dl[1].htm

[vict0r]

Download ComboFix

A word of warning: Neither I nor sUBs are responsible for any damage you may cause to your machine by running ComboFix on your own. This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper.

**IMPORTANT !!! Save ComboFix.exe to your Desktop**.

Please download and save ComboFix to the desktop. This tool is designed to run from the desktop! Do not run the tool yet:

Link1
Link2


Disable Microsoft Security Essentials

Make sure MSE is disabled:

• Open Microsoft Security Essentials (MSE) and go to Settings > Real Time Protection.
• Then uncheck "Turn on real time protection".
• Close MSE when done.

Run ComboFix

Double click the ComboFix icon on the desktop to run the tool and click Yes to the disclaimer.

Please install the Recovery Console if prompted.

The Windows Recovery Console will allow you to boot into a special recovery (repair) mode. This allows us to more easily help you if your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.

Please include the ComboFix log (C:\ComboFix.txt) in your next reply for further review.


Please make sure to enable Microsoft Security Essentials after ComboFix is finished.

To post:

• Combofix log
• Did any problems occur while following the instructions?

 

[Curly]

Hi Vict0r, there were no problems during the procedure.

ComboFix 11-06-20.01 - Oliver Draxl 21/06/2011 19:15:20.1.2 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.296 [GMT 10:00]
ausgeführt von:: c:\dokumente und einstellungen\Oliver Draxl\Desktop\ComboFix.exe
AV: Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Internet Security Firewall *Disabled* {2BF21FEC-A5BE-424D-BDD7-3229CC84ED22}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\dokumente und einstellungen\Oliver Draxl\WINDOWS
c:\programme\WinPCap
c:\programme\WinPCap\daemon_mgm.exe
c:\programme\WinPCap\npf_mgm.exe
c:\programme\WinPCap\rpcapd.exe
c:\windows\IsUn0407.exe
c:\windows\system\msvcr71.dll
c:\windows\system32\MSMAsk32.ocx
c:\windows\system32\Packet.dll
c:\windows\system32\pthreadVC.dll
c:\windows\system32\WanPacket.dll
c:\windows\system32\wpcap.dll
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
-------\Service_NPF
.
.
((((((((((((((((((((((( Dateien erstellt von 2011-05-21 bis 2011-06-21 ))))))))))))))))))))))))))))))
.
.
2011-06-21 09:28 . 2011-06-21 09:28 0 ---ha-w- c:\dokumente und einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\BIT3.tmp
2011-06-21 09:13 . 2011-06-21 09:13 -------- d-----w- c:\windows\LastGood.Tmp
2011-06-20 08:06 . 2011-06-20 08:06 28752 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{BFFA42A1-C1EB-4B6B-94DE-0B045C789031}\MpKsl3e92a359.sys
2011-06-19 10:50 . 2011-04-21 13:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-14 11:18 . 2011-05-09 20:46 6962000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{BFFA42A1-C1EB-4B6B-94DE-0B045C789031}\mpengine.dll
2011-06-04 02:36 . 2011-06-04 02:36 -------- d-----w- c:\dokumente und einstellungen\Oliver Draxl\Anwendungsdaten\Malwarebytes
2011-06-04 02:36 . 2011-06-04 02:36 -------- d-----w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Malwarebytes
2011-06-04 01:56 . 2011-06-04 01:57 -------- d-----w- c:\dokumente und einstellungen\Oliver Draxl\Anwendungsdaten\IObit
2011-06-04 01:56 . 2011-06-04 01:56 -------- d-----w- c:\programme\IObit
2011-06-01 13:31 . 1996-12-03 03:07 403216 ----a-w- c:\windows\system32\msrepl35.dll
2011-06-01 13:31 . 1996-12-02 08:44 251664 ----a-w- c:\windows\system32\msrd2x35.dll
2011-06-01 13:31 . 1996-11-07 16:48 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-06-01 13:31 . 1996-11-11 21:50 25600 ----a-w- c:\programme\Gemeinsame Dateien\Microsoft Shared\DAO\remove.exe
2011-06-01 13:27 . 2011-06-01 13:27 -------- d-----w- c:\programme\DevStudio
2011-06-01 06:22 . 2011-06-01 06:22 -------- d-sh--w- c:\dokumente und einstellungen\Oliver Draxl\UserData
2011-05-31 09:46 . 2011-05-31 09:46 -------- d-----w- c:\programme\Gemeinsame Dateien\Skype
2011-05-29 11:24 . 2011-05-29 11:24 -------- d-----r- c:\programme\Skype
2011-05-27 02:06 . 2008-04-17 05:54 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-05-27 02:06 . 2008-04-17 05:53 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-05-27 02:06 . 2008-04-17 05:52 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-05-27 02:06 . 2008-04-17 05:52 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-05-27 02:06 . 2008-04-17 05:50 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-07 03:43 . 2011-05-20 05:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-09 20:46 . 2011-04-28 09:27 6962000 ----a-w- c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-02 15:31 . 2004-08-03 19:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19 . 2004-08-03 19:00 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-21 13:37 . 2004-08-03 19:00 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TaskSwitchXP"="c:\programme\TaskSwitchXP\TaskSwitchXP.exe" [2006-08-04 62976]
