dl[1].htm

[Curly]

Dear caseworker
Tashi advised me to send my question to this part of the forum. Since to me unknown time dl[1].htm is spooking my computer. It was undetected by Microsoft Security Essentials and Spybot. I found it two days ago through strange behaviour of Internet Explorer and slowing down of the computer. In the last couple of days I have observed it and tried to remove it. It executes in combination with IE-Explorer, appears as a process with the same name and creates a file named m23S7Ral.exe; both are found in the process list in the task manager. M23S7Ral.exe uses up to 50% of CPU for short times, especially when it starts or when other programs are being started.

When I close the Internet Explorer, after a few seconds the Internet Explorer opens again showing the following address:



In the browser window appears the program code of m23S7Ral.exe in txt format which is then saved in the location:

[C:\Dokumente und Einstellungen\All Users\Anwendungsdaten]

dl[1].htm is not to find on the hard drive.

It creates a registry entry in:

[HKEY-USERS\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Microsoft\Windows\ShellNoRoam\MUICache]

the following string:

C:\Dokumente und Einstellungen\All Users\Anwendungsdaten REG_SZ m23S7RaL

This only happens in combination with Internet Explorer and it has so far only happened when the computer is online.

Before using Spybot I tried to remove this program manually but destroying the file and deleting the registry entry does not help as the file recreates through the IE explorer when the browser is online for several minutes.

On the day I discovered it first time, all the browsers temporary data, history, cookies, passwords, etc. where deleted. It may not have anything to do with it as it happened as I frantically tried to shut down the strange activity in the task manager and Internet Explorer which was hard because the computer was so slow.
So far I have not been able to find out what it does.

The system on my computer is Windows XP Service pack 3 with all the updates installed.
The Internet Explorer is version 8.0.6001.18702IC

On the computer is an outdated and inactive version of PC Tools Internet Security. This program has been shut down for about 4 months.
Micro Trend Internet Security does not work because it crashed by the installation and could not be reinstalled because of the left fragments from the previous installation which could not be removed. It still appears in Windows as a fully installed program though.
Since then I use Microsoft Security Essentials.

I have saved print screens of all the entries of the two “strangers” on my computer I found. I can send when needed.

I hope with this information you are able to help me and others who may be in jeopardy about this.

Thank you for your help in this matter.

Best Regards

Oliver

.
DDS (Ver_11-05-19.01) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Owner at 18:24:23 on 2011-05-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.416 [GMT 10:00]
.
AV: Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Trend Micro Internet Security *Enabled/Updated* {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Internet Security Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Browser Defender\BDTUpdateService.exe
C:\WINDOWS\system32\CNAC3RPK.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Java\jre6\bin\jqs.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\PC Tools Internet Security\pctsAuxs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\Programme\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
D:\Eigene Dateien\Download\spybot\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
{14ceeaff-96dd-4101-ae37-d5ecdc23c3f6}
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\programme\gemeinsame dateien\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\programme\browser defender\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\programme\spybot - search & destroy\SDHelper.dll
BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programme\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\programme\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\programme\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\programme\browser defender\PCTBrowserDefender.dll
TB: {23B0D39A-E245-41B7-BF86-1238CF62625E} - No File
uRun: [TaskSwitchXP] c:\programme\taskswitchxp\TaskSwitchXP.exe
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [msnmsgr] "c:\programme\windows live\messenger\msnmsgr.exe" /background
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [ATICCC] "c:\programme\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [<NO NAME>]
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [Adobe Reader Speed Launcher] "c:\programme\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\programme\gemeinsame dateien\adobe\arm\1.0\AdobeARM.exe"
mRun: [UfSeAgnt.exe] "c:\programme\trend micro\internet security\UfSeAgnt.exe"
mRun: [MSC] "c:\programme\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll
LSP: c:\programme\gemeinsame dateien\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
Filter: text/html - {e0e86684-af80-4520-b049-326a9cb81c82} - c:\dokume~1\oliver~1\lokale~1\temp\msmonitor
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\programme\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-1 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-11-1 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-11-1 39200]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl8ce013eb;MpKsl8ce013eb;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKsl8ce013eb.sys [2011-5-21 28752]
R1 MpKslfd10626b;MpKslfd10626b;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKslfd10626b.sys [2011-5-21 28752]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-1 159600]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\browser defender\BDTUpdateService.exe [2009-9-24 112592]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-11-1 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\pc tools internet security\pctsAuxs.exe [2009-11-1 348752]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [2009-7-30 36368]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2009-9-23 1088896]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [2009-7-30 339984]
S1 MpKslc2e1cac1;MpKslc2e1cac1;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\mpkslc2e1cac1.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\MpKslc2e1cac1.sys [?]
S2 AdminSVC;GMX Browser Update;c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe --> c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe [?]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [2001-12-20 7552]
S2 Ca533av;PocketCam 3Mega, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [2010-4-10 514929]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-9-25 16512]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2009-9-26 1183744]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2005-8-24 692992]
S3 EyelineService;Eyeline Video System;c:\programme\nch software\eyeline\eyeline.exe [2009-11-5 643076]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-9-23 32512]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-11-1 95656]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-1 64424]
S3 sdCoreService;PC Tools Security Service;c:\programme\pc tools internet security\pctsSvc.exe [2009-11-1 1095592]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-11-1 33056]
S3 ThreatFire;ThreatFire;c:\programme\pc tools internet security\tfengine\tfservice.exe service --> c:\programme\pc tools internet security\tfengine\TFService.exe service [?]
S3 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [2011-4-22 50704]
S3 TmPfw;Trend Micro Personal Firewall;"c:\programme\trend micro\internet security\tmpfw.exe" --> c:\programme\trend micro\internet security\TmPfw.exe [?]
S3 TmProxy;Trend Micro Proxy Service;"c:\programme\trend micro\internet security\tmproxy.exe" --> c:\programme\trend micro\internet security\TmProxy.exe [?]
.
=============== Created Last 30 ================
.
2011-05-22 02:43:55 114690 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\m23S7RaL.exe
2011-05-21 10:33:00 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKslfd10626b.sys
2011-05-21 05:46:43 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKsl8ce013eb.sys
2011-05-21 05:45:40 6962000 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpengine.dll
2011-05-21 03:57:13 -------- d-----w- c:\programme\Spybot - Search & Destroy
2011-05-21 03:57:13 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Spybot - Search & Destroy
2011-05-20 05:58:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-20 05:50:53 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Skype Extras
2011-04-28 09:27:29 6962000 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2011-04-26 23:39:41 -------- d-----w- c:\programme\IE3_NT
2011-04-26 23:31:42 -------- d-----w- c:\programme\HPSW
2011-04-26 12:12:19 -------- d-----w- C:\IEXPLORE
2011-04-26 11:38:05 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-04-26 11:38:05 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-04-26 11:38:05 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-04-26 11:38:05 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-04-26 11:38:05 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-04-22 09:06:14 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-04-22 08:53:18 -------- d-----w- c:\programme\Microsoft Security Client
.
==================== Find3M ====================
.
2011-03-07 05:33:46 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:22 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:53:00 1858048 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:05:50 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:05:50 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:05:50 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:42:00 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 18:25:22.56 ===============

 

[vict0r]

Hello and welcome to the forum.

My name is vict0r and I will help you with the malware issues on your computer.

Please read the following information carefully.

IMPORTANT: Whatever repairs we make, are for fixing this computer only and by no means should be used on another computer.

To make cleaning this machine easier:

• Continue to respond to this thread until I I tell you that the logs are clean!
• Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
• Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
• Please follow all instructions in the order posted.
• If you have any questions or do not understand instructions, please ask before continuing.
• Please reply to this thread. Do not start a new topic.
• Your security program(s) may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Uninstall misc programs

Out of date Adobe and Java installations pose a security risk. They can be used by malware as a means to infect a computer and or re-infect.

If you need a pdf reader while we clean your computer, then you can download the standalone version of Foxit PDF Reader (no installation required) in the following link. http://cdn01.foxitsoftware.com/pub/foxi ... 31_enu.zip

Please uninstall PCTools since you do not use it anymore and if you did not already try, then try to uninstall Trend Micro.

Please uninstall Viewpoint (you probably didn't install it).

• Click on Start > Run.
• In the open text box copy/paste appwiz.cpl Then click Ok.
• Wait for the list of programs in the Add/Remove control panel to appear, then uninstall the two programs listed below:
  
  Adobe Reader 9.4.4
  Java(TM) 6 Update 11
  Java(TM) 6 Update 17
  PC Tools Internet Security 2009
  Trend Micro Internet Security
  Viewpoint Media Player
  

Backup the Registry

Using tools that are modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

Please navigate to Start >> All Programs >> ERUNT >> ERUNT.

