dl[1].htm

[vict0r]

msmonitor was in the bin.

Can you help me understand why it was in the bin?

You forgot to post a fresh set of DDS logs as requested. Please do not attach any of the logs.

 

[Curly]

Have got no idea why it was in the bin. I didn't delete it, didn't even know it existed.

Do you need the dds logs?

 

[vict0r]

Post the logs if you want me to verify that the fix was successful.

 

[Curly]

While I had dinner the files became active and deleted all browser history. many files with funny names like: AAAssssss.sss have been created in
C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Temp
containing links.

here are the logs: Sorry about the confusion, in the last post you wrote something which made me understand not to attach the logs.

.
DDS (Ver_11-05-19.01) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Oliver Draxl at 0:41:26 on 2011-06-02
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.364 [GMT 10:00]
.
AV: Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Internet Security Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
svchost.exe
C:\WINDOWS\system32\CNAC3RPK.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Browser Defender\BDTUpdateService.exe
C:\WINDOWS\system32\cisvc.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\PC Tools Internet Security\pctsAuxs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Microsoft Security Client\msseces.exe
C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\Skype\Phone\Skype.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Programme\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
D:\Eigene Dateien\Download\spybot\dds.scr
C:\WINDOWS\system32\WSCRIPT.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\programme\browser defender\PCTBrowserDefender.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programme\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\programme\browser defender\PCTBrowserDefender.dll
uRun: [TaskSwitchXP] c:\programme\taskswitchxp\TaskSwitchXP.exe
uRun: [msnmsgr] "c:\programme\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [ATICCC] "c:\programme\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSC] "c:\programme\microsoft security client\msseces.exe" -hide -runkey
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
LSP: c:\programme\gemeinsame dateien\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717
TCP: {86C0E1A0-58D0-4AC3-939C-6B15B6C14CD4} = 202.136.43.197 202.136.42.229
Filter: text/html - {e0e86684-af80-4520-b049-326a9cb81c82} - c:\dokume~1\oliver~1\lokale~1\temp\msmonitor
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-1 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-11-1 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-11-1 39200]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslb1fa9e14;MpKslb1fa9e14;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{92d12b40-8fdf-4ad3-bb05-7b10b4c96efd}\MpKslb1fa9e14.sys [2011-6-1 28752]
R1 MpKsled1fda10;MpKsled1fda10;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{92d12b40-8fdf-4ad3-bb05-7b10b4c96efd}\MpKsled1fda10.sys [2011-6-1 28752]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-1 159600]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\browser defender\BDTUpdateService.exe [2009-9-24 112592]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-11-1 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\pc tools internet security\pctsAuxs.exe [2009-11-1 348752]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2009-9-23 1088896]
S1 MpKsl8ce013eb;MpKsl8ce013eb;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpksl8ce013eb.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKsl8ce013eb.sys [?]
S1 MpKslc2e1cac1;MpKslc2e1cac1;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\mpkslc2e1cac1.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\MpKslc2e1cac1.sys [?]
S1 MpKslfd10626b;MpKslfd10626b;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpkslfd10626b.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKslfd10626b.sys [?]
S2 AdminSVC;GMX Browser Update;c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe --> c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe [?]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [2001-12-20 7552]
S2 Ca533av;PocketCam 3Mega, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [2010-4-10 514929]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-9-25 16512]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2009-9-26 1183744]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2005-8-24 692992]
S3 EyelineService;Eyeline Video System;c:\programme\nch software\eyeline\eyeline.exe [2009-11-5 643076]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-9-23 32512]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-11-1 95656]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-1 64424]
S3 sdCoreService;PC Tools Security Service;c:\programme\pc tools internet security\pctsSvc.exe [2009-11-1 1095592]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-11-1 33056]
S3 ThreatFire;ThreatFire;c:\programme\pc tools internet security\tfengine\tfservice.exe service --> c:\programme\pc tools internet security\tfengine\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2011-06-01 13:31:59 403216 ----a-w- c:\windows\system32\msrepl35.dll
2011-06-01 13:31:59 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-06-01 13:31:59 251664 ----a-w- c:\windows\system32\msrd2x35.dll
2011-06-01 13:31:58 25600 ----a-w- c:\programme\gemeinsame dateien\microsoft shared\dao\remove.exe
2011-06-01 13:27:27 -------- d-----w- c:\programme\DevStudio
2011-06-01 12:51:35 114176 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\m23S7RaL.exe
2011-06-01 07:02:48 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{92d12b40-8fdf-4ad3-bb05-7b10b4c96efd}\MpKslb1fa9e14.sys
2011-06-01 06:46:25 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{92d12b40-8fdf-4ad3-bb05-7b10b4c96efd}\MpKsled1fda10.sys
2011-06-01 06:46:09 6962000 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{92d12b40-8fdf-4ad3-bb05-7b10b4c96efd}\mpengine.dll
2011-06-01 06:22:19 -------- d-sh--w- c:\dokumente und einstellungen\oliver draxl\UserData
2011-05-29 11:24:51 -------- d-----r- c:\programme\Skype
2011-05-27 02:06:54 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-05-27 02:06:54 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-05-27 02:06:54 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-05-27 02:06:54 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-05-27 02:06:54 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-05-21 03:57:13 -------- d-----w- c:\programme\Spybot - Search & Destroy
2011-05-21 03:57:13 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Spybot - Search & Destroy
2011-05-20 05:58:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-20 05:50:53 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Skype Extras
.
==================== Find3M ====================
.
2011-03-07 05:33:46 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:36:22 420864 ----a-w- c:\windows\system32\vbscript.dll
.
============= FINISH: 0:42:12.23 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-05-19.01)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 23/09/2009 6:23:18 PM
System Uptime: 1/06/2011 5:02:02 PM (7 hours ago)
.
Motherboard: Acer, Inc. | | Bodensee
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U2E1 | 1666/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 35 GiB total, 12.178 GiB free.
D: is FIXED (FAT32) - 36 GiB total, 7.794 GiB free.
E: is CDROM (CDFS)
F: is FIXED (NTFS) - 466 GiB total, 137.787 GiB free.
G: is CDROM (CDFS)
H: is Removable
I: is Removable
J: is FIXED (NTFS) - 298 GiB total, 129.48 GiB free.
K: is Removable
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Description: Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller
Device ID: PCI\VEN_104C&DEV_803A&SUBSYS_00941025&REV_00\4&6B16D5B&0&49F0
Manufacturer: Texas Instruments
Name: Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller
PNP Device ID: PCI\VEN_104C&DEV_803A&SUBSYS_00941025&REV_00\4&6B16D5B&0&49F0
Service: ohci1394
.
==== System Restore Points ===================
.
RP141: 4/09/2010 11:12:29 AM - Software Distribution Service 3.0
RP142: 10/09/2010 12:31:12 PM - Druckertreiber Canon PIXMA iP3000 installiert
RP143: 10/09/2010 3:28:09 PM - Installation eines unsignierten Treibers
RP144: 20/09/2010 8:19:09 AM - Software Distribution Service 3.0
RP145: 23/09/2010 9:21:52 PM - Software Distribution Service 3.0
RP146: 30/09/2010 6:24:24 PM - Software Distribution Service 3.0
RP147: 2/10/2010 7:40:58 PM - Software Distribution Service 3.0
RP148: 14/10/2010 3:00:30 AM - Software Distribution Service 3.0
RP149: 14/10/2010 4:04:58 AM - Software Distribution Service 3.0
RP150: 15/10/2010 5:44:32 PM - Software Distribution Service 3.0
RP151: 18/10/2010 8:56:17 AM - Software Distribution Service 3.0
RP152: 10/11/2010 9:44:00 PM - Software Distribution Service 3.0
RP153: 26/11/2010 8:21:07 PM - Removed Apple Mobile Device Support
RP154: 26/11/2010 8:21:52 PM - Removed Apple Software Update
RP155: 27/11/2010 12:41:22 PM - Installed Active Wall
RP156: 4/01/2011 8:19:50 PM - Software Distribution Service 3.0
RP157: 5/01/2011 8:01:54 AM - Software Distribution Service 3.0
RP158: 25/01/2011 11:23:45 PM - Software Distribution Service 3.0
RP159: 10/02/2011 6:25:12 PM - Removed Active Wall
RP160: 10/02/2011 6:58:12 PM - Software Distribution Service 3.0
RP161: 10/02/2011 8:36:16 PM - Software Distribution Service 3.0
RP162: 28/02/2011 8:59:07 AM - Software Distribution Service 3.0
RP163: 1/03/2011 9:06:35 AM - Software Distribution Service 3.0
RP164: 17/03/2011 8:04:32 AM - Software Distribution Service 3.0
RP165: 25/03/2011 5:56:20 PM - Software Distribution Service 3.0
RP166: 25/03/2011 5:58:54 PM - Software Distribution Service 3.0
RP167: 1/06/2005 12:09:05 AM - Installation eines unsignierten Treibers
RP168: 16/04/2011 10:46:01 AM - Software Distribution Service 3.0
RP169: 16/04/2011 12:49:29 PM - Software Distribution Service 3.0
RP170: 16/04/2011 5:08:19 PM - Software Distribution Service 3.0
RP171: 18/04/2011 3:26:14 PM - Removed Brother MFL-Pro Suite
RP172: 21/04/2011 9:30:09 PM - Software Distribution Service 3.0
RP173: 22/04/2011 5:16:20 PM - Installed Trend Micro Internet Security
RP174: 22/04/2011 7:06:14 PM - Software Distribution Service 3.0
RP175: 28/04/2011 7:27:07 PM - Software Distribution Service 3.0
RP176: 28/04/2011 7:43:22 PM - Software Distribution Service 3.0
RP177: 1/05/2011 8:39:47 PM - Software Distribution Service 3.0
RP178: 3/05/2011 2:34:05 PM - Software Distribution Service 3.0
RP179: 5/05/2011 5:54:06 PM - Software Distribution Service 3.0
RP180: 10/05/2011 5:42:58 PM - Software Distribution Service 3.0
RP181: 11/05/2011 11:09:05 AM - Software Distribution Service 3.0
RP182: 20/05/2011 3:28:32 PM - Software Distribution Service 3.0
RP183: 21/05/2011 3:45:37 PM - Software Distribution Service 3.0
RP184: 22/05/2011 8:35:53 AM - Removed OpenOffice.org Installer 1.0
RP185: 24/05/2011 8:32:15 AM - Software Distribution Service 3.0
RP186: 25/05/2011 11:48:39 PM - Software Distribution Service 3.0
RP187: 28/05/2011 9:05:09 AM - Removed Java(TM) 6 Update 11
RP188: 28/05/2011 9:06:12 AM - Removed Java(TM) 6 Update 11
RP189: 28/05/2011 9:31:09 AM - Removed Adobe Reader 9.4.4.
RP190: 29/05/2011 9:15:42 AM - Installation eines unsignierten Treibers
RP191: 29/05/2011 9:22:27 PM - Removed Skype™ 5.3
RP192: 29/05/2011 9:23:55 PM - Removed Skype Toolbars
RP193: 29/05/2011 9:24:43 PM - Installed Skype™ 5.3
RP194: 29/05/2011 9:28:43 PM - Installed Skype Toolbars
RP195: 31/05/2011 7:03:50 PM - Removed Skype™ 5.3
RP196: 31/05/2011 7:04:42 PM - Installed Skype™ 5.1
RP197: 31/05/2011 7:10:37 PM - Removed Skype™ 5.1
RP198: 31/05/2011 7:11:51 PM - Removed Skype Toolbars
RP199: 31/05/2011 7:17:50 PM - Installed Skype™ 4.2
RP200: 31/05/2011 8:09:06 PM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acer Arcade
Acer eDataSecurity Management
Acer eDataSecurity Management 1.00.23
Acer eLock Management
Acer Empowering Technology framework
Acer eNet Management
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer OrbiCam-Software
Acer OrbiCam-Treiber
Acer Screensaver
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0
Adobe Photoshop Elements 2.0
Adobe Shockwave Player 11.5
Apple Application Support
Ashampoo Burning Studio 2009
Ashampoo UnInstaller 3.12
Ashampoo WinOptimizer 5.05
ATI - Dienstprogramm zur Deinstallation der Software
ATI Catalyst Control Center
ATI Display Driver
Audiograbber 1.83 SE
AVerMedia E501 CardBus Analog 3.5.0.69
AVerMedia MCE Encoder 3.2.1.62
AVerTV
AVIConverter CHN-EN Package
Bonjour
Browser Defender 2.0.6.15
CamStudio
Canon iP4500 series
Canon iP4800 series Printer Driver
Canon LBP5200
Canon PIXMA iP3000
Chinese Simplified Fonts Support For Adobe Reader 9
CoCreate Modeling Personal Edition 2.0
Compatibility Pack for the 2007 Office system
Data Access Objects (DAO) 3.5
Debut Video Capture Software
Dexster V2.0
DivX Codec
Dodo Wireless Broadband
e-tax 2010
EPSON Printer Software
EPSON Scan
ERUNT 1.1j
ESCX5700F User's Guide
ExpressPCB
Eyeline Video System
Food Additives 1.0
GMX IE7 Browser Update
Golden Videos
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Handbrake 0.9.4
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB2158563)
Hotfix für Windows XP (KB2443685)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix für Windows XP (KB981793)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Image Comparer v3.0 Free for PC User Readers
Intel(R) PROSet/Wireless Software
iTunes
K-Lite Codec Pack 6.2.0 (Full)
Launch Manager
Maxtor Manager
mCore
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office XP Professional mit FrontPage
Microsoft PhotoDraw 2000
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 5.0
Microsoft Windows Media Video 9 VCM
Mindful Clock
mMHouse
MP3 Repair Tool v1.5.2
mPfMgr
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Remote Controller
mWlsSafe
mXML
MyScript Notes Basic Edition
Natural Biorhythms version 3.04
Nitro PDF Professional
Nokia Connectivity Adapter Cable DKU-5
NTI CD & DVD-Maker
Organic Art, Microsoft Edition
PaperPort
PC Tools Internet Security 2009
PowerCam 2.0 Megapixel
PowerProducer
Prism Video Converter
QuickTime
Realtek High Definition Audio Driver
Recuva
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Serif PanoramaPlus 1
Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381)
Sicherheitsupdate für Windows Media Player (KB2378111)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB975558)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows XP (KB2079403)
Sicherheitsupdate für Windows XP (KB2115168)
Sicherheitsupdate für Windows XP (KB2121546)
Sicherheitsupdate für Windows XP (KB2160329)
Sicherheitsupdate für Windows XP (KB2229593)
Sicherheitsupdate für Windows XP (KB2259922)
Sicherheitsupdate für Windows XP (KB2279986)
Sicherheitsupdate für Windows XP (KB2286198)
Sicherheitsupdate für Windows XP (KB2296011)
Sicherheitsupdate für Windows XP (KB2296199)
Sicherheitsupdate für Windows XP (KB2347290)
Sicherheitsupdate für Windows XP (KB2360937)
Sicherheitsupdate für Windows XP (KB2387149)
Sicherheitsupdate für Windows XP (KB2393802)
Sicherheitsupdate für Windows XP (KB2412687)
Sicherheitsupdate für Windows XP (KB2419632)
Sicherheitsupdate für Windows XP (KB2423089)
Sicherheitsupdate für Windows XP (KB2436673)
Sicherheitsupdate für Windows XP (KB2440591)
Sicherheitsupdate für Windows XP (KB2443105)
Sicherheitsupdate für Windows XP (KB2476687)
Sicherheitsupdate für Windows XP (KB2478960)
Sicherheitsupdate für Windows XP (KB2478971)
Sicherheitsupdate für Windows XP (KB2479628)
Sicherheitsupdate für Windows XP (KB2479943)
Sicherheitsupdate für Windows XP (KB2481109)
Sicherheitsupdate für Windows XP (KB2483185)
Sicherheitsupdate für Windows XP (KB2485376)
Sicherheitsupdate für Windows XP (KB2485663)
Sicherheitsupdate für Windows XP (KB2491683)
Sicherheitsupdate für Windows XP (KB2503658)
Sicherheitsupdate für Windows XP (KB2506212)
Sicherheitsupdate für Windows XP (KB2506223)
Sicherheitsupdate für Windows XP (KB2507618)
Sicherheitsupdate für Windows XP (KB2508272)
Sicherheitsupdate für Windows XP (KB2508429)
Sicherheitsupdate für Windows XP (KB2509553)
Sicherheitsupdate für Windows XP (KB2511455)
Sicherheitsupdate für Windows XP (KB2524375)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464-v2)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371-v2)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB971961)
Sicherheitsupdate für Windows XP (KB972260)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975562)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977816)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978338)
Sicherheitsupdate für Windows XP (KB978542)
Sicherheitsupdate für Windows XP (KB978601)
Sicherheitsupdate für Windows XP (KB978706)
Sicherheitsupdate für Windows XP (KB979309)
Sicherheitsupdate für Windows XP (KB979482)
Sicherheitsupdate für Windows XP (KB979559)
Sicherheitsupdate für Windows XP (KB979683)
Sicherheitsupdate für Windows XP (KB979687)
Sicherheitsupdate für Windows XP (KB980195)
Sicherheitsupdate für Windows XP (KB980218)
Sicherheitsupdate für Windows XP (KB980232)
Sicherheitsupdate für Windows XP (KB980436)
Sicherheitsupdate für Windows XP (KB981322)
Sicherheitsupdate für Windows XP (KB981852)
Sicherheitsupdate für Windows XP (KB981957)
Sicherheitsupdate für Windows XP (KB981997)
Sicherheitsupdate für Windows XP (KB982132)
Sicherheitsupdate für Windows XP (KB982214)
Sicherheitsupdate für Windows XP (KB982665)
Sicherheitsupdate für Windows XP (KB982802)
Skype™ 5.3
SMSC CIR HID V5.3.2600.2
SpamBayes 1.0.4
StreamTransport version: 1.0.2.2171
Switch Sound File Converter
Synaptics Pointing Device Driver
T39 USB-Handset Manager
TaskSwitchXP
Texas Instruments PCIxx21/x515 drivers.
TIxx21
Uninstall Startup Inspector
UnzipThemAll 1.3
Update für Microsoft Windows (KB971513)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows Internet Explorer 8 (KB980182)
Update für Windows XP (KB2141007)
Update für Windows XP (KB2345886)
Update für Windows XP (KB2467659)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB961503)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971029)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoPad Video Editor
Virtual Drive Creator V3.0.1
WebFldrs XP
WikidPad 1.8final
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools
Windows XP Service Pack 3
Xara XS
Zoner 3D Photo Maker
.
==== End Of File ===========================


Thanks

 

[vict0r]

Hi.

Please do not uninstall/install any programs, run any scans other than those requested or use any tools unless asked to.

Doing the above will cause confusion/complicate the process and will slow down the process of cleaning the computer.

Important!: Run all tools/scans/fixes once and once only. If problems, then post back with a description of the problem. The exact wording of any error messages will be helpful.


MBRBackup


Download MBRBackup to your Desktop.

• Double-click MBRBackup.exe to launch the program.
• Click SaveMBR (top left corner) and save the backup file to your Desktop.
• It will have a name similar to MBR_2010-10-06.bin where the numbers correspond to the date the backup was made.
• Exit the program.
• I strongly suggest you keep a copy of this backup stored on an external device.

TDSSKiller

• 
  Please download TDSSKiller.exe and save it to your Desktop.
• Double click on TDSSKiller.exe to launch it.
• Click on Start Scan, the scan will run.
• A box will appear saying System scan completed.
• If any Malicious objects are found, click the default action Cure > Continue > Reboot now.
• If any suspicious objects are detected the default action will be Skip, ensure Skip is selected then click Continue.
• A log file should be created on your C: drive named something like TDSSKiller.2.4.0.0 24.07.2010.
• To find the log click Start > Computer > C:.
• Please post the contents of that log in your next reply.

Backup the Registry

Using tools that are modifying the Registry can create unforeseen problems, so it's always wise to create a backup before doing so.

Please navigate to Start >> All Programs >> ERUNT >> ERUNT.

• Click on OK within the pop-up menu.
• In the next menu under C:\WINDOWS\ERDNT\DD-MM-YYYY under Backup options make sure both the following are selected:
• System registry
• Current user registry
• Next click on OK
• When the Question pop-up appears click on Yes
• After a short duration the Registry backup is complete! popup will appear
• Now click on OK. A backup has been created.

Run OTL Script

We need to run another OTL Fix, this one will require a reboot of the computer.

• Double-click OTL.exe to start the program.
• Copy and Paste the following code into the
  
  textbox. Do not include the word Code
  

  :processes
  killallprocesses
  :reg
  [-HKEY_CURRENT_USER\Software\Classes\PROTOCOLS\Filter\text/html]
  :files
  c:\dokume~1\oliver~1\lokale~1\temp\msmonitor
  c:\dokumente und einstellungen\all users\anwendungsdaten\m23S7RaL.exe

• Then click the Run Fix button at the top.
• Click
  
  .
• OTL may ask to reboot the machine. Please do so if asked.
• The report should appear in Notepad after the reboot.Copy and Paste that report into your next reply.

When finished post:

• TDSSKiller log
• OTL (script) log
• A fresh DDS log (DDS.txt only)

 

[Curly]

Hi Vict0r

Here hare the log files. The Virus was so persistent in doing its "thing" that I decided to delete the files: m23S7RaL.exe, dl[1].htm, dl[1].swf, msmonitor manually yesterday and deleted all entries related to this file-names of in the registry because I needed to use the computer. I didn't use any other removal tools as those you have advised me to and the last kit you gave me I did only once. I hope all is ok.



