Trojaner-Board - AV Security Nachwehen - Windows Firewall deaktiviert und Google-Linkumleitung

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - AV Security Nachwehen - Windows Firewall deaktiviert und Google-Linkumleitung (https://www.trojaner-board.de/88342-av-security-nachwehen-windows-firewall-deaktiviert-google-linkumleitung.html)

AV Security Nachwehen - Windows Firewall deaktiviert und Google-Linkumleitung

Hallo,
vor einigen Tagen habe ich mir AV Security eingefangen und entsprechend der Anleitung im Forum mit Malwarebytes bekaempft.
Ich dachte damit waere es erledigt, aber nun ist die Windows Firewall ausgeschsaltet und laesst sich nicht mehr aktivieren, ausserdem wird bei der Google Suche sporadisch auf eine falsche Seite weitergeleitet.
Ich habe dann CCLeaner ausgefuehrt und neue logfiles mit Malwarebytes, RSIT und HJT erstellt, siehe unten.
ICh bin mit meinem Latein am Ende und wuerde mich ueber Hilfe freuen.
Viele Dank im voraus.

Hier das erste logfile:

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4306

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

12.07.2010 23:42:45
mbam-log-2010-07-12 (23-42-45).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 10713
Laufzeit: 1 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 1

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uatouiin (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\uatouiin (Trojan.Downloader) -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
C:\Documents and Settings\Joerg\Local Settings\Application Data\moaenqwbx\wcmxuoatssd.exe (Trojan.Downloader) -> Quarantined and deleted successfully.

Habe daher dann nochmal Malwarebytes ohne Befund ausgefuehrt:

Zitat:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Datenbank Version: 4323

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

18.07.2010 15:20:25
mbam-log-2010-07-18 (15-20-25).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 146205
Laufzeit: 13 Minute(n), 34 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Hier dazu die aktuellen RSIT und HJT logfiles:
[QUOTE]info.txtRSIT Logfile:

Code:

logfile of random's system information tool 1.08 2010-07-18 15:21:33
 

======Uninstall list======
 

-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf

7-Zip 4.65-->"C:\Program Files\7-Zip\Uninstall.exe"

Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe

Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10h_Plugin.exe -maintain plugin

Adobe Reader 8.1.3-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81300000003}

Apple Application Support-->MsiExec.exe /I{3FA365DF-2D68-45ED-8F83-8C8A33E65143}

Apple Mobile Device Support-->MsiExec.exe /I{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}

Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}

Asus ACPI Driver-->MsiExec.exe /X{19F5658D-92E8-4A08-8657-D38ABB1574B2}

ASUSUpdate for Eee PC-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{587178E7-B1DF-494E-9838-FA4DD36E873C}\setup.exe" -l0x9 

Atheros Client Installation Program-->C:\Program Files\InstallShield Installation Information\{28006915-2739-4EBE-B5E8-49B25D32EB33}\setup.exe -runfromtemp -l0x0009 -removeonly

Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"C:\Program Files\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -l0x0009 -removeonly

Avira AntiVir Personal - Free Antivirus-->C:\Program Files\Avira\AntiVir Desktop\setup.exe /REMOVE

AVS DVD Player version 2.4-->"C:\Program Files\AVS4YOU\AVSDVDPlayer\unins000.exe"

AVS4YOU Software Navigator 1.2-->"C:\Program Files\AVS4YOU\AVSSoftwareNavigator\unins000.exe"

Azurewave Wireless LAN Card-->C:\Program Files\InstallShield Installation Information\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}\setup.exe -runfromtemp -l0x0009 -removeonly

Bonjour-->MsiExec.exe /I{07287123-B8AC-41CE-8346-3D777245C35B}

CCleaner-->"C:\Program Files\CCleaner\uninst.exe"

Choice Guard-->MsiExec.exe /I{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}

Compatibility Pack for the 2007 Office system-->MsiExec.exe /X{90120000-0020-0409-0000-0000000FF1CE}