"msnmsgr"="c:\programme\Windows Live\Messenger\msnmsgr.exe" [2010-04-16 3872080]
"swg"="c:\programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-09-24 39408]
"Skype"="c:\programme\Skype\Phone\Skype.exe" [2011-05-26 15147400]
"SpybotSD TeaTimer"="c:\programme\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\programme\Synaptics\SynTP\SynTPLpr.exe" [2005-11-01 102491]
"SynTPEnh"="c:\programme\Synaptics\SynTP\SynTPEnh.exe" [2005-11-01 692315]
"PCMService"="c:\program files\Acer\Acer Arcade\PCMService.exe" [2005-12-02 151552]
"ATICCC"="c:\programme\ATI Technologies\ATI.ACE\cli.exe" [2005-08-12 45056]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2005-10-18 69632]
"ePower_DMC"="c:\acer\Empowering Technology\ePower\ePower_DMC.exe" [2005-12-15 344064]
"Acer ePower Management"="c:\acer\Empowering Technology\ePower\Acer ePower Management.exe" [2005-11-18 3079680]
"LManager"="c:\progra~1\LAUNCH~1\QtZgAcer.EXE" [2005-12-06 458752]
"eRecoveryService"="c:\acer\Empowering Technology\eRecovery\Monitor.exe" [2005-11-16 397312]
"LVCOMSX"="c:\windows\system32\LVCOMSX.EXE" [2005-11-30 225280]
"ADMTray.exe"="c:\acer\Empowering Technology\admtray.exe" [2005-10-24 2462208]
"RTHDCPL"="RTHDCPL.EXE" [2005-11-17 15600128]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-03 59392]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-03 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-03 455168]
"MSC"="c:\programme\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"QuickTime Task"="c:\programme\QuickTime\qttask.exe" [2010-03-18 421888]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
"DWQueuedReporting"="c:\progra~1\GEMEIN~1\MICROS~1\DW\dwtrig20.exe" [2007-02-25 437160]
.
c:\dokumente und einstellungen\All Users\Startmen\Programme\Autostart\
Microsoft Office.lnk - c:\programme\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdauxservice]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\sdcoreservice]
@=""
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Acer\\Acer Arcade\\PCMService.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\System32\\CNAC3RPK.EXE"=
"c:\\Programme\\Bonjour\\mDNSResponder.exe"=
"c:\\Programme\\iTunes\\iTunes.exe"=
"c:\\Programme\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Programme\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Programme\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Programme\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3587:TCP"= 3587:TCP:Windows Peer-zu-Peer-Gruppierung
"3540:UDP"= 3540:UDPeer Name Resolution-Protokoll (PNRP)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [1/11/2009 9:11 AM 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [1/11/2009 9:11 AM 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [1/11/2009 9:11 AM 39200]
R1 MpKsl3e92a359;MpKsl3e92a359;c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{BFFA42A1-C1EB-4B6B-94DE-0B045C789031}\MpKsl3e92a359.sys [20/06/2011 6:06 PM 28752]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [1/11/2009 9:11 AM 159600]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\programme\IObit\Advanced SystemCare 4\ASCService.exe [4/06/2011 11:56 AM 352656]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\Browser Defender\BDTUpdateService.exe [24/09/2009 5:10 PM 112592]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [1/11/2009 9:11 AM 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\PC Tools Internet Security\pctsAuxs.exe [1/11/2009 9:10 AM 348752]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [23/09/2009 6:32 PM 1088896]
S1 MpKsl725bfd93;MpKsl725bfd93;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{BFFA42A1-C1EB-4B6B-94DE-0B045C789031}\MpKsl725bfd93.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{BFFA42A1-C1EB-4B6B-94DE-0B045C789031}\MpKsl725bfd93.sys [?]
S1 MpKsl8ce013eb;MpKsl8ce013eb;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D7838697-49E8-442C-BC63-6BED63A84C14}\MpKsl8ce013eb.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D7838697-49E8-442C-BC63-6BED63A84C14}\MpKsl8ce013eb.sys [?]
S1 MpKslc2e1cac1;MpKslc2e1cac1;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{62605830-D9E0-4A94-92A0-E44119101219}\MpKslc2e1cac1.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{62605830-D9E0-4A94-92A0-E44119101219}\MpKslc2e1cac1.sys [?]