2011/06/03 13:05:27.0515 1304 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/03 13:05:29.0546 1304 ================================================================================
2011/06/03 13:05:29.0546 1304 SystemInfo:
2011/06/03 13:05:29.0546 1304
2011/06/03 13:05:29.0546 1304 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/03 13:05:29.0546 1304 Product type: Workstation
2011/06/03 13:05:29.0546 1304 ComputerName: ACER-2CDC76420C
2011/06/03 13:05:29.0546 1304 UserName: Oliver Draxl
2011/06/03 13:05:29.0546 1304 Windows directory: C:\WINDOWS
2011/06/03 13:05:29.0546 1304 System windows directory: C:\WINDOWS
2011/06/03 13:05:29.0546 1304 Processor architecture: Intel x86
2011/06/03 13:05:29.0546 1304 Number of processors: 2
2011/06/03 13:05:29.0546 1304 Page size: 0x1000
2011/06/03 13:05:29.0546 1304 Boot type: Normal boot
2011/06/03 13:05:29.0546 1304 ================================================================================
2011/06/03 13:05:32.0609 1304 Initialize success
2011/06/03 13:05:47.0875 4252 ================================================================================
2011/06/03 13:05:47.0875 4252 Scan started
2011/06/03 13:05:47.0875 4252 Mode: Manual;
2011/06/03 13:05:47.0875 4252 ================================================================================
2011/06/03 13:05:49.0218 4252 abp480n5 (6abb91494fe6c59089b9336452ab2ea3) C:\WINDOWS\system32\DRIVERS\ABP480N5.SYS
2011/06/03 13:05:49.0296 4252 ACPI (ac407f1a62c3a300b4f2b5a9f1d55b2c) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/03 13:05:49.0359 4252 ACPIEC (9e1ca3160dafb159ca14f83b1e317f75) C:\WINDOWS\system32\DRIVERS\ACPIEC.sys
2011/06/03 13:05:49.0546 4252 adpu160m (9a11864873da202c996558b2106b0bbc) C:\WINDOWS\system32\DRIVERS\adpu160m.sys
2011/06/03 13:05:49.0671 4252 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/03 13:05:49.0843 4252 AegisP (12dafd934641dcf61e446313bc261ec2) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/03 13:05:50.0078 4252 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/03 13:05:50.0218 4252 agp440 (08fd04aa961bdc77fb983f328334e3d7) C:\WINDOWS\system32\DRIVERS\agp440.sys
2011/06/03 13:05:50.0343 4252 agpCPQ (03a7e0922acfe1b07d5db2eeb0773063) C:\WINDOWS\system32\DRIVERS\agpCPQ.sys
2011/06/03 13:05:50.0500 4252 Aha154x (c23ea9b5f46c7f7910db3eab648ff013) C:\WINDOWS\system32\DRIVERS\aha154x.sys
2011/06/03 13:05:50.0640 4252 aic78u2 (19dd0fb48b0c18892f70e2e7d61a1529) C:\WINDOWS\system32\DRIVERS\aic78u2.sys
2011/06/03 13:05:50.0796 4252 aic78xx (b7fe594a7468aa0132deb03fb8e34326) C:\WINDOWS\system32\DRIVERS\aic78xx.sys
2011/06/03 13:05:50.0890 4252 AliIde (1140ab9938809700b46bb88e46d72a96) C:\WINDOWS\system32\DRIVERS\aliide.sys
2011/06/03 13:05:51.0031 4252 alim1541 (cb08aed0de2dd889a8a820cd8082d83c) C:\WINDOWS\system32\DRIVERS\alim1541.sys
2011/06/03 13:05:51.0156 4252 amdagp (95b4fb835e28aa1336ceeb07fd5b9398) C:\WINDOWS\system32\DRIVERS\amdagp.sys
2011/06/03 13:05:51.0328 4252 amsint (79f5add8d24bd6893f2903a3e2f3fad6) C:\WINDOWS\system32\DRIVERS\amsint.sys
2011/06/03 13:05:51.0421 4252 Arp1394 (b5b8a80875c1dededa8b02765642c32f) C:\WINDOWS\system32\DRIVERS\arp1394.sys
2011/06/03 13:05:51.0593 4252 asc (62d318e9a0c8fc9b780008e724283707) C:\WINDOWS\system32\DRIVERS\asc.sys
2011/06/03 13:05:51.0765 4252 asc3350p (69eb0cc7714b32896ccbfd5edcbea447) C:\WINDOWS\system32\DRIVERS\asc3350p.sys
2011/06/03 13:05:51.0937 4252 asc3550 (5d8de112aa0254b907861e9e9c31d597) C:\WINDOWS\system32\DRIVERS\asc3550.sys
2011/06/03 13:05:52.0109 4252 ASPI (54ab078660e536da72b21a27f56b035b) C:\WINDOWS\System32\DRIVERS\ASPI32.sys
2011/06/03 13:05:52.0203 4252 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/03 13:05:52.0281 4252 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/03 13:05:52.0671 4252 ati2mtag (d81980c64543ba5c39dd2a92dc1d2daf) C:\WINDOWS\system32\DRIVERS\ati2mtag.sys
2011/06/03 13:05:53.0031 4252 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/03 13:05:53.0203 4252 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/03 13:05:53.0406 4252 AVerBDA3x (1dcee9bf401a3bbd746dc018b63e32fc) C:\WINDOWS\system32\DRIVERS\AVerBDA3x.sys
2011/06/03 13:05:53.0656 4252 AVerM115 (118804bbfddf42c45db3c3d410f6a256) C:\WINDOWS\system32\DRIVERS\AVerM115.sys
2011/06/03 13:05:53.0859 4252 b57w2k (48bf91cffbcdd12a710207f2a08fec4d) C:\WINDOWS\system32\DRIVERS\b57xp32.sys
2011/06/03 13:05:53.0968 4252 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/03 13:05:54.0156 4252 BrScnUsb (6cf3aed19c2185c60de2ae50ee37a342) C:\WINDOWS\system32\Drivers\BrScnUsb.sys
2011/06/03 13:05:54.0328 4252 BulkUsb (16a5df6e8f9275410cf7ebe2bc12e5fe) C:\WINDOWS\system32\Drivers\usbprn.sys
2011/06/03 13:05:54.0515 4252 Ca533av (cb767b4677e95ab30c9634acc7e8539d) C:\WINDOWS\system32\Drivers\Ca533av.sys
2011/06/03 13:05:54.0718 4252 cbidf (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\DRIVERS\cbidf2k.sys
2011/06/03 13:05:54.0859 4252 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/03 13:05:55.0125 4252 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/03 13:05:55.0281 4252 cd20xrnt (f3ec03299634490e97bbce94cd2954c7) C:\WINDOWS\system32\DRIVERS\cd20xrnt.sys
2011/06/03 13:05:55.0343 4252 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/03 13:05:55.0593 4252 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/03 13:05:55.0843 4252 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/03 13:05:56.0328 4252 CmBatt (0f6c187d38d98f8df904589a5f94d411) C:\WINDOWS\system32\DRIVERS\CmBatt.sys
2011/06/03 13:05:56.0468 4252 CmdIde (c687f81290303d90099b027a6474f99f) C:\WINDOWS\system32\DRIVERS\cmdide.sys
2011/06/03 13:05:56.0640 4252 cnmpar21 (e4bb71f1b2606d79f1687151ff0c629d) C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmpar21.sys
2011/06/03 13:05:56.0953 4252 Compbatt (6e4c9f21f0fae8940661144f41b13203) C:\WINDOWS\system32\DRIVERS\compbatt.sys
2011/06/03 13:05:57.0109 4252 Cpqarray (3ee529119eed34cd212a215e8c40d4b6) C:\WINDOWS\system32\DRIVERS\cpqarray.sys
2011/06/03 13:05:57.0281 4252 dac2w2k (e550e7418984b65a78299d248f0a7f36) C:\WINDOWS\system32\DRIVERS\dac2w2k.sys
2011/06/03 13:05:57.0453 4252 dac960nt (683789caa3864eb46125ae86ff677d34) C:\WINDOWS\system32\DRIVERS\dac960nt.sys
2011/06/03 13:05:57.0687 4252 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/03 13:05:57.0890 4252 DKbFltr (08d30af92c270f2e76787c81589dbad6) C:\WINDOWS\system32\DRIVERS\DKbFltr.sys
2011/06/03 13:05:58.0187 4252 dmboot (0dcfc8395a99fecbb1ef771cec7fe4ea) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/03 13:05:58.0468 4252 dmio (53720ab12b48719d00e327da470a619a) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/03 13:05:58.0531 4252 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/03 13:05:58.0796 4252 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/03 13:05:58.0984 4252 dpti2o (40f3b93b4e5b0126f2f5c0a7a5e22660) C:\WINDOWS\system32\DRIVERS\dpti2o.sys
2011/06/03 13:05:59.0218 4252 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/03 13:05:59.0390 4252 EpmPsd (d68564fcfbdfc04280cdbbb37cf7ef7f) C:\WINDOWS\system32\drivers\epm-psd.sys
2011/06/03 13:05:59.0546 4252 EpmShd (50425cbd80468bf53ba90f0d7cc61805) C:\WINDOWS\system32\drivers\epm-shd.sys
2011/06/03 13:05:59.0812 4252 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/03 13:06:00.0062 4252 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\drivers\Fdc.sys
2011/06/03 13:06:00.0312 4252 Fips (b0678a548587c5f1967b0d70bacad6c1) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/03 13:06:00.0562 4252 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\drivers\Flpydisk.sys
2011/06/03 13:06:00.0671 4252 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/03 13:06:00.0750 4252 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/03 13:06:00.0859 4252 Ftdisk (8f1955ce42e1484714b542f341647778) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/03 13:06:01.0078 4252 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys
2011/06/03 13:06:01.0328 4252 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/03 13:06:01.0437 4252 HDAudBus (573c7d0a32852b48f3058cfd8026f511) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/06/03 13:06:01.0656 4252 HidUsb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/03 13:06:01.0843 4252 hpn (b028377dea0546a5fcfba928a8aefae0) C:\WINDOWS\system32\DRIVERS\hpn.sys
2011/06/03 13:06:02.0031 4252 HSFHWAZL (a30d7011c1b80a0bc16602d99218d522) C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys
2011/06/03 13:06:02.0250 4252 HSF_DPV (5a5a7721d9c62d77fc0faba9b2cf5be9) C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys
2011/06/03 13:06:02.0500 4252 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/03 13:06:02.0625 4252 hwdatacard (07853191b1bdee5b39be4cfcfe3b9ad4) C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys
2011/06/03 13:06:02.0875 4252 i2omgmt (9368670bd426ebea5e8b18a62416ec28) C:\WINDOWS\system32\drivers\i2omgmt.sys
2011/06/03 13:06:03.0093 4252 i2omp (f10863bf1ccc290babd1a09188ae49e0) C:\WINDOWS\system32\DRIVERS\i2omp.sys
2011/06/03 13:06:03.0343 4252 i8042prt (e283b97cfbeb86c1d86baed5f7846a92) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/03 13:06:03.0593 4252 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/03 13:06:03.0781 4252 ini910u (4a40e045faee58631fd8d91afc620719) C:\WINDOWS\system32\DRIVERS\ini910u.sys
2011/06/03 13:06:04.0125 4252 IntcAzAudAddService (4078d4795e394bf2adbed6fcc9827f78) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/06/03 13:06:04.0546 4252 IntelIde (69c4e3c9e67a1f103b94e14fdd5f3213) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/03 13:06:04.0625 4252 intelppm (4c7d2750158ed6e7ad642d97bffae351) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/03 13:06:04.0750 4252 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/03 13:06:04.0843 4252 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/03 13:06:05.0078 4252 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/03 13:06:05.0328 4252 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/03 13:06:05.0562 4252 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/03 13:06:05.0812 4252 irda (aca5e7b54409f9cb5eed97ed0c81120e) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/06/03 13:06:06.0046 4252 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/03 13:06:06.0296 4252 isapnp (6dfb88f64135c525433e87648bda30de) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/03 13:06:06.0515 4252 Kbdclass (1704d8c4c8807b889e43c649b478a452) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/03 13:06:06.0750 4252 kbdhid (b6d6c117d771c98130497265f26d1882) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/03 13:06:06.0968 4252 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/03 13:06:07.0093 4252 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/03 13:06:07.0562 4252 lv321av (8e983f827edab91baa424977c6efddee) C:\WINDOWS\system32\Drivers\lv321av.sys
2011/06/03 13:06:07.0968 4252 lvmvdrv (5492f579ad7bf7dd61be35ad18ff0ad7) C:\WINDOWS\system32\drivers\lvmvdrv.sys
2011/06/03 13:06:08.0312 4252 LVPrcMon (d8cf31431aa398c1d79931203a75332f) C:\WINDOWS\system32\drivers\LVPrcMon.sys
2011/06/03 13:06:08.0515 4252 LVUSBSta (2a3a8361192de05de7d51d1f04f58b28) C:\WINDOWS\system32\drivers\lvusbsta.sys
2011/06/03 13:06:08.0703 4252 mdmxsdk (e246a32c445056996074a397da56e815) C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys
2011/06/03 13:06:08.0781 4252 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/03 13:06:09.0015 4252 Modem (6fb74ebd4ec57a6f1781de3852cc3362) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/03 13:06:09.0218 4252 Mouclass (b24ce8005deab254c0251e15cb71d802) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/03 13:06:09.0375 4252 mouhid (66a6f73c74e1791464160a7065ce711a) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/03 13:06:09.0609 4252 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/03 13:06:09.0875 4252 MPE (c0f8e0c2c3c0437cf37c6781896dc3ec) C:\WINDOWS\system32\DRIVERS\MPE.sys
2011/06/03 13:06:10.0093 4252 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/03 13:06:10.0265 4252 MpKsl2ec5b30a (5f53edfead46fa7adb78eee9ecce8fdf) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{92D12B40-8FDF-4AD3-BB05-7B10B4C96EFD}\MpKsl2ec5b30a.sys
2011/06/03 13:06:10.0421 4252 MpKslcd8807d1 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{92D12B40-8FDF-4AD3-BB05-7B10B4C96EFD}\MpKslcd8807d1.sys
2011/06/03 13:06:10.0656 4252 mraid35x (3f4bb95e5a44f3be34824e8e7caf0737) C:\WINDOWS\system32\DRIVERS\mraid35x.sys
2011/06/03 13:06:10.0890 4252 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/03 13:06:11.0046 4252 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/03 13:06:11.0312 4252 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/03 13:06:11.0578 4252 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/03 13:06:11.0828 4252 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/03 13:06:12.0062 4252 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/03 13:06:12.0156 4252 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/03 13:06:12.0406 4252 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/03 13:06:12.0640 4252 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/03 13:06:12.0828 4252 MXOPSWD (216ac775320f64de28cfeb7c179c4ff9) C:\WINDOWS\system32\DRIVERS\mxopswd.sys
2011/06/03 13:06:13.0046 4252 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/03 13:06:13.0312 4252 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/03 13:06:13.0515 4252 NdisFilt (1f76996253071cbae0a5ab5d8551ef88) C:\WINDOWS\system32\Drivers\NdisFilt.sys
2011/06/03 13:06:13.0750 4252 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/03 13:06:13.0984 4252 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/03 13:06:14.0203 4252 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/03 13:06:14.0421 4252 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/03 13:06:14.0640 4252 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/03 13:06:14.0890 4252 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/03 13:06:15.0125 4252 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/03 13:06:15.0375 4252 NETMNT (6a25f27202f3122a44a6b74ee46e7a76) C:\WINDOWS\system32\DRIVERS\NETMNT.sys
2011/06/03 13:06:15.0609 4252 NIC1394 (e9e47cfb2d461fa0fc75b7a74c6383ea) C:\WINDOWS\system32\DRIVERS\nic1394.sys
2011/06/03 13:06:15.0828 4252 NPF (d21fee8db254ba762656878168ac1db6) C:\WINDOWS\system32\drivers\npf.sys
2011/06/03 13:06:16.0046 4252 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/03 13:06:16.0343 4252 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/03 13:06:16.0593 4252 NTIDrvr (7f1c1f78d709c4a54cbb46ede7e0b48d) C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys
2011/06/03 13:06:16.0656 4252 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/03 13:06:16.0734 4252 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/03 13:06:16.0781 4252 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/03 13:06:17.0015 4252 ohci1394 (ca33832df41afb202ee7aeb05145922f) C:\WINDOWS\system32\DRIVERS\ohci1394.sys
2011/06/03 13:06:17.0265 4252 OsaFsLoc (26c4a4b64d1dd8e6fdfb2f4897be029c) C:\WINDOWS\system32\drivers\OsaFsLoc.sys
2011/06/03 13:06:17.0500 4252 osaio (9d1177c2a8de936b33d85ff75e8cbf1a) C:\WINDOWS\system32\drivers\osaio.sys
2011/06/03 13:06:17.0671 4252 osanbm (3245bee5176697faf0744a2e1288dc77) C:\WINDOWS\system32\drivers\osanbm.sys
2011/06/03 13:06:17.0937 4252 Parport (f84785660305b9b903fb3bca8ba29837) C:\WINDOWS\system32\drivers\Parport.sys
2011/06/03 13:06:18.0203 4252 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/03 13:06:18.0265 4252 ParVdm (c2bf987829099a3eaa2ca6a0a90ecb4f) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/03 13:06:18.0484 4252 PCI (387e8dedc343aa2d1efbc30580273acd) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/03 13:06:18.0875 4252 PCIIde (59ba86d9a61cbcf4df8e598c331f5b82) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/06/03 13:06:19.0078 4252 Pcmcia (a2a966b77d61847d61a3051df87c8c97) C:\WINDOWS\system32\DRIVERS\pcmcia.sys
2011/06/03 13:06:19.0328 4252 PCTAppEvent (3379e7a840de135fb7a829e03bc9cc25) C:\WINDOWS\system32\drivers\PCTAppEvent.sys
2011/06/03 13:06:19.0531 4252 PCTCore (aa9cfa67850893fbb168b9c4e4c86952) C:\WINDOWS\system32\drivers\PCTCore.sys
2011/06/03 13:06:19.0718 4252 pctgntdi (bf770a5817fa8fba1402b2286a7f394c) C:\WINDOWS\system32\drivers\pctgntdi.sys
2011/06/03 13:06:19.0921 4252 pctplfw (debf0e70586507333f34c71d80f22194) C:\WINDOWS\system32\drivers\pctplfw.sys
2011/06/03 13:06:20.0109 4252 pctplsg (617f028b9f8e5336a9b46944fa2a44d8) C:\WINDOWS\system32\drivers\pctplsg.sys
2011/06/03 13:06:21.0218 4252 perc2 (6c14b9c19ba84f73d3a86dba11133101) C:\WINDOWS\system32\DRIVERS\perc2.sys
2011/06/03 13:06:21.0375 4252 perc2hib (f50f7c27f131afe7beba13e14a3b9416) C:\WINDOWS\system32\DRIVERS\perc2hib.sys
2011/06/03 13:06:21.0609 4252 pfc (e5ac9f8c128b597dd7919af96b84172e) C:\WINDOWS\system32\drivers\pfc.sys
2011/06/03 13:06:21.0843 4252 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/03 13:06:22.0078 4252 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/03 13:06:22.0140 4252 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/03 13:06:22.0296 4252 ql1080 (0a63fb54039eb5662433caba3b26dba7) C:\WINDOWS\system32\DRIVERS\ql1080.sys
2011/06/03 13:06:22.0453 4252 Ql10wnt (6503449e1d43a0ff0201ad5cb1b8c706) C:\WINDOWS\system32\DRIVERS\ql10wnt.sys
2011/06/03 13:06:22.0625 4252 ql12160 (156ed0ef20c15114ca097a34a30d8a01) C:\WINDOWS\system32\DRIVERS\ql12160.sys
2011/06/03 13:06:22.0781 4252 ql1240 (70f016bebde6d29e864c1230a07cc5e6) C:\WINDOWS\system32\DRIVERS\ql1240.sys
2011/06/03 13:06:22.0953 4252 ql1280 (907f0aeea6bc451011611e732bd31fcf) C:\WINDOWS\system32\DRIVERS\ql1280.sys
2011/06/03 13:06:23.0015 4252 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/03 13:06:23.0187 4252 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/06/03 13:06:23.0390 4252 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/03 13:06:23.0625 4252 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/03 13:06:23.0671 4252 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/03 13:06:23.0906 4252 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/03 13:06:24.0000 4252 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/03 13:06:24.0265 4252 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/03 13:06:24.0500 4252 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/03 13:06:24.0796 4252 redbook (ed761d453856f795a7fe056e42c36365) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/03 13:06:24.0906 4252 ROOTMODEM (d8b0b4ade32574b2d9c5cc34dc0dbbe7) C:\WINDOWS\system32\Drivers\RootMdm.sys
2011/06/03 13:06:25.0046 4252 s24trans (1cc074e0d48383d4e9bffc6a26c2a58a) C:\WINDOWS\system32\DRIVERS\s24trans.sys
2011/06/03 13:06:25.0296 4252 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/03 13:06:25.0468 4252 Ser2pl (b490ad520257dda26c1d587a71e527b5) C:\WINDOWS\system32\DRIVERS\ser2pl.sys
2011/06/03 13:06:25.0671 4252 Serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/03 13:06:25.0906 4252 Serial (cf24eb4f0412c82bcd1f4f35a025e31d) C:\WINDOWS\system32\drivers\Serial.sys
2011/06/03 13:06:26.0156 4252 SFilter (975f4e44fd48c36beed30c96a115b2b8) C:\WINDOWS\system32\DRIVERS\pctfw.sys
2011/06/03 13:06:26.0421 4252 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\DRIVERS\sfloppy.sys
2011/06/03 13:06:26.0765 4252 sisagp (6b33d0ebd30db32e27d1d78fe946a754) C:\WINDOWS\system32\DRIVERS\sisagp.sys
2011/06/03 13:06:27.0015 4252 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/03 13:06:27.0171 4252 SMCB000 (56642f0391ca5176f8cc1432e559ad00) C:\WINDOWS\system32\DRIVERS\hidsmsc.sys
2011/06/03 13:06:27.0359 4252 SMCIRDA (62556d170f22c43a544481e4ee16d2e2) C:\WINDOWS\system32\DRIVERS\smcirda.sys
2011/06/03 13:06:27.0515 4252 Sparrow (83c0f71f86d3bdaf915685f3d568b20e) C:\WINDOWS\system32\DRIVERS\sparrow.sys
2011/06/03 13:06:27.0750 4252 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/03 13:06:27.0953 4252 sr (50fa898f8c032796d3b1b9951bb5a90f) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/03 13:06:28.0109 4252 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/03 13:06:28.0359 4252 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/03 13:06:28.0609 4252 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/03 13:06:28.0828 4252 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/03 13:06:29.0015 4252 symc810 (1ff3217614018630d0a6758630fc698c) C:\WINDOWS\system32\DRIVERS\symc810.sys
2011/06/03 13:06:29.0203 4252 symc8xx (070e001d95cf725186ef8b20335f933c) C:\WINDOWS\system32\DRIVERS\symc8xx.sys
2011/06/03 13:06:29.0359 4252 sym_hi (80ac1c4abbe2df3b738bf15517a51f2c) C:\WINDOWS\system32\DRIVERS\sym_hi.sys
2011/06/03 13:06:29.0531 4252 sym_u3 (bf4fab949a382a8e105f46ebb4937058) C:\WINDOWS\system32\DRIVERS\sym_u3.sys
2011/06/03 13:06:29.0703 4252 SynTP (a63401d180863a2cefce51798542ae5f) C:\WINDOWS\system32\DRIVERS\SynTP.sys
2011/06/03 13:06:29.0953 4252 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/03 13:06:30.0125 4252 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/03 13:06:30.0343 4252 Tcpip6 (4e53bbcc4be37d7a4bd6ef1098c89ff7) C:\WINDOWS\system32\DRIVERS\tcpip6.sys
2011/06/03 13:06:30.0578 4252 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/03 13:06:30.0781 4252 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/03 13:06:30.0984 4252 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/03 13:06:31.0171 4252 TfFsMon (52d1882d3e90718483a1321ca5ce1aea) C:\WINDOWS\system32\drivers\TfFsMon.sys
2011/06/03 13:06:31.0343 4252 TfNetMon (8eb02d60909345ee4f2be78a11364bcf) C:\WINDOWS\system32\drivers\TfNetMon.sys
2011/06/03 13:06:31.0500 4252 TfSysMon (24ea02fd9663ccef16c114211cd9d5f4) C:\WINDOWS\system32\drivers\TfSysMon.sys
2011/06/03 13:06:31.0750 4252 tifm21 (0edc3cf7b38f4260eb006c38e4a44de4) C:\WINDOWS\system32\drivers\tifm21.sys
2011/06/03 13:06:31.0812 4252 TosIde (d213a9247dc347f305a2d4cc9b951487) C:\WINDOWS\system32\DRIVERS\toside.sys
2011/06/03 13:06:31.0921 4252 tunmp (8f861eda21c05857eb8197300a92501c) C:\WINDOWS\system32\DRIVERS\tunmp.sys
2011/06/03 13:06:32.0062 4252 UBHelper (e0c67be430c6de490d6ccaecfa071f9e) C:\WINDOWS\system32\drivers\UBHelper.sys
2011/06/03 13:06:32.0281 4252 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/03 13:06:32.0468 4252 ultra (1b698a51cd528d8da4ffaed66dfc51b9) C:\WINDOWS\system32\DRIVERS\ultra.sys
2011/06/03 13:06:32.0593 4252 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/03 13:06:33.0031 4252 USBCamera (0c28dd9ec68ccb6e95d49bfd24fd2c11) C:\WINDOWS\system32\Drivers\Bulk533.sys
2011/06/03 13:06:33.0171 4252 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/03 13:06:33.0281 4252 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/03 13:06:33.0484 4252 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/03 13:06:33.0656 4252 usbprint (a717c8721046828520c9edf31288fc00) C:\WINDOWS\system32\DRIVERS\usbprint.sys
2011/06/03 13:06:33.0859 4252 usbscan (a0b8cf9deb1184fbdd20784a58fa75d4) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/06/03 13:06:34.0093 4252 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/03 13:06:34.0312 4252 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/03 13:06:34.0515 4252 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/03 13:06:34.0593 4252 viaagp (754292ce5848b3738281b4f3607eaef4) C:\WINDOWS\system32\DRIVERS\viaagp.sys
2011/06/03 13:06:34.0796 4252 ViaIde (3b3efcda263b8ac14fdf9cbdd0791b2e) C:\WINDOWS\system32\DRIVERS\viaide.sys
2011/06/03 13:06:35.0000 4252 VolSnap (a5a712f4e880874a477af790b5186e1d) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/03 13:06:35.0250 4252 w39n51 (73395a19fc86461a151d3c330604e8b3) C:\WINDOWS\system32\DRIVERS\w39n51.sys
2011/06/03 13:06:35.0562 4252 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/03 13:06:36.0015 4252 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/03 13:06:36.0218 4252 winachsf (e0a00b06ea067c84e124b407dffa1af1) C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys
2011/06/03 13:06:36.0515 4252 WmiAcpi (c42584fd66ce9e17403aebca199f7bdb) C:\WINDOWS\system32\DRIVERS\wmiacpi.sys
2011/06/03 13:06:36.0609 4252 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/06/03 13:06:36.0828 4252 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/03 13:06:37.0046 4252 WudfPf (f15feafffbb3644ccc80c5da584e6311) C:\WINDOWS\system32\DRIVERS\WudfPf.sys
2011/06/03 13:06:37.0250 4252 WudfRd (28b524262bce6de1f7ef9f510ba3985b) C:\WINDOWS\system32\DRIVERS\wudfrd.sys
2011/06/03 13:06:37.0375 4252 MBR (0x1B8) (72b8ce41af0de751c946802b3ed844b4) \Device\Harddisk0\DR0
2011/06/03 13:06:37.0718 4252 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR4
2011/06/03 13:06:37.0734 4252 MBR (0x1B8) (a4a15d6782e6fe1dce41a606cb3affe3) \Device\Harddisk2\DR14
2011/06/03 13:06:38.0546 4252 MBR (0x1B8) (7a6080de83f9b89a09ed166c3db8b654) \Device\Harddisk3\DR6
2011/06/03 13:06:38.0812 4252 MBR (0x1B8) (65e858a8a0293be11a920b0bc99d695e) \Device\Harddisk4\DR7
2011/06/03 13:06:38.0843 4252 ================================================================================
2011/06/03 13:06:38.0843 4252 Scan finished
2011/06/03 13:06:38.0843 4252 ================================================================================
2011/06/03 13:06:38.0859 1044 Detected object count: 0
2011/06/03 13:06:38.0859 1044 Actual detected object count: 0
2011/06/03 13:07:17.0125 2072 Deinitialize success