DivX Codec-->C:\Program Files\DivX\DivXCodecUninstall.exe /CODEC

DivX Player-->C:\Program Files\DivX\DivXPlayerUninstall.exe /PLAYER

DivX Plus DirectShow Filters-->C:\Program Files\DivX\DivXDSFiltersUninstall.exe /DSFILTERS

DivX Web Player-->C:\Program Files\DivX\DivXWebPlayerUninstall.exe /PLUGIN

Eee Storage 1.2.17.333-->C:\Program Files\Eee Storage\uninst.exe

EeePC_1008 Screen Saver-->C:\WINDOWS\system32\EeePC_1008.scr /u

FLV Player 2.0 (build 25)-->C:\Program Files\FLV Player\uninst.exe

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall  /qb+ REBOOTPROMPT=""

Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {A7EEA2F2-BFCD-4A54-A575-7B81A786E658} /qb+ REBOOTPROMPT=""

Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"

Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"

Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB954708)-->"C:\WINDOWS\$NtUninstallKB954708$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB961118)-->"C:\WINDOWS\$NtUninstallKB961118$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB970653-v3)-->"C:\WINDOWS\$NtUninstallKB970653-v3$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB976098-v2)-->"C:\WINDOWS\$NtUninstallKB976098-v2$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB979306)-->"C:\WINDOWS\$NtUninstallKB979306$\spuninst\spuninst.exe"

Hotfix for Windows XP (KB981793)-->"C:\WINDOWS\$NtUninstallKB981793$\spuninst\spuninst.exe"

Intel(R) Graphics Media Accelerator Driver-->C:\WINDOWS\system32\igxpun.exe -uninstall

iTunes-->MsiExec.exe /I{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}

Java(TM) 6 Update 20-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216020FF}

Junk Mail filter update-->MsiExec.exe /I{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}

Logitech Harmony Remote Software 7-->C:\Program Files\InstallShield Installation Information\{5C6F884D-680C-448B-B4C9-22296EE1B206}\Setup.exe -runfromtemp -l0x0007 -removeonly

Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"

Microsoft .NET Framework 1.1 Security Update (KB979906)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M979906\M979906Uninstall.msp"

Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}

Microsoft .NET Framework 2.0 Service Pack 2-->MsiExec.exe /I{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}

Microsoft .NET Framework 3.0 Service Pack 2-->MsiExec.exe /I{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}

Microsoft .NET Framework 3.5 SP1-->C:\WINDOWS\Microsoft.NET\Framework\v3.5\Microsoft .NET Framework 3.5 SP1\setup.exe

Microsoft .NET Framework 3.5 SP1-->MsiExec.exe /I{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}

Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"

Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"

Microsoft Kernel-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWdf01007$\spuninst\spuninst.exe"

Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-00A1-0409-0000-0000000FF1CE} /uninstall {2FC4457D-409E-466F-861F-FB0CB796B53E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0115-0409-0000-0000000FF1CE} /uninstall {DE5A002D-8122-4278-A7EE-3121E7EA254E}

Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}

Microsoft Office Excel MUI (English) 2007-->MsiExec.exe /X{90120000-0016-0409-0000-0000000FF1CE}

Microsoft Office Home and Student 2007-->"C:\Program Files\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall HOMESTUDENTR /dll OSETUP.DLL

Microsoft Office Home and Student 2007-->MsiExec.exe /X{91120000-002F-0000-0000-0000000FF1CE}

Microsoft Office OneNote MUI (English) 2007-->MsiExec.exe /X{90120000-00A1-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint MUI (English) 2007-->MsiExec.exe /X{90120000-0018-0409-0000-0000000FF1CE}

Microsoft Office PowerPoint Viewer 2007 (English)-->MsiExec.exe /X{95120000-00AF-0409-0000-0000000FF1CE}

Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}

Microsoft Office Proof (French) 2007-->MsiExec.exe /X{90120000-001F-040C-0000-0000000FF1CE}

