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 724992 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xEDDD0000 C:\WINDOWS\System32\Drivers\Ntfs.SYS 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEE292000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6C31000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEE423000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEB37E000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF439000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 270336 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBA125000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF054000 C:\WINDOWS\System32\ati2cqag.dll 237568 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xEE377000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xBF08E000 C:\WINDOWS\System32\atikvmag.dll 221184 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xEE793000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 204800 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xF7422000 ACPI.sys 192512 bytes (Microsoft Corporation, ACPI-Treiber für NT)
0xF6DBA000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xEB825000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7291000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF735F000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xEB6FA000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEE32A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6FB3000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xEE3AF000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6DE9000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0xEE527000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xEE3FD000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEE3D7000 C:\WINDOWS\system32\drivers\pctgntdi.sys 155648 bytes (PC Tools, PC Tools Generic TDI Driver)
0xF72D5000 Fastfat.sys 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xEE7C5000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6E11000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6D97000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF730A000 PCTCore.sys 143360 bytes (PC Tools, PC Tools KDS Core Driver)
0xEE355000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF6E35000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 135168 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0x806E6000 ACPI_HAL 134400 bytes
0x806E6000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF733F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF73D4000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-Datenträgertreiber)
0xF73F3000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA-Treiber)
0xF7277000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF738B000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xEDE5D000 C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 102400 bytes (Huawei Technologies Co., Ltd., USB Modem/Serial Device Driver)
0xF73A4000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEDDB8000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF6C8F000 C:\WINDOWS\system32\DRIVERS\pctfw.sys 98304 bytes (PC Tools, PC Tools NDIS Driver)
0xF73BC000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF72BE000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6CB8000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEBB22000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xEB7E8000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xEB18D000 C:\WINDOWS\system32\drivers\epm-shd.sys 81920 bytes (Acer Value Labs, USA, Acer EPM SHD ECV-TO)
0xF6FDB000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEE47C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF732D000 sr.sys 73728 bytes (Microsoft Corporation, Dateisystemfilter-Treiber der Systemwiederherstellung)
0xEB154000 C:\Acer\Empowering Technology\eRecovery\int15.sys 69632 bytes
0xF7411000 pci.sys 69632 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)
0xEB6D5000 C:\WINDOWS\system32\drivers\PCTAppEvent.sys 69632 bytes (PC Tools, PC Tools App Monitor Driver)
0xF6CA7000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF72F9000 TfFsMon.sys 69632 bytes (PC Tools, ThreatFire Filesystem Monitor)
0xF6CCF000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7712000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7562000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7227000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7722000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook-Audiofiltertreiber)
0xEB9BA000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7207000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7572000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF75D2000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF75A2000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF6CFF000 C:\WINDOWS\system32\drivers\lvusbsta.sys 57344 bytes (Logitech, USB Statistic Driver)
0xF7592000 VolSnap.sys 57344 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)
0xF7632000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76F2000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042-Anschlusstreiber)
0xF7782000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF6CEF000 C:\WINDOWS\System32\Drivers\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7642000 TfSysMon.sys 53248 bytes (PC Tools, ThreatFire System Monitor)
0xF7612000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7602000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF77A2000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76E2000 C:\WINDOWS\system32\DRIVERS\smcirda.sys 49152 bytes (SMSC, SMSC IrCC NDIS 5.0 IrDA FIR Device Driver)
0xF7672000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF76A2000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF7682000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF7692000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF6D2F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS-Verschlüsselungstreiber)
0xF7702000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7582000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7792000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7662000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF76D2000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Prozessorgerätetreiber)
0xF7552000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP-ISA-Bustreiber)
0xF6CDF000 C:\WINDOWS\system32\DRIVERS\mxopswd.sys 40960 bytes (Maxtor Corp., OneTouch Security Driver)
0xF7267000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF75F2000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF75C2000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF7652000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF77C2000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA476000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7622000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF6D4F000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)
0xF77B2000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF6D3F000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF75B2000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF75E2000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise ULTRA66 Miniport-Treiber)
0xF6D0F000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78DA000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modemgerätetreiber)
0xF7932000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7802000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF7812000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF78BA000 C:\WINDOWS\System32\Drivers\TfKbMon.sys 32768 bytes (PC Tools, ThreatFire Keyboard Monitor)
0xF7952000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF78AA000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF77EA000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF791A000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF783A000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF78C2000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tastaturklassentreiber)
0xF77D2000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7832000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF780A000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF7942000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF781A000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF7822000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF78D2000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF78CA000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mausklassentreiber)
0xF793A000 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{DD593EDC-C66B-4718-9DAF-BB38BBB90850}\MpKsla815e5dd.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xF786A000 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{DD593EDC-C66B-4718-9DAF-BB38BBB90850}\MpKsled00b8ce.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xF78A2000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7922000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7862000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF78B2000 C:\WINDOWS\system32\DRIVERS\DKbFltr.sys 20480 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0xF782A000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF77FA000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF77F2000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF792A000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77DA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78F2000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78E2000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF78FA000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF77E2000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF78EA000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF795A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF797A000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF798A000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xB9F51000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF796A000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7992000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF7A2A000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7976000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF7982000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF798E000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xEB376000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7A42000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEBC70000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF797E000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF7972000 UBHelper.sys 16384 bytes
0xF796E000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controllertreiber)
0xF7986000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF7962000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEB56E000 C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmpar21.sys 12288 bytes (CANON INC., BJ Printer Port Driver Cnmpar21)
0xF7966000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF6C0D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7193000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF7A1A000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xF7A36000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6D87000 C:\WINDOWS\system32\drivers\OsaFsLoc.sys 12288 bytes (OSA Technologies, Filesystem Lock driver)
0xF7A22000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xF7187000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A16000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xF7A2E000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7167000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7A56000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7A76000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A60000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7A5E000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE-Bustreiber)
0xF7A7C000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7A74000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A58000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Treiber)
0xF7A52000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A78000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AF0000 C:\WINDOWS\System32\Drivers\NdisFilt.sys 8192 bytes (OSA Technologies, NDIS Filter Driver)
0xF7A6A000 C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0xF7AE0000 C:\WINDOWS\system32\drivers\osaio.sys 8192 bytes (OSA Technologies, An Avocent Company, OSA I/O Port Driver)
0xF7A62000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF7A7A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A6C000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7ACC000 C:\WINDOWS\system32\drivers\splitter.sys 8192 bytes (Microsoft Corporation, Microsoft Kernel Audio Splitter)
0xF7A6E000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A5A000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE-Controller)
0xF7A68000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A5C000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A54000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BCC000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C2A000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7B8B000 C:\WINDOWS\system32\drivers\epm-psd.sys 4096 bytes (Acer Value Labs, USA, Acer EPM Power Scheme Driver)
0xF7C1B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B1B000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7C65000 C:\WINDOWS\system32\drivers\osanbm.sys 4096 bytes (Windows (R) 2000 DDK provider, Windows int15 Driver)
0xF7B1A000 pciide.sys 4096 bytes (Microsoft Corporation, Allgemeiner PCI IDE Bustreiber)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D53E, Type: Inline - RelativeJump 0x8050453E-->8050455A [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECEE, Type: Inline - RelativeJump 0x80545CEE-->80545CF5 [ntkrnlpa.exe]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->EnableScrollBar, Type: Inline - RelativeJump 0x7E3B8005-->00452280 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->EnableScrollBar, Type: Inline - SEH 0x7E3B800A [unknown_code_page]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->EnableScrollBar, Type: Inline - SEH 0x7E3B800B [unknown_code_page]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->GetScrollInfo, Type: Inline - RelativeJump 0x7E37DFE2-->004522C0 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->GetScrollInfo, Type: Inline - SEH 0x7E37DFE7 [unknown_code_page]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->GetScrollInfo, Type: Inline - SEH 0x7E37DFE8 [unknown_code_page]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->GetScrollPos, Type: Inline - RelativeJump 0x7E37F704-->00452300 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->GetScrollRange, Type: Inline - RelativeJump 0x7E37F787-->00452330 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->GetSysColor, Type: Inline - RelativeJump 0x7E368E78-->00452480 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->GetSysColorBrush, Type: Inline - RelativeJump 0x7E368EAB-->004524E0 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->SetScrollInfo, Type: Inline - RelativeJump 0x7E369056-->00452370 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->SetScrollInfo, Type: Inline - SEH 0x7E36905B [unknown_code_page]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->SetScrollInfo, Type: Inline - SEH 0x7E36905C [unknown_code_page]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->SetScrollPos, Type: Inline - RelativeJump 0x7E37F750-->004523B0 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->SetScrollRange, Type: Inline - RelativeJump 0x7E37F99B-->004523F0 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->ShowScrollBar, Type: Inline - RelativeJump 0x7E37F2F2-->00452440 [SkinMagicU.dll]