S1 MpKslfd10626b;MpKslfd10626b;\??\c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D7838697-49E8-442C-BC63-6BED63A84C14}\MpKslfd10626b.sys --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{D7838697-49E8-442C-BC63-6BED63A84C14}\MpKslfd10626b.sys [?]
S2 AdminSVC;GMX Browser Update;c:\dokumente und einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe --> c:\dokumente und einstellungen\All Users\Anwendungsdaten\GMX\adminsvc.exe [?]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [20/12/2001 8:32 PM 7552]
S2 Ca533av;PocketCam 3Mega, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [10/04/2010 7:09 PM 514929]
S2 gupdate;Google Update Service (gupdate);c:\programme\Google\Update\GoogleUpdate.exe [13/05/2010 2:57 AM 136176]
S3 6616190D;6616190D;c:\windows\system32\6616190D.exe --> c:\windows\system32\6616190D.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [25/09/2009 9:57 PM 16512]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [26/09/2009 12:11 AM 1183744]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [24/08/2005 7:07 AM 692992]
S3 EyelineService;Eyeline Video System;c:\programme\NCH Software\Eyeline\eyeline.exe [5/11/2009 1:43 PM 643076]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\Google\Update\GoogleUpdate.exe [13/05/2010 2:57 AM 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [1/11/2009 9:10 AM 95656]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [1/11/2009 9:10 AM 64424]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [1/11/2009 9:11 AM 33056]
S3 ThreatFire;ThreatFire;c:\programme\PC Tools Internet Security\TFEngine\TFService.exe service --> c:\programme\PC Tools Internet Security\TFEngine\TFService.exe service [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Inhalt des "geplante Tasks" Ordners
.
2011-06-04 c:\windows\Tasks\videopadDowngrade.job
- c:\programme\NCH Software\VideoPad\videopad.exe [2010-10-27 08:53]
.
2011-06-04 c:\windows\Tasks\videopadShakeIcon.job
- c:\programme\NCH Software\VideoPad\videopad.exe [2010-10-27 08:53]
.
2011-06-21 c:\windows\Tasks\User_Feed_Synchronization-{8B034EC4-73E5-4F92-8146-AE71BF70500B}.job
- c:\windows\system32\msfeedssync.exe [2009-03-07 18:31]
.
2011-06-04 c:\windows\Tasks\goldenvideosShakeIcon.job
- c:\programme\NCH Software\GoldenVideos\goldenvideos.exe [2010-04-11 11:29]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore1cc205d386b3860.job
- c:\programme\Google\Update\GoogleUpdate.exe [2010-05-12 16:57]
.
2011-06-21 c:\windows\Tasks\MpIdleTask.job
- c:\programme\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 02:26]
.
2011-06-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\programme\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 02:26]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com.au/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
LSP: c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Photoshop Elements 2.0 - c:\windows\ISUN0407.EXE
AddRemove-Virtual Drive Creator_is1 - c:\programme\J. A. Associates\Virtual Drive Creator\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-21 19:29
Windows 5.1.2600 Service Pack 3 FAT NTAPI
.
Scanne versteckte Prozesse...
.
Scanne versteckte Autostarteinträge...
.
Scanne versteckte Dateien...
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'winlogon.exe'(1596)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(1652)
c:\programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll
.
- - - - - - - > 'explorer.exe'(2824)
c:\windows\system32\MSNChatHook.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\MSVCR71.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\programme\Microsoft Security Client\Antimalware\MsMpEng.exe
c:\programme\Intel\Wireless\Bin\EvtEng.exe
c:\programme\Intel\Wireless\Bin\S24EvMon.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\brss01a.exe
c:\windows\system32\CNAC3RPK.EXE
c:\acer\Empowering Technology\admServ.exe
c:\programme\Bonjour\mDNSResponder.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
c:\program files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
c:\programme\Maxtor\Sync\SyncServices.exe
c:\programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
c:\programme\Intel\Wireless\Bin\RegSrvc.exe
c:\programme\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\tcpsvcs.exe
c:\program files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\dwwin.exe
c:\programme\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2011-06-21 19:32:48 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2011-06-21 09:32
.
Vor Suchlauf: 20 Verzeichnis(se), 12,480,184,320 Bytes frei
Nach Suchlauf: 32 Verzeichnis(se), 12,801,966,080 Bytes frei
.
WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - 1543E13B0CA90D69C2E82FDB9E347893