Microsoft Office Proof (Spanish) 2007-->MsiExec.exe /X{90120000-001F-0C0A-0000-0000000FF1CE}

Microsoft Office Proofing (English) 2007-->MsiExec.exe /X{90120000-002C-0409-0000-0000000FF1CE}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040C-0000-0000000FF1CE} /uninstall {F580DDD5-8D37-4998-968E-EBB76BB86787}

Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0C0A-0000-0000000FF1CE} /uninstall {187308AB-5FA7-4F14-9AB9-D290383A10D9}

Microsoft Office Shared MUI (English) 2007-->MsiExec.exe /X{90120000-006E-0409-0000-0000000FF1CE}

Microsoft Office Shared Setup Metadata MUI (English) 2007-->MsiExec.exe /X{90120000-0115-0409-0000-0000000FF1CE}

Microsoft Office Suite Activation Assistant-->MsiExec.exe /X{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}

Microsoft Office Word MUI (English) 2007-->MsiExec.exe /X{90120000-001B-0409-0000-0000000FF1CE}

Microsoft Search Enhancement Pack-->MsiExec.exe /X{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}

Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}

Microsoft Sync Framework Runtime Native v1.0 (x86)-->MsiExec.exe /I{8A74E887-8F0F-4017-AF53-CBA42211AAA5}

Microsoft Sync Framework Services Native v1.0 (x86)-->MsiExec.exe /I{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}

Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"

Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}

Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}

Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}

Microsoft Works-->MsiExec.exe /I{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}

Mozilla Firefox (3.6.6)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe

Mozilla Thunderbird (3.0.1)-->C:\Program Files\Mozilla Thunderbird\uninstall\helper.exe

MSVCRT-->MsiExec.exe /I{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}

OpenOffice.org 3.2-->MsiExec.exe /I{2217B0B4-35CB-48C6-B640-864DF2F30F99}

QuickTime-->MsiExec.exe /I{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}

Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x9  -removeonly

Remote Control USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{8471021C-F529-43DE-84DF-3612E10F58C4}\setup.exe" -l0x9  -removeonly

Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}

Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}

Security Update for 2007 Microsoft Office System (KB982312)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {B0EC5722-241F-4CDA-83B4-AA5846B6F9F4}

Security Update for 2007 Microsoft Office System (KB982331)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {E8766951-2B6C-4022-86E8-80D2D1762B76}

Security Update for Microsoft Office Excel 2007 (KB982308)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C3F9A0DC-A5D1-4BB6-870E-2953E5A2487B}

Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}

Security Update for Microsoft Office PowerPoint 2007 (KB982158)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {F5B70033-E79C-4569-90BF-BC9B4E4F3F46}

Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}

Security Update for Microsoft Office system 2007 (KB969613)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {5ECEB317-CBE9-4E08-AB10-756CB6F0FB6C}

Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}

Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}

Security Update for Microsoft Office Word 2007 (KB982135)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {0112C750-A06F-4F92-9C40-E5C1EA9A70EB}

Security Update for Windows Internet Explorer 7 (KB928090)-->"C:\WINDOWS\ie7updates\KB928090-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB938127-v2)-->"C:\WINDOWS\ie7updates\KB938127-v2-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 7 (KB972260)-->"C:\WINDOWS\ie7updates\KB972260-IE7\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB971961)-->"C:\WINDOWS\ie8updates\KB971961-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB974455)-->"C:\WINDOWS\ie8updates\KB974455-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB976325)-->"C:\WINDOWS\ie8updates\KB976325-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB978207)-->"C:\WINDOWS\ie8updates\KB978207-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB981332)-->"C:\WINDOWS\ie8updates\KB981332-IE8\spuninst\spuninst.exe"

Security Update for Windows Internet Explorer 8 (KB982381)-->"C:\WINDOWS\ie8updates\KB982381-IE8\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB954155)-->"C:\WINDOWS\$NtUninstallKB954155_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB968816)-->"C:\WINDOWS\$NtUninstallKB968816_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player (KB978695)-->"C:\WINDOWS\$NtUninstallKB978695_WM9$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"

Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"

Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"

Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"

Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950759)-->"C:\WINDOWS\$NtUninstallKB950759$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"

Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"

Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"

Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953155)-->"C:\WINDOWS\$NtUninstallKB953155$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953838)-->"C:\WINDOWS\$NtUninstallKB953838$\spuninst\spuninst.exe"

Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"

Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"

Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956390)-->"C:\WINDOWS\$NtUninstallKB956390$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"

Security Update for Windows XP (KB956844)-->"C:\WINDOWS\$NtUninstallKB956844$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"

Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958215)-->"C:\WINDOWS\$NtUninstallKB958215$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"

Security Update for Windows XP (KB958869)-->"C:\WINDOWS\$NtUninstallKB958869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960714)-->"C:\WINDOWS\$NtUninstallKB960714$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"

Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961371-v2)-->"C:\WINDOWS\$NtUninstallKB961371-v2$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"

Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"

Security Update for Windows XP (KB963027)-->"C:\WINDOWS\$NtUninstallKB963027$\spuninst\spuninst.exe"

Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969059)-->"C:\WINDOWS\$NtUninstallKB969059$\spuninst\spuninst.exe"

Security Update for Windows XP (KB969947)-->"C:\WINDOWS\$NtUninstallKB969947$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"

Security Update for Windows XP (KB970430)-->"C:\WINDOWS\$NtUninstallKB970430$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971468)-->"C:\WINDOWS\$NtUninstallKB971468$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971486)-->"C:\WINDOWS\$NtUninstallKB971486$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"

Security Update for Windows XP (KB971961)-->"C:\WINDOWS\$NtUninstallKB971961$\spuninst\spuninst.exe"

Security Update for Windows XP (KB972270)-->"C:\WINDOWS\$NtUninstallKB972270$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973525)-->"C:\WINDOWS\$NtUninstallKB973525$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"

Security Update for Windows XP (KB973904)-->"C:\WINDOWS\$NtUninstallKB973904$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974112)-->"C:\WINDOWS\$NtUninstallKB974112$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974318)-->"C:\WINDOWS\$NtUninstallKB974318$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974392)-->"C:\WINDOWS\$NtUninstallKB974392$\spuninst\spuninst.exe"

Security Update for Windows XP (KB974571)-->"C:\WINDOWS\$NtUninstallKB974571$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975025)-->"C:\WINDOWS\$NtUninstallKB975025$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975467)-->"C:\WINDOWS\$NtUninstallKB975467$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975560)-->"C:\WINDOWS\$NtUninstallKB975560$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975562)-->"C:\WINDOWS\$NtUninstallKB975562$\spuninst\spuninst.exe"

Security Update for Windows XP (KB975713)-->"C:\WINDOWS\$NtUninstallKB975713$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977165)-->"C:\WINDOWS\$NtUninstallKB977165$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977816)-->"C:\WINDOWS\$NtUninstallKB977816$\spuninst\spuninst.exe"

Security Update for Windows XP (KB977914)-->"C:\WINDOWS\$NtUninstallKB977914$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978037)-->"C:\WINDOWS\$NtUninstallKB978037$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978251)-->"C:\WINDOWS\$NtUninstallKB978251$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978262)-->"C:\WINDOWS\$NtUninstallKB978262$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978338)-->"C:\WINDOWS\$NtUninstallKB978338$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978542)-->"C:\WINDOWS\$NtUninstallKB978542$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978601)-->"C:\WINDOWS\$NtUninstallKB978601$\spuninst\spuninst.exe"

Security Update for Windows XP (KB978706)-->"C:\WINDOWS\$NtUninstallKB978706$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979309)-->"C:\WINDOWS\$NtUninstallKB979309$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979482)-->"C:\WINDOWS\$NtUninstallKB979482$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979559)-->"C:\WINDOWS\$NtUninstallKB979559$\spuninst\spuninst.exe"