========== PROCESSES ==========
All processes killed
========== REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Classes\PROTOCOLS\Filter\text/html\ deleted successfully.
========== FILES ==========
File\Folder c:\dokume~1\oliver~1\lokale~1\temp\msmonitor not found.
File\Folder c:\dokumente und einstellungen\all users\anwendungsdaten\m23S7RaL.exe not found.

OTL by OldTimer - Version 3.2.23.0 log created on 06032011_131113

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Curly]

OTL logfile created on: 3/06/2011 1:22:32 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = D:\Eigene Dateien\Download\spybot
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australien | Language: ENA | Date Format: d/MM/yyyy

1022.04 Mb Total Physical Memory | 182.66 Mb Available Physical Memory | 17.87% Memory free
2.40 Gb Paging File | 1.55 Gb Available in Paging File | 64.65% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 35.06 Gb Total Space | 12.03 Gb Free Space | 34.31% Space Free | Partition Type: FAT32
Drive D: | 35.55 Gb Total Space | 7.75 Gb Free Space | 21.81% Space Free | Partition Type: FAT32
Drive F: | 465.76 Gb Total Space | 137.77 Gb Free Space | 29.58% Space Free | Partition Type: NTFS
Drive G: | 12.17 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive I: | 3.83 Gb Total Space | 1.42 Gb Free Space | 37.04% Space Free | Partition Type: FAT32
Drive J: | 298.09 Gb Total Space | 129.48 Gb Free Space | 43.44% Space Free | Partition Type: NTFS
Drive K: | 125.11 Mb Total Space | 102.91 Mb Free Space | 82.25% Space Free | Partition Type: FAT

Computer Name: ACER-2CDC76420C | User Name: Oliver Draxl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/27 12:15:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Download\spybot\OTL.exe
PRC - [2011/05/27 12:06:40 | 000,126,976 | ---- | M] () -- C:\Programme\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
PRC - [2010/11/30 13:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/01/22 09:16:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Programme\Browser Defender\BDTUpdateService.exe
PRC - [2009/03/05 16:07:20 | 002,260,480 | ---- | M] (Safer-Networking Ltd.) -- C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) -- C:\Programme\PC Tools Internet Security\pctsAuxs.exe
PRC - [2008/09/22 06:02:20 | 000,054,720 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\CNAC3RPK.EXE
PRC - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) -- C:\Programme\Maxtor\Sync\SyncServices.exe
PRC - [2008/04/14 12:22:46 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/08/05 08:29:14 | 000,062,976 | ---- | M] (Alexander Avdonin) -- C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
PRC - [2005/12/15 19:13:38 | 000,344,064 | ---- | M] (Acer Incorporated) -- C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
PRC - [2005/12/06 17:11:24 | 000,458,752 | ---- | M] (Dritek System Inc.) -- C:\Programme\Launch Manager\QtZgAcer.EXE
PRC - [2005/12/02 15:43:02 | 000,114,784 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
PRC - [2005/12/02 15:43:00 | 000,254,050 | ---- | M] () -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
PRC - [2005/12/02 15:42:42 | 000,151,552 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Acer\Acer Arcade\PCMService.exe
PRC - [2005/12/02 15:42:28 | 001,077,376 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
PRC - [2005/12/02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
PRC - [2005/11/30 20:39:58 | 000,225,280 | ---- | M] (Logitech) -- C:\WINDOWS\system32\LVCOMSX.EXE
PRC - [2005/11/16 17:00:50 | 000,397,312 | ---- | M] (acer Inc.) -- C:\Acer\Empowering Technology\eRecovery\Monitor.exe
PRC - [2005/11/02 00:11:00 | 000,102,491 | ---- | M] (Synaptics, Inc.) -- C:\Programme\Synaptics\SynTP\SynTPLpr.exe
PRC - [2005/10/24 16:45:32 | 002,462,208 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admtray.exe
PRC - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) -- C:\Acer\Empowering Technology\admServ.exe
PRC - [2005/10/19 09:30:16 | 000,069,632 | ---- | M] (HiTRUST) -- C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
PRC - [2005/08/12 14:43:58 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Programme\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe


========== Modules (SafeList) ==========

MOD - [2011/05/27 12:15:00 | 000,580,096 | ---- | M] (OldTimer Tools) -- D:\Eigene Dateien\Download\spybot\OTL.exe
MOD - [2011/02/08 23:33:28 | 000,978,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42.dll
MOD - [2010/08/24 02:11:46 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2005/12/05 16:00:10 | 000,053,248 | ---- | M] (HiTRUST) -- C:\WINDOWS\system32\sysenv.dll
MOD - [2005/11/02 00:11:00 | 000,069,723 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll
MOD - [2005/10/11 13:18:54 | 000,028,672 | ---- | M] () -- C:\Acer\Empowering Technology\ePower\SysHook.dll
MOD - [2005/08/24 01:24:00 | 000,010,752 | ---- | M] () -- C:\WINDOWS\system32\MSNChatHook.dll
MOD - [2004/08/04 05:00:00 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\mfc42loc.dll
MOD - [2003/03/18 21:12:12 | 001,047,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71u.dll
MOD - [2003/03/18 20:44:34 | 000,065,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\MFC71DEU.DLL


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (LVPrcSrv)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (AdminSVC)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/01/22 09:16:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Programme\Browser Defender\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2009/11/05 13:43:14 | 000,643,076 | ---- | M] (NCH Software) [On_Demand | Stopped] -- C:\Programme\NCH Software\Eyeline\eyeline.exe -- (EyelineService)
SRV - [2009/11/01 21:16:56 | 000,070,944 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Internet Security\TFEngine\TFService.exe -- (ThreatFire)
SRV - [2009/02/02 10:20:02 | 001,095,592 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Programme\PC Tools Internet Security\pctsSvc.exe -- (sdCoreService)
SRV - [2009/01/07 13:40:56 | 000,348,752 | ---- | M] (PC Tools) [Auto | Running] -- C:\Programme\PC Tools Internet Security\pctsAuxs.exe -- (sdAuxService)
SRV - [2008/07/21 17:15:14 | 000,193,888 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Programme\Maxtor\Sync\SyncServices.exe -- (Maxtor Sync Service)
SRV - [2008/04/14 12:22:24 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2005/12/02 15:43:02 | 000,114,784 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe -- (CLSched) CyberLink Task Scheduler (CTS)
SRV - [2005/12/02 15:43:00 | 000,254,050 | ---- | M] () [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe -- (CLCapSvc) CyberLink Background Capture Service (CBCS)
SRV - [2005/12/02 15:42:28 | 000,061,440 | ---- | M] (Cyberlink) [Auto | Running] -- C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe -- (CyberLink Media Library Service)
SRV - [2005/10/24 16:40:52 | 001,314,816 | ---- | M] (Avocent Inc.) [Auto | Running] -- C:\Acer\Empowering Technology\admServ.exe -- (AWService)
SRV - [2003/06/19 23:25:00 | 000,322,120 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe -- (MDM)


========== Driver Services (SafeList) ==========

DRV - [2011/06/03 13:13:16 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{92D12B40-8FDF-4AD3-BB05-7B10B4C96EFD}\MpKsl868d730b.sys -- (MpKsl868d730b)
DRV - [2011/06/02 22:45:58 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{92D12B40-8FDF-4AD3-BB05-7B10B4C96EFD}\MpKslcd8807d1.sys -- (MpKslcd8807d1)
DRV - [2010/02/11 22:02:16 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/11/01 21:16:56 | 000,039,200 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2009/11/01 21:16:48 | 000,033,056 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2009/11/01 21:16:34 | 000,051,488 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2009/11/01 21:15:24 | 000,130,936 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2008/12/18 12:16:56 | 000,073,840 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2008/12/11 08:38:22 | 000,159,600 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2008/12/10 12:36:06 | 000,064,424 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2008/12/10 12:36:04 | 000,095,656 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2008/09/22 12:29:18 | 000,097,408 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctfw.sys -- (SFilter)
DRV - [2008/04/17 15:52:50 | 000,101,376 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008/04/14 04:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/08/29 17:40:34 | 001,183,744 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerBDA3x.sys -- (AVerBDA3x)
DRV - [2007/05/03 13:37:08 | 000,022,152 | ---- | M] (Maxtor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mxopswd.sys -- (MXOPSWD)
DRV - [2005/12/06 17:50:10 | 000,015,744 | ---- | M] (SMSC) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hidsmsc.sys -- (SMCB000)
DRV - [2005/12/01 07:49:20 | 001,412,608 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/30 20:45:10 | 002,400,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVMVdrv.sys -- (lvmvdrv)
DRV - [2005/11/30 20:45:10 | 000,016,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVPrcMon.sys -- (LVPrcMon)
DRV - [2005/11/29 21:28:58 | 001,088,896 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\lv321av.sys -- (lv321av) Logitech USB PC Camera (VC0321)
DRV - [2005/11/29 21:25:06 | 000,039,424 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2005/11/28 12:09:26 | 000,013,568 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2005/11/26 16:36:08 | 001,427,968 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R)
DRV - [2005/11/17 15:45:40 | 004,069,888 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2005/11/08 00:12:18 | 000,997,376 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/11/08 00:11:34 | 000,202,240 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/11/08 00:11:30 | 000,723,712 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2005/10/15 18:20:44 | 000,012,106 | ---- | M] (OSA Technologies) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\OsaFsLoc.sys -- (OsaFsLoc)
DRV - [2005/09/13 15:34:40 | 000,004,392 | ---- | M] (OSA Technologies) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NdisFilt.sys -- (NdisFilt)
DRV - [2005/08/24 07:07:24 | 000,692,992 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVerM115.sys -- (AVerM115)
DRV - [2005/08/03 05:10:14 | 000,032,512 | ---- | M] (CACE Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\npf.sys -- (NPF)
DRV - [2005/06/30 16:58:24 | 000,007,296 | ---- | M] (OSA Technologies, An Avocent Company) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osaio.sys -- (osaio)
DRV - [2005/06/22 18:16:08 | 000,162,176 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2005/05/02 12:13:42 | 000,009,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NETMNT.sys -- (NETMNT)
DRV - [2005/04/22 16:57:06 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2005/04/22 16:57:06 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2005/04/05 01:38:32 | 000,132,352 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2005/01/14 15:57:16 | 000,004,010 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\osanbm.sys -- (osanbm)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | Auto | Running] -- C:\Acer\Empowering Technology\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/09 14:54:12 | 000,046,592 | ---- | M] (SMSC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2003/10/24 02:07:38 | 000,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/16 14:27:40 | 000,043,264 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2002/11/06 09:42:10 | 000,010,986 | ---- | M] (USB BULK) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Bulk533.sys -- (USBCamera) DSC Still Image Capture (CA100)
DRV - [2002/07/31 17:48:54 | 000,514,929 | ---- | M] (Digital Camera) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\CA533AV.SYS -- (Ca533av)
DRV - [2002/07/17 08:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)
DRV - [2002/02/02 02:29:36 | 000,015,300 | ---- | M] (CANON INC.) [Kernel | Auto | Running] -- C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmpar21.sys -- (cnmpar21)
DRV - [2001/12/20 20:32:20 | 000,007,552 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\usbprn.sys -- (BulkUsb)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com.au/
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