 

[vict0r]

Hi Vict0r, there were no problems during the procedure.

Good.

We are soon finished.


Run OTL Script

We need to run another OTL Fix, this one will require a reboot of the computer.

• Double-click OTL.exe to start the program.
• Copy and Paste the following code into the
  
  textbox. Do not include the word Code
  

  :processes
  killallprocesses
  :services
  6616190D

• Then click the Run Fix button at the top.
• Click
  
  .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot. Copy and Paste that report into your next reply.

Registry Cleaners + "Tweak" Tools

I don't personally recommend the use of ANY Registry Cleaners or "Tweak" Tools. They are marketed as ways to make your machine run faster and more efficiently ...... Some will actually achieve this .... IF you know how to use them correctly.
Removing "Orphaned/Old/Obsolete" registry entries is fine ..... as long as they actually are "Orphaned/Old/Obsolete", it won't speed up your machine though.
Stopping services & setting policies can speed up your machine ..... as long as you stop & set the right ones, & even then it's debatable if you will notice the improvement.

Remove the wrong registry entry, or stop the wrong service, & not only can you slow your machine .... you could kill it !

To use a Registry Cleaner or "Tweak" tool to its full advantage, you really need to know what it is they are doing & what else the changes may affect.
In short, if you know how to use them safely ----- you don't actually need them.

Read the following for more information:
http://forums.whatthetech.com/Regcleaner_t42862.html
http://miekiemoes.blogspot.com/2008/02/registry-cleaners-and-system-tweaking_13.html

Please uninstall these programs:
Advanced SystemCare 4
Ashampoo WinOptimizer 5.05


Update Windows and Internet Explorer

Update Windows and Internet Explorer to protect your computer from malware. Please go to the windows update site to get the high-priority updates. Repeat this update process until no further high-priority updates are offered.


Upload File for testing

Copy the following line:
c:\windows\system\msvcr71.dll

Please go to jotti.org or Virustotal

Click the Browse button. A box will open, paste the filepath into the field next to File:. Click OK.
Press Submit - this will submit the file for testing, rescan the file if asked.
Please wait for all the scanners to finish then copy and paste the permalink (web address) in your next response.
Example of web address :

Repeat the online scan for this file/line:
c:\windows\system32\MSMAsk32.ocx


When finished post:

• OTL (script) log
• Links to online scans.
• A fresh DDS log (DDS.txt only)

 

[Curly]

Hi vict0r,
Thanks for the hints about the registry cleaner. It is a good point. I'm aware of the danger that they can be invasive. I used Ashampoo to find unused temporary files and internet history. It has also helped me to find out if a program was unintalled properly. I know that windows and IExplorer have cleanup tools and know where they are. I understood that the forums advise to read, understand and apply correctly. Having a past IT background not PC but IBM ES9000 VSE/ESA, i'm used to read the screen before clicking [ok] I even read the logs sent to you
"Advanced SystemCare 4" came from "MajorGeeks.com" As I downloaded Malwarebytes I was mislead by a link. I realised the mistake and never used the software. Sorry about the confusion.

msvcr71.dll and MSMAsk32.ocx was found as msvcr71.dll.vir and MSMAsk32.ocx.vir in C:\Qoobox\Quarantine\C\Windows\system and \system32
Combofix has Quarantined the files.
The scans where negative.
http://virusscan.jotti.org/en/scanr...33b9/34724615acd41d62b77eb53f5e6f997bc0501642
http://virusscan.jotti.org/en/scanresult/2f2980082f880ac48de82f7550edf95aba04faac

Do you need a full OTL scan or did you mean to send the log of the OTL fix?