[3876]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x013CD0A0-->73300B30 [unknown_code_page]
[3876]Skype.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x013CD0A4-->00402C24 [Skype.exe]
[4408]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->7160A16B [AcLayers.dll]
[4408]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->7160A067 [AcLayers.dll]
[4408]iexplore.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A51188-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A51190-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A511F8-->71609F5D [AcLayers.dll]
[4408]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A511FC-->7160A16B [AcLayers.dll]
[4408]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->7160A16B [AcLayers.dll]
[4408]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->7160A067 [AcLayers.dll]
[4408]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->7160A16B [AcLayers.dll]
[4408]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->7160A067 [AcLayers.dll]
[4408]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->7160A067 [AcLayers.dll]
[4408]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->71609F5D [AcLayers.dll]
[4408]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->7160A16B [AcLayers.dll]
[4408]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->7160A067 [AcLayers.dll]
[4408]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E37D0A3-->4126DB5C [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E3A6D7D-->4136517A [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E382072-->41365117 [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E38B144-->413650B4 [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E3747AB-->411954BD [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->7160A16B [AcLayers.dll]
[4408]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->7160A067 [AcLayers.dll]
[4408]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E3A085C-->41364F7C [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E3A0838-->41364F1A [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E38A082-->41365049 [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E3B64D5-->41364FDE [ieframe.dll]
[4408]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->7160A16B [AcLayers.dll]
[4408]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->7160A067 [AcLayers.dll]
[4408]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->71609E59 [AcLayers.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77DA1034-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x77DA10F8-->02E7B950 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77DA1208-->02E7BB60 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->02EA2DF0 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->02EA2D20 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x77DA11F4-->02E7C4F0 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x77DA11F0-->02E7C5B0 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77A51230-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x77A511BC-->02E7B950 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77A511C0-->02E7BB60 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A51188-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A51190-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A511F8-->02EA2DC0 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A511FC-->02EA2DF0 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x77A51248-->02E7C4F0 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x77A51244-->02E7C5B0 [PCTBDCore.dll]
[4484]iexplore.exe-->gdi32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77EF10E4-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77EF10EC-->02E7BB60 [PCTBDCore.dll]
[4484]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->02EA2DF0 [PCTBDCore.dll]
[4484]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->02EA2D20 [PCTBDCore.dll]
[4484]iexplore.exe-->gdi32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x77EF10E8-->02E7C5B0 [PCTBDCore.dll]
[4484]iexplore.exe-->kernel32.dll-->CloseHandle, Type: IAT modification 0x00401050-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->kernel32.dll-->CreateFileW, Type: IAT modification 0x00401088-->02E7BB60 [PCTBDCore.dll]
[4484]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x00401034-->02E7C040 [PCTBDCore.dll]
[4484]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->02EA2DF0 [PCTBDCore.dll]
[4484]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->02EA2D20 [PCTBDCore.dll]
[4484]iexplore.exe-->mswsock.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x719B11B0-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->mswsock.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x719B10A4-->02E7B950 [PCTBDCore.dll]
[4484]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->02EA2D20 [PCTBDCore.dll]
[4484]iexplore.exe-->mswsock.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x719B1094-->02E7C4F0 [PCTBDCore.dll]
[4484]iexplore.exe-->mswsock.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x719B1098-->02E7C5B0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x7E6715F4-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x7E6715BC-->02E7BB60 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x7E671488-->02E7C040 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->02EA2DC0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->02EA2DF0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->02EA2D20 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x7E6715C8-->02E7C4F0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x7E671600-->02E7C5B0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->user32.dll-->DialogBoxParamW, Type: IAT modification 0x7E671D44-->02E7A1A0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->user32.dll-->MessageBoxIndirectW, Type: IAT modification 0x7E672088-->02E7B1D0 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E37B3C6-->4125D125 [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E37D0A3-->4126DB5C [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E3A6D7D-->4136517A [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E382072-->41365117 [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E38B144-->413650B4 [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E3747AB-->411954BD [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x7E36124C-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x7E36134C-->02E7BB60 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x7E36127C-->02E7C040 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->02EA2DF0 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->02EA2D20 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x7E361260-->02E7C4F0 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E3A085C-->41364F7C [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E3A0838-->41364F1A [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E38A082-->41365049 [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E3B64D5-->41364FDE [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->41269B01 [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E37D5F3-->411D4664 [ieframe.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x408B14C0-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x408B1400-->02E7B950 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x408B13FC-->02E7BB60 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->02EA2DF0 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->02EA2D20 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x408B1408-->02E7C4F0 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x408B13F4-->02E7C5B0 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->user32.dll-->DialogBoxParamW, Type: IAT modification 0x408B1598-->02E7A1A0 [PCTBDCore.dll]
[4484]iexplore.exe-->ws2_32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x71A110B8-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->02EA2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77DA1034-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x77DA10F8-->0299B950 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77DA1208-->0299BB60 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->029C2DF0 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->029C2D20 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x77DA11F4-->0299C4F0 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x77DA11F0-->0299C5B0 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77A51230-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x77A511BC-->0299B950 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77A511C0-->0299BB60 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A51188-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A51190-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A511F8-->029C2DC0 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A511FC-->029C2DF0 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x77A51248-->0299C4F0 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x77A51244-->0299C5B0 [PCTBDCore.dll]
[4888]iexplore.exe-->gdi32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77EF10E4-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77EF10EC-->0299BB60 [PCTBDCore.dll]
[4888]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->029C2DF0 [PCTBDCore.dll]
[4888]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->029C2D20 [PCTBDCore.dll]
[4888]iexplore.exe-->gdi32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x77EF10E8-->0299C5B0 [PCTBDCore.dll]
[4888]iexplore.exe-->kernel32.dll-->CloseHandle, Type: IAT modification 0x00401050-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->kernel32.dll-->CreateFileW, Type: IAT modification 0x00401088-->0299BB60 [PCTBDCore.dll]
[4888]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x00401034-->0299C040 [PCTBDCore.dll]
[4888]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->029C2DF0 [PCTBDCore.dll]
[4888]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->029C2D20 [PCTBDCore.dll]
[4888]iexplore.exe-->mswsock.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x719B11B0-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->mswsock.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x719B10A4-->0299B950 [PCTBDCore.dll]
[4888]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->029C2D20 [PCTBDCore.dll]
[4888]iexplore.exe-->mswsock.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x719B1094-->0299C4F0 [PCTBDCore.dll]
[4888]iexplore.exe-->mswsock.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x719B1098-->0299C5B0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x7E6715F4-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x7E6715BC-->0299BB60 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x7E671488-->0299C040 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->029C2DC0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->029C2DF0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->029C2D20 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x7E6715C8-->0299C4F0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x7E671600-->0299C5B0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->user32.dll-->DialogBoxParamW, Type: IAT modification 0x7E671D44-->0299A1A0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->user32.dll-->MessageBoxIndirectW, Type: IAT modification 0x7E672088-->0299B1D0 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E37B3C6-->4125D125 [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E37D0A3-->4126DB5C [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E3A6D7D-->4136517A [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E382072-->41365117 [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E38B144-->413650B4 [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E3747AB-->411954BD [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x7E36124C-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x7E36134C-->0299BB60 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x7E36127C-->0299C040 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->029C2DF0 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->029C2D20 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x7E361260-->0299C4F0 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E3A085C-->41364F7C [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E3A0838-->41364F1A [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E38A082-->41365049 [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E3B64D5-->41364FDE [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->41269B01 [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E37D5F3-->411D4664 [ieframe.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x408B14C0-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x408B1400-->0299B950 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x408B13FC-->0299BB60 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->029C2DF0 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->029C2D20 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x408B1408-->0299C4F0 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x408B13F4-->0299C5B0 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->user32.dll-->DialogBoxParamW, Type: IAT modification 0x408B1598-->0299A1A0 [PCTBDCore.dll]
[4888]iexplore.exe-->ws2_32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x71A110B8-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->029C2CF0 [PCTBDCore.dll]
[984]Explorer.EXE-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->5CF07774 [shimeng.dll]
[984]Explorer.EXE-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A51188-->5CF07774 [shimeng.dll]
[984]Explorer.EXE-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->5CF07774 [shimeng.dll]
[984]Explorer.EXE-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5CF07774 [shimeng.dll]
[984]Explorer.EXE-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->5CF07774 [shimeng.dll]
[984]Explorer.EXE-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->5CF07774 [shimeng.dll]
[984]Explorer.EXE-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->5CF07774 [shimeng.dll]
[984]Explorer.EXE-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->5CF07774 [shimeng.dll]