O1 HOSTS File: ([2004/08/04 05:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Programme\Browser Defender\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [Acer ePower Management] C:\Acer\Empowering Technology\ePower\Acer ePower Management.exe (Acer Value Labs, Taiwan)
O4 - HKLM..\Run: [ADMTray.exe] C:\Acer\Empowering Technology\admtray.exe (Avocent Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ATICCC] C:\Programme\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe (HiTRUST)
O4 - HKLM..\Run: [ePower_DMC] C:\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Incorporated)
O4 - HKLM..\Run: [eRecoveryService] C:\Acer\Empowering Technology\eRecovery\Monitor.exe (acer Inc.)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [LVCOMSX] C:\WINDOWS\system32\LVCOMSX.EXE (Logitech)
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Acer\Acer Arcade\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynTPLpr] C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006..\Run: [TaskSwitchXP] C:\Programme\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 36
O7 - HKU\S-1-5-21-385165253-3752812310-1452250334-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = FF FF FF FF [binary data]
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Programme\Gemeinsame Dateien\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downl...-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717 (MUWebControl Class)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: D:\Eigene Dateien\Eigene Bilder\Sun behind planets desktop.bmp
O24 - Desktop BackupWallPaper: D:\Eigene Dateien\Eigene Bilder\Sun behind planets desktop.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/04/05 08:20:18 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2011/06/01 16:21:46 | 000,000,000 | RHSD | M] - C:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2009/12/17 19:10:56 | 000,000,000 | ---D | M] - C:\AUTOTRAX -- [ FAT32 ]
O32 - AutoRun File - [2011/06/01 16:21:46 | 000,000,000 | RHSD | M] - D:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2007/05/10 08:48:26 | 000,000,032 | ---- | M] () - F:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2008/04/24 07:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.) - G:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2008/08/21 21:27:52 | 000,000,047 | R--- | M] () - G:\AUTORUN.INF -- [ CDFS ]
O32 - AutoRun File - [2009/11/19 13:42:36 | 000,000,000 | ---D | M] - I:\autotrax -- [ FAT32 ]
O32 - AutoRun File - [2009/08/21 14:25:38 | 000,000,100 | ---- | M] () - I:\AUTORUN.INF -- [ FAT32 ]
O32 - AutoRun File - [2011/06/01 16:21:45 | 000,000,000 | RHSD | M] - J:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011/06/01 16:21:46 | 000,000,000 | RHSD | M] - K:\autorun.inf -- [ FAT ]
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4108fb27-a8e3-11de-b4f2-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell - "" = AutoRun
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{4a19bfed-4faf-11e0-b9bd-00130204bbf7}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{807616c7-7850-11df-b959-001636112b93}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- [2008/04/24 07:44:40 | 000,114,688 | R--- | M] (Huawei Technologies Co., Ltd.)
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell - "" = AutoRun
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{d3051bbb-8805-11e0-b9eb-001636112b93}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/02 09:45:36 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2011/06/01 23:32:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Microsoft Visual C++ 5.0
[2011/06/01 23:31:59 | 000,403,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrepl35.dll
[2011/06/01 23:31:59 | 000,368,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\vbar332.dll
[2011/06/01 23:31:59 | 000,251,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\msrd2x35.dll
[2011/06/01 23:27:27 | 000,000,000 | ---D | C] -- C:\Programme\DevStudio
[2011/06/01 16:22:19 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\UserData
[2011/06/01 16:21:44 | 000,000,000 | RHSD | C] -- C:\autorun.inf
[2011/05/31 19:46:39 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2011/05/31 19:46:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2011/05/29 21:24:51 | 000,000,000 | R--D | C] -- C:\Programme\Skype
[2011/05/29 19:29:01 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spiele
[2011/05/29 09:13:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\Startmenü\Programme\T39 USB-Handset Manager
[2011/05/27 12:07:24 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Dodo Wireless Broadband
[2011/05/27 12:06:54 | 000,872,192 | ---- | C] (DiBcom SA) -- C:\WINDOWS\System32\drivers\mod7700.sys
[2011/05/27 12:06:54 | 000,103,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbfake.sys
[2011/05/27 12:06:54 | 000,101,376 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbmdm.sys
[2011/05/27 12:06:54 | 000,100,992 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewusbnet.sys
[2011/05/27 12:06:54 | 000,024,448 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\WINDOWS\System32\drivers\ewdcsc.sys
[2011/05/22 18:24:24 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\Startmenü\Programme\Verwaltung
[2011/05/22 18:03:19 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\ERUNT
[2011/05/22 18:03:17 | 000,000,000 | ---D | C] -- C:\Programme\ERUNT
[2011/05/22 08:36:34 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Desktop
[2011/05/21 13:57:13 | 000,000,000 | ---D | C] -- C:\Programme\Spybot - Search & Destroy
[2011/05/21 13:57:13 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2011/05/20 15:58:03 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/20 15:50:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Skype Extras
[2011/05/09 17:38:30 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Oliver Draxl\Desktop\content of alcor 125 090511
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/03 13:18:16 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/03 13:17:56 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\tasks\MpIdleTask.job
[2011/06/03 13:15:00 | 000,000,769 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2011/06/03 13:12:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/03 13:12:44 | 1071,763,456 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/01 23:45:38 | 000,000,000 | ---- | M] () -- C:\WINDOWS\SPYXX.INI
[2011/06/01 23:30:14 | 000,004,346 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/06/01 23:10:04 | 000,000,874 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc205d386b3860.job
[2011/05/29 23:11:22 | 000,000,034 | ---- | M] () -- C:\WINDOWS\cdplayer.ini
[2011/05/29 20:41:14 | 000,001,622 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk
[2011/05/29 19:32:44 | 000,496,742 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2011/05/29 19:32:44 | 000,442,800 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/29 19:32:44 | 000,100,966 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2011/05/29 19:32:44 | 000,072,066 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/27 22:11:26 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/22 08:39:18 | 000,000,302 | ---- | M] () -- C:\WINDOWS\tasks\goldenvideosShakeIcon.job
[2011/05/21 22:42:40 | 000,011,329 | ---- | M] () -- C:\WINDOWS\IEXPLORE.INI
[2011/05/21 15:30:32 | 000,001,222 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/20 15:58:04 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/05/11 14:52:14 | 000,247,296 | ---- | M] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/02 09:20:26 | 1071,763,456 | -HS- | C] () -- C:\hiberfil.sys
[2011/06/01 23:45:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SPYXX.INI
[2011/06/01 23:10:03 | 000,000,874 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cc205d386b3860.job
[2011/05/22 08:39:16 | 000,000,302 | ---- | C] () -- C:\WINDOWS\tasks\goldenvideosShakeIcon.job
[2011/05/21 14:52:50 | 000,001,222 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/20 15:49:57 | 000,002,247 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Skype
[2011/04/27 09:32:06 | 000,000,198 | ---- | C] () -- C:\WINDOWS\ob1.INI
[2011/04/26 22:12:19 | 000,011,329 | ---- | C] () -- C:\WINDOWS\IEXPLORE.INI
[2011/04/26 22:12:19 | 000,000,223 | ---- | C] () -- C:\WINDOWS\RA.INI
[2010/07/20 23:25:55 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/07/20 23:25:53 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/07/20 23:25:53 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/07/20 23:25:53 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/04/10 19:09:25 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\aip504.dll
[2010/04/10 19:09:25 | 000,014,381 | ---- | C] () -- C:\WINDOWS\Tw533a.ini
[2010/04/10 19:09:25 | 000,012,201 | ---- | C] () -- C:\WINDOWS\USB_CAM.ini
[2010/04/10 19:09:25 | 000,012,201 | ---- | C] () -- C:\WINDOWS\USB_533.ini
[2010/04/10 19:09:25 | 000,002,141 | ---- | C] () -- C:\WINDOWS\ca533a.ini
[2010/04/10 19:09:25 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Setup533.ini
[2010/04/10 19:09:24 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\IPSK.dll
[2010/04/10 19:09:24 | 000,184,320 | ---- | C] () -- C:\WINDOWS\System32\jpg32.dll
[2010/04/10 19:09:24 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\VideoThumb.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWJPG.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VWBMP.dll
[2010/04/10 19:09:24 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\VMIO.dll
[2010/04/10 19:09:24 | 000,023,602 | ---- | C] () -- C:\WINDOWS\System32\RCfile.ini
[2010/04/02 11:14:32 | 000,460,908 | ---- | C] () -- C:\WINDOWS\System32\prfh0407.dat
[2010/04/02 11:14:32 | 000,085,594 | ---- | C] () -- C:\WINDOWS\System32\prfc0407.dat
[2010/01/02 18:39:38 | 000,000,034 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2009/12/29 16:27:08 | 000,010,588 | R--- | C] () -- C:\WINDOWS\System32\drivers\mpfilt.sys
[2009/12/29 14:27:43 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/29 14:27:43 | 000,077,312 | ---- | C] () -- C:\WINDOWS\System32\UNACEV2.DLL
[2009/12/03 17:46:51 | 000,000,907 | ---- | C] () -- C:\WINDOWS\MyProg.INI
[2009/11/12 10:07:01 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS61.DLL
[2009/11/08 22:31:43 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/26 22:49:42 | 000,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2009/10/08 12:22:58 | 000,225,280 | ---- | C] () -- C:\WINDOWS\USB6225phmgunin.exe
[2009/10/07 15:56:05 | 000,000,065 | ---- | C] () -- C:\WINDOWS\NokiaImageConverter.INI
[2009/10/05 16:27:36 | 000,000,022 | ---- | C] () -- C:\WINDOWS\SUMO.INI
[2009/10/05 14:03:42 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/10/02 15:18:11 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\eDataSecurity.dat
[2009/09/26 10:08:54 | 000,247,296 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/26 00:10:39 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.dll
[2009/09/26 00:10:39 | 000,003,456 | ---- | C] () -- C:\WINDOWS\System32\AVerIO.sys
[2009/09/26 00:10:34 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\sptlib01.dll
[2009/09/26 00:10:34 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\sptlib02.dll
[2009/09/25 16:30:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Brownie.ini
[2009/09/25 15:54:50 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\brss01a.ini
[2009/09/25 15:54:50 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2009/09/25 15:54:49 | 000,000,462 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2009/09/25 15:51:44 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\BRIDF04A.dat
[2009/09/25 14:02:28 | 000,027,019 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2009/09/24 17:10:08 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2009/09/24 10:29:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/09/23 23:20:47 | 000,225,280 | ---- | C] () -- C:\WINDOWS\USBT39phmgunin.exe
[2009/09/23 20:06:08 | 000,000,403 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/09/23 18:38:53 | 000,000,769 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2009/09/23 18:32:31 | 000,000,719 | R--- | C] () -- C:\WINDOWS\System32\InstExec.ini
[2009/09/23 18:32:27 | 000,013,126 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2009/09/23 18:30:03 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll
[2009/09/23 18:28:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NT.INI
[2009/09/23 18:25:53 | 000,067,072 | ---- | C] () -- C:\WINDOWS\System32\HTCA_SelfExtract.bin
[2009/09/23 18:25:44 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\APISlice.dll
[2009/09/23 18:25:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\SC_res.dll
[2009/09/23 18:25:44 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\EN_res.dll
[2009/09/23 18:25:44 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\TC_res.dll
[2009/09/23 18:25:44 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\MSNChatHook.dll
[2009/09/23 18:25:03 | 000,000,145 | ---- | C] () -- C:\Dokumente und Einstellungen\Oliver Draxl\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2009/09/23 09:47:08 | 000,589,824 | ---- | C] () -- C:\WINDOWS\AntiV.EXE
[2009/09/23 09:47:08 | 000,002,772 | ---- | C] () -- C:\WINDOWS\AntiV.INI
[2008/09/01 16:13:52 | 000,509,208 | ---- | C] () -- C:\WINDOWS\System32\ICCProfiles.dll
[2007/06/14 10:14:12 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/06/14 10:13:34 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/12/14 20:59:52 | 000,000,038 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/12/01 00:24:56 | 000,037,754 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/11/30 20:45:10 | 002,400,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVMVdrv.sys
[2005/11/30 20:45:10 | 000,016,768 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPrcMon.sys
[2005/11/14 19:26:12 | 000,112,794 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2005/07/15 01:48:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/05/02 12:13:42 | 000,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\NETMNT.sys
[2005/03/28 00:45:26 | 000,000,093 | ---- | C] () -- C:\WINDOWS\ALaunch.ini
[2004/12/17 01:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 00:57:34 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2004/07/10 18:55:38 | 000,252,416 | ---- | C] () -- C:\WINDOWS\System32\wsiShared.dll
[2004/01/13 03:46:34 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\tifmicon.dll
[2003/12/29 20:45:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ServiceControl.dll
[2003/04/10 08:33:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2003/04/10 08:33:40 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/04/10 08:24:12 | 000,496,742 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2003/04/10 08:24:12 | 000,442,800 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/04/10 08:24:12 | 000,100,966 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2003/04/10 08:24:12 | 000,072,066 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/04/10 01:51:24 | 000,375,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/04/05 08:20:40 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2003/04/05 08:19:58 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2003/04/05 07:48:36 | 000,004,346 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/04/05 07:47:26 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2003/02/26 19:07:20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[2002/05/24 01:34:46 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMove.exe
[2002/03/04 10:16:34 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2001/12/26 15:12:30 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/12/20 20:32:20 | 000,007,552 | ---- | C] () -- C:\WINDOWS\System32\drivers\usbprn.sys
[2001/09/03 22:46:38 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/08/26 02:04:08 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/26 02:02:42 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/07/30 15:33:56 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 21:04:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1999/01/27 13:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll
[1999/01/23 04:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1997/06/13 07:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2009/09/23 18:36:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acer
[2009/09/23 20:54:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\SBT
[2009/09/24 17:09:58 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2009/09/24 16:09:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\WinZip
[2009/09/25 14:01:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ScanSoft
[2009/09/26 00:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVerTV
[2009/09/26 13:49:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Nitro PDF
[2009/10/31 22:56:10 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Ashampoo
[2010/02/17 21:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\C-Free
[2010/03/20 19:26:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FileCure
[2010/03/20 19:51:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\NCH Swift Sound
[2010/04/25 13:51:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Maxtor
[2010/06/11 14:17:44 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2010/07/07 13:18:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/30 13:54:30 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PCToolsSpamMonitorPlus
[2009/09/30 13:54:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\LocalService\Anwendungsdaten\PCToolsFirewallPlus
[2009/09/23 18:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Acer
[2009/09/23 22:21:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Zoner
[2009/09/23 22:42:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Obsidium
[2009/09/23 23:21:08 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\MobileAction
[2009/09/23 23:35:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\NCH Swift Sound
[2009/09/24 17:13:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\PCToolsSpamMonitorPlus
[2009/09/24 17:13:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\PCToolsFirewallPlus
[2009/09/25 22:09:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2009/09/28 13:43:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Nitro PDF
[2009/10/05 09:44:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\CoCreate
[2009/10/07 11:03:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\SpamBayes
[2009/10/18 10:56:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\J. A. Associates
[2009/11/13 11:54:40 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\WikidPad
[2010/01/10 13:24:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\wsInspector
[2010/02/17 21:45:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\C-Free
[2010/03/11 20:09:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\Ashampoo
[2010/03/30 08:50:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\HandBrake
[2010/11/14 21:11:44 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Oliver Draxl\Anwendungsdaten\EPSON
[2010/11/11 11:54:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadDowngrade.job
[2010/11/11 11:54:36 | 000,000,286 | ---- | M] () -- C:\WINDOWS\Tasks\videopadShakeIcon.job
[2011/04/22 23:37:24 | 000,000,468 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{8B034EC4-73E5-4F92-8146-AE71BF70500B}.job
[2011/05/22 08:39:18 | 000,000,302 | ---- | M] () -- C:\WINDOWS\Tasks\goldenvideosShakeIcon.job
[2011/06/03 13:17:56 | 000,000,382 | -H-- | M] () -- C:\WINDOWS\Tasks\MpIdleTask.job
[2011/06/03 13:18:16 | 000,000,416 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job

========== Purity Check ==========



< End of report >


Thank you very much for your help

 

[vict0r]

Hi Vict0r

Here hare the log files. The Virus was so persistent in doing its "thing" that I decided to delete the files: m23S7RaL.exe, dl[1].htm, dl[1].swf, msmonitor manually yesterday and deleted all entries related to this file-names of in the registry because I needed to use the computer. I didn't use any other removal tools as those you have advised me to and the last kit you gave me I did only once. I hope all is ok.

Ok, it was probably before I posted.


Scan With RKUnHooker

• Please Download Rootkit Unhooker Save it to your desktop.
• Now double-click on RKUnhookerLE.exe to run it.
• Click the Report tab, then click Scan.
• Check (Tick) Drivers, Stealth Code, Files, Code Hooks. Uncheck the rest. then Click OK.
• Wait until the scanner has finished and then click File, Save Report.
• * This can take a while. Please be patient *.
• Save the report somewhere where you can find it. Click Close.
• Copy the entire contents of this log in your next reply.
• This log can be lengthy you may have to post it in separate replies.

Note: If you get the following warning, just ignore it:

• "Rootkit Unhooker has detected a parasite inside itself!
  It is recommended to remove parasite, okay?"

MBRCheck

Download MBRCheck from Here & save it to your desktop.
Disable your security programs so they do not interfere with the tool.

• Double click on the file to run it.
• A window will open on your desktop.
• If an unknown bootcode is found, do not proceed with any further options at this time. For now, type in N then press Enter twice to exit the program.
• If nothing unusual is found just press Enter.
• A .txt file named MBRCheck_mm.dd.yy_hh.mm.ss should appear on your desktop.
• Post the contents of that file in your next reply.

Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware Free and save to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  Update Malwarebytes' Anti-Malware
  Launch Malwarebytes' Anti-Malware
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Quick Scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Check all items except items in the C:\System Volume Information folder... and click Remove Selected.
  Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.
• When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt

When finished please post:

• the RKUnHooker log.
• the MBRCheck log
• the MBAM log.
• Describe any problems while following the instructions (if any).

 

[Curly]

Hi Vict0r, that was quite some "homework"

Here are the logs:

RkU Version: 3.8.389.593, Type LE (SR2)
==============================================
OS Name: Windows XP
Version 5.1.2600 (Service Pack 3)
Number of processors #2
==============================================
>Drivers
==============================================
0xEE7E9000 C:\WINDOWS\system32\drivers\RtkHDAud.sys 4194304 bytes (Realtek Semiconductor Corp., Realtek(r) High Definition Audio Function Driver)
0xBF0C4000 C:\WINDOWS\System32\ati3duag.dll 2519040 bytes (ATI Technologies Inc. , ati3duag.dll)
0xEE020000 C:\WINDOWS\system32\drivers\lvmvdrv.sys 2400256 bytes (-, -)
0x804D7000 C:\WINDOWS\system32\ntkrnlpa.exe 2158592 bytes (Microsoft Corporation, NT-Kernel und -System)
0x804D7000 PnpManager 2158592 bytes
0x804D7000 RAW 2158592 bytes
0x804D7000 WMIxWDM 2158592 bytes
0xBF800000 Win32k 1859584 bytes
0xBF800000 C:\WINDOWS\System32\win32k.sys 1859584 bytes (Microsoft Corporation, Mehrbenutzer-Win32-Treiber)
0xF6FEF000 C:\WINDOWS\system32\DRIVERS\ati2mtag.sys 1470464 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Miniport Driver)
0xF6E56000 C:\WINDOWS\system32\DRIVERS\w39n51.sys 1429504 bytes (Intel® Corporation, Intel® Wireless LAN Driver)
0xBF32B000 C:\WINDOWS\System32\ativvaxx.dll 1105920 bytes (ATI Technologies Inc. , Radeon Video Acceleration Universal Driver)
0xEDF16000 C:\WINDOWS\System32\Drivers\lv321av.sys 1089536 bytes (Logitech, USB Camera Driver)
0xEE69F000 C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys 999424 bytes (Conexant Systems, Inc., HSF_DP driver)
0xEE5EE000 C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys 724992 bytes (Conexant Systems, Inc., HSF_CNXT driver)
0xEDDD0000 C:\WINDOWS\System32\Drivers\Ntfs.SYS 577536 bytes (Microsoft Corporation, NT File System Driver)
0xEE292000 C:\WINDOWS\system32\DRIVERS\mrxsmb.sys 458752 bytes (Microsoft Corporation, Windows NT SMB Minirdr)
0xF6C31000 C:\WINDOWS\system32\DRIVERS\update.sys 385024 bytes (Microsoft Corporation, Update Driver)
0xEE423000 C:\WINDOWS\system32\DRIVERS\tcpip.sys 364544 bytes (Microsoft Corporation, TCP/IP Protocol Driver)
0xEB37E000 C:\WINDOWS\system32\DRIVERS\srv.sys 360448 bytes (Microsoft Corporation, Server driver)
0xBF439000 C:\WINDOWS\System32\ATMFD.DLL 290816 bytes (Adobe Systems Incorporated, Windows NT OpenType/Type 1 Font Driver)
0xBF012000 C:\WINDOWS\System32\ati2dvag.dll 270336 bytes (ATI Technologies Inc., ATI Radeon WindowsNT Display Driver)
0xBA125000 C:\WINDOWS\System32\Drivers\HTTP.sys 266240 bytes (Microsoft Corporation, HTTP Protocol Stack)
0xBF054000 C:\WINDOWS\System32\ati2cqag.dll 237568 bytes (ATI Technologies Inc., Central Memory Manager / Queue Server Module)
0xEE377000 C:\WINDOWS\system32\DRIVERS\tcpip6.sys 229376 bytes (Microsoft Corporation, IPv6 driver)
0xBF08E000 C:\WINDOWS\System32\atikvmag.dll 221184 bytes (ATI Technologies Inc., Virtual Command And Memory Manager)
0xEE793000 C:\WINDOWS\system32\DRIVERS\HSFHWAZL.sys 204800 bytes (Conexant Systems, Inc., HSF_HWAZL WDM driver)
0xF7422000 ACPI.sys 192512 bytes (Microsoft Corporation, ACPI-Treiber für NT)
0xF6DBA000 C:\WINDOWS\system32\DRIVERS\SynTP.sys 192512 bytes (Synaptics, Inc., Synaptics Touchpad Driver)
0xEB825000 C:\WINDOWS\system32\DRIVERS\mrxdav.sys 184320 bytes (Microsoft Corporation, Windows NT WebDav Minirdr)
0xF7291000 NDIS.sys 184320 bytes (Microsoft Corporation, NDIS 5.1 wrapper driver)
0xF735F000 dac2w2k.sys 180224 bytes (Mylex Corporation, Mylex Disk Array Controller Driver)
0xEB6FA000 C:\WINDOWS\system32\drivers\kmixer.sys 176128 bytes (Microsoft Corporation, Kernel Mode Audio Mixer)
0xEE32A000 C:\WINDOWS\system32\DRIVERS\rdbss.sys 176128 bytes (Microsoft Corporation, Redirected Drive Buffering SubSystem Driver)
0xF6FB3000 C:\WINDOWS\system32\DRIVERS\HDAudBus.sys 163840 bytes (Windows (R) Server 2003 DDK provider, High Definition Audio Bus Driver v1.0a)
0xEE3AF000 C:\WINDOWS\system32\DRIVERS\netbt.sys 163840 bytes (Microsoft Corporation, MBT Transport driver)
0xF6DE9000 C:\WINDOWS\system32\drivers\tifm21.sys 163840 bytes (Texas Instruments, tifm21.sys)
0xEE527000 C:\WINDOWS\system32\DRIVERS\MpFilter.sys 159744 bytes (Microsoft Corporation, Microsoft antimalware file system filter driver)
0xEE3FD000 C:\WINDOWS\system32\DRIVERS\ipnat.sys 155648 bytes (Microsoft Corporation, IP Network Address Translator)
0xEE3D7000 C:\WINDOWS\system32\drivers\pctgntdi.sys 155648 bytes (PC Tools, PC Tools Generic TDI Driver)
0xF72D5000 Fastfat.sys 147456 bytes (Microsoft Corporation, Fast FAT File System Driver)
0xEE7C5000 C:\WINDOWS\system32\drivers\portcls.sys 147456 bytes (Microsoft Corporation, Port Class (Class Driver for Port/Miniport Devices))
0xF6E11000 C:\WINDOWS\system32\DRIVERS\USBPORT.SYS 147456 bytes (Microsoft Corporation, USB 1.1 & 2.0 Port Driver)
0xF6D97000 C:\WINDOWS\system32\DRIVERS\ks.sys 143360 bytes (Microsoft Corporation, Kernel CSA Library)
0xF730A000 PCTCore.sys 143360 bytes (PC Tools, PC Tools KDS Core Driver)
0xEE355000 C:\WINDOWS\System32\drivers\afd.sys 139264 bytes (Microsoft Corporation, Ancillary Function Driver for WinSock)
0xF6E35000 C:\WINDOWS\system32\DRIVERS\b57xp32.sys 135168 bytes (Broadcom Corporation, Broadcom NetXtreme Gigabit Ethernet NDIS5.1 Driver.)
0x806E6000 ACPI_HAL 134400 bytes
0x806E6000 C:\WINDOWS\system32\hal.dll 134400 bytes (Microsoft Corporation, Hardware Abstraction Layer DLL)
0xF733F000 fltmgr.sys 131072 bytes (Microsoft Corporation, Microsoft Filesystem Filter Manager)
0xF73D4000 ftdisk.sys 126976 bytes (Microsoft Corporation, FT-Datenträgertreiber)
0xF73F3000 pcmcia.sys 122880 bytes (Microsoft Corporation, PCMCIA-Treiber)
0xF7277000 Mup.sys 106496 bytes (Microsoft Corporation, Multiple UNC Provider driver)
0xF738B000 adpu160m.sys 102400 bytes (Microsoft Corporation, Adaptec Ultra160 SCSI miniport)
0xEDE5D000 C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys 102400 bytes (Huawei Technologies Co., Ltd., USB Modem/Serial Device Driver)
0xF73A4000 atapi.sys 98304 bytes (Microsoft Corporation, IDE/ATAPI Port Driver)
0xEDDB8000 C:\WINDOWS\System32\Drivers\dump_atapi.sys 98304 bytes
0xF6C8F000 C:\WINDOWS\system32\DRIVERS\pctfw.sys 98304 bytes (PC Tools, PC Tools NDIS Driver)
0xF73BC000 C:\WINDOWS\system32\DRIVERS\SCSIPORT.SYS 98304 bytes (Microsoft Corporation, SCSI Port Driver)
0xF72BE000 KSecDD.sys 94208 bytes (Microsoft Corporation, Kernel Security Support Provider Interface)
0xF6CB8000 C:\WINDOWS\system32\DRIVERS\ndiswan.sys 94208 bytes (Microsoft Corporation, MS PPP Framing Driver (Strong Encryption))
0xEBB22000 C:\WINDOWS\system32\DRIVERS\irda.sys 90112 bytes (Microsoft Corporation, IRDA Protocol Driver)
0xEB7E8000 C:\WINDOWS\system32\drivers\wdmaud.sys 86016 bytes (Microsoft Corporation, MMSYSTEM Wave/Midi API mapper)
0xEB18D000 C:\WINDOWS\system32\drivers\epm-shd.sys 81920 bytes (Acer Value Labs, USA, Acer EPM SHD ECV-TO)
0xF6FDB000 C:\WINDOWS\system32\DRIVERS\VIDEOPRT.SYS 81920 bytes (Microsoft Corporation, Video Port Driver)
0xEE47C000 C:\WINDOWS\system32\DRIVERS\ipsec.sys 77824 bytes (Microsoft Corporation, IPSec Driver)
0xBF000000 C:\WINDOWS\System32\drivers\dxg.sys 73728 bytes (Microsoft Corporation, DirectX Graphics Driver)
0xF732D000 sr.sys 73728 bytes (Microsoft Corporation, Dateisystemfilter-Treiber der Systemwiederherstellung)
0xEB154000 C:\Acer\Empowering Technology\eRecovery\int15.sys 69632 bytes
0xF7411000 pci.sys 69632 bytes (Microsoft Corporation, NT-Plug & Play PCI-Enumerator)
0xEB6D5000 C:\WINDOWS\system32\drivers\PCTAppEvent.sys 69632 bytes (PC Tools, PC Tools App Monitor Driver)
0xF6CA7000 C:\WINDOWS\system32\DRIVERS\psched.sys 69632 bytes (Microsoft Corporation, MS QoS Packet Scheduler)
0xF72F9000 TfFsMon.sys 69632 bytes (PC Tools, ThreatFire Filesystem Monitor)
0xF6CCF000 C:\WINDOWS\System32\Drivers\Cdfs.SYS 65536 bytes (Microsoft Corporation, CD-ROM File System Driver)
0xF7712000 C:\WINDOWS\system32\DRIVERS\cdrom.sys 65536 bytes (Microsoft Corporation, SCSI CD-ROM Driver)
0xF7562000 ohci1394.sys 65536 bytes (Microsoft Corporation, 1394 OpenHCI Port Driver)
0xF7227000 C:\WINDOWS\system32\drivers\drmk.sys 61440 bytes (Microsoft Corporation, Microsoft Kernel DRM Descrambler Filter)
0xF7722000 C:\WINDOWS\system32\DRIVERS\redbook.sys 61440 bytes (Microsoft Corporation, Redbook-Audiofiltertreiber)
0xEB9BA000 C:\WINDOWS\system32\drivers\sysaudio.sys 61440 bytes (Microsoft Corporation, System Audio WDM Filter)
0xF7207000 C:\WINDOWS\system32\DRIVERS\usbhub.sys 61440 bytes (Microsoft Corporation, Default Hub Driver for USB)
0xF7572000 C:\WINDOWS\system32\DRIVERS\1394BUS.SYS 57344 bytes (Microsoft Corporation, 1394 Bus Device Driver)
0xF75D2000 aic78u2.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra2 SCSI miniport)
0xF75A2000 aic78xx.sys 57344 bytes (Microsoft Corporation, Adaptec Ultra SCSI miniport)
0xF6CFF000 C:\WINDOWS\system32\drivers\lvusbsta.sys 57344 bytes (Logitech, USB Statistic Driver)
0xF7592000 VolSnap.sys 57344 bytes (Microsoft Corporation, Volumeschattenkopie-Treiber)
0xF7632000 C:\WINDOWS\system32\DRIVERS\CLASSPNP.SYS 53248 bytes (Microsoft Corporation, SCSI Class System Dll)
0xF76F2000 C:\WINDOWS\system32\DRIVERS\i8042prt.sys 53248 bytes (Microsoft Corporation, i8042-Anschlusstreiber)
0xF7782000 C:\WINDOWS\system32\DRIVERS\rasl2tp.sys 53248 bytes (Microsoft Corporation, RAS L2TP mini-port/call-manager driver)
0xF6CEF000 C:\WINDOWS\System32\Drivers\STREAM.SYS 53248 bytes (Microsoft Corporation, WDM CODEC Class Device Driver 2.0)
0xF7642000 TfSysMon.sys 53248 bytes (PC Tools, ThreatFire System Monitor)
0xF7612000 ql12160.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF7602000 ql1280.sys 49152 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF77A2000 C:\WINDOWS\system32\DRIVERS\raspptp.sys 49152 bytes (Microsoft Corporation, Peer-to-Peer Tunneling Protocol)
0xF76E2000 C:\WINDOWS\system32\DRIVERS\smcirda.sys 49152 bytes (SMSC, SMSC IrCC NDIS 5.0 IrDA FIR Device Driver)
0xF7672000 agp440.sys 45056 bytes (Microsoft Corporation, 440 NT AGP Filter)
0xF76A2000 agpCPQ.sys 45056 bytes (Microsoft Corporation, CompatNT AGP Filter)
0xF7682000 alim1541.sys 45056 bytes (Microsoft Corporation, ALi M1541 NT AGP Filter)
0xF7692000 amdagp.sys 45056 bytes (Advanced Micro Devices, Inc., AMD Win2000 AGP Filter)
0xF6D2F000 C:\WINDOWS\System32\Drivers\Fips.SYS 45056 bytes (Microsoft Corporation, FIPS-Verschlüsselungstreiber)
0xF7702000 C:\WINDOWS\system32\DRIVERS\imapi.sys 45056 bytes (Microsoft Corporation, IMAPI Kernel Driver)
0xF7582000 MountMgr.sys 45056 bytes (Microsoft Corporation, Mount Manager)
0xF7792000 C:\WINDOWS\system32\DRIVERS\raspppoe.sys 45056 bytes (Microsoft Corporation, RAS PPPoE mini-port/call-manager driver)
0xF7662000 viaagp.sys 45056 bytes (Microsoft Corporation, VIA NT AGP Filter)
0xF76D2000 C:\WINDOWS\system32\DRIVERS\intelppm.sys 40960 bytes (Microsoft Corporation, Prozessorgerätetreiber)
0xF7552000 isapnp.sys 40960 bytes (Microsoft Corporation, PNP-ISA-Bustreiber)
0xF6CDF000 C:\WINDOWS\system32\DRIVERS\mxopswd.sys 40960 bytes (Maxtor Corp., OneTouch Security Driver)
0xF7267000 C:\WINDOWS\System32\Drivers\NDProxy.SYS 40960 bytes (Microsoft Corporation, NDIS Proxy)
0xF75F2000 ql1080.sys 40960 bytes (QLogic Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF75C2000 ql1240.sys 40960 bytes (Microsoft Corporation, QLogic ISP PCI Adapters)
0xF7652000 sisagp.sys 40960 bytes (Silicon Integrated Systems Corporation, SiS NT AGP Filter)
0xF77C2000 C:\WINDOWS\system32\DRIVERS\termdd.sys 40960 bytes (Microsoft Corporation, Terminal Server Driver)
0xBA476000 C:\WINDOWS\System32\Drivers\BlackBox.SYS 36864 bytes (RKU Driver)
0xF7622000 disk.sys 36864 bytes (Microsoft Corporation, PnP Disk Driver)
0xF6D4F000 C:\WINDOWS\system32\drivers\ip6fw.sys 36864 bytes (Microsoft Corporation, IPv6 Windows Firewall Driver)
0xF77B2000 C:\WINDOWS\system32\DRIVERS\msgpc.sys 36864 bytes (Microsoft Corporation, MS General Packet Classifier)
0xF6D3F000 C:\WINDOWS\system32\DRIVERS\netbios.sys 36864 bytes (Microsoft Corporation, NetBIOS interface driver)
0xF75B2000 ql10wnt.sys 36864 bytes (Microsoft Corporation, Miniport Driver for QLogic ISP PCI Adapters)
0xF75E2000 ultra.sys 36864 bytes (Promise Technology, Inc., Promise ULTRA66 Miniport-Treiber)
0xF6D0F000 C:\WINDOWS\system32\DRIVERS\wanarp.sys 36864 bytes (Microsoft Corporation, MS Remote Access and Routing ARP Driver)
0xF78DA000 C:\WINDOWS\System32\Drivers\Modem.SYS 32768 bytes (Microsoft Corporation, Modemgerätetreiber)
0xF7932000 C:\WINDOWS\System32\Drivers\Npfs.SYS 32768 bytes (Microsoft Corporation, NPFS Driver)
0xF7802000 symc8xx.sys 32768 bytes (LSI Logic, Symbios 8XX SCSI Miniport Driver)
0xF7812000 sym_u3.sys 32768 bytes (LSI Logic, Symbios Ultra3 SCSI Miniport Driver)
0xF78BA000 C:\WINDOWS\System32\Drivers\TfKbMon.sys 32768 bytes (PC Tools, ThreatFire Keyboard Monitor)
0xF7952000 C:\WINDOWS\system32\DRIVERS\usbccgp.sys 32768 bytes (Microsoft Corporation, USB Common Class Generic Parent Driver)
0xF78AA000 C:\WINDOWS\system32\DRIVERS\usbehci.sys 32768 bytes (Microsoft Corporation, EHCI eUSB Miniport Driver)
0xF77EA000 asc.sys 28672 bytes (Advanced System Products, Inc., AdvanSys SCSI Controller Driver)
0xF791A000 C:\WINDOWS\system32\DRIVERS\HIDPARSE.SYS 28672 bytes (Microsoft Corporation, Hid Parsing Library)
0xF783A000 hpn.sys 28672 bytes (Microsoft Corporation, NetRAID-4M Miniport Driver)
0xF78C2000 C:\WINDOWS\system32\DRIVERS\kbdclass.sys 28672 bytes (Microsoft Corporation, Tastaturklassentreiber)
0xF77D2000 C:\WINDOWS\system32\DRIVERS\PCIIDEX.SYS 28672 bytes (Microsoft Corporation, PCI IDE Bus Driver Extension)
0xF7832000 perc2.sys 28672 bytes (Microsoft Corporation, PERC 2 Miniport Driver)
0xF780A000 sym_hi.sys 28672 bytes (LSI Logic, Symbios Hi-Perf SCSI Miniport Driver)
0xF7942000 C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS 28672 bytes (Microsoft Corporation, USB Mass Storage Class Driver)
0xF781A000 ABP480N5.SYS 24576 bytes (Microsoft Corporation, AdvanSys SCSI Controller Driver)
0xF7822000 asc3350p.sys 24576 bytes (Microsoft Corporation, AdvanSys SCSI Card Driver)
0xF78D2000 C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys 24576 bytes (GEAR Software Inc., CD DVD Filter)
0xF78CA000 C:\WINDOWS\system32\DRIVERS\mouclass.sys 24576 bytes (Microsoft Corporation, Mausklassentreiber)
0xF793A000 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{DD593EDC-C66B-4718-9DAF-BB38BBB90850}\MpKsla815e5dd.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xF786A000 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{DD593EDC-C66B-4718-9DAF-BB38BBB90850}\MpKsled00b8ce.sys 24576 bytes (Microsoft Corporation, KSLDriver)
0xF78A2000 C:\WINDOWS\system32\DRIVERS\usbuhci.sys 24576 bytes (Microsoft Corporation, UHCI USB Miniport Driver)
0xF7922000 C:\WINDOWS\System32\drivers\vga.sys 24576 bytes (Microsoft Corporation, VGA/Super VGA Video Driver)
0xF7862000 C:\WINDOWS\system32\DRIVERS\AegisP.sys 20480 bytes (Meetinghouse Data Communications, IEEE 802.1X Protocol Driver)
0xF78B2000 C:\WINDOWS\system32\DRIVERS\DKbFltr.sys 20480 bytes (Dritek System Inc., Dritek PS2 Keyboard Filter Driver)
0xF782A000 dpti2o.sys 20480 bytes (Microsoft Corporation, DPT SmartRAID miniport)
0xF77FA000 i2omp.sys 20480 bytes (Microsoft Corporation, I2O Miniport Driver)
0xF77F2000 mraid35x.sys 20480 bytes (American Megatrends Inc., MegaRAID RAID Controller Driver for Windows Whistler 32)
0xF792A000 C:\WINDOWS\System32\Drivers\Msfs.SYS 20480 bytes (Microsoft Corporation, Mailslot driver)
0xF77DA000 PartMgr.sys 20480 bytes (Microsoft Corporation, Partition Manager)
0xF78F2000 C:\WINDOWS\system32\DRIVERS\ptilink.sys 20480 bytes (Parallel Technologies, Inc., Parallel Technologies DirectParallel IO Library)
0xF78E2000 C:\WINDOWS\system32\DRIVERS\rasirda.sys 20480 bytes (Microsoft Corporation, IrDA WAN Miniport Driver)
0xF78FA000 C:\WINDOWS\system32\DRIVERS\raspti.sys 20480 bytes (Microsoft Corporation, PTI DirectParallel(R) mini-port/call-manager driver)
0xF77E2000 sparrow.sys 20480 bytes (Adaptec, Inc., Adaptec AIC-6x60 series SCSI miniport)
0xF78EA000 C:\WINDOWS\system32\DRIVERS\TDI.SYS 20480 bytes (Microsoft Corporation, TDI Wrapper)
0xF795A000 C:\WINDOWS\System32\watchdog.sys 20480 bytes (Microsoft Corporation, Watchdog Driver)
0xF797A000 aha154x.sys 16384 bytes (Microsoft Corporation, Adaptec AHA-154x series SCSI miniport)
0xF798A000 asc3550.sys 16384 bytes (Advanced System Products, Inc., AdvanSys Ultra-Wide PCI SCSI Driver)
0xB9F51000 C:\WINDOWS\system32\DRIVERS\asyncmac.sys 16384 bytes (Microsoft Corporation, MS Remote Access serial network driver)
0xF796A000 C:\WINDOWS\system32\DRIVERS\BATTC.SYS 16384 bytes (Microsoft Corporation, Battery Class Driver)
0xF7992000 cbidf2k.sys 16384 bytes (Microsoft Corporation, CardBus/PCMCIA IDE Miniport Driver)
0xF7A2A000 C:\WINDOWS\system32\DRIVERS\CmBatt.sys 16384 bytes (Microsoft Corporation, Control Method Battery Driver)
0xF7976000 cpqarray.sys 16384 bytes (Microsoft Corporation, Compaq Drive Array Controllers SCSI Miniport Driver)
0xF7982000 dac960nt.sys 16384 bytes (Microsoft Corporation, Mylex Disk Array Controller Driver)
0xF798E000 ini910u.sys 16384 bytes (Microsoft Corporation, INITIO ini910u SCSI miniport)
0xEB376000 C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys 16384 bytes (Conexant, Diagnostic Interface DRIVER)
0xF7A42000 C:\WINDOWS\system32\DRIVERS\mssmbios.sys 16384 bytes (Microsoft Corporation, System Management BIOS Driver)
0xEBC70000 C:\WINDOWS\system32\DRIVERS\s24trans.sys 16384 bytes (Intel Corporation, Intel WLAN Packet Driver)
0xF797E000 symc810.sys 16384 bytes (Symbios Logic Inc., Symbios Logic Inc. SCSI Miniport Driver)
0xF7972000 UBHelper.sys 16384 bytes
0xF796E000 ACPIEC.sys 12288 bytes (Microsoft Corporation, ACPI Embedded Controllertreiber)
0xF7986000 amsint.sys 12288 bytes (Microsoft Corporation, AMD SCSI/NET Controller)
0xF7962000 C:\WINDOWS\system32\BOOTVID.dll 12288 bytes (Microsoft Corporation, VGA Boot Driver)
0xEB56E000 C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmpar21.sys 12288 bytes (CANON INC., BJ Printer Port Driver Cnmpar21)
0xF7966000 compbatt.sys 12288 bytes (Microsoft Corporation, Composite Battery Driver)
0xF6C0D000 C:\WINDOWS\System32\drivers\Dxapi.sys 12288 bytes (Microsoft Corporation, DirectX API Driver)
0xF7193000 C:\WINDOWS\System32\Drivers\i2omgmt.SYS 12288 bytes (Microsoft Corporation, I2O Utility Filter)
0xF7A1A000 C:\WINDOWS\system32\DRIVERS\irenum.sys 12288 bytes (Microsoft Corporation, Infra-Red Bus Enumerator)
0xF7A36000 C:\WINDOWS\system32\DRIVERS\ndistapi.sys 12288 bytes (Microsoft Corporation, NDIS 3.0 connection wrapper driver)
0xF6D87000 C:\WINDOWS\system32\drivers\OsaFsLoc.sys 12288 bytes (OSA Technologies, Filesystem Lock driver)
0xF7A22000 C:\WINDOWS\system32\drivers\pfc.sys 12288 bytes (Padus, Inc., Padus(R) ASPI Shell)
0xF7187000 C:\WINDOWS\system32\DRIVERS\rasacd.sys 12288 bytes (Microsoft Corporation, RAS Automatic Connection Driver)
0xF7A16000 C:\WINDOWS\system32\DRIVERS\tunmp.sys 12288 bytes (Microsoft Corporation, Microsoft Tunnel Interface Driver)
0xF7A2E000 C:\WINDOWS\system32\DRIVERS\wmiacpi.sys 12288 bytes (Microsoft Corporation, Windows Management Interface for ACPI)
0xF7167000 C:\WINDOWS\System32\drivers\ws2ifsl.sys 12288 bytes (Microsoft Corporation, Winsock2 IFS Layer)
0xF7A56000 aliide.sys 8192 bytes (Acer Laboratories Inc., ALi mini IDE Driver)
0xF7A76000 C:\WINDOWS\System32\Drivers\Beep.SYS 8192 bytes (Microsoft Corporation, BEEP Driver)
0xF7A60000 cd20xrnt.sys 8192 bytes (Microsoft Corporation, IBM Portable CD-ROM Drive Miniport)
0xF7A5E000 cmdide.sys 8192 bytes (CMD Technology, Inc., CMD PCI IDE-Bustreiber)
0xF7A7C000 C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS 8192 bytes
0xF7A74000 C:\WINDOWS\System32\Drivers\Fs_Rec.SYS 8192 bytes (Microsoft Corporation, File System Recognizer Driver)
0xF7A58000 intelide.sys 8192 bytes (Microsoft Corporation, Intel PCI IDE Treiber)
0xF7A52000 C:\WINDOWS\system32\KDCOM.DLL 8192 bytes (Microsoft Corporation, Kernel Debugger HW Extension DLL)
0xF7A78000 C:\WINDOWS\System32\Drivers\mnmdd.SYS 8192 bytes (Microsoft Corporation, Frame buffer simulator)
0xF7AF0000 C:\WINDOWS\System32\Drivers\NdisFilt.sys 8192 bytes (OSA Technologies, NDIS Filter Driver)
0xF7A6A000 C:\WINDOWS\system32\DRIVERS\NTIDrvr.sys 8192 bytes (NewTech Infosystems, Inc., NTI CD-ROM Filter Driver)
0xF7AE0000 C:\WINDOWS\system32\drivers\osaio.sys 8192 bytes (OSA Technologies, An Avocent Company, OSA I/O Port Driver)
0xF7A62000 perc2hib.sys 8192 bytes (Microsoft Corporation, PERC 2 Hibernate Driver)
0xF7A7A000 C:\WINDOWS\System32\DRIVERS\RDPCDD.sys 8192 bytes (Microsoft Corporation, RDP Miniport)
0xF7A6C000 C:\WINDOWS\System32\Drivers\RootMdm.sys 8192 bytes (Microsoft Corporation, Legacy Non-Pnp Modem Device Driver)
0xF7ACC000 C:\WINDOWS\system32\drivers\splitter.sys 8192 bytes (Microsoft Corporation, Microsoft Kernel Audio Splitter)
0xF7A6E000 C:\WINDOWS\system32\DRIVERS\swenum.sys 8192 bytes (Microsoft Corporation, Plug and Play Software Device Enumerator)
0xF7A5A000 toside.sys 8192 bytes (Microsoft Corporation, Toshiba PCI IDE-Controller)
0xF7A68000 C:\WINDOWS\system32\DRIVERS\USBD.SYS 8192 bytes (Microsoft Corporation, Universal Serial Bus Driver)
0xF7A5C000 viaide.sys 8192 bytes (Microsoft Corporation, Generic PCI IDE Bus Driver)
0xF7A54000 C:\WINDOWS\system32\DRIVERS\WMILIB.SYS 8192 bytes (Microsoft Corporation, WMILIB WMI support library Dll)
0xF7BCC000 C:\WINDOWS\system32\DRIVERS\audstub.sys 4096 bytes (Microsoft Corporation, AudStub Driver)
0xF7C2A000 C:\WINDOWS\System32\drivers\dxgthk.sys 4096 bytes (Microsoft Corporation, DirectX Graphics Driver Thunk)
0xF7B8B000 C:\WINDOWS\system32\drivers\epm-psd.sys 4096 bytes (Acer Value Labs, USA, Acer EPM Power Scheme Driver)
0xF7C1B000 C:\WINDOWS\System32\Drivers\Null.SYS 4096 bytes (Microsoft Corporation, NULL Driver)
0xF7B1B000 C:\WINDOWS\system32\DRIVERS\OPRGHDLR.SYS 4096 bytes (Microsoft Corporation, ACPI Operation Registration Driver)
0xF7C65000 C:\WINDOWS\system32\drivers\osanbm.sys 4096 bytes (Windows (R) 2000 DDK provider, Windows int15 Driver)
0xF7B1A000 pciide.sys 4096 bytes (Microsoft Corporation, Allgemeiner PCI IDE Bustreiber)
==============================================
>Stealth
==============================================
==============================================
>Files
==============================================
==============================================
>Hooks
==============================================
ntkrnlpa.exe+0x0002D53E, Type: Inline - RelativeJump 0x8050453E-->8050455A [ntkrnlpa.exe]
ntkrnlpa.exe+0x0006ECEE, Type: Inline - RelativeJump 0x80545CEE-->80545CF5 [ntkrnlpa.exe]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->EnableScrollBar, Type: Inline - RelativeJump 0x7E3B8005-->00452280 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->EnableScrollBar, Type: Inline - SEH 0x7E3B800A [unknown_code_page]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->EnableScrollBar, Type: Inline - SEH 0x7E3B800B [unknown_code_page]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->GetScrollInfo, Type: Inline - RelativeJump 0x7E37DFE2-->004522C0 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->GetScrollInfo, Type: Inline - SEH 0x7E37DFE7 [unknown_code_page]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->GetScrollInfo, Type: Inline - SEH 0x7E37DFE8 [unknown_code_page]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->GetScrollPos, Type: Inline - RelativeJump 0x7E37F704-->00452300 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->GetScrollRange, Type: Inline - RelativeJump 0x7E37F787-->00452330 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->GetSysColor, Type: Inline - RelativeJump 0x7E368E78-->00452480 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->GetSysColorBrush, Type: Inline - RelativeJump 0x7E368EAB-->004524E0 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->SetScrollInfo, Type: Inline - RelativeJump 0x7E369056-->00452370 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->SetScrollInfo, Type: Inline - SEH 0x7E36905B [unknown_code_page]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->SetScrollInfo, Type: Inline - SEH 0x7E36905C [unknown_code_page]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->SetScrollPos, Type: Inline - RelativeJump 0x7E37F750-->004523B0 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->SetScrollRange, Type: Inline - RelativeJump 0x7E37F99B-->004523F0 [SkinMagicU.dll]
[3764]Dodo Wireless Broadband.exe-->user32.dll-->ShowScrollBar, Type: Inline - RelativeJump 0x7E37F2F2-->00452440 [SkinMagicU.dll]
[3876]Skype.exe-->kernel32.dll-->GetModuleHandleA, Type: IAT modification 0x013CD0A0-->73300B30 [unknown_code_page]
[3876]Skype.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x013CD0A4-->00402C24 [Skype.exe]
[4408]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->7160A16B [AcLayers.dll]
[4408]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->7160A067 [AcLayers.dll]
[4408]iexplore.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A51188-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A51190-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A511F8-->71609F5D [AcLayers.dll]
[4408]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A511FC-->7160A16B [AcLayers.dll]
[4408]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->7160A16B [AcLayers.dll]
[4408]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->7160A067 [AcLayers.dll]
[4408]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->7160A16B [AcLayers.dll]
[4408]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->7160A067 [AcLayers.dll]
[4408]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->7160A067 [AcLayers.dll]
[4408]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->71609F5D [AcLayers.dll]
[4408]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->7160A16B [AcLayers.dll]
[4408]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->7160A067 [AcLayers.dll]
[4408]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E37D0A3-->4126DB5C [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E3A6D7D-->4136517A [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E382072-->41365117 [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E38B144-->413650B4 [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E3747AB-->411954BD [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->7160A16B [AcLayers.dll]
[4408]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->7160A067 [AcLayers.dll]
[4408]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E3A085C-->41364F7C [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E3A0838-->41364F1A [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E38A082-->41365049 [ieframe.dll]
[4408]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E3B64D5-->41364FDE [ieframe.dll]
[4408]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->71609E59 [AcLayers.dll]
[4408]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->7160A16B [AcLayers.dll]
[4408]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->7160A067 [AcLayers.dll]
[4408]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->5CF07774 [shimeng.dll]
[4408]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->71609E59 [AcLayers.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77DA1034-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x77DA10F8-->02E7B950 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77DA1208-->02E7BB60 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->02EA2DF0 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->02EA2D20 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x77DA11F4-->02E7C4F0 [PCTBDCore.dll]
[4484]iexplore.exe-->advapi32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x77DA11F0-->02E7C5B0 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77A51230-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x77A511BC-->02E7B950 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77A511C0-->02E7BB60 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A51188-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A51190-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A511F8-->02EA2DC0 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A511FC-->02EA2DF0 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x77A51248-->02E7C4F0 [PCTBDCore.dll]
[4484]iexplore.exe-->crypt32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x77A51244-->02E7C5B0 [PCTBDCore.dll]
[4484]iexplore.exe-->gdi32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77EF10E4-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77EF10EC-->02E7BB60 [PCTBDCore.dll]
[4484]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->02EA2DF0 [PCTBDCore.dll]
[4484]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->02EA2D20 [PCTBDCore.dll]
[4484]iexplore.exe-->gdi32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x77EF10E8-->02E7C5B0 [PCTBDCore.dll]
[4484]iexplore.exe-->kernel32.dll-->CloseHandle, Type: IAT modification 0x00401050-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->kernel32.dll-->CreateFileW, Type: IAT modification 0x00401088-->02E7BB60 [PCTBDCore.dll]
[4484]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x00401034-->02E7C040 [PCTBDCore.dll]
[4484]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->02EA2DF0 [PCTBDCore.dll]
[4484]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->02EA2D20 [PCTBDCore.dll]
[4484]iexplore.exe-->mswsock.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x719B11B0-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->mswsock.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x719B10A4-->02E7B950 [PCTBDCore.dll]
[4484]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->02EA2D20 [PCTBDCore.dll]
[4484]iexplore.exe-->mswsock.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x719B1094-->02E7C4F0 [PCTBDCore.dll]
[4484]iexplore.exe-->mswsock.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x719B1098-->02E7C5B0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x7E6715F4-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x7E6715BC-->02E7BB60 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x7E671488-->02E7C040 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->02EA2DC0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->02EA2DF0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->02EA2D20 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x7E6715C8-->02E7C4F0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x7E671600-->02E7C5B0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->user32.dll-->DialogBoxParamW, Type: IAT modification 0x7E671D44-->02E7A1A0 [PCTBDCore.dll]
[4484]iexplore.exe-->shell32.dll-->user32.dll-->MessageBoxIndirectW, Type: IAT modification 0x7E672088-->02E7B1D0 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E37B3C6-->4125D125 [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E37D0A3-->4126DB5C [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E3A6D7D-->4136517A [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E382072-->41365117 [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E38B144-->413650B4 [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E3747AB-->411954BD [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x7E36124C-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x7E36134C-->02E7BB60 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x7E36127C-->02E7C040 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->02EA2DF0 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->02EA2D20 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x7E361260-->02E7C4F0 [PCTBDCore.dll]
[4484]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E3A085C-->41364F7C [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E3A0838-->41364F1A [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E38A082-->41365049 [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E3B64D5-->41364FDE [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->41269B01 [ieframe.dll]
[4484]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E37D5F3-->411D4664 [ieframe.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x408B14C0-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x408B1400-->02E7B950 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x408B13FC-->02E7BB60 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->02EA2CF0 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->02EA2DF0 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->02EA2D20 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x408B1408-->02E7C4F0 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x408B13F4-->02E7C5B0 [PCTBDCore.dll]
[4484]iexplore.exe-->wininet.dll-->user32.dll-->DialogBoxParamW, Type: IAT modification 0x408B1598-->02E7A1A0 [PCTBDCore.dll]
[4484]iexplore.exe-->ws2_32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x71A110B8-->02E7C3F0 [PCTBDCore.dll]
[4484]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->02EA2E30 [PCTBDCore.dll]
[4484]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->02EA2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77DA1034-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x77DA10F8-->0299B950 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77DA1208-->0299BB60 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77DA1214-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77DA105C-->029C2DF0 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77DA11E0-->029C2D20 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x77DA11F4-->0299C4F0 [PCTBDCore.dll]
[4888]iexplore.exe-->advapi32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x77DA11F0-->0299C5B0 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77A51230-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x77A511BC-->0299B950 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77A511C0-->0299BB60 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A51188-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77A51190-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x77A511F8-->029C2DC0 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77A511FC-->029C2DF0 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x77A51248-->0299C4F0 [PCTBDCore.dll]
[4888]iexplore.exe-->crypt32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x77A51244-->0299C5B0 [PCTBDCore.dll]
[4888]iexplore.exe-->gdi32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x77EF10E4-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->gdi32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x77EF10EC-->0299BB60 [PCTBDCore.dll]
[4888]iexplore.exe-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x77EF1084-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x77EF1078-->029C2DF0 [PCTBDCore.dll]
[4888]iexplore.exe-->gdi32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x77EF10B8-->029C2D20 [PCTBDCore.dll]
[4888]iexplore.exe-->gdi32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x77EF10E8-->0299C5B0 [PCTBDCore.dll]
[4888]iexplore.exe-->kernel32.dll-->CloseHandle, Type: IAT modification 0x00401050-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->kernel32.dll-->CreateFileW, Type: IAT modification 0x00401088-->0299BB60 [PCTBDCore.dll]
[4888]iexplore.exe-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x00401034-->0299C040 [PCTBDCore.dll]
[4888]iexplore.exe-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x0040106C-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x00401098-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x004010E8-->029C2DF0 [PCTBDCore.dll]
[4888]iexplore.exe-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x004010C0-->029C2D20 [PCTBDCore.dll]
[4888]iexplore.exe-->mswsock.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x719B11B0-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->mswsock.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x719B10A4-->0299B950 [PCTBDCore.dll]
[4888]iexplore.exe-->mswsock.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x719B1178-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x719B1184-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->mswsock.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x719B11A0-->029C2D20 [PCTBDCore.dll]
[4888]iexplore.exe-->mswsock.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x719B1094-->0299C4F0 [PCTBDCore.dll]
[4888]iexplore.exe-->mswsock.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x719B1098-->0299C5B0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x7E6715F4-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x7E6715BC-->0299BB60 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x7E671488-->0299C040 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E6713E8-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExA, Type: IAT modification 0x7E67163C-->029C2DC0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E67161C-->029C2DF0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E6715A0-->029C2D20 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x7E6715C8-->0299C4F0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x7E671600-->0299C5B0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->user32.dll-->DialogBoxParamW, Type: IAT modification 0x7E671D44-->0299A1A0 [PCTBDCore.dll]
[4888]iexplore.exe-->shell32.dll-->user32.dll-->MessageBoxIndirectW, Type: IAT modification 0x7E672088-->0299B1D0 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->CallNextHookEx, Type: Inline - RelativeJump 0x7E37B3C6-->4125D125 [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->CreateWindowExW, Type: Inline - RelativeJump 0x7E37D0A3-->4126DB5C [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->DialogBoxIndirectParamA, Type: Inline - RelativeJump 0x7E3A6D7D-->4136517A [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->DialogBoxIndirectParamW, Type: Inline - RelativeJump 0x7E382072-->41365117 [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->DialogBoxParamA, Type: Inline - RelativeJump 0x7E38B144-->413650B4 [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->DialogBoxParamW, Type: Inline - RelativeJump 0x7E3747AB-->411954BD [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x7E36124C-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x7E36134C-->0299BB60 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->CreateProcessW, Type: IAT modification 0x7E36127C-->0299C040 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x7E3612F4-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x7E361208-->029C2DF0 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x7E361340-->029C2D20 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x7E361260-->0299C4F0 [PCTBDCore.dll]
[4888]iexplore.exe-->user32.dll-->MessageBoxExA, Type: Inline - RelativeJump 0x7E3A085C-->41364F7C [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->MessageBoxExW, Type: Inline - RelativeJump 0x7E3A0838-->41364F1A [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->MessageBoxIndirectA, Type: Inline - RelativeJump 0x7E38A082-->41365049 [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->MessageBoxIndirectW, Type: Inline - RelativeJump 0x7E3B64D5-->41364FDE [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->SetWindowsHookExW, Type: Inline - RelativeJump 0x7E37820F-->41269B01 [ieframe.dll]
[4888]iexplore.exe-->user32.dll-->UnhookWindowsHookEx, Type: Inline - RelativeJump 0x7E37D5F3-->411D4664 [ieframe.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x408B14C0-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->CreateFileA, Type: IAT modification 0x408B1400-->0299B950 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->CreateFileW, Type: IAT modification 0x408B13FC-->0299BB60 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x408B14B4-->029C2CF0 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryExW, Type: IAT modification 0x408B1450-->029C2DF0 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->LoadLibraryW, Type: IAT modification 0x408B1350-->029C2D20 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->ReadFile, Type: IAT modification 0x408B1408-->0299C4F0 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->kernel32.dll-->WriteFile, Type: IAT modification 0x408B13F4-->0299C5B0 [PCTBDCore.dll]
[4888]iexplore.exe-->wininet.dll-->user32.dll-->DialogBoxParamW, Type: IAT modification 0x408B1598-->0299A1A0 [PCTBDCore.dll]
[4888]iexplore.exe-->ws2_32.dll-->kernel32.dll-->CloseHandle, Type: IAT modification 0x71A110B8-->0299C3F0 [PCTBDCore.dll]
[4888]iexplore.exe-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->029C2E30 [PCTBDCore.dll]
[4888]iexplore.exe-->ws2_32.dll-->kernel32.dll-->LoadLibraryA, Type: IAT modification 0x71A110A8-->029C2CF0 [PCTBDCore.dll]
[984]Explorer.EXE-->advapi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77DA1218-->5CF07774 [shimeng.dll]
[984]Explorer.EXE-->crypt32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77A51188-->5CF07774 [shimeng.dll]
[984]Explorer.EXE-->gdi32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x77EF10B4-->5CF07774 [shimeng.dll]
[984]Explorer.EXE-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x01001268-->5CF07774 [shimeng.dll]
[984]Explorer.EXE-->shell32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E6715A4-->5CF07774 [shimeng.dll]
[984]Explorer.EXE-->user32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x7E36133C-->5CF07774 [shimeng.dll]
[984]Explorer.EXE-->wininet.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x408B14B0-->5CF07774 [shimeng.dll]
[984]Explorer.EXE-->ws2_32.dll-->kernel32.dll-->GetProcAddress, Type: IAT modification 0x71A1109C-->5CF07774 [shimeng.dll]