• Click on OK within the pop-up menu.
• In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
• System registry
• Current user registry
• Next click on OK
• When the Question pop-up appears click on Yes
• After a short duration the Registry backup is complete! popup will appear
• Now click on OK. A backup has been created.

Trend Micro removal

Save all work and close all programs, a reboot is required after running this tool. Run this tool even if unistalling Trend Micro was successful or failed above.

1. Download the Trend Micro Diagnostic Toolkit.
   
2. When the File Download window appears, click Run.
   
3. After the download finishes, the Trend Micro Diagnostic Toolkit window appears.
   
4. Click the Uninstall tab, then click the "1. Uninstall software" button.
   
5. The Toolkit will automatically detect the Trend Micro program that is currently installed. Click Uninstall.
   
6. After the program finishes uninstalling, you will then be asked to restart your computer. Click Yes.

OTL

Download OTL to your desktop from the following link: OTL.exe

• Double click on OTL.exe (on your desktop) to run it.
• Check the boxes labeled :
  • Scan All Users
  • LOP check
  • Purity check
• Click on the Run Scan button at the top left hand corner.
• OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
  They will be saved on your desktop. Please post these logs.

Please use one reply per log and do not attach any logs, but copy and paste them directly into your reply. Some logs can be lengthy, then you have to use more than one reply to post the log.

 

[Curly]

Hello Vict0r
Thank you for looking into this.
This morning by a routine scan Microsoft Security Essentials picked up:
VirTool:Win32/CeeInject.gen!EO
and removed it. Then it showed the log and it was:

Category: Tool

Description: This program is used to create viruses, worms or other malware.

Items:
file:C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YKJYBT3C\dl[1].htm

It seams that the virus scanner has finally found it.

But I'm not sure if it is successfully removed because sometimes in the last days the virus also appeared as dl[2].htm

Here is the OTL log part 1:

OTL logfile created on: 27/05/2011 12:18:04 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Eigene Dateien\Computer upgrade
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australien | Language: ENA | Date Format: d/MM/yyyy

1022.04 Mb Total Physical Memory | 388.78 Mb Available Physical Memory | 38.04% Memory free
2.40 Gb Paging File | 1.77 Gb Available in Paging File | 73.62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35.06 Gb Total Space | 11.94 Gb Free Space | 34.06% Space Free | Partition Type: FAT32
Drive D: | 35.55 Gb Total Space | 7.94 Gb Free Space | 22.32% Space Free | Partition Type: FAT32
Drive F: | 125.11 Mb Total Space | 123.38 Mb Free Space | 98.61% Space Free | Partition Type: FAT
Drive J: | 298.09 Gb Total Space | 129.42 Gb Free Space | 43.42% Space Free | Partition Type: NTFS

Computer Name: ACER-2CDC76420C | User Name: Oliver Draxl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/27 12:15:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Computer upgrade\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/22 09:16:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\Browser Defender\BDTUpdateService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Internet Security\pctsAuxs.exe
PRC - [2008/09/22 06:02:20 | 000,054,720 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAC3RPK.EXE
PRC - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Programme\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/14 12:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/05 08:29:14 | 000,062,976 | ---- | M] (Alexander Avdonin) -- C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
PRC - [2005/12/15 19:13:38 | 000,344,064 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2005/12/06 17:11:24 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE
PRC - [2005/12/02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005/12/02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005/12/02 15:42:42 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005/12/02 15:42:28 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005/12/02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005/11/30 20:39:58 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/11/16 17:00:50 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/11/02 00:11:00 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/10/24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005/10/19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005/08/12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe


========== Modules (SafeList) ==========

MOD - [2011/05/27 12:15:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Computer upgrade\OTL.exe
MOD - [2011/02/08 23:33:28 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010/08/24 02:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/12/05 16:00:10 | 000,053,248 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\sysenv.dll
MOD - [2005/11/02 00:11:00 | 000,069,723 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005/08/24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2004/08/04 05:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll
MOD - [2003/03/18 21:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71u.dll
MOD - [2003/03/18 20:44:34 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71DEU.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (LVPrcSrv)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AdminSVC)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/22 09:16:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\Browser Defender\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/05 13:43:14 | 000,643,076 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Programme\NCH Software\Eyeline\eyeline.exe -- (EyelineService)
SRV - [2009/11/01 21:16:56 | 000,070,944 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Internet Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/02/02 10:20:02 | 001,095,592 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Internet Security\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\PC Tools Internet Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Programme\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/04/14 12:22:24 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2005/12/02 15:43:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/12/02 15:43:00 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/12/02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2011/05/27 11:56:02 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D9F1F192-FC7D-4B13-9E92-E9235691703F}\MpKsl196d8b0d.sys -- (MpKsl196d8b0d)
DRV - [2010/02/11 22:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/01 21:16:56 | 000,039,200 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/11/01 21:16:48 | 000,033,056 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/11/01 21:16:34 | 000,051,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/01 21:15:24 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/12/18 12:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 08:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/12/10 12:36:06 | 000,064,424 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2008/12/10 12:36:04 | 000,095,656 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2008/09/22 12:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/04/17 15:52:50 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/04/14 04:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/08/29 17:40:34 | 001,183,744 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/12/06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005/12/01 07:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/30 20:45:10 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/11/30 20:45:10 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/11/29 21:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2005/11/29 21:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/26 16:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/17 15:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/11/08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/11/08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/08/24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005/08/03 05:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/06/22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/04/22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/04/22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/04/05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2003/10/24 02:07:38 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/16 16:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2002/11/06 09:42:10 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) DSC Still Image Capture (CA100)
DRV - [2002/07/31 17:48:54 | 000,514,929 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CA533AV.SYS -- (Ca533av)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/02/02 02:29:36 | 000,015,300 | ---- | M] (CANON INC.) [Kernel | Auto | Running] -- C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmpar21.sys -- (cnmpar21)
DRV - [2001/12/20 20:32:20 | 000,007,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\usbprn.sys -- (BulkUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local



O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - Reg Error: Value error. File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\..\Toolbar\WebBrowser: (no name) - {23B0D39A-E245-41B7-BF86-1238CF62625E} - No CLSID value found.
O3 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_11-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\Eigene Dateien\Eigene Bilder\Sun behind planets desktop.bmp
O24 - Desktop BackupWallPaper: D:\Eigene Dateien\Eigene Bilder\Sun behind planets desktop.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/05 08:20:18 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/12/17 19:10:56 | 000,000,000 | ---D | M] - C:\AUTOTRAX -- [ FAT32 ]
O33 - MountPoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{79949d7d-6ff9-11e0-b9e2-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{79949d7d-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79949d7d-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{807616c6-7850-11df-b959-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{807616c6-7850-11df-b959-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{807616c6-7850-11df-b959-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WHS2108J06098.vbs
O33 - MountPoints2\{d3051bba-8805-11e0-b9eb-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{d3051bba-8805-11e0-b9eb-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3051bba-8805-11e0-b9eb-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

[Curly]

OTL part 2:

========== Files/Folders - Created Within 30 Days ==========

[2011/05/27 12:07:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Dodo Wireless Broadband
[2011/05/27 12:06:54 | 000,872,192 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2011/05/27 12:06:54 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys
[2011/05/27 12:06:54 | 000,101,376 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2011/05/27 12:06:54 | 000,100,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2011/05/27 12:06:54 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2011/05/27 12:06:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/05/27 11:53:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Trend Micro
[2011/05/22 18:24:24 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\Startmenü\Programme\Verwaltung
[2011/05/22 18:03:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011/05/22 18:03:17 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011/05/22 08:36:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop
[2011/05/21 13:57:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011/05/21 13:57:13 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011/05/21 13:57:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011/05/20 15:58:03 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/20 15:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype Extras
[2011/05/20 15:49:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2011/05/09 17:38:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\Desktop\content of alcor 125 090511
[2011/04/27 16:24:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\NetworkService\Lokale Einstellungen\Anwendungsdaten\PCHealth
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/27 12:01:02 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/27 12:00:44 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/05/27 11:58:14 | 000,000,603 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011/05/27 11:55:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/27 11:55:30 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/22 08:39:18 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\goldenvideosShakeIcon.job
[2011/05/21 22:42:40 | 000,011,329 | ---- | M] () -- C:\WINDOWS\IEXPLORE.INI
[2011/05/21 20:38:50 | 000,496,742 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/05/21 20:38:50 | 000,442,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/21 20:38:50 | 000,100,966 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/05/21 20:38:50 | 000,072,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/21 15:30:32 | 000,001,222 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/20 15:58:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/12 19:31:54 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc10876d90845e.job
[2011/05/12 12:36:12 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/05/11 14:52:14 | 000,247,296 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/27 12:59:46 | 000,000,433 | ---- | M] () -- C:\WINDOWS\globhist.htm
[2011/04/27 12:59:46 | 000,000,000 | ---- | M] () -- C:\WINDOWS\cookie.jar
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/22 08:39:16 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\goldenvideosShakeIcon.job
[2011/05/21 20:32:31 | 1071,763,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/21 14:52:50 | 000,001,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/20 15:49:57 | 000,002,247 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype.lnk
[2011/05/12 19:31:53 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc10876d90845e.job
[2011/04/27 09:32:06 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ob1.INI
[2011/04/26 22:12:19 | 000,011,329 | ---- | C] () -- C:\WINDOWS\IEXPLORE.INI
[2011/04/26 22:12:19 | 000,000,223 | ---- | C] () -- C:\WINDOWS\RA.INI
[2010/07/20 23:25:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/07/20 23:25:53 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/07/20 23:25:53 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/20 23:25:53 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/10 19:09:25 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\aip504.dll
[2010/04/10 19:09:25 | 000,014,381 | ---- | C] () -- C:\WINDOWS\Tw533a.ini
[2010/04/10 19:09:25 | 000,012,201 | ---- | C] () -- C:\WINDOWS\USB_CAM.ini
[2010/04/10 19:09:25 | 000,012,201 | ---- | C] () -- C:\WINDOWS\USB_533.ini
[2010/04/10 19:09:25 | 000,002,141 | ---- | C] () -- C:\WINDOWS\ca533a.ini
[2010/04/10 19:09:25 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Setup533.ini
[2010/04/10 19:09:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll
[2010/04/10 19:09:24 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll
[2010/04/10 19:09:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\VideoThumb.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll
[2010/04/10 19:09:24 | 000,023,602 | ---- | C] () -- C:\WINDOWS\System32\RCfile.ini
[2010/04/02 11:14:32 | 000,460,908 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat
[2010/04/02 11:14:32 | 000,085,594 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat
[2010/01/02 18:39:38 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/29 16:27:08 | 000,010,588 | R--- | C] () -- C:\WINDOWS\System32\drivers\mpfilt.sys
[2009/12/29 14:27:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/29 14:27:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2009/12/03 17:46:51 | 000,000,907 | ---- | C] () -- C:\WINDOWS\MyProg.INI
[2009/11/12 10:07:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2009/11/08 22:31:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/26 22:49:42 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/08 12:22:58 | 000,225,280 | ---- | C] () -- C:\WINDOWS\USB6225phmgunin.exe
[2009/10/07 15:56:05 | 000,000,065 | ---- | C] () -- C:\WINDOWS\NokiaImageConverter.INI
[2009/10/05 16:27:36 | 000,000,022 | ---- | C] () -- C:\WINDOWS\SUMO.INI
[2009/10/05 14:03:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/10/02 15:18:11 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2009/09/26 10:08:54 | 000,247,296 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 00:10:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2009/09/26 00:10:39 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2009/09/26 00:10:34 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2009/09/26 00:10:34 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2009/09/25 16:30:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/09/25 15:54:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/09/25 15:54:50 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/25 15:54:49 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/25 15:51:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/09/25 14:02:28 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/09/24 17:10:08 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/09/24 10:29:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/23 23:20:47 | 000,225,280 | ---- | C] () -- C:\WINDOWS\USBT39phmgunin.exe
[2009/09/23 20:06:08 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/23 18:38:53 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2009/09/23 18:32:31 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009/09/23 18:32:27 | 000,013,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/23 18:30:03 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/23 18:28:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2009/09/23 18:25:53 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2009/09/23 18:25:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2009/09/23 18:25:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2009/09/23 18:25:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2009/09/23 18:25:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2009/09/23 18:25:44 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2009/09/23 18:25:03 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/09/23 09:47:08 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2009/09/23 09:47:08 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2008/09/01 16:13:52 | 000,509,208 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2007/06/14 10:14:12 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/14 10:13:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/12/01 00:24:56 | 000,037,754 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/30 20:45:10 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/11/30 20:45:10 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/11/14 19:26:12 | 000,112,794 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/07/15 01:48:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005/03/28 00:45:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/12/17 01:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 00:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/01/13 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003/04/10 08:33:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/10 08:33:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 08:24:12 | 000,496,742 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/04/10 08:24:12 | 000,442,800 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/10 08:24:12 | 000,100,966 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/04/10 08:24:12 | 000,072,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/10 01:51:24 | 000,375,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/05 08:20:40 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2003/04/05 07:48:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/05 07:47:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/26 19:07:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2002/05/24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/12/20 20:32:20 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprn.sys
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 02:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 02:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/23 04:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/09/23 18:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer
[2009/09/23 20:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT
[2009/09/24 17:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009/09/24 16:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2009/09/25 14:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2009/09/26 00:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVerTV
[2009/09/26 13:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF
[2009/10/31 22:56:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
[2010/02/17 21:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\C-Free
[2010/03/20 19:26:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileCure
[2010/03/20 19:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2010/04/25 13:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Maxtor
[2010/06/11 14:17:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010/07/07 13:18:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/30 13:54:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PCToolsSpamMonitorPlus
[2009/09/30 13:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PCToolsFirewallPlus
[2009/09/23 18:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Acer
[2009/09/23 22:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Zoner
[2009/09/23 22:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Obsidium
[2009/09/23 23:21:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\MobileAction
[2009/09/23 23:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\NCH Swift Sound
[2009/09/24 17:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\PCToolsSpamMonitorPlus
[2009/09/24 17:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\PCToolsFirewallPlus
[2009/09/25 22:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/28 13:43:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Nitro PDF
[2009/10/05 09:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\CoCreate
[2009/10/07 11:03:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\SpamBayes
[2009/10/18 10:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\J. A. Associates
[2009/11/13 11:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\WikidPad
[2010/01/10 13:24:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\wsInspector
[2010/02/17 21:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\C-Free
[2010/03/11 20:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Ashampoo
[2010/03/30 08:50:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\HandBrake
[2010/11/14 21:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\EPSON
[2010/11/11 11:54:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadDowngrade.job
[2010/11/11 11:54:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2011/04/22 23:37:24 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B034EC4-73E5-4F92-8146-AE71BF70500B}.job
[2011/05/22 08:39:18 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\goldenvideosShakeIcon.job
[2011/05/27 12:00:44 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2011/05/27 12:01:02 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >


The Trend Micro diagnostic tool has been able to clean up the computer, that worked well.
But since restarting the computer after this, the dial-up for my wireless broad band does not connect any more. Is that co-incidentally or has this something to do with the removal of Trend Micro Internet Security?

I hope that the scanning and removing of that virus by Microsoft Internet Security does not upset any work you have started on your side. I did not recognise that it was dl[1].htm because the name was different in display.

Thanks again

Best regards

Oliver

 

[vict0r]

The Trend Micro diagnostic tool has been able to clean up the computer, that worked well.
But since restarting the computer after this, the dial-up for my wireless broad band does not connect any more. Is that co-incidentally or has this something to do with the removal of Trend Micro Internet Security?

I hope that the scanning and removing of that virus by Microsoft Internet Security does not upset any work you have started on your side. I did not recognise that it was dl[1].htm because the name was different in display.

Thanks again

You're welcome.

How did you post the log since the computer does not connect?
Did you try to uninstall PC Tools Internet Security 2009?

It's good that Microsoft Security Essentials picked up the file, however it's probably not the whole story.

You forgot to post Extras.txt. It should be located in the following directory: D:\Eigene Dateien\Computer upgrade\
Please post it.

 

[Curly]

Hi vict0r

I posted it on my little net book. While paste and copying files from one to the other computer I forgot Extras.txt, sorry about that.

Trend Micro crashed on the installation. Re-installation reqired to de-install the previous incomplete installation. The de-installation did not work, it only gave a message that the attempt was unsuccessfull. Spinning in circles I gave the software away.
It appears to me that Trend Micro installs its own network adapter drivers. Those are still shown in the hardware manager with a yellow exclamation mark, saying that the driver is missing in the registry.
I ran the recovery of the registry from the backup I made with Erunt but it still did not make a change.