MBRCheck, version 1.2.3
(c) 2010, AD
Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000007fc
Kernel Drivers (total 208):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xF7A52000 \WINDOWS\system32\KDCOM.DLL
0xF7962000 \WINDOWS\system32\BOOTVID.dll
0xF7422000 ACPI.sys
0xF7A54000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7411000 pci.sys
0xF7552000 isapnp.sys
0xF7562000 ohci1394.sys
0xF7572000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7966000 compbatt.sys
0xF796A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B1A000 pciide.sys
0xF77D2000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A56000 aliide.sys
0xF7A58000 intelide.sys
0xF7A5A000 toside.sys
0xF7A5C000 viaide.sys
0xF7A5E000 cmdide.sys
0xF73F3000 pcmcia.sys
0xF7582000 MountMgr.sys
0xF73D4000 ftdisk.sys
0xF796E000 ACPIEC.sys
0xF7B1B000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF77DA000 PartMgr.sys
0xF7972000 UBHelper.sys
0xF7592000 VolSnap.sys
0xF7976000 cpqarray.sys
0xF73BC000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF73A4000 atapi.sys
0xF797A000 aha154x.sys
0xF77E2000 sparrow.sys
0xF797E000 symc810.sys
0xF75A2000 aic78xx.sys
0xF7982000 dac960nt.sys
0xF75B2000 ql10wnt.sys
0xF7986000 amsint.sys
0xF77EA000 asc.sys
0xF798A000 asc3550.sys
0xF77F2000 mraid35x.sys
0xF77FA000 i2omp.sys
0xF798E000 ini910u.sys
0xF75C2000 ql1240.sys
0xF75D2000 aic78u2.sys
0xF7802000 symc8xx.sys
0xF780A000 sym_hi.sys
0xF7812000 sym_u3.sys
0xF781A000 ABP480N5.SYS
0xF7822000 asc3350p.sys
0xF7A60000 cd20xrnt.sys
0xF75E2000 ultra.sys
0xF738B000 adpu160m.sys
0xF782A000 dpti2o.sys
0xF75F2000 ql1080.sys
0xF7602000 ql1280.sys
0xF7612000 ql12160.sys
0xF7832000 perc2.sys
0xF7A62000 perc2hib.sys
0xF783A000 hpn.sys
0xF7992000 cbidf2k.sys
0xF735F000 dac2w2k.sys
0xF7622000 disk.sys
0xF7632000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF733F000 fltmgr.sys
0xF732D000 sr.sys
0xF730A000 PCTCore.sys
0xF72F9000 TfFsMon.sys
0xF7642000 TfSysMon.sys
0xF72D5000 Fastfat.sys
0xF72BE000 KSecDD.sys
0xF7291000 NDIS.sys
0xF7652000 sisagp.sys
0xF7662000 viaagp.sys
0xF7277000 Mup.sys
0xF7672000 agp440.sys
0xF7682000 alim1541.sys
0xF7692000 amdagp.sys
0xF76A2000 agpCPQ.sys
0xF7A16000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF76D2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6FEF000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6FDB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6FB3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6E56000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xF6E35000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF78A2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6E11000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78AA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6DE9000 \SystemRoot\system32\drivers\tifm21.sys
0xF76E2000 \SystemRoot\system32\DRIVERS\smcirda.sys
0xF7A1A000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF76F2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78B2000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF78BA000 \SystemRoot\System32\Drivers\TfKbMon.sys
0xF78C2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6DBA000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A68000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78CA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7702000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7A22000 \??\C:\WINDOWS\system32\drivers\pfc.sys
0xF7712000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7722000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6D97000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A6A000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF78D2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7A2A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7A2E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7BCC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7A6C000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF78DA000 \SystemRoot\System32\Drivers\Modem.SYS
0xF78E2000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF78EA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7782000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A36000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6CB8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7792000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77A2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6CA7000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77B2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78F2000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78FA000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77C2000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF6C8F000 \SystemRoot\system32\DRIVERS\pctfw.sys
0xF7A6E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6C31000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A42000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7267000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE7E9000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEE7C5000 \SystemRoot\system32\drivers\portcls.sys
0xF7227000 \SystemRoot\system32\drivers\drmk.sys
0xEE793000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xEE69F000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xEE5EE000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7207000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7193000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xEE527000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7A74000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C1B000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A76000 \SystemRoot\System32\Drivers\Beep.SYS
0xF791A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7922000 \SystemRoot\System32\drivers\vga.sys
0xF7A78000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A7A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF792A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7932000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7187000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE47C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE423000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE3FD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEE3D7000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys
0xEE3AF000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE377000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xF7167000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF6D4F000 \SystemRoot\system32\drivers\ip6fw.sys
0xEE355000 \SystemRoot\System32\drivers\afd.sys
0xF6D3F000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEE32A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF6D87000 \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
0xEE292000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF793A000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{DD593EDC-C66B-4718-9DAF-BB38BBB90850}\MpKsla815e5dd.sys
0xF6D2F000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6D0F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7942000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xEE020000 \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys
0xF6CFF000 \SystemRoot\system32\drivers\lvusbsta.sys
0xEDF16000 \SystemRoot\System32\Drivers\lv321av.sys
0xF6CEF000 \SystemRoot\System32\Drivers\STREAM.SYS
0xF6CDF000 \SystemRoot\system32\DRIVERS\mxopswd.sys
0xF7952000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xEDE5D000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0xF6CCF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDDD0000 \SystemRoot\System32\Drivers\Ntfs.SYS
0xEDDB8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A7C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6C0D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF795A000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C2A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF08E000 \SystemRoot\System32\atikvmag.dll
0xBF0C4000 \SystemRoot\System32\ati3duag.dll
0xBF32B000 \SystemRoot\System32\ativvaxx.dll
0xBF439000 \SystemRoot\System32\ATMFD.DLL
0xF7862000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xEBB22000 \SystemRoot\system32\DRIVERS\irda.sys
0xEBC70000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xEB825000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEB7E8000 \SystemRoot\system32\drivers\wdmaud.sys
0xEB9BA000 \SystemRoot\system32\drivers\sysaudio.sys
0xEB56E000 \??\C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmpar21.sys
0xF7B8B000 \??\C:\WINDOWS\system32\drivers\epm-psd.sys
0xEB18D000 \??\C:\WINDOWS\system32\drivers\epm-shd.sys
0xEB154000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xEB37E000 \SystemRoot\system32\DRIVERS\srv.sys
0xEB376000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7AE0000 \??\C:\WINDOWS\system32\drivers\osaio.sys
0xF7C65000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
0xEB6D5000 \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
0xF7AF0000 \SystemRoot\System32\Drivers\NdisFilt.sys
0xF786A000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{DD593EDC-C66B-4718-9DAF-BB38BBB90850}\MpKsled00b8ce.sys
0xBA125000 \SystemRoot\System32\Drivers\HTTP.sys
0xB9F51000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xBA476000 \SystemRoot\System32\Drivers\BlackBox.SYS
0xBF480000 \SystemRoot\System32\spool\DRIVERS\W32X86\2\ppbint.dll
0xB977F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\System32\ntdll.dll
Processes (total 73):
0 System Idle Process
4 System
728 C:\WINDOWS\System32\smss.exe
1568 csrss.exe
1596 C:\WINDOWS\System32\winlogon.exe
1640 C:\WINDOWS\System32\services.exe
1652 C:\WINDOWS\System32\lsass.exe
1820 C:\WINDOWS\System32\Ati2evxx.exe
1840 C:\WINDOWS\System32\svchost.exe
1952 svchost.exe
2020 C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
128 C:\WINDOWS\System32\svchost.exe
240 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
332 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
396 svchost.exe
444 svchost.exe
692 C:\WINDOWS\System32\brsvc01a.exe
712 C:\WINDOWS\System32\brss01a.exe
824 C:\WINDOWS\System32\Ati2evxx.exe
800 C:\WINDOWS\System32\spoolsv.exe
984 C:\WINDOWS\Explorer.EXE
1012 svchost.exe
640 C:\Acer\Empowering Technology\admServ.exe
1472 C:\Programme\Bonjour\mDNSResponder.exe
744 C:\Programme\Browser Defender\BDTUpdateService.exe
232 C:\WINDOWS\System32\CNAC3RPK.EXE
1948 C:\Programme\Synaptics\SynTP\SynTPLpr.exe
484 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
540 C:\Program Files\Acer\Acer Arcade\PCMService.exe
548 C:\Programme\ATI Technologies\ATI.ACE\cli.exe
464 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
760 C:\WINDOWS\System32\cisvc.exe
776 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
1076 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
1116 C:\Programme\Launch Manager\QtZgAcer.EXE
1152 C:\WINDOWS\System32\LVCOMSX.EXE
1156 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
1208 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
1556 C:\Acer\Empowering Technology\admtray.exe
1868 C:\Programme\Google\Update\GoogleUpdate.exe
2084 C:\Programme\Maxtor\Sync\SyncServices.exe
2448 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
2472 C:\WINDOWS\RTHDCPL.EXE
2540 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
2568 C:\Programme\CyberLink\Shared Files\RichVideo.exe
2660 C:\Programme\PC Tools Internet Security\pctsAuxs.exe
2668 C:\Programme\Microsoft Security Client\msseces.exe
2688 C:\WINDOWS\System32\tcpsvcs.exe
2724 C:\WINDOWS\System32\svchost.exe
2748 C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
2788 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
2848 C:\Programme\Windows Live\Messenger\msnmsgr.exe
2972 C:\WINDOWS\System32\ctfmon.exe
2980 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3764 C:\Programme\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
3972 C:\WINDOWS\System32\wbem\wmiapsrv.exe
4020 C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
1344 alg.exe
3116 C:\WINDOWS\System32\svchost.exe
2164 C:\Programme\ATI Technologies\ATI.ACE\cli.exe
2500 C:\Programme\Windows Live\Contacts\wlcomm.exe
3876 C:\Programme\Skype\Phone\Skype.exe
2536 C:\Programme\Skype\Plugin Manager\skypePM.exe
2080 D:\Eigene Dateien\Download\spybot\RKUnhookerLE.EXE
4408 C:\Programme\Internet Explorer\iexplore.exe
4484 C:\Programme\Internet Explorer\iexplore.exe
4888 C:\Programme\Internet Explorer\iexplore.exe
5244 C:\WINDOWS\System32\cidaemon.exe
6044 C:\WINDOWS\System32\wscntfy.exe
2868 C:\WINDOWS\System32\taskmgr.exe
4260 C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
4808 C:\Programme\Microsoft Office\Office10\winword.exe
3900 D:\Eigene Dateien\Download\spybot\MBRCheck.exe
\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`f98b7a00 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`bdfa3e00 (FAT32)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)
PhysicalDrive0 Model Number: ST98823AS, Rev: 3.06
PhysicalDrive2 Model Number: MaxtorOneTouch, Rev: 0122
PhysicalDrive1 Model Number: ST9320320AS, Rev:
Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
465 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6
298 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F
Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:
Done!
Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
Folders Infected:
(No malicious items detected)
Files Infected:
(No malicious items detected)
Hi
that was quite some "homework"
Here's some more... ;)
AVP Tool by Kaspersky
Download the AVP Tool by Kaspersky from Here (http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/) & save it to your desktop. Be aware that this is a large file.... approximately 111Mb. Plugin any hard drives or thumb drives if you own such drives.
Double click the setup file to run it
Choose the language and click ok.
Click Next to continue
Accept the Licence agreement then click Next
It will by default install to your desktop folder. Click Next
Once installed it will open a box. Click the Autoscan tab if not already open.
Under Automatic scan make sure the following are checked: [B]Hidden Startup Objects
System Memory
Disk Boot Sectors
My Computer
Any hard- or thumb-drives that you may have.
Change "Prompt for action" to Prompt on completionLeave the rest of the settings as they appear
Click on Start scan button.
If prompted when the scan has finished, click on Neutralize all.
If you receive a message that an item cannot be neutralized then choose the Delete option when prompted
Once finished click the Reports button at the bottom
Name the file Kas & save it somewhere convenient like your desktop
Copy/paste only the detected Virus\malware from the report. It will be at the very top under Detected & post those results in your next reply
Note: This program will ask to uninstall when you close it. Please post the log first, then go ahead and uninstall the program.
How is the performance of the computer now? Are there further signs of infection?
Hello Vict0r
The removable drive I use for multimedia has been infected. Hope it didn't spread around.