 

[Curly]

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Home Edition
Windows Information: Service Pack 3 (build 2600)
Logical Drives Mask: 0x000007fc

Kernel Drivers (total 208):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E6000 \WINDOWS\system32\hal.dll
0xF7A52000 \WINDOWS\system32\KDCOM.DLL
0xF7962000 \WINDOWS\system32\BOOTVID.dll
0xF7422000 ACPI.sys
0xF7A54000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7411000 pci.sys
0xF7552000 isapnp.sys
0xF7562000 ohci1394.sys
0xF7572000 \WINDOWS\system32\DRIVERS\1394BUS.SYS
0xF7966000 compbatt.sys
0xF796A000 \WINDOWS\system32\DRIVERS\BATTC.SYS
0xF7B1A000 pciide.sys
0xF77D2000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7A56000 aliide.sys
0xF7A58000 intelide.sys
0xF7A5A000 toside.sys
0xF7A5C000 viaide.sys
0xF7A5E000 cmdide.sys
0xF73F3000 pcmcia.sys
0xF7582000 MountMgr.sys
0xF73D4000 ftdisk.sys
0xF796E000 ACPIEC.sys
0xF7B1B000 \WINDOWS\system32\DRIVERS\OPRGHDLR.SYS
0xF77DA000 PartMgr.sys
0xF7972000 UBHelper.sys
0xF7592000 VolSnap.sys
0xF7976000 cpqarray.sys
0xF73BC000 \WINDOWS\system32\DRIVERS\SCSIPORT.SYS
0xF73A4000 atapi.sys
0xF797A000 aha154x.sys
0xF77E2000 sparrow.sys
0xF797E000 symc810.sys
0xF75A2000 aic78xx.sys
0xF7982000 dac960nt.sys
0xF75B2000 ql10wnt.sys
0xF7986000 amsint.sys
0xF77EA000 asc.sys
0xF798A000 asc3550.sys
0xF77F2000 mraid35x.sys
0xF77FA000 i2omp.sys
0xF798E000 ini910u.sys
0xF75C2000 ql1240.sys
0xF75D2000 aic78u2.sys
0xF7802000 symc8xx.sys
0xF780A000 sym_hi.sys
0xF7812000 sym_u3.sys
0xF781A000 ABP480N5.SYS
0xF7822000 asc3350p.sys
0xF7A60000 cd20xrnt.sys
0xF75E2000 ultra.sys
0xF738B000 adpu160m.sys
0xF782A000 dpti2o.sys
0xF75F2000 ql1080.sys
0xF7602000 ql1280.sys
0xF7612000 ql12160.sys
0xF7832000 perc2.sys
0xF7A62000 perc2hib.sys
0xF783A000 hpn.sys
0xF7992000 cbidf2k.sys
0xF735F000 dac2w2k.sys
0xF7622000 disk.sys
0xF7632000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF733F000 fltmgr.sys
0xF732D000 sr.sys
0xF730A000 PCTCore.sys
0xF72F9000 TfFsMon.sys
0xF7642000 TfSysMon.sys
0xF72D5000 Fastfat.sys
0xF72BE000 KSecDD.sys
0xF7291000 NDIS.sys
0xF7652000 sisagp.sys
0xF7662000 viaagp.sys
0xF7277000 Mup.sys
0xF7672000 agp440.sys
0xF7682000 alim1541.sys
0xF7692000 amdagp.sys
0xF76A2000 agpCPQ.sys
0xF7A16000 \SystemRoot\system32\DRIVERS\tunmp.sys
0xF76D2000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF6FEF000 \SystemRoot\system32\DRIVERS\ati2mtag.sys
0xF6FDB000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6FB3000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6E56000 \SystemRoot\system32\DRIVERS\w39n51.sys
0xF6E35000 \SystemRoot\system32\DRIVERS\b57xp32.sys
0xF78A2000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6E11000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF78AA000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF6DE9000 \SystemRoot\system32\drivers\tifm21.sys
0xF76E2000 \SystemRoot\system32\DRIVERS\smcirda.sys
0xF7A1A000 \SystemRoot\system32\DRIVERS\irenum.sys
0xF76F2000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF78B2000 \SystemRoot\system32\DRIVERS\DKbFltr.sys
0xF78BA000 \SystemRoot\System32\Drivers\TfKbMon.sys
0xF78C2000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF6DBA000 \SystemRoot\system32\DRIVERS\SynTP.sys
0xF7A68000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF78CA000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7702000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF7A22000 \??\C:\WINDOWS\system32\drivers\pfc.sys
0xF7712000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF7722000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6D97000 \SystemRoot\system32\DRIVERS\ks.sys
0xF7A6A000 \SystemRoot\system32\DRIVERS\NTIDrvr.sys
0xF78D2000 \SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
0xF7A2A000 \SystemRoot\system32\DRIVERS\CmBatt.sys
0xF7A2E000 \SystemRoot\system32\DRIVERS\wmiacpi.sys
0xF7BCC000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF7A6C000 \SystemRoot\System32\Drivers\RootMdm.sys
0xF78DA000 \SystemRoot\System32\Drivers\Modem.SYS
0xF78E2000 \SystemRoot\system32\DRIVERS\rasirda.sys
0xF78EA000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF7782000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7A36000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6CB8000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF7792000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77A2000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF6CA7000 \SystemRoot\system32\DRIVERS\psched.sys
0xF77B2000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF78F2000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF78FA000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF77C2000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF6C8F000 \SystemRoot\system32\DRIVERS\pctfw.sys
0xF7A6E000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF6C31000 \SystemRoot\system32\DRIVERS\update.sys
0xF7A42000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7267000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xEE7E9000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xEE7C5000 \SystemRoot\system32\drivers\portcls.sys
0xF7227000 \SystemRoot\system32\drivers\drmk.sys
0xEE793000 \SystemRoot\system32\DRIVERS\HSFHWAZL.sys
0xEE69F000 \SystemRoot\system32\DRIVERS\HSF_DPV.sys
0xEE5EE000 \SystemRoot\system32\DRIVERS\HSF_CNXT.sys
0xF7207000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7193000 \SystemRoot\System32\Drivers\i2omgmt.SYS
0xEE527000 \SystemRoot\system32\DRIVERS\MpFilter.sys
0xF7A74000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7C1B000 \SystemRoot\System32\Drivers\Null.SYS
0xF7A76000 \SystemRoot\System32\Drivers\Beep.SYS
0xF791A000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xF7922000 \SystemRoot\System32\drivers\vga.sys
0xF7A78000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7A7A000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF792A000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF7932000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7187000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xEE47C000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xEE423000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xEE3FD000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xEE3D7000 \??\C:\WINDOWS\system32\drivers\pctgntdi.sys
0xEE3AF000 \SystemRoot\system32\DRIVERS\netbt.sys
0xEE377000 \SystemRoot\system32\DRIVERS\tcpip6.sys
0xF7167000 \SystemRoot\System32\drivers\ws2ifsl.sys
0xF6D4F000 \SystemRoot\system32\drivers\ip6fw.sys
0xEE355000 \SystemRoot\System32\drivers\afd.sys
0xF6D3F000 \SystemRoot\system32\DRIVERS\netbios.sys
0xEE32A000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xF6D87000 \??\C:\WINDOWS\system32\drivers\OsaFsLoc.sys
0xEE292000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF793A000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{DD593EDC-C66B-4718-9DAF-BB38BBB90850}\MpKsla815e5dd.sys
0xF6D2F000 \SystemRoot\System32\Drivers\Fips.SYS
0xF6D0F000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xF7942000 \SystemRoot\system32\DRIVERS\USBSTOR.SYS
0xEE020000 \??\C:\WINDOWS\system32\drivers\lvmvdrv.sys
0xF6CFF000 \SystemRoot\system32\drivers\lvusbsta.sys
0xEDF16000 \SystemRoot\System32\Drivers\lv321av.sys
0xF6CEF000 \SystemRoot\System32\Drivers\STREAM.SYS
0xF6CDF000 \SystemRoot\system32\DRIVERS\mxopswd.sys
0xF7952000 \SystemRoot\system32\DRIVERS\usbccgp.sys
0xEDE5D000 \SystemRoot\system32\DRIVERS\ewusbmdm.sys
0xF6CCF000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xEDDD0000 \SystemRoot\System32\Drivers\Ntfs.SYS
0xEDDB8000 \SystemRoot\System32\Drivers\dump_atapi.sys
0xF7A7C000 \SystemRoot\System32\Drivers\dump_WMILIB.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xF6C0D000 \SystemRoot\System32\drivers\Dxapi.sys
0xF795A000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C2A000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF012000 \SystemRoot\System32\ati2dvag.dll
0xBF054000 \SystemRoot\System32\ati2cqag.dll
0xBF08E000 \SystemRoot\System32\atikvmag.dll
0xBF0C4000 \SystemRoot\System32\ati3duag.dll
0xBF32B000 \SystemRoot\System32\ativvaxx.dll
0xBF439000 \SystemRoot\System32\ATMFD.DLL
0xF7862000 \SystemRoot\system32\DRIVERS\AegisP.sys
0xEBB22000 \SystemRoot\system32\DRIVERS\irda.sys
0xEBC70000 \SystemRoot\system32\DRIVERS\s24trans.sys
0xEB825000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xEB7E8000 \SystemRoot\system32\drivers\wdmaud.sys
0xEB9BA000 \SystemRoot\system32\drivers\sysaudio.sys
0xEB56E000 \??\C:\BJPrinter\CNMWINDOWS\Canon PIXMA iP3000 Installer\Inst2\cnmpar21.sys
0xF7B8B000 \??\C:\WINDOWS\system32\drivers\epm-psd.sys
0xEB18D000 \??\C:\WINDOWS\system32\drivers\epm-shd.sys
0xEB154000 \??\C:\Acer\Empowering Technology\eRecovery\int15.sys
0xEB37E000 \SystemRoot\system32\DRIVERS\srv.sys
0xEB376000 \SystemRoot\system32\DRIVERS\mdmxsdk.sys
0xF7AE0000 \??\C:\WINDOWS\system32\drivers\osaio.sys
0xF7C65000 \??\C:\WINDOWS\system32\drivers\osanbm.sys
0xEB6D5000 \??\C:\WINDOWS\system32\drivers\PCTAppEvent.sys
0xF7AF0000 \SystemRoot\System32\Drivers\NdisFilt.sys
0xF786A000 \??\C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{DD593EDC-C66B-4718-9DAF-BB38BBB90850}\MpKsled00b8ce.sys
0xBA125000 \SystemRoot\System32\Drivers\HTTP.sys
0xB9F51000 \SystemRoot\system32\DRIVERS\asyncmac.sys
0xBA476000 \SystemRoot\System32\Drivers\BlackBox.SYS
0xBF480000 \SystemRoot\System32\spool\DRIVERS\W32X86\2\ppbint.dll
0xB977F000 \SystemRoot\system32\drivers\kmixer.sys
0x7C910000 \WINDOWS\System32\ntdll.dll

Processes (total 73):
0 System Idle Process
4 System
728 C:\WINDOWS\System32\smss.exe
1568 csrss.exe
1596 C:\WINDOWS\System32\winlogon.exe
1640 C:\WINDOWS\System32\services.exe
1652 C:\WINDOWS\System32\lsass.exe
1820 C:\WINDOWS\System32\Ati2evxx.exe
1840 C:\WINDOWS\System32\svchost.exe
1952 svchost.exe
2020 C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
128 C:\WINDOWS\System32\svchost.exe
240 C:\Programme\Intel\Wireless\Bin\EvtEng.exe
332 C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
396 svchost.exe
444 svchost.exe
692 C:\WINDOWS\System32\brsvc01a.exe
712 C:\WINDOWS\System32\brss01a.exe
824 C:\WINDOWS\System32\Ati2evxx.exe
800 C:\WINDOWS\System32\spoolsv.exe
984 C:\WINDOWS\Explorer.EXE
1012 svchost.exe
640 C:\Acer\Empowering Technology\admServ.exe
1472 C:\Programme\Bonjour\mDNSResponder.exe
744 C:\Programme\Browser Defender\BDTUpdateService.exe
232 C:\WINDOWS\System32\CNAC3RPK.EXE
1948 C:\Programme\Synaptics\SynTP\SynTPLpr.exe
484 C:\Programme\Synaptics\SynTP\SynTPEnh.exe
540 C:\Program Files\Acer\Acer Arcade\PCMService.exe
548 C:\Programme\ATI Technologies\ATI.ACE\cli.exe
464 C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
760 C:\WINDOWS\System32\cisvc.exe
776 C:\Acer\Empowering Technology\eRecovery\Monitor.exe
1076 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
1116 C:\Programme\Launch Manager\QtZgAcer.EXE
1152 C:\WINDOWS\System32\LVCOMSX.EXE
1156 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
1208 C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
1556 C:\Acer\Empowering Technology\admtray.exe
1868 C:\Programme\Google\Update\GoogleUpdate.exe
2084 C:\Programme\Maxtor\Sync\SyncServices.exe
2448 C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
2472 C:\WINDOWS\RTHDCPL.EXE
2540 C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
2568 C:\Programme\CyberLink\Shared Files\RichVideo.exe
2660 C:\Programme\PC Tools Internet Security\pctsAuxs.exe
2668 C:\Programme\Microsoft Security Client\msseces.exe
2688 C:\WINDOWS\System32\tcpsvcs.exe
2724 C:\WINDOWS\System32\svchost.exe
2748 C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
2788 C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
2848 C:\Programme\Windows Live\Messenger\msnmsgr.exe
2972 C:\WINDOWS\System32\ctfmon.exe
2980 C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
3764 C:\Programme\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
3972 C:\WINDOWS\System32\wbem\wmiapsrv.exe
4020 C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
1344 alg.exe
3116 C:\WINDOWS\System32\svchost.exe
2164 C:\Programme\ATI Technologies\ATI.ACE\cli.exe
2500 C:\Programme\Windows Live\Contacts\wlcomm.exe
3876 C:\Programme\Skype\Phone\Skype.exe
2536 C:\Programme\Skype\Plugin Manager\skypePM.exe
2080 D:\Eigene Dateien\Download\spybot\RKUnhookerLE.EXE
4408 C:\Programme\Internet Explorer\iexplore.exe
4484 C:\Programme\Internet Explorer\iexplore.exe
4888 C:\Programme\Internet Explorer\iexplore.exe
5244 C:\WINDOWS\System32\cidaemon.exe
6044 C:\WINDOWS\System32\wscntfy.exe
2868 C:\WINDOWS\System32\taskmgr.exe
4260 C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
4808 C:\Programme\Microsoft Office\Office10\winword.exe
3900 D:\Eigene Dateien\Download\spybot\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`f98b7a00 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000009`bdfa3e00 (FAT32)
\\.\F: --> \\.\PhysicalDrive2 at offset 0x00000000`00007e00 (NTFS)
\\.\J: --> \\.\PhysicalDrive1 at offset 0x00000000`00007e00 (NTFS)

PhysicalDrive0 Model Number: ST98823AS, Rev: 3.06
PhysicalDrive2 Model Number: MaxtorOneTouch, Rev: 0122
PhysicalDrive1 Model Number: ST9320320AS, Rev:

Size Device Name MBR Status
--------------------------------------------
74 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: ADFE55CD0C6ED2E00B22375835E4C2736CE9AD11
465 GB \\.\PhysicalDrive2 RE: Unknown MBR code
SHA1: CEECB0630DEB98A912C967BD5561D0F2BFE7D8C6
298 GB \\.\PhysicalDrive1 RE: Unknown MBR code
SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F


Found non-standard or infected MBR.
Enter 'Y' and hit ENTER for more options, or 'N' to exit:

Done!