Here is the Extras.txt:

OTL Extras logfile created on: 27/05/2011 12:18:04 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Eigene Dateien\Computer upgrade
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australien | Language: ENA | Date Format: d/MM/yyyy

1022.04 Mb Total Physical Memory | 388.78 Mb Available Physical Memory | 38.04% Memory free
2.40 Gb Paging File | 1.77 Gb Available in Paging File | 73.62% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35.06 Gb Total Space | 11.94 Gb Free Space | 34.06% Space Free | Partition Type: FAT32
Drive D: | 35.55 Gb Total Space | 7.94 Gb Free Space | 22.32% Space Free | Partition Type: FAT32
Drive F: | 125.11 Mb Total Space | 123.38 Mb Free Space | 98.61% Space Free | Partition Type: FAT
Drive J: | 298.09 Gb Total Space | 129.42 Gb Free Space | 43.42% Space Free | Partition Type: NTFS

Computer Name: ACER-2CDC76420C | User Name: Oliver Draxl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [UnzipThemAll] -- "C:\Programme\UnzipThemAll\UnzipThemAll.exe" "%1" (Hervé Thouzard)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-zu-Peer-Gruppierung
"3540:UDP" = 3540:UDP:*:Enabledeer Name Resolution-Protokoll (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-zu-Peer-Gruppierung
"3540:UDP" = 3540:UDP:*:Enabledeer Name Resolution-Protokoll (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\gmx_Update.exe:*:Enabled:GMX Update
"C:\WINDOWS\System32\CNAC3RPK.EXE" = C:\WINDOWS\System32\CNAC3RPK.EXE:*isabled:Canon LBP5200 RPC Server Process -- (CANON INC.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{081D00DF-35F0-4570-8037-3E289795928F}" = Nitro PDF Professional
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10EAC7D9-7ED4-425E-8054-643452147D13}" = MyScript Notes Basic Edition
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B2DB36B-1791-480E-988D-53EB55B53463}" = CoCreate Modeling Personal Edition 2.0
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22A83C29-58A8-4CAB-8EDC-918D74F8429E}_is1" = WikidPad 1.8final
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{26A24AE4-039D-4CA4-87B4-2F83216011F0}" = Java(TM) 6 Update 11
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 17
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4E52EC9A-34A6-474F-8D84-4E8CC5D48683}" = Serif PanoramaPlus 1
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5C203ADC-DF15-4A22-A7AF-E727FE604CFF}" = Xara XS
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{642FCF93-54AE-4F75-A2E2-124DE3756C59}" = ATI Catalyst Control Center
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam-Software
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A86E15-20D5-4681-804D-B9A3BBD0AB20}" = Multimedia Remote Controller
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{950B5114-1195-4A6F-8981-803D248FD8B6}" = PowerCam 2.0 Megapixel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.4
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D37E8E49-1AA3-401F-BA15-50AB88A2712D}_is1" = Image Comparer v3.0 Free for PC User Readers
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA23F019-B032-4917-97E0-3C5E8E95CE54}" = Mindful Clock
"{ED5F7AF9-347B-4440-A211-C6236508CC08}" = ExpressPCB
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC CIR HID V5.3.2600.2
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"AcerOrbiCamDrv" = Acer OrbiCam-Treiber
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"Ashampoo UnInstaller 3_is1" = Ashampoo UnInstaller 3.12
"Ashampoo WinOptimizer 5_is1" = Ashampoo WinOptimizer 5.05
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"AVerMedia E501 CardBus Analog" = AVerMedia E501 CardBus Analog 3.5.0.69
"AVerMedia MCE Encoder" = AVerMedia MCE Encoder 3.2.1.62
"AVIConverter" = AVIConverter CHN-EN Package
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CamStudio" = CamStudio
"Canon LBP5200" = Canon LBP5200
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CNXT_MODEM_HDAUDIO_AcrS1025" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Debut" = Debut Video Capture Software
"Dexster_is1" = Dexster V2.0
"Dodo Wireless Broadband" = Dodo Wireless Broadband
"ePresentation" = Acer ePresentation Management
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ESCX5700F User's Guide" = ESCX5700F User's Guide
"Eyeline" = Eyeline Video System
"Food Additives" = Food Additives 1.0
"GMX IE7 Browser Update" = GMX IE7 Browser Update
"GoldenVideos" = Golden Videos
"GridVista" = Acer GridVista
"Handbrake" = Handbrake 0.9.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft PhotoDraw 2000" = Microsoft PhotoDraw 2000
"Microsoft Security Client" = Microsoft Security Essentials
"MP3 Repair Tool_is1" = MP3 Repair Tool v1.5.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Natural Biorhythms_is1" = Natural Biorhythms version 3.04
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OrganicArtMS" = Organic Art, Microsoft Edition
"PC Tools Internet Security" = PC Tools Internet Security 2009
"Prism" = Prism Video Converter
"ProInst" = Intel(R) PROSet/Wireless Software
"Recuva" = Recuva
"SpamBayes_is1" = SpamBayes 1.0.4
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T39 USB-Handset Manager" = T39 USB-Handset Manager
"TaskSwitchXP" = TaskSwitchXP
"UnzipThemAll_is1" = UnzipThemAll 1.3
"VideoPad" = VideoPad Video Editor
"ViewpointMediaPlayer" = Viewpoint Media Player
"Virtual Drive Creator_is1" = Virtual Drive Creator V3.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoner 3D Photo Maker_is1" = Zoner 3D Photo Maker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 26/05/2011 8:08:24 AM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 26/05/2011 8:08:25 AM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 26/05/2011 8:08:49 AM | Computer Name = ACER-2CDC76420C | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.3.0.111, fehlgeschlagenes
Modul skype.exe, Version 5.3.0.111, Fehleradresse 0x006eb5e2.

Error - 26/05/2011 8:08:57 AM | Computer Name = ACER-2CDC76420C | Source = Application Error | ID = 1001
Description = Fehlerhafter Speicherbereich -1844922977.

Error - 26/05/2011 9:56:53 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 26/05/2011 9:57:26 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 26/05/2011 9:58:26 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 26/05/2011 9:58:35 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 26/05/2011 9:58:42 PM | Computer Name = ACER-2CDC76420C | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.3.0.111, fehlgeschlagenes
Modul skype.exe, Version 5.3.0.111, Fehleradresse 0x006eb5e2.

Error - 26/05/2011 10:06:03 PM | Computer Name = ACER-2CDC76420C | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 26/05/2011 8:07:10 AM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GMX Browser Update" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 26/05/2011 8:07:10 AM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PocketCam 3Mega, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058

Error - 26/05/2011 8:07:10 AM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Trend Micro Central Control Component" wurde aufgrund
folgenden Fehlers nicht gestartet: %%3

Error - 26/05/2011 8:07:10 AM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPSEC-Dienste" wurde mit folgendem Fehler beendet: %%1747

Error - 26/05/2011 9:54:48 PM | Computer Name = ACER-2CDC76420C | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.443.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.

Error - 26/05/2011 9:57:31 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Genesys Logic USB Controller NT 5.0" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058

Error - 26/05/2011 9:57:31 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GMX Browser Update" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 26/05/2011 9:57:31 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PocketCam 3Mega, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058

Error - 26/05/2011 9:57:31 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPSEC-Dienste" wurde mit folgendem Fehler beendet: %%1747

Error - 26/05/2011 10:06:03 PM | Computer Name = ACER-2CDC76420C | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.443.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >


Thanks again

 

[vict0r]

Hi.

I posted it on my little net book. While paste and copying files from one to the other computer I forgot Extras.txt, sorry about that.

No problem. Did you use a thumb drive or external hard drive to transfer the files?

Trend Micro crashed on the installation. Re-installation reqired to de-install the previous incomplete installation. The de-installation did not work, it only gave a message that the attempt was unsuccessfull. Spinning in circles I gave the software away.
It appears to me that Trend Micro installs its own network adapter drivers. Those are still shown in the hardware manager with a yellow exclamation mark, saying that the driver is missing in the registry.

Please forget about Trend Micro for the moment. Did you uninstall all of the following programs?

Adobe Reader 9.4.4
Java(TM) 6 Update 11
Java(TM) 6 Update 17
PC Tools Internet Security 2009
Viewpoint Media Player

 

[Curly]

I used an empty 125mb flash drive to copy the files over.