========== PROCESSES ==========
All processes killed
========== SERVICES/DRIVERS ==========
Service 6616190D stopped successfully!
Service 6616190D deleted successfully!

OTL by OldTimer - Version 3.2.23.0 log created on 06222011_100605

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


.
DDS (Ver_2011-06-12.02) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Oliver Draxl at 12:33:17 on 2011-06-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.292 [GMT 10:00]
.
AV: Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Enabled/Outdated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Internet Security Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\brss01a.exe
svchost.exe
C:\WINDOWS\system32\CNAC3RPK.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\notepad.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Browser Defender\BDTUpdateService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Maxtor\Sync\SyncServices.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\PC Tools Internet Security\pctsAuxs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Microsoft Security Client\msseces.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\programme\browser defender\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\programme\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programme\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\programme\browser defender\PCTBrowserDefender.dll
uRun: [TaskSwitchXP] c:\programme\taskswitchxp\TaskSwitchXP.exe
uRun: [msnmsgr] "c:\programme\windows live\messenger\msnmsgr.exe" /background
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [ATICCC] "c:\programme\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSC] "c:\programme\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll
LSP: c:\programme\gemeinsame dateien\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717
TCP: Interfaces\{86C0E1A0-58D0-4AC3-939C-6B15B6C14CD4} : NameServer = 202.136.43.197 202.136.42.229
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-1 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-11-1 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-11-1 39200]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslba4f77f3;MpKslba4f77f3;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{a4a333ba-7129-4db5-bbd9-f4c97198d6d3}\MpKslba4f77f3.sys [2011-6-22 28752]
R1 MpKsle115d5cb;MpKsle115d5cb;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{a4a333ba-7129-4db5-bbd9-f4c97198d6d3}\MpKsle115d5cb.sys [2011-6-21 28752]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-1 159600]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\browser defender\BDTUpdateService.exe [2009-9-24 112592]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-11-1 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\pc tools internet security\pctsAuxs.exe [2009-11-1 348752]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2009-9-23 1088896]
S1 MpKsl725bfd93;MpKsl725bfd93;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{bffa42a1-c1eb-4b6b-94de-0b045c789031}\mpksl725bfd93.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{bffa42a1-c1eb-4b6b-94de-0b045c789031}\MpKsl725bfd93.sys [?]
S1 MpKsl8ce013eb;MpKsl8ce013eb;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpksl8ce013eb.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKsl8ce013eb.sys [?]
S1 MpKslc2e1cac1;MpKslc2e1cac1;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\mpkslc2e1cac1.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\MpKslc2e1cac1.sys [?]
S1 MpKslfd10626b;MpKslfd10626b;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpkslfd10626b.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKslfd10626b.sys [?]
S2 AdminSVC;GMX Browser Update;c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe --> c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe [?]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [2001-12-20 7552]
S2 Ca533av;PocketCam 3Mega, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [2010-4-10 514929]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-9-25 16512]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2009-9-26 1183744]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2005-8-24 692992]
S3 EyelineService;Eyeline Video System;c:\programme\nch software\eyeline\eyeline.exe [2009-11-5 643076]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-11-1 95656]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-1 64424]
S3 sdCoreService;PC Tools Security Service;c:\programme\pc tools internet security\pctsSvc.exe [2009-11-1 1095592]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-11-1 33056]
S3 ThreatFire;ThreatFire;c:\programme\pc tools internet security\tfengine\tfservice.exe service --> c:\programme\pc tools internet security\tfengine\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2011-06-22 00:42:41 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{a4a333ba-7129-4db5-bbd9-f4c97198d6d3}\MpKslba4f77f3.sys
2011-06-21 10:11:27 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{a4a333ba-7129-4db5-bbd9-f4c97198d6d3}\MpKsle115d5cb.sys
2011-06-21 10:10:57 6962000 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{a4a333ba-7129-4db5-bbd9-f4c97198d6d3}\mpengine.dll
2011-06-21 09:11:07 -------- d-sha-r- C:\cmdcons
2011-06-21 09:07:39 98816 ----a-w- c:\windows\sed.exe
2011-06-21 09:07:39 518144 ----a-w- c:\windows\SWREG.exe
2011-06-21 09:07:39 256512 ----a-w- c:\windows\PEV.exe
2011-06-21 09:07:39 208896 ----a-w- c:\windows\MBR.exe
2011-06-21 09:07:15 -------- d-----w- C:\ComboFix
2011-06-19 10:50:37 105472 ------w- c:\windows\system32\dllcache\mup.sys
2011-06-04 02:36:27 -------- d-----w- c:\dokumente und einstellungen\oliver draxl\anwendungsdaten\Malwarebytes
2011-06-04 02:36:17 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Malwarebytes
2011-06-04 01:56:59 -------- d-----w- c:\dokumente und einstellungen\oliver draxl\anwendungsdaten\IObit
2011-06-04 01:56:56 -------- d-----w- c:\programme\IObit
2011-06-01 13:31:59 403216 ----a-w- c:\windows\system32\msrepl35.dll
2011-06-01 13:31:59 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-06-01 13:31:59 251664 ----a-w- c:\windows\system32\msrd2x35.dll
2011-06-01 13:31:58 25600 ----a-w- c:\programme\gemeinsame dateien\microsoft shared\dao\remove.exe
2011-06-01 13:27:27 -------- d-----w- c:\programme\DevStudio
2011-06-01 06:22:19 -------- d-sh--w- c:\dokumente und einstellungen\oliver draxl\UserData
2011-05-29 11:24:51 -------- d-----r- c:\programme\Skype
2011-05-27 02:06:54 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-05-27 02:06:54 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-05-27 02:06:54 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-05-27 02:06:54 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-05-27 02:06:54 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
.
==================== Find3M ====================
.
2011-06-07 03:43:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-02 15:31:52 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 16:19:44 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-25 16:05:36 916480 ----a-w- c:\windows\system32\wininet.dll
2011-04-25 16:05:34 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-25 16:05:34 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-25 12:01:22 385024 ----a-w- c:\windows\system32\html.iec
2011-04-21 13:37:44 105472 ----a-w- c:\windows\system32\drivers\mup.sys
.
============= FINISH: 12:34:06.32 ===============