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00A6FAF1-072E-44CF-8957-5838F569A31D} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EA9-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{07B18EAB-A523-4961-B6BB-170DE4475CCA} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{25560540-9571-4D7B-9389-0F166788785A} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{3E720452-B472-4954-B7AA-33069EB53906} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7473D294-B7BB-4F24-AE82-7E2CE94BB6A9} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{9FF05104-B030-46FC-94B8-81276E4E27DF} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E79DFBCA-5697-4FBD-94E5-5B2A9C7C1612} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowMyComputer (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

 

[vict0r]

Hi

that was quite some "homework"

Here's some more...



AVP Tool by Kaspersky

Download the AVP Tool by Kaspersky from Here & save it to your desktop. Be aware that this is a large file.... approximately 111Mb.

• Plugin any hard drives or thumb drives if you own such drives.
• Double click the setup file to run it
• Choose the language and click ok.
• Click Next to continue
• Accept the Licence agreement then click Next
• It will by default install to your desktop folder. Click Next
• Once installed it will open a box. Click the Autoscan tab if not already open.
• Under Automatic scan make sure the following are checked:
  • Hidden Startup Objects
  • System Memory
  • Disk Boot Sectors
  • My Computer
  • Any hard- or thumb-drives that you may have.
  • Change "Prompt for action" to Prompt on completion
  Leave the rest of the settings as they appear
  
  [*]Click on Start scan button.
  [*]If prompted when the scan has finished, click on Neutralize all.
  [*]If you receive a message that an item cannot be neutralized then choose the Delete option when prompted
  [*]Once finished click the Reports button at the bottom
  [*]Name the file Kas & save it somewhere convenient like your desktop
  [*]Copy/paste only the detected Virus\malware from the report. It will be at the very top under Detected & post those results in your next reply
  
  Note: This program will ask to uninstall when you close it. Please post the log first, then go ahead and uninstall the program.

How is the performance of the computer now? Are there further signs of infection?

 

[Curly]

Hello Vict0r

The removable drive I use for multimedia has been infected. Hope it didn't spread around.

7/06/2011 2:18:27 AM Task completed
7/06/2011 12:08:47 AM Deleted: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe
7/06/2011 12:05:17 AM Detected: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe/data0088
7/06/2011 12:05:17 AM Detected: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe/data0087
7/06/2011 12:05:16 AM Detected: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe/data0086
7/06/2011 12:05:15 AM Detected: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe/data0085
7/06/2011 12:05:14 AM Detected: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe/data0084
7/06/2011 12:05:13 AM Detected: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe/data0083
6/06/2011 11:59:30 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\System Volume Information\_restore{F1D42BD7-2909-41D1-8AE7-992D648B90F6}\RP201\A0040795.exe/data0082
6/06/2011 11:53:21 PM Deleted: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe
6/06/2011 11:41:51 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe/data0088
6/06/2011 11:41:49 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe/data0087
6/06/2011 11:41:48 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe/data0086
6/06/2011 11:41:46 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe/data0085
6/06/2011 11:41:44 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe/data0084
6/06/2011 11:41:42 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe/data0083
6/06/2011 11:35:02 PM Detected: Trojan-Downloader.JS.Iframe.bzi J:\Software\cfree5_0_pro_setup.exe/data0082
6/06/2011 11:09:35 PM Deleted: not-a-virus:AdWare.Win32.FunWeb.kd D:\Recycled\Dd599.exe
6/06/2011 11:09:34 PM Deleted: Trojan-Downloader.Win32.Myxa.ehx D:\_OTL\MovedFiles\06012011_170043\c_dokume~1\oliver~1\lokale~1\temp\msmonitor
6/06/2011 6:13:36 PM Detected: not-a-virus:AdWare.Win32.FunWeb.kd D:\Recycled\Dd599.exe
6/06/2011 6:13:33 PM Detected: Trojan-Downloader.Win32.Myxa.ehx D:\_OTL\MovedFiles\06012011_170043\c_dokume~1\oliver~1\lokale~1\temp\msmonitor

I noticed that when I connected to the internet the computer was ready right away. Before, mostly after dialing in with the mobile broad band, the computer was irresponsive for up to 2 minutes. Sometimes it didn't, so I keep watching it.

Thank you

 

[Curly]

Sorry "unsresponsive" irresponive is no english word
But it has also been slow again maybe it's normal?

 

[Curly]

Sorry "unsresponsive" irresponive is no english word
But it has also been slow again maybe it's normal?

Please don't worry about the "s" jumping from one word to an other :scratch:

 

[vict0r]

I'm sorry for the delay.


Please download DDS by sUBs from one of the links below, save it to your Desktop (Note: It must be saved in this location).

• Link 1
• Link 2

• Double-Click on dds.scr and a command window will appear. This is normal.
• Shortly after two logs will appear:
  • DDS.txt
  • Attach.txt
• A window will open instructing you save & post the logs
• Save the logs to a convenient place such as your desktop
• Copy the contents of both logs & post in your next reply

 

[Curly]

Hello Vict0r

Thank you for your replay. Since the last post the viruses have not shown any appearance in places where I would have noticed any activity.

Here are the logs:

.
DDS (Ver_2011-06-12.02) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Oliver Draxl at 10:41:31 on 2011-06-12
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.242 [GMT 10:00]
.
AV: Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Internet Security Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe
C:\Acer\Empowering Technology\admServ.exe
C:\WINDOWS\system32\CNAC3RPK.EXE
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programme\Browser Defender\BDTUpdateService.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\Acer\Empowering Technology\admtray.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Maxtor\Sync\SyncServices.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Programme\Microsoft Security Client\msseces.exe
C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\PC Tools Internet Security\pctsAuxs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Programme\T39 USB-Handset Manager\PhMgr.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\programme\browser defender\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\programme\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programme\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\programme\browser defender\PCTBrowserDefender.dll
uRun: [TaskSwitchXP] c:\programme\taskswitchxp\TaskSwitchXP.exe
uRun: [msnmsgr] "c:\programme\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [ATICCC] "c:\programme\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSC] "c:\programme\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
mRun: [Malwarebytes' Anti-Malware] "c:\programme\malwarebytes' anti-malware\mbamgui.exe" /starttray
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll
LSP: c:\programme\gemeinsame dateien\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717
TCP: Interfaces\{86C0E1A0-58D0-4AC3-939C-6B15B6C14CD4} : NameServer = 202.136.43.197 202.136.42.229
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-1 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-11-1 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-11-1 39200]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKslb2f4ca89;MpKslb2f4ca89;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{b24d1f71-9363-499c-acf3-995a2fb4b6e3}\MpKslb2f4ca89.sys [2011-6-12 28752]
R1 MpKslbf23a101;MpKslbf23a101;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{f96dd48e-59f3-4107-a106-c2b48d9d5220}\mpkslbf23a101.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{f96dd48e-59f3-4107-a106-c2b48d9d5220}\MpKslbf23a101.sys [?]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-1 159600]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\programme\iobit\advanced systemcare 4\ASCService.exe [2011-6-4 352656]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\browser defender\BDTUpdateService.exe [2009-9-24 112592]
R2 MBAMService;MBAMService;c:\programme\malwarebytes' anti-malware\mbamservice.exe [2011-6-4 366640]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-11-1 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\pc tools internet security\pctsAuxs.exe [2009-11-1 348752]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2009-9-23 1088896]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2011-6-4 22712]
S1 MpKsl8ce013eb;MpKsl8ce013eb;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpksl8ce013eb.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKsl8ce013eb.sys [?]
S1 MpKslc2e1cac1;MpKslc2e1cac1;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\mpkslc2e1cac1.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\MpKslc2e1cac1.sys [?]
S1 MpKslfd10626b;MpKslfd10626b;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpkslfd10626b.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKslfd10626b.sys [?]
S2 AdminSVC;GMX Browser Update;c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe --> c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe [?]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [2001-12-20 7552]
S2 Ca533av;PocketCam 3Mega, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [2010-4-10 514929]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 6616190D;6616190D;c:\windows\system32\6616190d.exe --> c:\windows\system32\6616190D.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-9-25 16512]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2009-9-26 1183744]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2005-8-24 692992]
S3 EyelineService;Eyeline Video System;c:\programme\nch software\eyeline\eyeline.exe [2009-11-5 643076]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-4 39984]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-9-23 32512]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-11-1 95656]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-1 64424]
S3 sdCoreService;PC Tools Security Service;c:\programme\pc tools internet security\pctsSvc.exe [2009-11-1 1095592]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-11-1 33056]
S3 ThreatFire;ThreatFire;c:\programme\pc tools internet security\tfengine\tfservice.exe service --> c:\programme\pc tools internet security\tfengine\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2011-06-12 00:38:47 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{b24d1f71-9363-499c-acf3-995a2fb4b6e3}\MpKslb2f4ca89.sys
2011-06-12 00:37:38 6962000 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{b24d1f71-9363-499c-acf3-995a2fb4b6e3}\mpengine.dll
2011-06-04 02:36:27 -------- d-----w- c:\dokumente und einstellungen\oliver draxl\anwendungsdaten\Malwarebytes
2011-06-04 02:36:17 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-04 02:36:17 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Malwarebytes
2011-06-04 02:36:13 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-04 02:36:13 -------- d-----w- c:\programme\Malwarebytes' Anti-Malware
2011-06-04 01:56:59 -------- d-----w- c:\dokumente und einstellungen\oliver draxl\anwendungsdaten\IObit
2011-06-04 01:56:56 -------- d-----w- c:\programme\IObit
2011-06-01 13:31:59 403216 ----a-w- c:\windows\system32\msrepl35.dll
2011-06-01 13:31:59 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-06-01 13:31:59 251664 ----a-w- c:\windows\system32\msrd2x35.dll
2011-06-01 13:31:58 25600 ----a-w- c:\programme\gemeinsame dateien\microsoft shared\dao\remove.exe
2011-06-01 13:27:27 -------- d-----w- c:\programme\DevStudio
2011-06-01 06:22:19 -------- d-sh--w- c:\dokumente und einstellungen\oliver draxl\UserData
2011-05-29 11:24:51 -------- d-----r- c:\programme\Skype
2011-05-27 02:06:54 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-05-27 02:06:54 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-05-27 02:06:54 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-05-27 02:06:54 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-05-27 02:06:54 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-05-21 03:57:13 -------- d-----w- c:\programme\Spybot - Search & Destroy
2011-05-21 03:57:13 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Spybot - Search & Destroy
2011-05-20 05:58:03 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-05-20 05:50:53 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Skype Extras
.
==================== Find3M ====================
.
.
============= FINISH: 10:42:39.78 ===============


.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-06-12.02)
.
Microsoft Windows XP Home Edition
Boot Device: \Device\HarddiskVolume2
Install Date: 23/09/2009 6:23:18 PM
System Uptime: 7/06/2011 7:44:36 AM (123 hours ago)
.
Motherboard: Acer, Inc. | | Bodensee
Processor: Genuine Intel(R) CPU T2300 @ 1.66GHz | U2E1 | 1666/166mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 35 GiB total, 11.324 GiB free.
D: is FIXED (FAT32) - 36 GiB total, 6.34 GiB free.
E: is CDROM ()
G: is CDROM (CDFS)
H: is Removable
J: is FIXED (NTFS) - 298 GiB total, 129.499 GiB free.
.
==== Disabled Device Manager Items =============
.
Class GUID: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F}
Description: Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller
Device ID: PCI\VEN_104C&DEV_803A&SUBSYS_00941025&REV_00\4&6B16D5B&0&49F0
Manufacturer: Texas Instruments
Name: Texas Instruments OHCI-konformer IEEE 1394-Hostcontroller
PNP Device ID: PCI\VEN_104C&DEV_803A&SUBSYS_00941025&REV_00\4&6B16D5B&0&49F0
Service: ohci1394
.
==== System Restore Points ===================
.
RP143: 10/09/2010 3:28:09 PM - Installation eines unsignierten Treibers
RP144: 20/09/2010 8:19:09 AM - Software Distribution Service 3.0
RP145: 23/09/2010 9:21:52 PM - Software Distribution Service 3.0
RP146: 30/09/2010 6:24:24 PM - Software Distribution Service 3.0
RP147: 2/10/2010 7:40:58 PM - Software Distribution Service 3.0
RP148: 14/10/2010 3:00:30 AM - Software Distribution Service 3.0
RP149: 14/10/2010 4:04:58 AM - Software Distribution Service 3.0
RP150: 15/10/2010 5:44:32 PM - Software Distribution Service 3.0
RP151: 18/10/2010 8:56:17 AM - Software Distribution Service 3.0
RP152: 10/11/2010 9:44:00 PM - Software Distribution Service 3.0
RP153: 26/11/2010 8:21:07 PM - Removed Apple Mobile Device Support
RP154: 26/11/2010 8:21:52 PM - Removed Apple Software Update
RP155: 27/11/2010 12:41:22 PM - Installed Active Wall
RP156: 4/01/2011 8:19:50 PM - Software Distribution Service 3.0
RP157: 5/01/2011 8:01:54 AM - Software Distribution Service 3.0
RP158: 25/01/2011 11:23:45 PM - Software Distribution Service 3.0
RP159: 10/02/2011 6:25:12 PM - Removed Active Wall
RP160: 10/02/2011 6:58:12 PM - Software Distribution Service 3.0
RP161: 10/02/2011 8:36:16 PM - Software Distribution Service 3.0
RP162: 28/02/2011 8:59:07 AM - Software Distribution Service 3.0
RP163: 1/03/2011 9:06:35 AM - Software Distribution Service 3.0
RP164: 17/03/2011 8:04:32 AM - Software Distribution Service 3.0
RP165: 25/03/2011 5:56:20 PM - Software Distribution Service 3.0
RP166: 25/03/2011 5:58:54 PM - Software Distribution Service 3.0
RP167: 1/06/2005 12:09:05 AM - Installation eines unsignierten Treibers
RP168: 16/04/2011 10:46:01 AM - Software Distribution Service 3.0
RP169: 16/04/2011 12:49:29 PM - Software Distribution Service 3.0
RP170: 16/04/2011 5:08:19 PM - Software Distribution Service 3.0
RP171: 18/04/2011 3:26:14 PM - Removed Brother MFL-Pro Suite
RP172: 21/04/2011 9:30:09 PM - Software Distribution Service 3.0
RP173: 22/04/2011 5:16:20 PM - Installed Trend Micro Internet Security
RP174: 22/04/2011 7:06:14 PM - Software Distribution Service 3.0
RP175: 28/04/2011 7:27:07 PM - Software Distribution Service 3.0
RP176: 28/04/2011 7:43:22 PM - Software Distribution Service 3.0
RP177: 1/05/2011 8:39:47 PM - Software Distribution Service 3.0
RP178: 3/05/2011 2:34:05 PM - Software Distribution Service 3.0
RP179: 5/05/2011 5:54:06 PM - Software Distribution Service 3.0
RP180: 10/05/2011 5:42:58 PM - Software Distribution Service 3.0
RP181: 11/05/2011 11:09:05 AM - Software Distribution Service 3.0
RP182: 20/05/2011 3:28:32 PM - Software Distribution Service 3.0
RP183: 21/05/2011 3:45:37 PM - Software Distribution Service 3.0
RP184: 22/05/2011 8:35:53 AM - Removed OpenOffice.org Installer 1.0
RP185: 24/05/2011 8:32:15 AM - Software Distribution Service 3.0
RP186: 25/05/2011 11:48:39 PM - Software Distribution Service 3.0
RP187: 28/05/2011 9:05:09 AM - Removed Java(TM) 6 Update 11
RP188: 28/05/2011 9:06:12 AM - Removed Java(TM) 6 Update 11
RP189: 28/05/2011 9:31:09 AM - Removed Adobe Reader 9.4.4.
RP190: 29/05/2011 9:15:42 AM - Installation eines unsignierten Treibers
RP191: 29/05/2011 9:22:27 PM - Removed Skype™ 5.3
RP192: 29/05/2011 9:23:55 PM - Removed Skype Toolbars
RP193: 29/05/2011 9:24:43 PM - Installed Skype™ 5.3
RP194: 29/05/2011 9:28:43 PM - Installed Skype Toolbars
RP195: 31/05/2011 7:03:50 PM - Removed Skype™ 5.3
RP196: 31/05/2011 7:04:42 PM - Installed Skype™ 5.1
RP197: 31/05/2011 7:10:37 PM - Removed Skype™ 5.1
RP198: 31/05/2011 7:11:51 PM - Removed Skype Toolbars
RP199: 31/05/2011 7:17:50 PM - Installed Skype™ 4.2
RP200: 31/05/2011 8:09:06 PM - Software Distribution Service 3.0
RP201: 5/06/2011 10:21:36 PM - Software Distribution Service 3.0
RP202: 7/06/2011 2:36:34 AM - Systemprüfpunkt
RP203: 9/06/2011 10:57:46 PM - Software Distribution Service 3.0
RP204: 11/06/2011 10:09:57 AM - Software Distribution Service 3.0
RP205: 12/06/2011 10:37:30 AM - Software Distribution Service 3.0
.
==== Installed Programs ======================
.
Acer Arcade
Acer eDataSecurity Management
Acer eDataSecurity Management 1.00.23
Acer eLock Management
Acer Empowering Technology framework
Acer eNet Management
Acer ePerformance Management
Acer ePower Management
Acer ePresentation Management
Acer eSettings Management
Acer GridVista
Acer OrbiCam-Software
Acer OrbiCam-Treiber
Acer Screensaver
Acrobat.com
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Photoshop Album 2.0
Adobe Photoshop Elements 2.0
Adobe Shockwave Player 11.5
Advanced SystemCare 4
Apple Application Support
Ashampoo Burning Studio 2009
Ashampoo UnInstaller 3.12
Ashampoo WinOptimizer 5.05
ATI - Dienstprogramm zur Deinstallation der Software
ATI Catalyst Control Center
ATI Display Driver
Audiograbber 1.83 SE
AVerMedia E501 CardBus Analog 3.5.0.69
AVerMedia MCE Encoder 3.2.1.62
AVerTV
AVIConverter CHN-EN Package
Bonjour
Browser Defender 2.0.6.15
CamStudio
Canon iP4500 series
Canon iP4800 series Printer Driver
Canon LBP5200
Canon PIXMA iP3000
Chinese Simplified Fonts Support For Adobe Reader 9
CoCreate Modeling Personal Edition 2.0
Compatibility Pack for the 2007 Office system
Data Access Objects (DAO) 3.5
Debut Video Capture Software
Dexster V2.0
DivX Codec
Dodo Wireless Broadband
e-tax 2010
EPSON Printer Software
EPSON Scan
ERUNT 1.1j
ESCX5700F User's Guide
ExpressPCB
Eyeline Video System
Food Additives 1.0
GMX IE7 Browser Update
Golden Videos
Google Earth
Google Earth Plug-in
Google Toolbar for Internet Explorer
Google Update Helper
Handbrake 0.9.4
HDAUDIO Soft Data Fax Modem with SmartCP
High Definition Audio Driver Package - KB888111
Hotfix für Windows Media Player 11 (KB939683)
Hotfix für Windows XP (KB2158563)
Hotfix für Windows XP (KB2443685)
Hotfix für Windows XP (KB952287)
Hotfix für Windows XP (KB961118)
Hotfix für Windows XP (KB970653-v3)
Hotfix für Windows XP (KB976098-v2)
Hotfix für Windows XP (KB979306)
Hotfix für Windows XP (KB981793)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows XP (KB954550-v5)
Image Comparer v3.0 Free for PC User Readers
Intel(R) PROSet/Wireless Software
iTunes
K-Lite Codec Pack 6.2.0 (Full)
Launch Manager
Malwarebytes' Anti-Malware version 1.51.0.1200
Maxtor Manager
mCore
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 German Language Pack
Microsoft .NET Framework 1.1 Security Update (KB2416447)
Microsoft .NET Framework 1.1 Security Update (KB979906)
Microsoft .NET Framework 2.0 Service Pack 2
Microsoft .NET Framework 3.0 Service Pack 2
Microsoft .NET Framework 3.5 SP1
Microsoft Antimalware
Microsoft Application Error Reporting
Microsoft Choice Guard
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Disc 2
Microsoft Office XP Professional mit FrontPage
Microsoft PhotoDraw 2000
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C Runtime
Microsoft Visual C++ 5.0
Microsoft Windows Media Video 9 VCM
Mindful Clock
mMHouse
MP3 Repair Tool v1.5.2
mPfMgr
mProSafe
MSVCRT
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
Multimedia Remote Controller
mWlsSafe
mXML
MyScript Notes Basic Edition
Natural Biorhythms version 3.04
Nitro PDF Professional
Nokia Connectivity Adapter Cable DKU-5
NTI CD & DVD-Maker
Organic Art, Microsoft Edition
PaperPort
PC Tools Internet Security 2009
PowerCam 2.0 Megapixel
PowerProducer
Prism Video Converter
QuickTime
Realtek High Definition Audio Driver
Recuva
Security Update for CAPICOM (KB931906)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2416473)
Segoe UI
Serif PanoramaPlus 1
Sicherheitsupdate für Windows Internet Explorer 8 (KB2183461)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2360131)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2416400)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2482017)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2497640)
Sicherheitsupdate für Windows Internet Explorer 8 (KB2510531)
Sicherheitsupdate für Windows Internet Explorer 8 (KB971961)
Sicherheitsupdate für Windows Internet Explorer 8 (KB972260)
Sicherheitsupdate für Windows Internet Explorer 8 (KB974455)
Sicherheitsupdate für Windows Internet Explorer 8 (KB976325)
Sicherheitsupdate für Windows Internet Explorer 8 (KB978207)
Sicherheitsupdate für Windows Internet Explorer 8 (KB981332)
Sicherheitsupdate für Windows Internet Explorer 8 (KB982381)
Sicherheitsupdate für Windows Media Player (KB2378111)
Sicherheitsupdate für Windows Media Player (KB952069)
Sicherheitsupdate für Windows Media Player (KB954155)
Sicherheitsupdate für Windows Media Player (KB968816)
Sicherheitsupdate für Windows Media Player (KB973540)
Sicherheitsupdate für Windows Media Player (KB975558)
Sicherheitsupdate für Windows Media Player (KB978695)
Sicherheitsupdate für Windows Media Player 11 (KB954154)
Sicherheitsupdate für Windows XP (KB2079403)
Sicherheitsupdate für Windows XP (KB2115168)
Sicherheitsupdate für Windows XP (KB2121546)
Sicherheitsupdate für Windows XP (KB2160329)
Sicherheitsupdate für Windows XP (KB2229593)
Sicherheitsupdate für Windows XP (KB2259922)
Sicherheitsupdate für Windows XP (KB2279986)
Sicherheitsupdate für Windows XP (KB2286198)
Sicherheitsupdate für Windows XP (KB2296011)
Sicherheitsupdate für Windows XP (KB2296199)
Sicherheitsupdate für Windows XP (KB2347290)
Sicherheitsupdate für Windows XP (KB2360937)
Sicherheitsupdate für Windows XP (KB2387149)
Sicherheitsupdate für Windows XP (KB2393802)
Sicherheitsupdate für Windows XP (KB2412687)
Sicherheitsupdate für Windows XP (KB2419632)
Sicherheitsupdate für Windows XP (KB2423089)
Sicherheitsupdate für Windows XP (KB2436673)
Sicherheitsupdate für Windows XP (KB2440591)
Sicherheitsupdate für Windows XP (KB2443105)
Sicherheitsupdate für Windows XP (KB2476687)
Sicherheitsupdate für Windows XP (KB2478960)
Sicherheitsupdate für Windows XP (KB2478971)
Sicherheitsupdate für Windows XP (KB2479628)
Sicherheitsupdate für Windows XP (KB2479943)
Sicherheitsupdate für Windows XP (KB2481109)
Sicherheitsupdate für Windows XP (KB2483185)
Sicherheitsupdate für Windows XP (KB2485376)
Sicherheitsupdate für Windows XP (KB2485663)
Sicherheitsupdate für Windows XP (KB2491683)
Sicherheitsupdate für Windows XP (KB2503658)
Sicherheitsupdate für Windows XP (KB2506212)
Sicherheitsupdate für Windows XP (KB2506223)
Sicherheitsupdate für Windows XP (KB2507618)
Sicherheitsupdate für Windows XP (KB2508272)
Sicherheitsupdate für Windows XP (KB2508429)
Sicherheitsupdate für Windows XP (KB2509553)
Sicherheitsupdate für Windows XP (KB2511455)
Sicherheitsupdate für Windows XP (KB2524375)
Sicherheitsupdate für Windows XP (KB923561)
Sicherheitsupdate für Windows XP (KB923789)
Sicherheitsupdate für Windows XP (KB938464-v2)
Sicherheitsupdate für Windows XP (KB941569)
Sicherheitsupdate für Windows XP (KB946648)
Sicherheitsupdate für Windows XP (KB950762)
Sicherheitsupdate für Windows XP (KB950974)
Sicherheitsupdate für Windows XP (KB951066)
Sicherheitsupdate für Windows XP (KB951376-v2)
Sicherheitsupdate für Windows XP (KB951748)
Sicherheitsupdate für Windows XP (KB952004)
Sicherheitsupdate für Windows XP (KB952954)
Sicherheitsupdate für Windows XP (KB954459)
Sicherheitsupdate für Windows XP (KB954600)
Sicherheitsupdate für Windows XP (KB955069)
Sicherheitsupdate für Windows XP (KB956572)
Sicherheitsupdate für Windows XP (KB956744)
Sicherheitsupdate für Windows XP (KB956802)
Sicherheitsupdate für Windows XP (KB956803)
Sicherheitsupdate für Windows XP (KB956844)
Sicherheitsupdate für Windows XP (KB957097)
Sicherheitsupdate für Windows XP (KB958644)
Sicherheitsupdate für Windows XP (KB958687)
Sicherheitsupdate für Windows XP (KB958869)
Sicherheitsupdate für Windows XP (KB959426)
Sicherheitsupdate für Windows XP (KB960225)
Sicherheitsupdate für Windows XP (KB960803)
Sicherheitsupdate für Windows XP (KB960859)
Sicherheitsupdate für Windows XP (KB961371-v2)
Sicherheitsupdate für Windows XP (KB961501)
Sicherheitsupdate für Windows XP (KB968537)
Sicherheitsupdate für Windows XP (KB969059)
Sicherheitsupdate für Windows XP (KB969947)
Sicherheitsupdate für Windows XP (KB970238)
Sicherheitsupdate für Windows XP (KB970430)
Sicherheitsupdate für Windows XP (KB971468)
Sicherheitsupdate für Windows XP (KB971486)
Sicherheitsupdate für Windows XP (KB971557)
Sicherheitsupdate für Windows XP (KB971633)
Sicherheitsupdate für Windows XP (KB971657)
Sicherheitsupdate für Windows XP (KB971961)
Sicherheitsupdate für Windows XP (KB972260)
Sicherheitsupdate für Windows XP (KB972270)
Sicherheitsupdate für Windows XP (KB973346)
Sicherheitsupdate für Windows XP (KB973354)
Sicherheitsupdate für Windows XP (KB973507)
Sicherheitsupdate für Windows XP (KB973525)
Sicherheitsupdate für Windows XP (KB973869)
Sicherheitsupdate für Windows XP (KB973904)
Sicherheitsupdate für Windows XP (KB974112)
Sicherheitsupdate für Windows XP (KB974318)
Sicherheitsupdate für Windows XP (KB974392)
Sicherheitsupdate für Windows XP (KB974571)
Sicherheitsupdate für Windows XP (KB975025)
Sicherheitsupdate für Windows XP (KB975467)
Sicherheitsupdate für Windows XP (KB975560)
Sicherheitsupdate für Windows XP (KB975561)
Sicherheitsupdate für Windows XP (KB975562)
Sicherheitsupdate für Windows XP (KB975713)
Sicherheitsupdate für Windows XP (KB977165)
Sicherheitsupdate für Windows XP (KB977816)
Sicherheitsupdate für Windows XP (KB977914)
Sicherheitsupdate für Windows XP (KB978037)
Sicherheitsupdate für Windows XP (KB978251)
Sicherheitsupdate für Windows XP (KB978262)
Sicherheitsupdate für Windows XP (KB978338)
Sicherheitsupdate für Windows XP (KB978542)
Sicherheitsupdate für Windows XP (KB978601)
Sicherheitsupdate für Windows XP (KB978706)
Sicherheitsupdate für Windows XP (KB979309)
Sicherheitsupdate für Windows XP (KB979482)
Sicherheitsupdate für Windows XP (KB979559)
Sicherheitsupdate für Windows XP (KB979683)
Sicherheitsupdate für Windows XP (KB979687)
Sicherheitsupdate für Windows XP (KB980195)
Sicherheitsupdate für Windows XP (KB980218)
Sicherheitsupdate für Windows XP (KB980232)
Sicherheitsupdate für Windows XP (KB980436)
Sicherheitsupdate für Windows XP (KB981322)
Sicherheitsupdate für Windows XP (KB981852)
Sicherheitsupdate für Windows XP (KB981957)
Sicherheitsupdate für Windows XP (KB981997)
Sicherheitsupdate für Windows XP (KB982132)
Sicherheitsupdate für Windows XP (KB982214)
Sicherheitsupdate für Windows XP (KB982665)
Sicherheitsupdate für Windows XP (KB982802)
Skype™ 5.3
SMSC CIR HID V5.3.2600.2
SpamBayes 1.0.4
Spybot - Search & Destroy
StreamTransport version: 1.0.2.2171
Switch Sound File Converter
Synaptics Pointing Device Driver
T39 USB-Handset Manager
TaskSwitchXP
Texas Instruments PCIxx21/x515 drivers.
TIxx21
Uninstall Startup Inspector
UnzipThemAll 1.3
Update für Microsoft Windows (KB971513)
Update für Windows Internet Explorer 8 (KB976662)
Update für Windows Internet Explorer 8 (KB976749)
Update für Windows Internet Explorer 8 (KB980182)
Update für Windows XP (KB2141007)
Update für Windows XP (KB2345886)
Update für Windows XP (KB2467659)
Update für Windows XP (KB951978)
Update für Windows XP (KB955759)
Update für Windows XP (KB961503)
Update für Windows XP (KB967715)
Update für Windows XP (KB968389)
Update für Windows XP (KB971029)
Update für Windows XP (KB971737)
Update für Windows XP (KB973687)
Update für Windows XP (KB973815)
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
VideoPad Video Editor
Virtual Drive Creator V3.0.1
WebFldrs XP
WikidPad 1.8final
Windows Genuine Advantage Validation Tool (KB892130)
Windows Internet Explorer 8
Windows Live Call
Windows Live Communications Platform
Windows Live Essentials
Windows Live Messenger
Windows Live Sign-in Assistant
Windows Live Upload Tool
Windows Media Format 11 runtime
Windows Media Player 11
Windows Resource Kit Tools
Windows XP Service Pack 3
Xara XS
Zoner 3D Photo Maker
.
==== End Of File ===========================