7/06/2011 2:18:27 AM Task completed
7/06/2011 12:08:47 AM Deleted: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe
7/06/2011 12:05:17 AM Detected: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe/data0088
7/06/2011 12:05:17 AM Detected: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe/data0087
7/06/2011 12:05:16 AM Detected: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe/data0086
7/06/2011 12:05:15 AM Detected: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe/data0085
7/06/2011 12:05:14 AM Detected: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe/data0084
7/06/2011 12:05:13 AM Detected: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe/data0083
6/06/2011 11:59:30 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe/data0082
6/06/2011 11:53:21 PM Deleted: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe
6/06/2011 11:41:51 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe/data0088
6/06/2011 11:41:49 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe/data0087
6/06/2011 11:41:48 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe/data0086
6/06/2011 11:41:46 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe/data0085
6/06/2011 11:41:44 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe/data0084
6/06/2011 11:41:42 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe/data0083
6/06/2011 11:35:02 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe/data0082
6/06/2011 11:09:35 PM Deleted: not-a-virus:AdWare.Win32.FunWeb.kd D:\Recycled\Dd599.exe
6/06/2011 11:09:34 PM Deleted: Trojan-Downloader.Win32.Myxa.ehx D:\_OTL\MovedFiles\06012011_170043\c_dokume~1\oliver~1\lokale~1\temp\msmonitor
6/06/2011 6:13:36 PM Detected: not-a-virus:AdWare.Win32.FunWeb.kd D:\Recycled\Dd599.exe
6/06/2011 6:13:33 PM Detected: Trojan-Downloader.Win32.Myxa.ehx D:\_OTL\MovedFiles\06012011_170043\c_dokume~1\oliver~1\lokale~1\temp\msmonitor
I noticed that when I connected to the internet the computer was ready right away. Before, mostly after dialing in with the mobile broad band, the computer was irresponsive for up to 2 minutes. Sometimes it didn't, so I keep watching it.
Thank you
Sorry "unsresponsive" irresponive is no english word :alien:
But it has also been slow again maybe it's normal?
Sorry "unsresponsive" irresponive is no english word :alien:
But it has also been slow again maybe it's normal?
Please don't worry about the "s" jumping from one word to an other :scratch:
I'm sorry for the delay.
Please download DDS by sUBs from one of the links below, save it to your Desktop (Note: It must be saved in this location).
Link 1 (http://download.bleepingcomputer.com/sUBs/dds.scr)
Link 2 (http://download.bleepingcomputer.com/sUBs/dds.com)
Double-Click on dds.scr and a command window will appear. This is normal.
Shortly after two logs will appear:
DDS.txt
Attach.txt
A window will open instructing you save & post the logs
Save the logs to a convenient place such as your desktop
Copy the contents of both logs & post in your next reply
Hello Vict0r
Thank you for your replay. Since the last post the viruses have not shown any appearance in places where I would have noticed any activity.
Here are the logs:
.
DDS (Ver_2011-06-12.02) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Oliver Draxl at 10:41:31 on 2011-06-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.242 [GMT 10:00]
.
AV: Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Internet Security Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\CNAC3RPK.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programme\Browser Defender\BDTUpdateService.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Microsoft Security Client\msseces.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\PC Tools Internet Security\pctsAuxs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\T39 USB-Handset Manager\PhMgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\programme\browser defender\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\programme\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programme\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\programme\browser defender\PCTBrowserDefender.dll
uRun: [TaskSwitchXP] c:\programme\taskswitchxp\TaskSwitchXP.exe
uRun: [msnmsgr] "c:\programme\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [ATICCC] "c:\programme\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSC] "c:\programme\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\programme\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll
LSP: c:\programme\gemeinsame dateien\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717
TCP: Interfaces\{86C0E1A0-58D0-4AC3-939C-6B15B6C14CD4} : NameServer = 202.136.43.197 202.136.42.229
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-1 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-11-1 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-11-1 39200]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslb2f4ca89;MpKslb2f4ca89;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{b24d1f71-9363-499c-acf3-995a2fb4b6e3}\MpKslb2f4ca89.sys [2011-6-12 28752]
R1 MpKslbf23a101;MpKslbf23a101;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{f96dd48e-59f3-4107-a106-c2b48d9d5220}\mpkslbf23a101.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{f96dd48e-59f3-4107-a106-c2b48d9d5220}\MpKslbf23a101.sys [?]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-1 159600]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\programme\iobit\advanced systemcare 4\ASCService.exe [2011-6-4 352656]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\browser defender\BDTUpdateService.exe [2009-9-24 112592]
R2 MBAMService;MBAMService;c:\programme\malwarebytes' anti-malware\mbamservice.exe [2011-6-4 366640]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-11-1 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\pc tools internet security\pctsAuxs.exe [2009-11-1 348752]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2009-9-23 1088896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-4 22712]
S1 MpKsl8ce013eb;MpKsl8ce013eb;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpksl8ce013eb.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKsl8ce013eb.sys [?]
S1 MpKslc2e1cac1;MpKslc2e1cac1;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\mpkslc2e1cac1.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\MpKslc2e1cac1.sys [?]
S1 MpKslfd10626b;MpKslfd10626b;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpkslfd10626b.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKslfd10626b.sys [?]
S2 AdminSVC;GMX Browser Update;c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe --> c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe [?]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [2001-12-20 7552]
S2 Ca533av;PocketCam 3Mega, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [2010-4-10 514929]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 6616190D;6616190D;c:\windows\system32\6616190d.exe --> c:\windows\system32\6616190D.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-9-25 16512]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2009-9-26 1183744]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2005-8-24 692992]
S3 EyelineService;Eyeline Video System;c:\programme\nch software\eyeline\eyeline.exe [2009-11-5 643076]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-4 39984]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-9-23 32512]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-11-1 95656]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-1 64424]
S3 sdCoreService;PC Tools Security Service;c:\programme\pc tools internet security\pctsSvc.exe [2009-11-1 1095592]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-11-1 33056]
S3 ThreatFire;ThreatFire;c:\programme\pc tools internet security\tfengine\tfservice.exe service --> c:\programme\pc tools internet security\tfengine\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2011-06-12 00:38:47 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{b24d1f71-9363-499c-acf3-995a2fb4b6e3}\MpKslb2f4ca89.sys
2011-06-12 00:37:38 6962000 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{b24d1f71-9363-499c-acf3-995a2fb4b6e3}\mpengine.dll
2011-06-04 02:36:27 -------- d-----w- c:\dokumente und einstellungen\oliver draxl\anwendungsdaten\Malwarebytes
2011-06-04 02:36:17 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-04 02:36:17 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Malwarebytes
2011-06-04 02:36:13 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 02:36:13 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-06-04 01:56:59 -------- d-----w- c:\dokumente und einstellungen\oliver draxl\anwendungsdaten\IObit
2011-06-04 01:56:56 -------- d-----w- c:\programme\IObit
2011-06-01 13:31:59 403216 ----a-w- c:\windows\system32\msrepl35.dll
2011-06-01 13:31:59 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-06-01 13:31:59 251664 ----a-w- c:\windows\system32\msrd2x35.dll
2011-06-01 13:31:58 25600 ----a-w- c:\programme\gemeinsame dateien\microsoft shared\dao\remove.exe
2011-06-01 13:27:27 -------- d-----w- c:\programme\DevStudio
2011-06-01 06:22:19 -------- d-sh--w- c:\dokumente und einstellungen\oliver draxl\UserData
2011-05-29 11:24:51 -------- d-----r- c:\programme\Skype
2011-05-27 02:06:54 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-05-27 02:06:54 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-05-27 02:06:54 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-05-27 02:06:54 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-05-27 02:06:54 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-05-21 03:57:13 -------- d-----w- c:\programme\Spybot - Search & Destroy
2011-05-21 03:57:13 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Spybot - Search & Destroy
2011-05-20 05:58:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-20 05:50:53 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Skype Extras
.
==================== Find3M ====================
.
.
============= FINISH: 10:42:39.78 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 23/09/2009 6:23:18 PM
System Uptime: 7/06/2011 7:44:36 AM (123 hours ago)
.
Motherboard: Acer, Inc. | | Bodensee
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U2E1 | 1666/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 35 GiB total, 11.324 GiB free.
D: is FIXED (FAT32) - 36 GiB total, 6.34 GiB free.
E: is CDROM ()
G: is CDROM (CDFS)
H: is Removable
J: is FIXED (NTFS) - 298 GiB total, 129.499 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Description: Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller
Device ID: PCI\VEN_104C&DEV_803A&SUBSYS_00941025&REV_00\4&6B16D5B&0&49F0
Manufacturer: Texas Instruments
Name: Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller
PNP Device ID: PCI\VEN_104C&DEV_803A&SUBSYS_00941025&REV_00\4&6B16D5B&0&49F0
Service: ohci1394
.
==== System Restore Points ===================
.