Security Update for Windows XP (KB979683)-->"C:\WINDOWS\$NtUninstallKB979683$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980195)-->"C:\WINDOWS\$NtUninstallKB980195$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980218)-->"C:\WINDOWS\$NtUninstallKB980218$\spuninst\spuninst.exe"

Security Update for Windows XP (KB980232)-->"C:\WINDOWS\$NtUninstallKB980232$\spuninst\spuninst.exe"

Segoe UI-->MsiExec.exe /I{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}

Skype™ 3.6-->MsiExec.exe /X{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}

Super Hybrid Engine-->C:\Program Files\InstallShield Installation Information\{88F08F98-12BC-4613-81A2-8F9B88CFC73E}\setup.exe -runfromtemp -l0x0009 -removeonly

Synaptics Pointing Device Driver-->rundll32.exe "C:\Program Files\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall

Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}

Update for Microsoft .NET Framework 3.5 SP1 (KB963707)-->C:\WINDOWS\system32\msiexec.exe /package {CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9} /uninstall {B2AE9C82-DC7B-3641-BFC8-87275C4F3607} /qb+ REBOOTPROMPT=""

Update for Microsoft Office OneNote 2007 (KB980729)-->msiexec /package {91120000-002F-0000-0000-0000000FF1CE} /uninstall {329050A9-EF80-40F9-B633-74508F54C1FF}

Update for Windows Internet Explorer 8 (KB973874)-->"C:\WINDOWS\ie8updates\KB973874-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB976662)-->"C:\WINDOWS\ie8updates\KB976662-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB976749)-->"C:\WINDOWS\ie8updates\KB976749-IE8\spuninst\spuninst.exe"

Update for Windows Internet Explorer 8 (KB980182)-->"C:\WINDOWS\ie8updates\KB980182-IE8\spuninst\spuninst.exe"

Update for Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"

Update for Windows XP (KB942763)-->"C:\WINDOWS\$NtUninstallKB942763$\spuninst\spuninst.exe"

Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951618-v2)-->"C:\WINDOWS\$NtUninstallKB951618-v2$\spuninst\spuninst.exe"

Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"

Update for Windows XP (KB953356)-->"C:\WINDOWS\$NtUninstallKB953356$\spuninst\spuninst.exe"

Update for Windows XP (KB955759)-->"C:\WINDOWS\$NtUninstallKB955759$\spuninst\spuninst.exe"

Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"

Update for Windows XP (KB961503)-->"C:\WINDOWS\$NtUninstallKB961503$\spuninst\spuninst.exe"

Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"

Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"

Update for Windows XP (KB971737)-->"C:\WINDOWS\$NtUninstallKB971737$\spuninst\spuninst.exe"

Update for Windows XP (KB973687)-->"C:\WINDOWS\$NtUninstallKB973687$\spuninst\spuninst.exe"

Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"

USB2.0 UVC Camera Device-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\10\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}\setup.exe" -l0x9  -removeonly

VC80CRTRedist - 8.0.50727.762-->MsiExec.exe /I{767CC44C-9BBC-438D-BAD3-FD4595DD148B}

WIDCOMM Bluetooth Software-->MsiExec.exe /X{84814E6B-2581-46EC-926A-823BD1C670F6}

Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"

Windows Live Call-->MsiExec.exe /I{F6BD194C-4190-4D73-B1B1-C48C99921BFE}

Windows Live Communications Platform-->MsiExec.exe /I{3B4E636E-9D65-4D67-BA61-189800823F52}

Windows Live Essentials-->C:\Program Files\Windows Live\Installer\wlarp.exe

Windows Live Essentials-->MsiExec.exe /I{C6CA8874-5F22-4AF0-9BE3-016BF299C536}

Windows Live Family Safety-->MsiExec.exe /X{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}

Windows Live Mail-->MsiExec.exe /I{63C1109E-D977-49ED-BCE3-D00D0BF187D6}

Windows Live Messenger-->MsiExec.exe /X{0AAA9C97-74D4-47CE-B089-0B147EF3553C}

Windows Live Photo Gallery-->MsiExec.exe /X{3C52E7DA-C431-4239-B66B-1BF703D5B194}