I de-installed the requested software but I like to keep PC-Tools Internet Security if I'm allowed to. It includes the Browser Defender Tool Bar which marks web-sites which have been reported problematic. This still works und installs new updates.

 

[vict0r]

I de-installed the requested software but I like to keep PC-Tools Internet Security if I'm allowed to. It includes the Browser Defender Tool Bar which marks web-sites which have been reported problematic. This still works und installs new updates.

Ok.

You have made 2 backups of the registry with ERUNT? It seems to me that you have restored the first. If this is correct, then you need to restore the second/most recent registry backup and repeat the Trend Micro Removal.

When finished re-scan the computer with OTL (instructions are slightly different from last time):

OTL

• Double click on OTL.exe (on your desktop) to run it.
• Check the boxes labeled :
  • Scan All Users
  • LOP check
  • Purity check
• Under Extra Registry section, select Use SafeList.
• Click on the Run Scan button at the top left hand corner.
• OTL will start running. When done, 2 Notepad files will open; OTL.txt and Extras.txt.
  They will be saved on your desktop. Please post these logs.

 

[Curly]

As I restored the registry I hoped that the files are restored to the point before Trend Micro interfierd with it the internet worked last. I have run the Trend Micro removal again like you said and restored the registry. The internet still doesn't work.

Here is the new OTL scan part 1:

OTL logfile created on: 29/05/2011 8:31:44 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Eigene Dateien\Computer upgrade
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australien | Language: ENA | Date Format: d/MM/yyyy

1022.04 Mb Total Physical Memory | 394.64 Mb Available Physical Memory | 38.61% Memory free
2.40 Gb Paging File | 1.78 Gb Available in Paging File | 73.98% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35.06 Gb Total Space | 12.36 Gb Free Space | 35.26% Space Free | Partition Type: FAT32
Drive D: | 35.55 Gb Total Space | 7.90 Gb Free Space | 22.23% Space Free | Partition Type: FAT32
Drive J: | 298.09 Gb Total Space | 129.42 Gb Free Space | 43.42% Space Free | Partition Type: NTFS

Computer Name: ACER-2CDC76420C | User Name: Oliver Draxl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/27 12:15:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Computer upgrade\OTL.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/22 09:16:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\Browser Defender\BDTUpdateService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Internet Security\pctsAuxs.exe
PRC - [2008/09/22 06:02:20 | 000,054,720 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAC3RPK.EXE
PRC - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Programme\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/14 12:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/05 08:29:14 | 000,062,976 | ---- | M] (Alexander Avdonin) -- C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
PRC - [2005/12/15 19:13:38 | 000,344,064 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2005/12/06 17:11:24 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE
PRC - [2005/12/02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005/12/02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005/12/02 15:42:42 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005/12/02 15:42:28 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005/12/02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005/11/30 20:39:58 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/11/16 17:00:50 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/11/02 00:11:00 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/10/24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005/10/19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005/08/12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe


========== Modules (SafeList) ==========

MOD - [2011/05/27 12:15:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Computer upgrade\OTL.exe
MOD - [2011/02/08 23:33:28 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010/08/24 02:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/12/05 16:00:10 | 000,053,248 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\sysenv.dll
MOD - [2005/11/02 00:11:00 | 000,069,723 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005/08/24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2004/08/04 05:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll
MOD - [2003/03/18 21:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71u.dll
MOD - [2003/03/18 20:44:34 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71DEU.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (LVPrcSrv)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AdminSVC)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/22 09:16:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\Browser Defender\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/05 13:43:14 | 000,643,076 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Programme\NCH Software\Eyeline\eyeline.exe -- (EyelineService)
SRV - [2009/11/01 21:16:56 | 000,070,944 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Internet Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/02/02 10:20:02 | 001,095,592 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Internet Security\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\PC Tools Internet Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Programme\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/04/14 12:22:24 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2005/12/02 15:43:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/12/02 15:43:00 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/12/02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2011/05/29 08:25:16 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{7B3318F6-ADD9-4043-98AE-1D2D55C971AE}\MpKslfe3ff22d.sys -- (MpKslfe3ff22d)
DRV - [2010/02/11 22:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/01 21:16:56 | 000,039,200 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/11/01 21:16:48 | 000,033,056 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/11/01 21:16:34 | 000,051,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/01 21:15:24 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/12/18 12:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 08:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/12/10 12:36:06 | 000,064,424 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2008/12/10 12:36:04 | 000,095,656 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2008/09/22 12:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/04/17 15:52:50 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/04/14 04:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/08/29 17:40:34 | 001,183,744 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/12/06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005/12/01 07:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/30 20:45:10 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/11/30 20:45:10 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/11/29 21:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2005/11/29 21:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/26 16:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/17 15:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/11/08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/11/08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/08/24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005/08/03 05:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/06/22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/04/22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/04/22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/04/05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2003/10/24 02:07:38 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/16 16:27:40 | 000,043,264 | R--- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2002/11/06 09:42:10 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) DSC Still Image Capture (CA100)
DRV - [2002/07/31 17:48:54 | 000,514,929 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CA533AV.SYS -- (Ca533av)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/02/02 02:29:36 | 000,015,300 | ---- | M] (CANON INC.) [Kernel | Auto | Running] -- C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmpar21.sys -- (cnmpar21)
DRV - [2001/12/20 20:32:20 | 000,007,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\usbprn.sys -- (BulkUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local



O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - Reg Error: Value error. File not found
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\..\Toolbar\WebBrowser: (no name) - {23B0D39A-E245-41B7-BF86-1238CF62625E} - No CLSID value found.
O3 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717 (MUWebControl Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\Eigene Dateien\Eigene Bilder\Sun behind planets desktop.bmp
O24 - Desktop BackupWallPaper: D:\Eigene Dateien\Eigene Bilder\Sun behind planets desktop.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/05 08:20:18 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/12/17 19:10:56 | 000,000,000 | ---D | M] - C:\AUTOTRAX -- [ FAT32 ]
O33 - MountPoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}\Shell\AutoRun\command - "" = H:\AutoRun.exe
O33 - MountPoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{79949d7d-6ff9-11e0-b9e2-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{79949d7d-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{79949d7d-6ff9-11e0-b9e2-00130204bbf7}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{807616c6-7850-11df-b959-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{807616c6-7850-11df-b959-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{807616c6-7850-11df-b959-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL wscript.exe WHS2108J06098.vbs
O33 - MountPoints2\{d3051bba-8805-11e0-b9eb-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{d3051bba-8805-11e0-b9eb-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3051bba-8805-11e0-b9eb-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 

[Curly]

OTL scan part 2:

========== Files/Folders - Created Within 30 Days ==========

[2011/05/27 12:07:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Dodo Wireless Broadband
[2011/05/27 12:06:54 | 000,872,192 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2011/05/27 12:06:54 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys
[2011/05/27 12:06:54 | 000,101,376 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2011/05/27 12:06:54 | 000,100,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2011/05/27 12:06:54 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2011/05/22 18:24:24 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\Startmenü\Programme\Verwaltung
[2011/05/22 18:03:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011/05/22 18:03:17 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011/05/22 08:36:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop
[2011/05/21 13:57:42 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011/05/21 13:57:13 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011/05/21 13:57:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011/05/20 15:58:03 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/20 15:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype Extras
[2011/05/20 15:49:56 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2011/05/09 17:38:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\Desktop\content of alcor 125 090511
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/29 08:30:18 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/29 08:27:48 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/05/29 08:24:46 | 000,000,503 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011/05/29 08:22:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/29 08:22:36 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/05/28 09:05:22 | 000,496,742 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/05/28 09:05:22 | 000,442,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/28 09:05:22 | 000,100,966 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/05/28 09:05:22 | 000,072,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/27 22:11:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 08:39:18 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\goldenvideosShakeIcon.job
[2011/05/21 22:42:40 | 000,011,329 | ---- | M] () -- C:\WINDOWS\IEXPLORE.INI
[2011/05/21 15:30:32 | 000,001,222 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/20 15:58:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/12 19:31:54 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc10876d90845e.job
[2011/05/12 12:36:12 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/05/11 14:52:14 | 000,247,296 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/29 08:07:33 | 1071,763,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/05/22 08:39:16 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\goldenvideosShakeIcon.job
[2011/05/21 14:52:50 | 000,001,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/20 15:49:57 | 000,002,247 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype.lnk
[2011/05/12 19:31:53 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc10876d90845e.job
[2011/04/27 09:32:06 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ob1.INI
[2011/04/26 22:12:19 | 000,011,329 | ---- | C] () -- C:\WINDOWS\IEXPLORE.INI
[2011/04/26 22:12:19 | 000,000,223 | ---- | C] () -- C:\WINDOWS\RA.INI
[2010/07/20 23:25:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/07/20 23:25:53 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/07/20 23:25:53 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/20 23:25:53 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/10 19:09:25 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\aip504.dll
[2010/04/10 19:09:25 | 000,014,381 | ---- | C] () -- C:\WINDOWS\Tw533a.ini
[2010/04/10 19:09:25 | 000,012,201 | ---- | C] () -- C:\WINDOWS\USB_CAM.ini
[2010/04/10 19:09:25 | 000,012,201 | ---- | C] () -- C:\WINDOWS\USB_533.ini
[2010/04/10 19:09:25 | 000,002,141 | ---- | C] () -- C:\WINDOWS\ca533a.ini
[2010/04/10 19:09:25 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Setup533.ini
[2010/04/10 19:09:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll
[2010/04/10 19:09:24 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll
[2010/04/10 19:09:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\VideoThumb.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll
[2010/04/10 19:09:24 | 000,023,602 | ---- | C] () -- C:\WINDOWS\System32\RCfile.ini
[2010/04/02 11:14:32 | 000,460,908 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat
[2010/04/02 11:14:32 | 000,085,594 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat
[2010/01/02 18:39:38 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/29 16:27:08 | 000,010,588 | R--- | C] () -- C:\WINDOWS\System32\drivers\mpfilt.sys
[2009/12/29 14:27:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/29 14:27:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2009/12/03 17:46:51 | 000,000,907 | ---- | C] () -- C:\WINDOWS\MyProg.INI
[2009/11/12 10:07:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2009/11/08 22:31:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/26 22:49:42 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/08 12:22:58 | 000,225,280 | ---- | C] () -- C:\WINDOWS\USB6225phmgunin.exe
[2009/10/07 15:56:05 | 000,000,065 | ---- | C] () -- C:\WINDOWS\NokiaImageConverter.INI
[2009/10/05 16:27:36 | 000,000,022 | ---- | C] () -- C:\WINDOWS\SUMO.INI
[2009/10/05 14:03:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/10/02 15:18:11 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2009/09/26 10:08:54 | 000,247,296 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 00:10:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2009/09/26 00:10:39 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2009/09/26 00:10:34 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2009/09/26 00:10:34 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2009/09/25 16:30:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/09/25 15:54:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/09/25 15:54:50 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/25 15:54:49 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/25 15:51:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/09/25 14:02:28 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/09/24 17:10:08 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/09/24 10:29:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/23 23:20:47 | 000,225,280 | ---- | C] () -- C:\WINDOWS\USBT39phmgunin.exe
[2009/09/23 20:06:08 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/23 18:38:53 | 000,000,503 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2009/09/23 18:32:31 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009/09/23 18:32:27 | 000,013,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/23 18:30:03 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/23 18:28:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2009/09/23 18:25:53 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2009/09/23 18:25:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2009/09/23 18:25:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2009/09/23 18:25:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2009/09/23 18:25:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2009/09/23 18:25:44 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2009/09/23 18:25:03 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/09/23 09:47:08 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2009/09/23 09:47:08 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2008/09/01 16:13:52 | 000,509,208 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2007/06/14 10:14:12 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/14 10:13:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/12/01 00:24:56 | 000,037,754 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/30 20:45:10 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/11/30 20:45:10 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/11/14 19:26:12 | 000,112,794 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/07/15 01:48:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005/03/28 00:45:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/12/17 01:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 00:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/01/13 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003/04/10 08:33:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/10 08:33:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 08:24:12 | 000,496,742 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/04/10 08:24:12 | 000,442,800 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/10 08:24:12 | 000,100,966 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/04/10 08:24:12 | 000,072,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/10 01:51:24 | 000,375,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/05 08:20:40 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2003/04/05 07:48:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/05 07:47:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/26 19:07:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2002/05/24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/12/20 20:32:20 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprn.sys
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 02:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 02:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/23 04:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/09/23 18:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer
[2009/09/23 20:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT
[2009/09/24 17:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009/09/24 16:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2009/09/25 14:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2009/09/26 00:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVerTV
[2009/09/26 13:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF
[2009/10/31 22:56:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
[2010/02/17 21:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\C-Free
[2010/03/20 19:26:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileCure
[2010/03/20 19:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2010/04/25 13:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Maxtor
[2010/06/11 14:17:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010/07/07 13:18:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/30 13:54:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PCToolsSpamMonitorPlus
[2009/09/30 13:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PCToolsFirewallPlus
[2009/09/23 18:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Acer
[2009/09/23 22:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Zoner
[2009/09/23 22:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Obsidium
[2009/09/23 23:21:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\MobileAction
[2009/09/23 23:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\NCH Swift Sound
[2009/09/24 17:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\PCToolsSpamMonitorPlus
[2009/09/24 17:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\PCToolsFirewallPlus
[2009/09/25 22:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/28 13:43:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Nitro PDF
[2009/10/05 09:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\CoCreate
[2009/10/07 11:03:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\SpamBayes
[2009/10/18 10:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\J. A. Associates
[2009/11/13 11:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\WikidPad
[2010/01/10 13:24:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\wsInspector
[2010/02/17 21:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\C-Free
[2010/03/11 20:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Ashampoo
[2010/03/30 08:50:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\HandBrake
[2010/11/14 21:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\EPSON
[2010/11/11 11:54:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadDowngrade.job
[2010/11/11 11:54:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2011/04/22 23:37:24 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B034EC4-73E5-4F92-8146-AE71BF70500B}.job
[2011/05/22 08:39:18 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\goldenvideosShakeIcon.job
[2011/05/29 08:27:48 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2011/05/29 08:30:18 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >

 

[Curly]

OTL extras.txt:

OTL Extras logfile created on: 29/05/2011 8:31:44 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Eigene Dateien\Computer upgrade
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australien | Language: ENA | Date Format: d/MM/yyyy

1022.04 Mb Total Physical Memory | 394.64 Mb Available Physical Memory | 38.61% Memory free
2.40 Gb Paging File | 1.78 Gb Available in Paging File | 73.98% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35.06 Gb Total Space | 12.36 Gb Free Space | 35.26% Space Free | Partition Type: FAT32
Drive D: | 35.55 Gb Total Space | 7.90 Gb Free Space | 22.23% Space Free | Partition Type: FAT32
Drive J: | 298.09 Gb Total Space | 129.42 Gb Free Space | 43.42% Space Free | Partition Type: NTFS