RP143: 10/09/2010 3:28:09 PM - Installation eines unsignierten Treibers
RP144: 20/09/2010 8:19:09 AM - Software Distribution Service 3.0
RP145: 23/09/2010 9:21:52 PM - Software Distribution Service 3.0
RP146: 30/09/2010 6:24:24 PM - Software Distribution Service 3.0
RP147: 2/10/2010 7:40:58 PM - Software Distribution Service 3.0
RP148: 14/10/2010 3:00:30 AM - Software Distribution Service 3.0
RP149: 14/10/2010 4:04:58 AM - Software Distribution Service 3.0
RP150: 15/10/2010 5:44:32 PM - Software Distribution Service 3.0
RP151: 18/10/2010 8:56:17 AM - Software Distribution Service 3.0
RP152: 10/11/2010 9:44:00 PM - Software Distribution Service 3.0
RP153: 26/11/2010 8:21:07 PM - Removed Apple Mobile Device Support
RP154: 26/11/2010 8:21:52 PM - Removed Apple Software Update
RP155: 27/11/2010 12:41:22 PM - Installed Active Wall
RP156: 4/01/2011 8:19:50 PM - Software Distribution Service 3.0
RP157: 5/01/2011 8:01:54 AM - Software Distribution Service 3.0
RP158: 25/01/2011 11:23:45 PM - Software Distribution Service 3.0
RP159: 10/02/2011 6:25:12 PM - Removed Active Wall
RP160: 10/02/2011 6:58:12 PM - Software Distribution Service 3.0
RP161: 10/02/2011 8:36:16 PM - Software Distribution Service 3.0
RP162: 28/02/2011 8:59:07 AM - Software Distribution Service 3.0
RP163: 1/03/2011 9:06:35 AM - Software Distribution Service 3.0
RP164: 17/03/2011 8:04:32 AM - Software Distribution Service 3.0
RP165: 25/03/2011 5:56:20 PM - Software Distribution Service 3.0
RP166: 25/03/2011 5:58:54 PM - Software Distribution Service 3.0
RP167: 1/06/2005 12:09:05 AM - Installation eines unsignierten Treibers
RP168: 16/04/2011 10:46:01 AM - Software Distribution Service 3.0
RP169: 16/04/2011 12:49:29 PM - Software Distribution Service 3.0
RP170: 16/04/2011 5:08:19 PM - Software Distribution Service 3.0
RP171: 18/04/2011 3:26:14 PM - Removed Brother MFL-Pro Suite
RP172: 21/04/2011 9:30:09 PM - Software Distribution Service 3.0
RP173: 22/04/2011 5:16:20 PM - Installed Trend Micro Internet Security
RP174: 22/04/2011 7:06:14 PM - Software Distribution Service 3.0
RP175: 28/04/2011 7:27:07 PM - Software Distribution Service 3.0
RP176: 28/04/2011 7:43:22 PM - Software Distribution Service 3.0
RP177: 1/05/2011 8:39:47 PM - Software Distribution Service 3.0
RP178: 3/05/2011 2:34:05 PM - Software Distribution Service 3.0
RP179: 5/05/2011 5:54:06 PM - Software Distribution Service 3.0
RP180: 10/05/2011 5:42:58 PM - Software Distribution Service 3.0
RP181: 11/05/2011 11:09:05 AM - Software Distribution Service 3.0
RP182: 20/05/2011 3:28:32 PM - Software Distribution Service 3.0
RP183: 21/05/2011 3:45:37 PM - Software Distribution Service 3.0
RP184: 22/05/2011 8:35:53 AM - Removed OpenOffice.org Installer 1.0
RP185: 24/05/2011 8:32:15 AM - Software Distribution Service 3.0
RP186: 25/05/2011 11:48:39 PM - Software Distribution Service 3.0
RP187: 28/05/2011 9:05:09 AM - Removed Java(TM) 6 Update 11
RP188: 28/05/2011 9:06:12 AM - Removed Java(TM) 6 Update 11
RP189: 28/05/2011 9:31:09 AM - Removed Adobe Reader 9.4.4.
RP190: 29/05/2011 9:15:42 AM - Installation eines unsignierten Treibers
RP191: 29/05/2011 9:22:27 PM - Removed Skype™ 5.3
RP192: 29/05/2011 9:23:55 PM - Removed Skype Toolbars
RP193: 29/05/2011 9:24:43 PM - Installed Skype™ 5.3
RP194: 29/05/2011 9:28:43 PM - Installed Skype Toolbars
RP195: 31/05/2011 7:03:50 PM - Removed Skype™ 5.3
RP196: 31/05/2011 7:04:42 PM - Installed Skype™ 5.1
RP197: 31/05/2011 7:10:37 PM - Removed Skype™ 5.1
RP198: 31/05/2011 7:11:51 PM - Removed Skype Toolbars
RP199: 31/05/2011 7:17:50 PM - Installed Skype™ 4.2
RP200: 31/05/2011 8:09:06 PM - Software Distribution Service 3.0
RP201: 5/06/2011 10:21:36 PM - Software Distribution Service 3.0
RP202: 7/06/2011 2:36:34 AM - Systemprüfpunkt
RP203: 9/06/2011 10:57:46 PM - Software Distribution Service 3.0
RP204: 11/06/2011 10:09:57 AM - Software Distribution Service 3.0
RP205: 12/06/2011 10:37:30 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acer Arcade
Acer eDataSecurity Management
Acer eDataSecurity Management 1.00.23
Acer eLock Management
Acer Empowering Technology framework
Acer eNet Management
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer OrbiCam-Software
Acer OrbiCam-Treiber
Acer Screensaver
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0
Adobe Photoshop Elements 2.0
Adobe Shockwave Player 11.5
Advanced SystemCare 4
Apple Application Support
Ashampoo Burning Studio 2009
Ashampoo UnInstaller 3.12
Ashampoo WinOptimizer 5.05
ATI - Dienstprogramm zur Deinstallation der Software
ATI Catalyst Control Center
ATI Display Driver
Audiograbber 1.83 SE
AVerMedia E501 CardBus Analog 3.5.0.69
AVerMedia MCE Encoder 3.2.1.62
AVerTV
AVIConverter CHN-EN Package
Bonjour
Browser Defender 2.0.6.15
CamStudio
Canon iP4500 series
Canon iP4800 series Printer Driver
Canon LBP5200
Canon PIXMA iP3000
Chinese Simplified Fonts Support For Adobe Reader 9
CoCreate Modeling Personal Edition 2.0
Compatibility Pack for the 2007 Office system
Data Access Objects (DAO) 3.5
Debut Video Capture Software
Dexster V2.0
DivX Codec
Dodo Wireless Broadband
e-tax 2010
EPSON Printer Software
EPSON Scan
ERUNT 1.1j
ESCX5700F User's Guide
ExpressPCB
Eyeline Video System
Food Additives 1.0
GMX IE7 Browser Update
Golden Videos
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Handbrake 0.9.4
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB2158563)
Hotfix für Windows XP (KB2443685)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix für Windows XP (KB981793)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Image Comparer v3.0 Free for PC User Readers
Intel(R) PROSet/Wireless Software
iTunes
K-Lite Codec Pack 6.2.0 (Full)
Launch Manager
Malwarebytes' Anti-Malware version 1.51.0.1200
Maxtor Manager
mCore
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office XP Professional mit FrontPage
Microsoft PhotoDraw 2000
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 5.0
Microsoft Windows Media Video 9 VCM
Mindful Clock
mMHouse
MP3 Repair Tool v1.5.2
mPfMgr
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Remote Controller
mWlsSafe
mXML
MyScript Notes Basic Edition
Natural Biorhythms version 3.04
Nitro PDF Professional
Nokia Connectivity Adapter Cable DKU-5
NTI CD & DVD-Maker
Organic Art, Microsoft Edition
PaperPort
PC Tools Internet Security 2009
PowerCam 2.0 Megapixel
PowerProducer
Prism Video Converter
QuickTime
Realtek High Definition Audio Driver
Recuva
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Serif PanoramaPlus 1
Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381)
Sicherheitsupdate für Windows Media Player (KB2378111)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB975558)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows XP (KB2079403)
Sicherheitsupdate für Windows XP (KB2115168)
Sicherheitsupdate für Windows XP (KB2121546)
Sicherheitsupdate für Windows XP (KB2160329)
Sicherheitsupdate für Windows XP (KB2229593)
Sicherheitsupdate für Windows XP (KB2259922)
Sicherheitsupdate für Windows XP (KB2279986)
Sicherheitsupdate für Windows XP (KB2286198)
Sicherheitsupdate für Windows XP (KB2296011)
Sicherheitsupdate für Windows XP (KB2296199)
Sicherheitsupdate für Windows XP (KB2347290)
Sicherheitsupdate für Windows XP (KB2360937)
Sicherheitsupdate für Windows XP (KB2387149)
Sicherheitsupdate für Windows XP (KB2393802)
Sicherheitsupdate für Windows XP (KB2412687)
Sicherheitsupdate für Windows XP (KB2419632)
Sicherheitsupdate für Windows XP (KB2423089)
Sicherheitsupdate für Windows XP (KB2436673)
Sicherheitsupdate für Windows XP (KB2440591)
Sicherheitsupdate für Windows XP (KB2443105)
Sicherheitsupdate für Windows XP (KB2476687)
Sicherheitsupdate für Windows XP (KB2478960)
Sicherheitsupdate für Windows XP (KB2478971)
Sicherheitsupdate für Windows XP (KB2479628)
Sicherheitsupdate für Windows XP (KB2479943)
Sicherheitsupdate für Windows XP (KB2481109)
Sicherheitsupdate für Windows XP (KB2483185)
Sicherheitsupdate für Windows XP (KB2485376)
Sicherheitsupdate für Windows XP (KB2485663)
Sicherheitsupdate für Windows XP (KB2491683)
Sicherheitsupdate für Windows XP (KB2503658)
Sicherheitsupdate für Windows XP (KB2506212)
Sicherheitsupdate für Windows XP (KB2506223)
Sicherheitsupdate für Windows XP (KB2507618)
Sicherheitsupdate für Windows XP (KB2508272)
Sicherheitsupdate für Windows XP (KB2508429)
Sicherheitsupdate für Windows XP (KB2509553)
Sicherheitsupdate für Windows XP (KB2511455)
Sicherheitsupdate für Windows XP (KB2524375)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464-v2)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371-v2)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB971961)
Sicherheitsupdate für Windows XP (KB972260)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975562)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977816)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978338)
Sicherheitsupdate für Windows XP (KB978542)
Sicherheitsupdate für Windows XP (KB978601)
Sicherheitsupdate für Windows XP (KB978706)
Sicherheitsupdate für Windows XP (KB979309)
Sicherheitsupdate für Windows XP (KB979482)
Sicherheitsupdate für Windows XP (KB979559)
Sicherheitsupdate für Windows XP (KB979683)
Sicherheitsupdate für Windows XP (KB979687)
Sicherheitsupdate für Windows XP (KB980195)
Sicherheitsupdate für Windows XP (KB980218)
Sicherheitsupdate für Windows XP (KB980232)
Sicherheitsupdate für Windows XP (KB980436)
Sicherheitsupdate für Windows XP (KB981322)
Sicherheitsupdate für Windows XP (KB981852)
Sicherheitsupdate für Windows XP (KB981957)
Sicherheitsupdate für Windows XP (KB981997)
Sicherheitsupdate für Windows XP (KB982132)
Sicherheitsupdate für Windows XP (KB982214)
Sicherheitsupdate für Windows XP (KB982665)
Sicherheitsupdate für Windows XP (KB982802)
Skype™ 5.3
SMSC CIR HID V5.3.2600.2
SpamBayes 1.0.4
Spybot - Search & Destroy
StreamTransport version: 1.0.2.2171
Switch Sound File Converter
Synaptics Pointing Device Driver
T39 USB-Handset Manager
TaskSwitchXP
Texas Instruments PCIxx21/x515 drivers.