Windows Live Sign-in Assistant-->MsiExec.exe /I{45338B07-A236-4270-9A77-EBB4115517B5}

Windows Live Sync-->MsiExec.exe /X{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}

Windows Live Toolbar-->MsiExec.exe /X{995F1E2E-F542-4310-8E1D-9926F5A279B3}

Windows Live Upload Tool-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}

Windows Live Writer-->MsiExec.exe /X{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}

Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll

Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"

Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall

Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
 

======Security center information======
 

AV: AntiVir Desktop
 

======System event log======
 

Computer Name: JEANNIE

Event Code: 29

Message: The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible. 

No attempt to contact a source will be made for 14 minutes.

NtpClient has no source of accurate time. 
 

Record Number: 8274

Source Name: W32Time

Time Written: 20100427194203.000000+120

Event Type: error

User: 
 

Computer Name: JEANNIE

Event Code: 17

Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15

minutes.

The error was: A socket operation was attempted to an unreachable host. (0x80072751)
 

Record Number: 8273

Source Name: W32Time

Time Written: 20100427194203.000000+120

Event Type: error

User: 
 

Computer Name: JEANNIE

Event Code: 29

Message: The time provider NtpClient is configured to acquire time from one or more

time sources, however none of the sources are currently accessible. 

No attempt to contact a source will be made for 14 minutes.

NtpClient has no source of accurate time. 
 

Record Number: 8269

Source Name: W32Time

Time Written: 20100427194053.000000+120

Event Type: error

User: 
 

Computer Name: JEANNIE

Event Code: 17

Message: Time Provider NtpClient: An error occurred during DNS lookup of the manually

configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup again in 15

minutes.

The error was: A socket operation was attempted to an unreachable host. (0x80072751)
 

Record Number: 8268

Source Name: W32Time

Time Written: 20100427194053.000000+120

Event Type: error

User: 
 

Computer Name: JEANNIE

Event Code: 4226

Message: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.
 

Record Number: 8267

Source Name: Tcpip

Time Written: 20100427194040.000000+120

Event Type: warning

User: 
 

=====Application event log=====
 

Computer Name: JEANNIE

Event Code: 1102

Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Transactions, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089
 
 

Record Number: 63

Source Name: .NET Runtime Optimization Service

Time Written: 20090926210833.000000+120

Event Type: 

User: 
 

Computer Name: JEANNIE

Event Code: 1102

Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: Microsoft.VisualC, Version=8.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
 
 

Record Number: 61

Source Name: .NET Runtime Optimization Service

Time Written: 20090926210830.000000+120

Event Type: 

User: 
 

Computer Name: JEANNIE

Event Code: 1102

Message: .NET Runtime Optimization Service (clr_optimization_v2.0.50727_32) - Succesfully compiled: System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a
 
 

Record Number: 59

Source Name: .NET Runtime Optimization Service

Time Written: 20090926210829.000000+120

Event Type: 

User: 
 

Computer Name: JEANNIE

Event Code: 1001

Message: Detection of product '{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}', feature 'iTunes' failed during request for component '{E8A1D3E2-F5D3-4B24-AB93-52F7E602A235}'
 

Record Number: 43

Source Name: MsiInstaller

Time Written: 20090926141136.000000+120

Event Type: warning

User: JEANNIE\Sontschi
 

Computer Name: JEANNIE

Event Code: 1004

Message: Detection of product '{DA34FE93-5DC5-48E0-ACC8-A5389E05BB51}', feature 'iTunes', component '{2A7E5403-A5F5-4D02-AE05-7E93F2F0B9F4}' failed.  The resource 'HKEY_CURRENT_USER\Software\Microsoft\Office\Outlook\Addins\iTunesAddIn.CalendarHelper\' does not exist.
 