Computer Name: ACER-2CDC76420C | User Name: Oliver Draxl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [UnzipThemAll] -- "C:\Programme\UnzipThemAll\UnzipThemAll.exe" "%1" (Hervé Thouzard)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-zu-Peer-Gruppierung
"3540:UDP" = 3540:UDP:*:Enabledeer Name Resolution-Protokoll (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-zu-Peer-Gruppierung
"3540:UDP" = 3540:UDP:*:Enabledeer Name Resolution-Protokoll (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Acer\Acer Arcade\PCMService.exe" = C:\Program Files\Acer\Acer Arcade\PCMService.exe:*:Enabled:CyberLink PowerCinema Resident Program -- (CyberLink Corp.)
"C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\gmx_Update.exe" = C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\GMX\gmx_Update.exe:*:Enabled:GMX Update
"C:\WINDOWS\System32\CNAC3RPK.EXE" = C:\WINDOWS\System32\CNAC3RPK.EXE:*isabled:Canon LBP5200 RPC Server Process -- (CANON INC.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00040407-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{081D00DF-35F0-4570-8037-3E289795928F}" = Nitro PDF Professional
"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour
"{10EAC7D9-7ED4-425E-8054-643452147D13}" = MyScript Notes Basic Edition
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4500_series" = Canon iP4500 series
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_iP4800_series" = Canon iP4800 series Printer Driver
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"{171E6C1E-B5FC-11DF-B115-005056C00008}" = Google Earth Plug-in
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1B2DB36B-1791-480E-988D-53EB55B53463}" = CoCreate Modeling Personal Edition 2.0
"{1D14373E-7970-4F2F-A467-ACA4F0EA21E3}" = Google Earth
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22A83C29-58A8-4CAB-8EDC-918D74F8429E}_is1" = WikidPad 1.8final
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{4E52EC9A-34A6-474F-8D84-4E8CC5D48683}" = Serif PanoramaPlus 1
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5C203ADC-DF15-4A22-A7AF-E727FE604CFF}" = Xara XS
"{5EFDFC8B-D438-4792-A298-E87AA9ADA816}" = Acer eDataSecurity Management
"{642FCF93-54AE-4F75-A2E2-124DE3756C59}" = ATI Catalyst Control Center
"{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"{76AC1AEB-1167-4ABC-8861-4E58392A5B7F}" = Acer OrbiCam-Software
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{78A86E15-20D5-4681-804D-B9A3BBD0AB20}" = Multimedia Remote Controller
"{7AB3A249-FB81-416B-917A-A2A10E74C503}" = iTunes
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A367C28-423C-48E2-8C76-EBA1171F932A}" = Adobe Photoshop Album 2.0
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{950B5114-1195-4A6F-8981-803D248FD8B6}" = PowerCam 2.0 Megapixel
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CC89556-3578-48DD-8408-04E66EBEF401}" = mXML
"{A17EABB6-D0C6-44E5-820C-72DC7F495064}" = PaperPort
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{B2D328BE-45AD-4D92-96F9-2151490A203E}" = Apple Application Support
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{C06554A1-2C1E-4D20-B613-EE62C79927CC}" = Acer eNet Management
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D37E8E49-1AA3-401F-BA15-50AB88A2712D}_is1" = Image Comparer v3.0 Free for PC User Readers
"{D458BBDC-0363-42E0-8FF9-4736E3CB3CA2}" = Acer Screensaver
"{DE114695-AE58-4B66-8E0F-2505188602FB}_is1" = Uninstall Startup Inspector
"{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"{E431C518-2EE2-471E-9234-BE995C36D513}" = Acer eDataSecurity Management 1.00.23
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EA23F019-B032-4917-97E0-3C5E8E95CE54}" = Mindful Clock
"{ED5F7AF9-347B-4440-A211-C6236508CC08}" = ExpressPCB
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC CIR HID V5.3.2600.2
"{F1BA3CD5-89DC-4273-8603-A75F33E9B335}" = Nokia Connectivity Adapter Cable DKU-5
"{FA0BBB87-91A1-4BFD-9005-EB058BBA0E14}_is1" = StreamTransport version: 1.0.2.2171
"{FA237125-51FF-408C-8BB8-30C2B3DFFF9C}" = Windows Resource Kit Tools
"{FBE569CA-BFEB-4E57-A674-F94D938E1AEF}" = e-tax 2010
"{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = TIxx21
"AcerOrbiCamDrv" = Acer OrbiCam-Treiber
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop Elements 2.0" = Adobe Photoshop Elements 2.0
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"All ATI Software" = ATI - Dienstprogramm zur Deinstallation der Software
"Ashampoo Burning Studio 2009_is1" = Ashampoo Burning Studio 2009
"Ashampoo UnInstaller 3_is1" = Ashampoo UnInstaller 3.12
"Ashampoo WinOptimizer 5_is1" = Ashampoo WinOptimizer 5.05
"ATI Display Driver" = ATI Display Driver
"Audiograbber" = Audiograbber 1.83 SE
"AVerMedia E501 CardBus Analog" = AVerMedia E501 CardBus Analog 3.5.0.69
"AVerMedia MCE Encoder" = AVerMedia MCE Encoder 3.2.1.62
"AVIConverter" = AVIConverter CHN-EN Package
"Browser Defender_is1" = Browser Defender 2.0.6.15
"CamStudio" = CamStudio
"Canon LBP5200" = Canon LBP5200
"CANONBJ_Deinstall_CNMCP61.DLL" = Canon PIXMA iP3000
"CNXT_MODEM_HDAUDIO_AcrS1025" = HDAUDIO Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Debut" = Debut Video Capture Software
"Dexster_is1" = Dexster V2.0
"Dodo Wireless Broadband" = Dodo Wireless Broadband
"ePresentation" = Acer ePresentation Management
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"ESCX5700F User's Guide" = ESCX5700F User's Guide
"Eyeline" = Eyeline Video System
"Food Additives" = Food Additives 1.0
"GMX IE7 Browser Update" = GMX IE7 Browser Update
"GoldenVideos" = Golden Videos
"GridVista" = Acer GridVista
"Handbrake" = Handbrake 0.9.4
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{15B70821-7893-4607-805A-BB80F3EA8279}" = Acer Empowering Technology framework
"InstallShield_{6446BBD0-CB83-40E1-BEA1-0C147065E2A6}" = Maxtor Manager
"InstallShield_{6CA897D0-67F5-4F75-8261-DC8BFCA6DA42}" = Acer eLock Management
"InstallShield_{DEE08946-40F0-4890-853E-60A6C3306041}" = Acer ePerformance Management
"InstallShield_{E38BC648-883B-4EE5-966C-94C4B7AB3E0B}" = Acer eSettings Management
"InstallShield_{FC87BEA8-5582-476C-A754-41F3A9D976D4}" = AVerTV
"InstallShield_{FF6F491D-BC82-4DCC-A72F-1824957C6466}" = Texas Instruments PCIxx21/x515 drivers.
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.2.0 (Full)
"LManager" = Launch Manager
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft PhotoDraw 2000" = Microsoft PhotoDraw 2000
"Microsoft Security Client" = Microsoft Security Essentials
"MP3 Repair Tool_is1" = MP3 Repair Tool v1.5.2
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Natural Biorhythms_is1" = Natural Biorhythms version 3.04
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OrganicArtMS" = Organic Art, Microsoft Edition
"PC Tools Internet Security" = PC Tools Internet Security 2009
"Prism" = Prism Video Converter
"ProInst" = Intel(R) PROSet/Wireless Software
"Recuva" = Recuva
"SpamBayes_is1" = SpamBayes 1.0.4
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"T39 USB-Handset Manager" = T39 USB-Handset Manager
"TaskSwitchXP" = TaskSwitchXP
"UnzipThemAll_is1" = UnzipThemAll 1.3
"VideoPad" = VideoPad Video Editor
"Virtual Drive Creator_is1" = Virtual Drive Creator V3.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Zoner 3D Photo Maker_is1" = Zoner 3D Photo Maker

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 28/05/2011 6:10:49 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 28/05/2011 6:17:21 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 28/05/2011 6:17:55 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 28/05/2011 6:18:45 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 28/05/2011 6:19:17 PM | Computer Name = ACER-2CDC76420C | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.3.0.111, fehlgeschlagenes
Modul skype.exe, Version 5.3.0.111, Fehleradresse 0x006eb5e2.

Error - 28/05/2011 6:24:34 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 28/05/2011 6:25:04 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 28/05/2011 6:25:35 PM | Computer Name = ACER-2CDC76420C | Source = PerfNet | ID = 2002
Description = Der Redirectordienst konnte nicht geöffnet werden. Die Redirectorleistungsinformationen
werden
nicht zurückgegeben. Der zurückgegebene Fehlercode befindet sich in DWORD 0.

Error - 28/05/2011 6:26:08 PM | Computer Name = ACER-2CDC76420C | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung skype.exe, Version 5.3.0.111, fehlgeschlagenes
Modul skype.exe, Version 5.3.0.111, Fehleradresse 0x006eb5e2.

Error - 28/05/2011 6:35:23 PM | Computer Name = ACER-2CDC76420C | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 8024402c, P2 endsearch, P3 search, P4 3.0.8107.0,
P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials (edb4fa23-53b8-4afa-8c5d-99752cca7094),
P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 28/05/2011 6:17:19 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Genesys Logic USB Controller NT 5.0" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058

Error - 28/05/2011 6:17:19 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GMX Browser Update" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 28/05/2011 6:17:19 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PocketCam 3Mega, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058

Error - 28/05/2011 6:17:19 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPSEC-Dienste" wurde mit folgendem Fehler beendet: %%1747

Error - 28/05/2011 6:18:00 PM | Computer Name = ACER-2CDC76420C | Source = DCOM | ID = 10010
Description = Der Server "{4EB61BAC-A3B6-4760-9581-655041EF4D69}" konnte innerhalb
des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

Error - 28/05/2011 6:24:24 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Genesys Logic USB Controller NT 5.0" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058

Error - 28/05/2011 6:24:24 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "GMX Browser Update" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2

Error - 28/05/2011 6:24:24 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7000
Description = Der Dienst "PocketCam 3Mega, WDM Video Capture" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058

Error - 28/05/2011 6:24:24 PM | Computer Name = ACER-2CDC76420C | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPSEC-Dienste" wurde mit folgendem Fehler beendet: %%1747

Error - 28/05/2011 6:35:22 PM | Computer Name = ACER-2CDC76420C | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.105.338.0 Update Source: %%859 Update Stage:
%%852 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT-AUTORITÄT\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6903.0 Error
code: 0x8024402c Error description: An unexpected problem occurred while checking
for updates. For information on installing or troubleshooting updates, see Help
and Support.