 

[vict0r]

Hi.

msvcr71.dll and MSMAsk32.ocx was found as msvcr71.dll.vir and MSMAsk32.ocx.vir in C:\Qoobox\Quarantine\C\Windows\system and \system32
Combofix has Quarantined the files.[/url]

Do you need a full OTL scan or did you mean to send the log of the OTL fix?

I'm sorry about the mistake.

You posted the correct logs.

How is the performance of this computer now?

 

[Curly]

Hello Vict0r

The performance appears to be normal. I never noticed the activity of 6616190D.exe so since the removal of msmonitor.exe it has been good.

Thank you very much for your help.

I just have a question, you may know, when I dial into the net with the Huawai wirless modem, somtimes the system does not open any programs for up to two minutes. Do you know what's happening in this time? When I want to check my emails for example Outlook and also Iexplorer does not open when requested.

 

[vict0r]

Hi.

I'm sorry for the delay...

I just have a question, you may know, when I dial into the net with the Huawai wirless modem, somtimes the system does not open any programs for up to two minutes. Do you know what's happening in this time? When I want to check my emails for example Outlook and also Iexplorer does not open when requested.

This is probably caused by compatibility issues between your USB controller drivers and the USB modem. It might help to update the chipset drivers from Acer (German version): http://www.acer.de/ac/de/DE/content/drivers



TFC (Temp File Cleaner):

• Please download TFC to your desktop,
• Save any unsaved work. TFC will close all open application windows.
• Double-click TFC.exe to run the program.
• Click the Start button in the bottom left of TFC
• If prompted, click Yes to reboot. If not prompted, then please reboot manually.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It should not take longer than a couple of minutes , and may only take a few seconds. You may not be prompted to reboot.


Uninstall ComboFix

Click on Start >> Run..., copy and paste the following line into the run box, then click OK:
ComboFix /Uninstall
Note: there's a space between "ComboFix" and "/Uninstall" and that this is the correct method to uninstall Combofix even if it is named differently.


Clean up with OTL

• Double-click OTL.exe to start the program. This will remove most of the tools we used to clean your pc.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CleanUp! button
• Say Yes to the prompt and then allow the program to reboot your computer.