TIxx21
Uninstall Startup Inspector
UnzipThemAll 1.3
Update für Microsoft Windows (KB971513)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows Internet Explorer 8 (KB980182)
Update für Windows XP (KB2141007)
Update für Windows XP (KB2345886)
Update für Windows XP (KB2467659)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB961503)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971029)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoPad Video Editor
Virtual Drive Creator V3.0.1
WebFldrs XP
WikidPad 1.8final
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools
Windows XP Service Pack 3
Xara XS
Zoner 3D Photo Maker
.
==== End Of File ===========================
Thank you, have a good weekend
Hi.
Since the last post the viruses have not shown any appearance in places where I would have noticed any activity.
That's good. :)
There's one new line in the last log that is totally unknown:
S3 6616190D;6616190D;c:\windows\system32\6616190d.exe --> c:\windows\system32\6616190D.exe [?]
The [?] indicates that the file is missing. Do you happen to know what it is related to?
Is your computer still performing well with no symptoms of malware infection?
Hello Vict0r
yes I found it. Microsoft Security Essentals removed this file on 4/06 at an automaic scan. Recognised it as VirTool/WinNt/Xooba.A
Ok.
That's important information. :)
I need a fresh DDS log, DDS.txt only before we can continue:
Double-Click on the dds icon that should be located on your desktop and wait for the logs to appear. Post DDS.txt only (I don't need to see Attach.txt now).
The file is still registered in the registry. Microsoft Security Essentials only deleted the file. It could not be found on any of the hard drives.
I had the computer online for about 5 hours with the IE explorer on the screen. Non of the processes which were suspicious came up. There also was only little to no traffic on the network.
.
DDS (Ver_2011-06-12.02) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Oliver Draxl at 20:38:11 on 2011-06-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.174 [GMT 10:00]
.
AV: Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Internet Security Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe
C:\WINDOWS\system32\CNAC3RPK.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Browser Defender\BDTUpdateService.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\Microsoft Security Client\msseces.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Maxtor\Sync\SyncServices.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\PC Tools Internet Security\pctsAuxs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\programme\browser defender\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\programme\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programme\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\programme\browser defender\PCTBrowserDefender.dll
uRun: [TaskSwitchXP] c:\programme\taskswitchxp\TaskSwitchXP.exe
uRun: [msnmsgr] "c:\programme\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [ATICCC] "c:\programme\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSC] "c:\programme\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll
LSP: c:\programme\gemeinsame dateien\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717
TCP: Interfaces\{86C0E1A0-58D0-4AC3-939C-6B15B6C14CD4} : NameServer = 202.136.43.197 202.136.42.229
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-1 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-11-1 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-11-1 39200]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl725bfd93;MpKsl725bfd93;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{bffa42a1-c1eb-4b6b-94de-0b045c789031}\MpKsl725bfd93.sys [2011-6-19 28752]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-1 159600]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\programme\iobit\advanced systemcare 4\ASCService.exe [2011-6-4 352656]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\browser defender\BDTUpdateService.exe [2009-9-24 112592]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-11-1 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\pc tools internet security\pctsAuxs.exe [2009-11-1 348752]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2009-9-23 1088896]
S1 MpKsl8ce013eb;MpKsl8ce013eb;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpksl8ce013eb.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKsl8ce013eb.sys [?]
S1 MpKslc2e1cac1;MpKslc2e1cac1;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\mpkslc2e1cac1.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\MpKslc2e1cac1.sys [?]
S1 MpKslfd10626b;MpKslfd10626b;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpkslfd10626b.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKslfd10626b.sys [?]
S2 AdminSVC;GMX Browser Update;c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe --> c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe [?]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [2001-12-20 7552]
S2 Ca533av;PocketCam 3Mega, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [2010-4-10 514929]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 6616190D;6616190D;c:\windows\system32\6616190d.exe --> c:\windows\system32\6616190D.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-9-25 16512]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2009-9-26 1183744]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2005-8-24 692992]
S3 EyelineService;Eyeline Video System;c:\programme\nch software\eyeline\eyeline.exe [2009-11-5 643076]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-9-23 32512]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-11-1 95656]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-1 64424]
S3 sdCoreService;PC Tools Security Service;c:\programme\pc tools internet security\pctsSvc.exe [2009-11-1 1095592]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-11-1 33056]
S3 ThreatFire;ThreatFire;c:\programme\pc tools internet security\tfengine\tfservice.exe service --> c:\programme\pc tools internet security\tfengine\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2011-06-19 10:27:02 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{bffa42a1-c1eb-4b6b-94de-0b045c789031}\MpKsl725bfd93.sys
2011-06-14 11:18:26 6962000 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{bffa42a1-c1eb-4b6b-94de-0b045c789031}\mpengine.dll
2011-06-04 02:36:27 -------- d-----w- c:\dokumente und einstellungen\oliver draxl\anwendungsdaten\Malwarebytes
2011-06-04 02:36:17 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Malwarebytes
2011-06-04 01:56:59 -------- d-----w- c:\dokumente und einstellungen\oliver draxl\anwendungsdaten\IObit
2011-06-04 01:56:56 -------- d-----w- c:\programme\IObit
2011-06-01 13:31:59 403216 ----a-w- c:\windows\system32\msrepl35.dll
2011-06-01 13:31:59 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-06-01 13:31:59 251664 ----a-w- c:\windows\system32\msrd2x35.dll
2011-06-01 13:31:58 25600 ----a-w- c:\programme\gemeinsame dateien\microsoft shared\dao\remove.exe
2011-06-01 13:27:27 -------- d-----w- c:\programme\DevStudio
2011-06-01 06:22:19 -------- d-sh--w- c:\dokumente und einstellungen\oliver draxl\UserData
2011-05-29 11:24:51 -------- d-----r- c:\programme\Skype
2011-05-27 02:06:54 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-05-27 02:06:54 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-05-27 02:06:54 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-05-27 02:06:54 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-05-27 02:06:54 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-05-21 03:57:13 -------- d-----w- c:\programme\Spybot - Search & Destroy
2011-05-21 03:57:13 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2011-06-07 03:43:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:39:11.79 ===============
Download ComboFix
A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper.
**IMPORTANT !!! Save ComboFix.exe to your Desktop**.
Please download and save ComboFix to the desktop. This tool is designed to run from the desktop! Do not run the tool yet:
Link1 (http://download.bleepingcomputer.com/sUBs/ComboFix.exe)
Link2 (http://www.forospyware.com/sUBs/ComboFix.exe)
Disable Microsoft Security Essentials
Make sure MSE is disabled:
Open Microsoft Security Essentials (MSE) and go to Settings > Real Time Protection.
Then uncheck "Turn on real time protection".
Close MSE when done.
Run ComboFix
Double click the ComboFix icon on the desktop to run the tool and click Yes to the disclaimer.
Please install the Recovery Console if prompted.
The Windows Recovery Console will allow you to boot into a special recovery (repair) mode. This allows us to more easily help you if your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
Please include the ComboFix log (C:\ComboFix.txt) in your next reply for further review.
Please make sure to enable Microsoft Security Essentials after ComboFix is finished.
To post:
Combofix log
Did any problems occur while following the instructions?
Hi Vict0r, there were no problems during the procedure.
ComboFix 11-06-20.01 - Oliver Draxl 21/06/2011 19:15:20.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.296 [GMT 10:00]
ausgeführt von:: c:\dokumente und einstellungen\Oliver Draxl\Desktop\ComboFix.exe
AV: Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Internet Security Firewall *Disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Oliver Draxl\WINDOWS
c:\programme\WinPCap
c:\programme\WinPCap\daemon_mgm.exe
c:\programme\WinPCap\npf_mgm.exe
c:\programme\WinPCap\rpcapd.exe
c:\windows\IsUn0407.exe
c:\windows\system\msvcr71.dll
c:\windows\system32\MSMAsk32.ocx
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-21 bis 2011-06-21 ))))))))))))))))))))))))))))))
.
.