Thank you, have a good weekend

 

[vict0r]

Hi.

Since the last post the viruses have not shown any appearance in places where I would have noticed any activity.

That's good.


There's one new line in the last log that is totally unknown:
S3 6616190D;6616190D;c:\windows\system32\6616190d.exe --> c:\windows\system32\6616190D.exe [?]

The [?] indicates that the file is missing. Do you happen to know what it is related to?

Is your computer still performing well with no symptoms of malware infection?

 

[Curly]

Hello Vict0r

yes I found it. Microsoft Security Essentals removed this file on 4/06 at an automaic scan. Recognised it as VirTool/WinNt/Xooba.A

 

[vict0r]

Ok.

That's important information.

I need a fresh DDS log, DDS.txt only before we can continue:

Double-Click on the dds icon that should be located on your desktop and wait for the logs to appear. Post DDS.txt only (I don't need to see Attach.txt now).

 

[Curly]

The file is still registered in the registry. Microsoft Security Essentials only deleted the file. It could not be found on any of the hard drives.

I had the computer online for about 5 hours with the IE explorer on the screen. Non of the processes which were suspicious came up. There also was only little to no traffic on the network.
.
DDS (Ver_2011-06-12.02) - FAT32x86
Internet Explorer: 8.0.6001.18702
Run by Oliver Draxl at 20:38:11 on 2011-06-19
Microsoft Windows XP Home Edition 5.1.2600.3.1252.49.1031.18.1022.174 [GMT 10:00]
.
AV: Internet Security Anti-Virus *Disabled/Updated* {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
AV: Microsoft Security Essentials *Enabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
FW: Internet Security Firewall *Disabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\Programme\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\Programme\Intel\Wireless\Bin\EvtEng.exe
C:\Programme\Intel\Wireless\Bin\S24EvMon.exe
svchost.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\brsvc01a.exe
C:\WINDOWS\system32\brss01a.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\Programme\IObit\Advanced SystemCare 4\ASCService.exe
C:\WINDOWS\system32\CNAC3RPK.EXE
C:\Acer\Empowering Technology\admServ.exe
C:\Programme\Synaptics\SynTP\SynTPLpr.exe
C:\Acer\Empowering Technology\eRecovery\Monitor.exe
C:\Programme\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Acer\Acer Arcade\PCMService.exe
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
C:\Acer\Empowering Technology\ePower\ePower_DMC.exe
C:\Programme\Bonjour\mDNSResponder.exe
C:\Programme\Browser Defender\BDTUpdateService.exe
C:\PROGRA~1\LAUNCH~1\QtZgAcer.EXE
C:\WINDOWS\system32\LVCOMSX.EXE
C:\Acer\Empowering Technology\admtray.exe
C:\WINDOWS\system32\cisvc.exe
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLCapSvc.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLServer.exe
C:\Program Files\Acer\Acer Arcade\Kernel\CLML_NTService\CLMLService.exe
C:\Programme\Microsoft Security Client\msseces.exe
C:\Programme\Google\Update\GoogleUpdate.exe
C:\Programme\Maxtor\Sync\SyncServices.exe
C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7Debug\mdm.exe
C:\Programme\Intel\Wireless\Bin\RegSrvc.exe
C:\Programme\CyberLink\Shared Files\RichVideo.exe
C:\Programme\PC Tools Internet Security\pctsAuxs.exe
C:\WINDOWS\system32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\Acer\Acer Arcade\Kernel\TV\CLSched.exe
C:\Programme\TaskSwitchXP\TaskSwitchXP.exe
C:\Programme\Windows Live\Messenger\msnmsgr.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Programme\Skype\Phone\Skype.exe
C:\Programme\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\system32\wbem\unsecapp.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Programme\ATI Technologies\ATI.ACE\cli.exe
C:\Programme\Windows Live\Contacts\wlcomm.exe
C:\Programme\Skype\Plugin Manager\skypePM.exe
C:\Programme\Dodo Wireless Broadband\Dodo Wireless Broadband.exe
C:\Programme\Microsoft Office\Office10\OUTLOOK.EXE
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Internet Explorer\iexplore.exe
C:\Programme\Microsoft Office\Office10\WINWORD.EXE
C:\WINDOWS\system32\cidaemon.exe
C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Programme\Microsoft Security Client\Antimalware\MpCmdRun.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com.au/
uSearch Page = hxxp://www.google.com
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\programme\browser defender\PCTBrowserDefender.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\programme\spybot - search & destroy\SDHelper.dll
BHO: Windows Live Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\programme\gemeinsame dateien\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\programme\google\googletoolbarnotifier\5.6.5612.1312\swg.dll
BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\programme\google\google toolbar\component\fastsearch_B7C5AC242193BB3E.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\programme\google\google toolbar\GoogleToolbar_32.dll
TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\programme\browser defender\PCTBrowserDefender.dll
uRun: [TaskSwitchXP] c:\programme\taskswitchxp\TaskSwitchXP.exe
uRun: [msnmsgr] "c:\programme\windows live\messenger\msnmsgr.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\programme\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\programme\skype\phone\Skype.exe" /nosplash /minimized
uRun: [SpybotSD TeaTimer] c:\programme\spybot - search & destroy\TeaTimer.exe
mRun: [LaunchApp] Alaunch
mRun: [SynTPLpr] c:\programme\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\programme\synaptics\syntp\SynTPEnh.exe
mRun: [PCMService] "c:\program files\acer\acer arcade\PCMService.exe"
mRun: [ATICCC] "c:\programme\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [eDataSecurity Loader] c:\acer\empowering technology\edatasecurity\eDSloader.exe
mRun: [ePower_DMC] c:\acer\empowering technology\epower\ePower_DMC.exe
mRun: [Acer ePower Management] c:\acer\empowering technology\epower\Acer ePower Management.exe boot
mRun: [LManager] c:\progra~1\launch~1\QtZgAcer.EXE
mRun: [eRecoveryService] c:\acer\empowering technology\erecovery\Monitor.exe
mRun: [LVCOMSX] c:\windows\system32\LVCOMSX.EXE
mRun: [ADMTray.exe] "c:\acer\empowering technology\admtray.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [Alcmtr] ALCMTR.EXE
mRun: [MSPY2002] c:\windows\system32\ime\pintlgnt\ImScInst.exe /SYNC
mRun: [IMJPMIG8.1] "c:\windows\ime\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
mRun: [PHIME2002ASync] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /SYNC
mRun: [PHIME2002A] c:\windows\system32\ime\tintlgnt\TINTSETP.EXE /IMEName
mRun: [MSC] "c:\programme\microsoft security client\msseces.exe" -hide -runkey
mRun: [QuickTime Task] "c:\programme\quicktime\qttask.exe" -atboottime
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
dRun: [DWQueuedReporting] "c:\progra~1\gemein~1\micros~1\dw\dwtrig20.exe" -t
StartupFolder: c:\dokume~1\alluse~1\startm~1\progra~1\autost~1\micros~1.lnk - c:\programme\microsoft office\office10\OSA.EXE
mPolicies-explorer: NoResolveTrack = 1 (0x1)
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office10\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\programme\messenger\msmsgs.exe
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\programme\spybot - search & destroy\SDHelper.dll
LSP: c:\programme\gemeinsame dateien\pc tools\lsp\PCTLsp.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1253752491717
TCP: Interfaces\{86C0E1A0-58D0-4AC3-939C-6B15B6C14CD4} : NameServer = 202.136.43.197 202.136.42.229
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\gemein~1\skype\SKYPE4~1.DLL
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2009-11-1 130936]
R0 TfFsMon;TfFsMon;c:\windows\system32\drivers\TfFsMon.sys [2009-11-1 51488]
R0 TfSysMon;TfSysMon;c:\windows\system32\drivers\TfSysMon.sys [2009-11-1 39200]
R1 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2010-10-24 165264]
R1 MpKsl725bfd93;MpKsl725bfd93;c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{bffa42a1-c1eb-4b6b-94de-0b045c789031}\MpKsl725bfd93.sys [2011-6-19 28752]
R1 pctgntdi;pctgntdi;c:\windows\system32\drivers\pctgntdi.sys [2009-11-1 159600]
R2 AdvancedSystemCareService;Advanced SystemCare Service;c:\programme\iobit\advanced systemcare 4\ASCService.exe [2011-6-4 352656]
R2 AWService;AdminWorks Agent X6;c:\acer\empowering technology\admServ.exe [2005-10-24 1314816]
R2 Browser Defender Update Service;Browser Defender Update Service;c:\programme\browser defender\BDTUpdateService.exe [2009-9-24 112592]
R2 PCTAppEvent;PCTAppEvent Driver;c:\windows\system32\drivers\PCTAppEvent.sys [2009-11-1 73840]
R2 sdAuxService;PC Tools Auxiliary Service;c:\programme\pc tools internet security\pctsAuxs.exe [2009-11-1 348752]
R3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\drivers\lv321av.sys [2009-9-23 1088896]
S1 MpKsl8ce013eb;MpKsl8ce013eb;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpksl8ce013eb.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKsl8ce013eb.sys [?]
S1 MpKslc2e1cac1;MpKslc2e1cac1;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\mpkslc2e1cac1.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{62605830-d9e0-4a94-92a0-e44119101219}\MpKslc2e1cac1.sys [?]
S1 MpKslfd10626b;MpKslfd10626b;\??\c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\mpkslfd10626b.sys --> c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{d7838697-49e8-442c-bc63-6bed63a84c14}\MpKslfd10626b.sys [?]
S2 AdminSVC;GMX Browser Update;c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe --> c:\dokumente und einstellungen\all users\anwendungsdaten\gmx\adminsvc.exe [?]
S2 BulkUsb;Genesys Logic USB Controller NT 5.0;c:\windows\system32\drivers\usbprn.sys [2001-12-20 7552]
S2 Ca533av;PocketCam 3Mega, WDM Video Capture;c:\windows\system32\drivers\CA533AV.SYS [2010-4-10 514929]
S2 gupdate;Google Update Service (gupdate);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 6616190D;6616190D;c:\windows\system32\6616190d.exe --> c:\windows\system32\6616190D.exe [?]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [2009-9-25 16512]
S3 AVerBDA3x;AVerMedia SAA713x BDA Service;c:\windows\system32\drivers\AVerBDA3x.sys [2009-9-26 1183744]
S3 AVerM115;AVerM115 service;c:\windows\system32\drivers\AVerM115.sys [2005-8-24 692992]
S3 EyelineService;Eyeline Video System;c:\programme\nch software\eyeline\eyeline.exe [2009-11-5 643076]
S3 gupdatem;Google Update Service (gupdatem);c:\programme\google\update\GoogleUpdate.exe [2010-5-13 136176]
S3 MBAMSwissArmy;MBAMSwissArmy;\??\c:\windows\system32\drivers\mbamswissarmy.sys --> c:\windows\system32\drivers\mbamswissarmy.sys [?]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2009-9-23 32512]
S3 pctplfw;pctplfw;c:\windows\system32\drivers\pctplfw.sys [2009-11-1 95656]
S3 pctplsg;pctplsg;c:\windows\system32\drivers\pctplsg.sys [2009-11-1 64424]
S3 sdCoreService;PC Tools Security Service;c:\programme\pc tools internet security\pctsSvc.exe [2009-11-1 1095592]
S3 TfNetMon;TfNetMon;c:\windows\system32\drivers\TfNetMon.sys [2009-11-1 33056]
S3 ThreatFire;ThreatFire;c:\programme\pc tools internet security\tfengine\tfservice.exe service --> c:\programme\pc tools internet security\tfengine\TFService.exe service [?]
.
=============== Created Last 30 ================
.
2011-06-19 10:27:02 28752 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{bffa42a1-c1eb-4b6b-94de-0b045c789031}\MpKsl725bfd93.sys
2011-06-14 11:18:26 6962000 ----a-w- c:\dokumente und einstellungen\all users\anwendungsdaten\microsoft\microsoft antimalware\definition updates\{bffa42a1-c1eb-4b6b-94de-0b045c789031}\mpengine.dll
2011-06-04 02:36:27 -------- d-----w- c:\dokumente und einstellungen\oliver draxl\anwendungsdaten\Malwarebytes
2011-06-04 02:36:17 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Malwarebytes
2011-06-04 01:56:59 -------- d-----w- c:\dokumente und einstellungen\oliver draxl\anwendungsdaten\IObit
2011-06-04 01:56:56 -------- d-----w- c:\programme\IObit
2011-06-01 13:31:59 403216 ----a-w- c:\windows\system32\msrepl35.dll
2011-06-01 13:31:59 368912 ----a-w- c:\windows\system32\vbar332.dll
2011-06-01 13:31:59 251664 ----a-w- c:\windows\system32\msrd2x35.dll
2011-06-01 13:31:58 25600 ----a-w- c:\programme\gemeinsame dateien\microsoft shared\dao\remove.exe
2011-06-01 13:27:27 -------- d-----w- c:\programme\DevStudio
2011-06-01 06:22:19 -------- d-sh--w- c:\dokumente und einstellungen\oliver draxl\UserData
2011-05-29 11:24:51 -------- d-----r- c:\programme\Skype
2011-05-27 02:06:54 872192 ----a-w- c:\windows\system32\drivers\mod7700.sys
2011-05-27 02:06:54 24448 ----a-w- c:\windows\system32\drivers\ewdcsc.sys
2011-05-27 02:06:54 103168 ----a-w- c:\windows\system32\drivers\ewusbfake.sys
2011-05-27 02:06:54 101376 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys
2011-05-27 02:06:54 100992 ----a-w- c:\windows\system32\drivers\ewusbnet.sys
2011-05-21 03:57:13 -------- d-----w- c:\programme\Spybot - Search & Destroy
2011-05-21 03:57:13 -------- d-----w- c:\dokumente und einstellungen\all users\anwendungsdaten\Spybot - Search & Destroy
.
==================== Find3M ====================
.
2011-06-07 03:43:58 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
============= FINISH: 20:39:11.79 ===============