Delete the following files

Please delete the following files on your desktop (if still present):

Trend Micro Diagnostic Toolkit (32bit.exe)
appremover.exe
MBRBackup.exe
MBRCheck.exe
RKUnhookerLE.exe


Java

Download and install Java Runtime Environment (JRE) 6 Update 26 (~15Mb)


Adobe

Adobe Reader is available for download from the following link: http://get.adobe.com/reader/
Please uncheck McAfee Security Scan Plus before the download!

Adobe Reader is a large program. If you prefer a smaller program you can get Foxit 5.0 instead from http://www.foxitsoftware.com/downloads/

If you decide to install Foxit 5.0, do the following during Foxit's Setup/Installation process:

Uncheck the following boxes to avoid various installations and The Foxit PDF Creator Toolbar powered by Ask:

• Install Foxit PDF Creator Toolbar
• Make Ask my browser default search provider
• Set Ask.com as my home page

Windows updates

Microsoft releases patches for Windows and Office products regularly to patch up Windows and Office products loopholes and fix any bugs found. Install the updates immediately when they are offered.

• Go to Start > Control Panel > Automatic Updates
  1. Select Automatic (recommended) radio button if you want the updates to be downloaded and installed without prompting you.
  2. Select Download updates for me, but let me choose when to install them radio button if you want the updates to be downloaded automatically but to be installed at another time.
  3. Select Notify me but don't automatically download or install them radio button if you want to be notified of the updates.

Keep your non-Microsoft applications updated as well

Microsoft isn't the only company whose products can contain security vulnerabilities, to check for other vulnerable programs running on your PC that are in need of an update, you can use the Secunia Software Inspector - I suggest that you run it and install the suggested updates at least once a week.



Consider using the following to secure your computer further

• Malwarebytes' Anti-Malware
  Install Malwarebytes Anti-Malware, update and perform a quick scan 1-2 times a week. Download from the following link: Malwarebytes Anti Malware
  
  
• Make use of the HOSTS file included with Spybot Search & Destroy
  Every version of windows includes a hosts file as part of them. A hosts file is a bit like a phone book, it points to the actual numeric address (i.e. the IP address) from the human friendly name of a website. This feature can be used to block malicious websites
  Spybot Search & Destroy has a good HOSTS file built in, to enable the HOSTS file in Spybot Search & Destroy.
  • Run Spybot Search & Destroy.
  • Click on Mode, and then place a tick next to Advanced mode.
  • Click Yes.
  • In the left hand pane of Spybot Search & Destroy, click on Tools, and then on Hosts File.
  • Click on Add Spybot-S&D hosts list.
  
  Note: On some PCs, having a custom HOSTS file installed can cause a significant slowdown. Following these instructions should resolve the issue:
  • Click Start > Run
  • Type services.msc & click OK
  • In the list, find the service called DNS Client & double click on it.
  • On the dropdown box, change the setting from automatic to manual.
  • Click OK & then close the Services window.
  
  For a more detailed explanation of the HOSTS file, click here.
  
  
• Use an alternative to Internet Explorer
  Many of the exploits are directed to users of Internet Explorer. Try using a different browser instead. I can recommend Firefox with the NoScript addon to avoid malicious scripting attacks.

It is ABSOLUTELY ESSENTIAL to keep Windows, Java, Adobe and all of your security programs up to date.


Read these articles to learn more about how to protect yourself while on the internet:

• Reducing Your Risk to Malware.
• Is It Real or is it ScareWare?

Do you have further questions related to this case?

 

[Curly]

No, I have no further questions regarding this case. The computer runs without problems now and - maybe I just imagine it - but also is faster. Thank you very much for your help with this it was great. It saved me from resetting the whole system, as I would not have found those viruses and remove them on my own. The work you and you team are doing is very valuable to us pc users who do not have the deep knowledge about how do deal with this problems. Thank you for making your skills available to us.

All the best

Oliver

 

[vict0r]

You're welcome.

Since this issue appears to be resolved ... this Topic has been closed.

Note:If it has been three days or more since your last post, and the helper assisting you posted a response to that post to which you did not reply, your topic will not be reopened. At that point, if you still require help, please start a new topic and include a fresh DDS log and a link to your previous thread.

If it has been less than three days since your last response and you need the thread re-opened, please send me or other MOD a private message (pm). A valid, working link to the closed topic is required.