Record Number: 42

Source Name: MsiInstaller

Time Written: 20090926141136.000000+120

Event Type: warning

User: JEANNIE\Sontschi
 

======Environment variables======
 

"ComSpec"=%SystemRoot%\system32\cmd.exe

"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\Common Files\DivX Shared\;C:\Program Files\QuickTime\QTSystem\

"windir"=%SystemRoot%

"FP_NO_HOST_CHECK"=NO

"OS"=Windows_NT

"PROCESSOR_ARCHITECTURE"=x86

"PROCESSOR_LEVEL"=6

"PROCESSOR_IDENTIFIER"=x86 Family 6 Model 28 Stepping 2, GenuineIntel

"PROCESSOR_REVISION"=1c02

"NUMBER_OF_PROCESSORS"=2

"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH

"TEMP"=%SystemRoot%\TEMP

"TMP"=%SystemRoot%\TEMP

"CLASSPATH"=.;C:\Program Files\QuickTime\QTSystem\QTJava.zip

"QTJAVA"=C:\Program Files\QuickTime\QTSystem\QTJava.zip
 

-----------------EOF-----------------

--- --- ---

RSIT Logfile:

Code:

Logfile of random's system information tool 1.08 (written by random/random)

Run by Joerg at 2010-07-18 15:21:12

Microsoft Windows XP Home Edition Service Pack 3

System drive C: has 48 GB (65%) free of 74 GB

Total RAM: 1015 MB (52% free)
 

Logfile of Trend Micro HijackThis v2.0.4

Scan saved at 15:21:28, on 18.07.2010

Platform: Windows XP SP3 (WinNT 5.01.2600)

MSIE: Internet Explorer v8.00 (8.00.6001.18702)

Boot mode: Normal
 

Running processes:

C:\WINDOWS\System32\smss.exe

C:\WINDOWS\system32\winlogon.exe

C:\WINDOWS\system32\services.exe

C:\WINDOWS\system32\lsass.exe

C:\WINDOWS\system32\svchost.exe

C:\WINDOWS\System32\svchost.exe

C:\WINDOWS\system32\spoolsv.exe

C:\Program Files\Avira\AntiVir Desktop\sched.exe

C:\Program Files\Avira\AntiVir Desktop\avguard.exe

C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Bonjour\mDNSResponder.exe

C:\Program Files\Avira\AntiVir Desktop\avshadow.exe

C:\Program Files\Java\jre6\bin\jqs.exe

C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe

C:\WINDOWS\system32\svchost.exe

C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

C:\WINDOWS\RTHDCPL.EXE

C:\WINDOWS\system32\igfxtray.exe

C:\WINDOWS\system32\hkcmd.exe

C:\Program Files\EeePC\ACPI\AsTray.exe

C:\WINDOWS\system32\igfxsrvc.exe

C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

C:\Program Files\EeePC\ACPI\AsEPCMon.exe

C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe

C:\Program Files\Avira\AntiVir Desktop\avgnt.exe

C:\WINDOWS\system32\igfxext.exe

C:\Program Files\iTunes\iTunesHelper.exe

C:\Program Files\Common Files\Java\Java Update\jusched.exe

C:\WINDOWS\system32\ctfmon.exe

C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe

C:\Program Files\Skype\Phone\Skype.exe

C:\Program Files\iPod\bin\iPodService.exe

C:\Program Files\Skype\Plugin Manager\skypePM.exe

C:\WINDOWS\system32\wscntfy.exe

C:\WINDOWS\System32\svchost.exe

C:\Documents and Settings\Joerg\My Documents\downloads\RSIT.exe

C:\Program Files\trend micro\Joerg.exe
 

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://eeepc.asus.com/global

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896

R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = hxxp://go.microsoft.com/fwlink/?LinkId=74005

O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll

O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - (no file)

O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll

O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll

O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll

O2 - BHO: Windows Live Toolbar Helper - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

O3 - Toolbar: &Windows Live Toolbar - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll

O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE

O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe

O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe

O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe

O4 - HKLM\..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe

O4 - HKLM\..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe

O4 - HKLM\..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe

O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

O4 - HKLM\..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe

O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32

O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC

O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC

O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName

O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"

O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min

O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"

O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"

O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe

O4 - HKUS\S-1-5-18\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')

O4 - HKUS\.DEFAULT\..\Run: [ctfmon.exe] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')

O4 - Startup: Mozilla Firefox.lnk = C:\Program Files\Mozilla Firefox\firefox.exe

O4 - Startup: Skype.lnk = ?