2011-06-21 09:28 . 2011-06-21 09:28 0 ---ha-w- c:\dokumente und einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\BIT3.tmp
2011-06-21 09:13 . 2011-06-21 09:13 -------- d-----w- c:\windows\LastGood.Tmp
2011-06-20 08:06 . 2011-06-20 08:06 28752 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{BFFA42A1-C1EB-4B6B-94DE-0B045C789031}\MpKsl3e92a359.sys
2011-06-19 10:50 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-14 11:18 . 2011-05-09 20:46 6962000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{BFFA42A1-C1EB-4B6B-94DE-0B045C789031}\mpengine.dll
2011-06-04 02:36 . 2011-06-04 02:36 -------- d-----w- c:\dokumente und einstellungen\Oliver Draxl\Anwendungsdaten\Malwarebytes
2011-06-04 02:36 . 2011-06-04 02:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-06-04 01:56 . 2011-06-04 01:57 -------- d-----w- c:\dokumente und einstellungen\Oliver Draxl\Anwendungsdaten\IObit
2011-06-04 01:56 . 2011-06-04 01:56 -------- d-----w- c:\programme\IObit
2011-06-01 13:31 . 1996-12-03 03:07 403216 ----a-w- c:\windows\system32\msrepl35.dll
2011-06-01 13:31 . 1996-12-02 08:44 251664 ----a-w- c:\windows\system32\msrd2x35.dll
2011-06-01 13:31 . 1996-11-07 16:48 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-06-01 13:31 . 1996-11-11 21:50 25600 ----a-w- c:\programme\Gemeinsame Dateien\Microsoft Shared\DAO\remove.exe
2011-06-01 13:27 . 2011-06-01 13:27 -------- d-----w- c:\programme\DevStudio
2011-06-01 06:22 . 2011-06-01 06:22 -------- d-sh--w- c:\dokumente und einstellungen\Oliver Draxl\UserData
2011-05-31 09:46 . 2011-05-31 09:46 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
2011-05-29 11:24 . 2011-05-29 11:24 -------- d-----r- c:\programme\Skype
2011-05-27 02:06 . 2008-04-17 05:54 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-05-27 02:06 . 2008-04-17 05:53 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-05-27 02:06 . 2008-04-17 05:52 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-05-27 02:06 . 2008-04-17 05:52 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-05-27 02:06 . 2008-04-17 05:50 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 03:43 . 2011-05-20 05:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-09 20:46 . 2011-04-28 09:27 6962000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-02 15:31 . 2004-08-03 19:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-03 19:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 13:37 . 2004-08-03 19:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\programme\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-24 39408]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2005-11-01 102491]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-11-01 692315]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-12-02 151552]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-18 69632]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2005-12-15 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-18 3079680]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-06 458752]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-11-30 225280]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-17 15600128]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-18 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\CNAC3RPK.EXE"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-zu-Peer-Gruppierung
"3540:UDP"= 3540:UDP:Peer Name Resolution-Protokoll (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/11/2009 9:11 AM 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [1/11/2009 9:11 AM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [1/11/2009 9:11 AM 39200]
R1 MpKsl3e92a359;MpKsl3e92a359;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{BFFA42A1-C1EB-4B6B-94DE-0B045C789031}\MpKsl3e92a359.sys [20/06/2011 6:06 PM 28752]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [1/11/2009 9:11 AM 159600]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\programme\IObit\Advanced SystemCare 4\ASCService.exe [4/06/2011 11:56 AM 352656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Browser Defender\BDTUpdateService.exe [24/09/2009 5:10 PM 112592]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [1/11/2009 9:11 AM 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\PC Tools Internet Security\pctsAuxs.exe [1/11/2009 9:10 AM 348752]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [23/09/2009 6:32 PM 1088896]
S1 MpKsl725bfd93;MpKsl725bfd93;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{BFFA42A1-C1EB-4B6B-94DE-0B045C789031}\MpKsl725bfd93.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{BFFA42A1-C1EB-4B6B-94DE-0B045C789031}\MpKsl725bfd93.sys [?]
S1 MpKsl8ce013eb;MpKsl8ce013eb;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D7838697-49E8-442C-BC63-6BED63A84C14}\MpKsl8ce013eb.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D7838697-49E8-442C-BC63-6BED63A84C14}\MpKsl8ce013eb.sys [?]
S1 MpKslc2e1cac1;MpKslc2e1cac1;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{62605830-D9E0-4A94-92A0-E44119101219}\MpKslc2e1cac1.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{62605830-D9E0-4A94-92A0-E44119101219}\MpKslc2e1cac1.sys [?]
S1 MpKslfd10626b;MpKslfd10626b;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D7838697-49E8-442C-BC63-6BED63A84C14}\MpKslfd10626b.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D7838697-49E8-442C-BC63-6BED63A84C14}\MpKslfd10626b.sys [?]
S2 AdminSVC;GMX Browser Update;c:\dokumente und einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe [?]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [20/12/2001 8:32 PM 7552]
S2 Ca533av;PocketCam 3Mega, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [10/04/2010 7:09 PM 514929]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [13/05/2010 2:57 AM 136176]
S3 6616190D;6616190D;c:\windows\system32\6616190D.exe --> c:\windows\system32\6616190D.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [25/09/2009 9:57 PM 16512]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [26/09/2009 12:11 AM 1183744]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [24/08/2005 7:07 AM 692992]
S3 EyelineService;Eyeline Video System;c:\programme\NCH Software\Eyeline\eyeline.exe [5/11/2009 1:43 PM 643076]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [13/05/2010 2:57 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [1/11/2009 9:10 AM 95656]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [1/11/2009 9:10 AM 64424]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [1/11/2009 9:11 AM 33056]
S3 ThreatFire;ThreatFire;c:\programme\PC Tools Internet Security\TFEngine\TFService.exe service --> c:\programme\PC Tools Internet Security\TFEngine\TFService.exe service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-04 c:\windows\Tasks\videopadDowngrade.job
- c:\programme\NCH Software\VideoPad\videopad.exe [2010-10-27 08:53]
.
2011-06-04 c:\windows\Tasks\videopadShakeIcon.job
- c:\programme\NCH Software\VideoPad\videopad.exe [2010-10-27 08:53]
.
2011-06-21 c:\windows\Tasks\User_Feed_Synchronization-{8B034EC4-73E5-4F92-8146-AE71BF70500B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 18:31]
.
2011-06-04 c:\windows\Tasks\goldenvideosShakeIcon.job
- c:\programme\NCH Software\GoldenVideos\goldenvideos.exe [2010-04-11 11:29]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc205d386b3860.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-05-12 16:57]
.
2011-06-21 c:\windows\Tasks\MpIdleTask.job
- c:\programme\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 02:26]
.
2011-06-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 02:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0407.EXE
AddRemove-Virtual Drive Creator_is1 - c:\programme\J. A. Associates\Virtual Drive Creator\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-21 19:29
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1596)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1652)
c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\CNAC3RPK.EXE
c:\acer\Empowering Technology\admServ.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\programme\Maxtor\Sync\SyncServices.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dwwin.exe
c:\programme\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-21 19:32:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-06-21 09:32
.
Vor Suchlauf: 20 Verzeichnis(se), 12,480,184,320 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 12,801,966,080 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1543E13B0CA90D69C2E82FDB9E347893
Hi Vict0r, there were no problems during the procedure.Good. :)
We are soon finished.
Run OTL Script
We need to run another OTL Fix, this one will require a reboot of the computer.
Double-click OTL.exe to start the program.
Copy and Paste the following code into the http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/customFix.png textbox. Do not include the word Code
:processes
killallprocesses
:services
6616190D
Then click the Run Fix button at the top.
Click http://billy-oneal.com/Canned%20Speeches/speechimages/OTL/btnOK.png.
OTL may ask to reboot the machine. Please do so if asked.
The report should appear in Notepad after the reboot. Copy and Paste that report into your next reply.
Registry Cleaners + "Tweak" Tools
I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools. They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though.
Stopping services & setting policies can speed up your machine ..... as long as you stop & set the right ones, & even then it's debatable if you will notice the improvement.
Remove the wrong registry entry, or stop the wrong service, & not only can you slow your machine .... you could kill it !
To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing & what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.
Read the following for more information:
http://forums.whatthetech.com/Regcleaner_t42862.html
http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html
Please uninstall these programs:
Advanced SystemCare 4
Ashampoo WinOptimizer 5.05
Update Windows and Internet Explorer
Update Windows and Internet Explorer to protect your computer from malware. Please go to the windows update site (http://windowsupdate.microsoft.com/) to get the high-priority updates. Repeat this update process until no further high-priority updates are offered.
Upload File for testing
Copy the following line:
c:\windows\system\msvcr71.dll
Please go to jotti.org (http://virusscan.jotti.org/en) or Virustotal (http://www.virustotal.com/)
Click the Browse button. A box will open, paste the filepath into the field next to File:. Click OK.
Press Submit - this will submit the file for testing, rescan the file if asked.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :
http://img263.imageshack.us/img263/38/61446739.jpg
Repeat the online scan for this file/line:
c:\windows\system32\MSMAsk32.ocx
When finished post:
OTL (script) log
Links to online scans.
A fresh DDS log (DDS.txt only)
Hi vict0r,
Thanks for the hints about the registry cleaner. It is a good point. I'm aware of the danger that they can be invasive. I used Ashampoo to find unused temporary files and internet history. It has also helped me to find out if a program was unintalled properly. I know that windows and IExplorer have cleanup tools and know where they are. I understood that the forums advise to read, understand and apply correctly. Having a past IT background not PC but IBM ES9000 VSE/ESA, i'm used to read the screen before clicking [ok] I even read the logs sent to you :-)
"Advanced SystemCare 4" came from "MajorGeeks.com" As I downloaded Malwarebytes I was mislead by a link. I realised the mistake and never used the software. Sorry about the confusion.
msvcr71.dll and MSMAsk32.ocx was found as msvcr71.dll.vir and MSMAsk32.ocx.vir in C:\Qoobox\Quarantine\C\Windows\system and \system32
Combofix has Quarantined the files.
The scans where negative.
http://virusscan.jotti.org/en/scanresult/84ca82af8bdbfbd32f0610ad21e1b5d01b3c33b9/34724615acd41d62b77eb53f5e6f997bc0501642
http://virusscan.jotti.org/en/scanresult/2f2980082f880ac48de82f7550edf95aba04faac
Do you need a full OTL scan or did you mean to send the log of the OTL fix?
========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Service 6616190D stopped successfully!
Service 6616190D deleted successfully!
OTL by OldTimer - Version 3.2.23.0 log created on 06222011_100605
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
.
DDS (Ver_2011-06-12.02) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Oliver Draxl at 12:33:17 on 2011-06-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.292 [GMT 10:00]
.