< End of report >

 

[vict0r]

As I restored the registry I hoped that the files are restored to the point before Trend Micro interfierd with it the internet worked last.

Please don't restore the registry without asking. No files other than the registry itself will be restored when restoring a registry backup with Erunt.

Please download Appremover from here and transfer it to the desktop of the infected computer.

• Double click the Appremover icon to start the program.
• Click Next
• Click Clean Up a Failed Uninstall
• Click Next and then Continue.

Appremover will now perform a deep scan. This might take a while. When scanning is finished, then select Trend Micro (if found) and follow the prompts for the cleanup/removal process.


If this does not solve the problem, then please tell me if the Trend Micro network adapters are still present in the hardware manager. Also post the make and model of the computer.

Edit: What is the exact name of the Trend Micro devices with the yellow exclamation point in hardware manager?

 

[Curly]

Hello Vict0r

The idea to restore the registry came from a message about the driver of the real network adaptor that the entries in the registry are missing. I didn't mean to restore actual diver files but to bring the registry back into a state that the drivers are being recognised again.

The internet works again. The installation of a network from the original WinXP cd has restored what was broken.

I will scan the system with the tool you recommend over night.

 

[vict0r]

The idea to restore the registry came from a message about the driver of the real network adaptor that the entries in the registry are missing. I didn't mean to restore actual diver files but to bring the registry back into a state that the drivers are being recognised again.

Hmmm... Please notice that the registry only contains references to driver files, not the actual drivers. Drivers are separate files.

It's good that internet works again, so there's no need to run Appremover anymore.

I will post further instructions as soon as possible.

 

[Curly]

If this does not solve the problem, then please tell me if the Trend Micro network adapters are still present in the hardware manager. Also post the make and model of the computer.

Edit: What is the exact name of the Trend Micro devices with the yellow exclamation point in hardware manager?[/QUOTE]



The make of the computer is Aspire 5672WMLI

In the "save mode" I inactiveted the adapters and they do not show up in "normal mode" now. But I have an image which show how they looked before.

 

[vict0r]

In the "save mode" I inactiveted the adapters and they do not show up in "normal mode" now. But I have an image which show how they looked before.

Ok.

Please note my previous post: No need to run Appremover now.

I will post further instruction in a couple of hours.

 

[Curly]

Hmmm... Please notice that the registry only contains references to driver files, not the actual drivers. Drivers are separate files.

It's good that internet works again, so there's no need to run Appremover anymore.

I will post further instructions as soon as possible.

It didn't find anything anyway. I think too we can tick this one off

 

[vict0r]

Hi.

I'm sorry for the delay.

All these instruction must be performed on the infected computer.


Flash Disinfector by sUBs

Please download from HERE and save to the desktop.

• Double click to run it.
• You will be prompted to plug in your flash drive. Plug it in.
• Flash_Disinfector will start disinfecting your flash and hard drives. This takes a few seconds. Your desktop will disappear in the meantime.
• When done, a message box will appear. Click OK. Your desktop should now appear. If it doesn't, press Ctrl + Shift + Esc to open Task Manager.
• Click on File > New Task > Run... Type in explorer.exe and press Enter. Your desktop should now appear.

Wait until it has finished scanning and then exit the program.

You can run Flash Disinfector with other flash drives and/or other removable drives. This may include your mobile phone.
Please do so and allow the utility to clean up those drives as well.


Upload File for testing

Copy the following line:
c:\dokume~1\oliver~1\lokale~1\temp\msmonitor

Please go to jotti.org or Virustotal

Click the Browse button. A box will open, paste the filepath into the field next to File:. Click OK.
Press Submit - this will submit the file for testing, rescan the file if asked.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :

Repeat the online scan for this file/line:
c:\dokumente und einstellungen\all users\anwendungsdaten\m23S7RaL.exe


Uninstall Spybot Search and Destroy

Please uninstall Spybot Search and Destroy to avoid any interference with the fix.

• Click on Start > Run.
• In the open text box copy/paste appwiz.cpl Then click Ok.
• Wait for the list of programs in the Add/Remove control panel to appear, then uninstall the two programs listed below:
  
  Spybot - Search & Destroy

Backup the Registry

Using tools that are modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

Please navigate to Start >> All Programs >> ERUNT >> ERUNT.

• Click on OK within the pop-up menu.
• In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
• System registry
• Current user registry
• Next click on OK
• When the Question pop-up appears click on Yes
• After a short duration the Registry backup is complete! popup will appear
• Now click on OK. A backup has been created.

Run OTL Script

We need to run an OTL Fix, this one will require a reboot of the computer.

• Double-click OTL.exe to start the program.
• Copy and Paste the following code into the
  
  textbox. Do not include the word Code
  

  :processes
  killallprocesses
  :otl
  O2 - BHO: (no name) - {14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6} - Reg Error: Value error. File not found
  O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
  O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
  O3 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\..\Toolbar\WebBrowser: (no name) - {23B0D39A-E245-41B7-BF86-1238CF62625E} - No CLSID value found.
  O4 - HKLM..\Run: [] File not found
  O4 - HKLM..\Run: [KernelFaultCheck] File not found
  :reg
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{807616c6-7850-11df-b959-001636112b93}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3051bba-8805-11e0-b9eb-001636112b93}]
  [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}]
  :files
  c:\dokume~1\oliver~1\lokale~1\temp\msmonitor
  c:\dokumente und einstellungen\all users\anwendungsdaten\m23S7RaL.exe

• Then click the Run Fix button at the top.
• Click
  
  .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report into your next reply.

When finished, please test if m23S7RaL.exe gets recreated as usual.


Please post:

• Links to online scans.
• OTL log.
• Does m23S7RaL.exe recreate?
• A fresh set of DDS logs (both DDS.txt and Attach.txt in separate replies).

 

[Curly]

Thank you for this fix.


m23S7RaL.exe has not recreated since Microsoft Security Essentials had removed dl[1].htm. OTL has deleted some files.

...it just recreated! it has not done this for a week! and right under the nose of Microsoft Security Essentials!

msmonitor was in the bin. in order to send it for analysing I recovered it. The scan showed mostly positive. Is this co-incident that dl[1] and m23S7Ral.exe recreated after I recovered msmonitor from the bin?

I destroyed m23S7Ral.exe with Ashampoo Win Optimiser.


Here is the info of the clean up:

msmonitor:
http://www.virustotal.com/file-scan...367a38f5d0a642e831b4fd69d71f140f35-1306909182

m23S7Ral.exe:
http://www.virustotal.com/file-scan...f458b7ec530c3b7c101a77326714295233-1306910359

OTL:
========== PROCESSES ==========
All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{14CEEAFF-96DD-4101-AE37-D5ECDC23C3F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}\ not found.
Registry value HKEY_USERS\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{23B0D39A-E245-41B7-BF86-1238CF62625E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{23B0D39A-E245-41B7-BF86-1238CF62625E}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully.
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4108fb26-a8e3-11de-b4f2-001636112b93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4108fb26-a8e3-11de-b4f2-001636112b93}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4a19bfec-4faf-11e0-b9bd-00130204bbf7}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{51244ec9-b0e2-11de-b4ff-001636112b93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51244ec9-b0e2-11de-b4ff-001636112b93}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{79949d7c-6ff9-11e0-b9e2-00130204bbf7}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{807616c6-7850-11df-b959-001636112b93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{807616c6-7850-11df-b959-001636112b93}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c7c7b72e-a9c9-11de-b4fa-001636112b93}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d3051bba-8805-11e0-b9eb-001636112b93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{d3051bba-8805-11e0-b9eb-001636112b93}\ not found.
Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{db7ec2ce-bfe1-11df-b98c-001636112b93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{db7ec2ce-bfe1-11df-b98c-001636112b93}\ not found.
========== FILES ==========
c:\dokume~1\oliver~1\lokale~1\temp\msmonitor moved successfully.
File\Folder c:\dokumente und einstellungen\all users\anwendungsdaten\m23S7RaL.exe not found.

OTL by OldTimer - Version 3.2.23.0 log created on 06012011_170043

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...