AV: Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Internet Security Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\WINDOWS\system32\CNAC3RPK.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\notepad.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Browser Defender\BDTUpdateService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Maxtor\Sync\SyncServices.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\PC Tools Internet Security\pctsAuxs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\programme\browser defender\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\programme\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programme\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\programme\browser defender\PCTBrowserDefender.dll
uRun: [TaskSwitchXP] c:\programme\taskswitchxp\TaskSwitchXP.exe
uRun: [msnmsgr] "c:\programme\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [ATICCC] "c:\programme\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSC] "c:\programme\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll
LSP: c:\programme\gemeinsame dateien\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717
TCP: Interfaces\{86C0E1A0-58D0-4AC3-939C-6B15B6C14CD4} : NameServer = 202.136.43.197 202.136.42.229
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-1 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-11-1 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-11-1 39200]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslba4f77f3;MpKslba4f77f3;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{a4a333ba-7129-4db5-bbd9-f4c97198d6d3}\MpKslba4f77f3.sys [2011-6-22 28752]
R1 MpKsle115d5cb;MpKsle115d5cb;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{a4a333ba-7129-4db5-bbd9-f4c97198d6d3}\MpKsle115d5cb.sys [2011-6-21 28752]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-1 159600]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\browser defender\BDTUpdateService.exe [2009-9-24 112592]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-11-1 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\pc tools internet security\pctsAuxs.exe [2009-11-1 348752]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2009-9-23 1088896]
S1 MpKsl725bfd93;MpKsl725bfd93;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{bffa42a1-c1eb-4b6b-94de-0b045c789031}\mpksl725bfd93.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{bffa42a1-c1eb-4b6b-94de-0b045c789031}\MpKsl725bfd93.sys [?]
S1 MpKsl8ce013eb;MpKsl8ce013eb;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpksl8ce013eb.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKsl8ce013eb.sys [?]
S1 MpKslc2e1cac1;MpKslc2e1cac1;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\mpkslc2e1cac1.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\MpKslc2e1cac1.sys [?]
S1 MpKslfd10626b;MpKslfd10626b;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpkslfd10626b.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKslfd10626b.sys [?]
S2 AdminSVC;GMX Browser Update;c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe --> c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe [?]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [2001-12-20 7552]
S2 Ca533av;PocketCam 3Mega, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [2010-4-10 514929]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-9-25 16512]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2009-9-26 1183744]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2005-8-24 692992]
S3 EyelineService;Eyeline Video System;c:\programme\nch software\eyeline\eyeline.exe [2009-11-5 643076]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-11-1 95656]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-1 64424]
S3 sdCoreService;PC Tools Security Service;c:\programme\pc tools internet security\pctsSvc.exe [2009-11-1 1095592]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-11-1 33056]
S3 ThreatFire;ThreatFire;c:\programme\pc tools internet security\tfengine\tfservice.exe service --> c:\programme\pc tools internet security\tfengine\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2011-06-22 00:42:41 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{a4a333ba-7129-4db5-bbd9-f4c97198d6d3}\MpKslba4f77f3.sys
2011-06-21 10:11:27 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{a4a333ba-7129-4db5-bbd9-f4c97198d6d3}\MpKsle115d5cb.sys
2011-06-21 10:10:57 6962000 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{a4a333ba-7129-4db5-bbd9-f4c97198d6d3}\mpengine.dll
2011-06-21 09:11:07 -------- d-sha-r- C:\cmdcons
2011-06-21 09:07:39 98816 ----a-w- c:\windows\sed.exe
2011-06-21 09:07:39 518144 ----a-w- c:\windows\SWREG.exe
2011-06-21 09:07:39 256512 ----a-w- c:\windows\PEV.exe
2011-06-21 09:07:39 208896 ----a-w- c:\windows\MBR.exe
2011-06-21 09:07:15 -------- d-----w- C:\ComboFix
2011-06-19 10:50:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-04 02:36:27 -------- d-----w- c:\dokumente und einstellungen\oliver draxl\anwendungsdaten\Malwarebytes
2011-06-04 02:36:17 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Malwarebytes
2011-06-04 01:56:59 -------- d-----w- c:\dokumente und einstellungen\oliver draxl\anwendungsdaten\IObit
2011-06-04 01:56:56 -------- d-----w- c:\programme\IObit
2011-06-01 13:31:59 403216 ----a-w- c:\windows\system32\msrepl35.dll
2011-06-01 13:31:59 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-06-01 13:31:59 251664 ----a-w- c:\windows\system32\msrd2x35.dll
2011-06-01 13:31:58 25600 ----a-w- c:\programme\gemeinsame dateien\microsoft shared\dao\remove.exe
2011-06-01 13:27:27 -------- d-----w- c:\programme\DevStudio
2011-06-01 06:22:19 -------- d-sh--w- c:\dokumente und einstellungen\oliver draxl\UserData
2011-05-29 11:24:51 -------- d-----r- c:\programme\Skype
2011-05-27 02:06:54 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-05-27 02:06:54 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-05-27 02:06:54 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-05-27 02:06:54 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-05-27 02:06:54 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
.
==================== Find3M ====================
.
2011-06-07 03:43:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:44 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:05:36 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:05:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:05:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:44 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 12:34:06.32 ===============
Hi.
msvcr71.dll and MSMAsk32.ocx was found as msvcr71.dll.vir and MSMAsk32.ocx.vir in C:\Qoobox\Quarantine\C\Windows\system and \system32
Combofix has Quarantined the files.[/url]
Do you need a full OTL scan or did you mean to send the log of the OTL fix?
I'm sorry about the mistake.
You posted the correct logs. :)
How is the performance of this computer now?
Hello Vict0r
The performance appears to be normal. I never noticed the activity of 6616190D.exe so since the removal of msmonitor.exe it has been good.
Thank you very much for your help.
I just have a question, you may know, when I dial into the net with the Huawai wirless modem, somtimes the system does not open any programs for up to two minutes. Do you know what's happening in this time? When I want to check my emails for example Outlook and also Iexplorer does not open when requested.
Hi.
I'm sorry for the delay...
I just have a question, you may know, when I dial into the net with the Huawai wirless modem, somtimes the system does not open any programs for up to two minutes. Do you know what's happening in this time? When I want to check my emails for example Outlook and also Iexplorer does not open when requested.
This is probably caused by compatibility issues between your USB controller drivers and the USB modem. It might help to update the chipset drivers from Acer (German version): http://www.acer.de/ac/de/DE/content/drivers
TFC (Temp File Cleaner):
Please download TFC (http://oldtimer.geekstogo.com/TFC.exe) to your desktop,
Save any unsaved work. TFC will close all open application windows.
Double-click TFC.exe to run the program.
Click the Start button in the bottom left of TFC
If prompted, click Yes to reboot. If not prompted, then please reboot manually.
Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. You may not be prompted to reboot.
Uninstall ComboFix
Click on Start >> Run..., copy and paste the following line into the run box, then click OK:
ComboFix /Uninstall
Note: there's a space between "ComboFix" and "/Uninstall" and that this is the correct method to uninstall Combofix even if it is named differently.
Clean up with OTL
Double-click OTL.exe to start the program. This will remove most of the tools we used to clean your pc.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CleanUp! button
Say Yes to the prompt and then allow the program to reboot your computer.
Delete the following files
Please delete the following files on your desktop (if still present):
Trend Micro Diagnostic Toolkit (32bit.exe)
appremover.exe
MBRBackup.exe
MBRCheck.exe
RKUnhookerLE.exe
Java
Download and install Java Runtime Environment (JRE) 6 Update 26 (http://java.sun.com/javase/downloads/index.jsp) (~15Mb)
Adobe
Adobe Reader is available for download from the following link: http://get.adobe.com/reader/
Please uncheck McAfee Security Scan Plus before the download!
Adobe Reader is a large program. If you prefer a smaller program you can get Foxit 5.0 instead from http://www.foxitsoftware.com/downloads/
If you decide to install Foxit 5.0, do the following during Foxit's Setup/Installation process:
Uncheck the following boxes to avoid various installations and The Foxit PDF Creator Toolbar powered by Ask:
Install Foxit PDF Creator Toolbar
Make Ask my browser default search provider
Set Ask.com as my home page
Windows updates
Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately when they are offered.
Go to Start > Control Panel > Automatic Updates
Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
Select Download updates for me, but let me choose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.
Keep your non-Microsoft applications updated as well
Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector (http://secunia.com/software_inspector) - I suggest that you run it and install the suggested updates at least once a week.
Consider using the following to secure your computer further
Malwarebytes' Anti-Malware
Install Malwarebytes Anti-Malware, update and perform a quick scan 1-2 times a week. Download from the following link: Malwarebytes Anti Malware (http://www.malwarebytes.org/products/malwarebytes_free)
Make use of the HOSTS file included with Spybot Search & Destroy
Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy.
Run Spybot Search & Destroy.
Click on Mode, and then place a tick next to Advanced mode.
Click Yes.
In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File.
Click on Add Spybot-S&D hosts list.
Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue:
Click Start > Run Type services.msc & click OK
In the list, find the service called DNS Client & double click on it. On the dropdown box, change the setting from automatic to manual. Click OK & then close the Services window.
For a more detailed explanation of the HOSTS file, click here (http://forum.malwareremoval.com/viewtopic.php?t=22187).
Use an alternative to Internet Explorer
Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead. I can recommend Firefox (http://www.mozilla.com/en-US/firefox/) with the NoScript (http://noscript.net/) addon to avoid malicious scripting attacks.
It is ABSOLUTELY ESSENTIAL to keep Windows, Java, Adobe and all of your security programs up to date.
Read these articles to learn more about how to protect yourself while on the internet:
Reducing Your Risk to Malware. (http://www.malwarevault.com/prevention.html)
Is It Real or is it ScareWare? (http://www.malwarevault.com/scareware.html)
Do you have further questions related to this case?
No, I have no further questions regarding this case. The computer runs without problems now and - maybe I just imagine it - but also is faster. Thank you very much for your help with this it was great. It saved me from resetting the whole system, as I would not have found those viruses and remove them on my own. The work you and you team are doing is very valuable to us pc users who do not have the deep knowledge about how do deal with this problems. Thank you for making your skills available to us.
All the best
Oliver
You're welcome. :)
Since this issue appears to be resolved ... this Topic has been closed.
Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.
If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.