O4 - Global Startup: SuperHybridEngine.lnk = ?

O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\Office12\EXCEL.EXE/3000

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra 'Tools' menuitem: &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll

O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~4\Office12\ONBttnIE.dll

O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll

O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\Office12\REFIEBAR.DLL

O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL

O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll

O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll

O23 - Service: Avira AntiVir Planer (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe

O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe

O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe

O23 - Service: Bonjour-Dienst (Bonjour Service) - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe

O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe

O23 - Service: iPod-Dienst (iPod Service) - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe

O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
 

--

End of file - 8824 bytes
 

======Scheduled tasks folder======
 

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
 

======Registry dump======
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]

Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-22 62080]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{22BF413B-C6D2-4d91-82A9-A0F997BA588C}]

Skype add-on (mastermind) - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2008-02-13 1372160]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]

Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2009-05-19 137600]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]

Windows Live Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-01-23 408448]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]

Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-05-27 41760]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E15A8DC0-8516-42A1-81EA-DC94EC1ACF10}]

Windows Live Toolbar Helper - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-07 1068904]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]

JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-05-27 79648]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]

{21FA44EF-376D-4D53-9B0F-8A89D3229068} - &Windows Live Toolbar - C:\Program Files\Windows Live\Toolbar\wltcore.dll [2009-02-07 1068904]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-03-27 17567744]

"IgfxTray"=C:\WINDOWS\system32\igfxtray.exe [2007-12-19 135168]

"HotKeysCmds"=C:\WINDOWS\system32\hkcmd.exe [2007-12-19 159744]

"Persistence"=C:\WINDOWS\system32\igfxpers.exe [2007-12-19 131072]

"AsusTray"=C:\Program Files\EeePC\ACPI\AsTray.exe [2008-12-04 114688]

"AsusACPIServer"=C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe [2008-12-18 622592]

"AsusEPCMonitor"=C:\Program Files\EeePC\ACPI\AsEPCMon.exe [2008-05-21 94208]

"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-01-15 1418536]

"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2009-01-15 79144]

"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2008-04-14 208952]

"MSPY2002"=C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe [2008-04-14 59392]

"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]

"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2008-04-14 455168]

"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]

"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-03-02 282792]

"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-11-11 417792]

"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2009-11-12 141600]

"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-02-18 248040]
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-10-15 39792]
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe [2009-02-07 3885408]
 

C:\Documents and Settings\All Users\Start Menu\Programs\Startup

SuperHybridEngine.lnk - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe
 

C:\Documents and Settings\Joerg\Start Menu\Programs\Startup

Mozilla Firefox.lnk - C:\Program Files\Mozilla Firefox\firefox.exe

Skype.lnk - C:\WINDOWS\Installer\{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}\Skype.ico
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]

C:\WINDOWS\system32\igfxdev.dll [2007-12-19 208896]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]

C:\WINDOWS\system32\WgaLogon.dll [2009-03-11 239496]
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]

WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-19 133632]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]

"dontdisplaylastusername"=0

"legalnoticecaption"=

"legalnoticetext"=

"shutdownwithoutlogon"=1

"undockwithoutlogon"=1
 

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"NoDriveTypeAutoRun"=145
 

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]

"HonorAutoRunSetting"=1
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"

"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"

"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"

"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
 

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe"="C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call"

"C:\Program Files\Windows Live\Messenger\msnmsgr.exe"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger"

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe"="C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync"

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe"="C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7"
 

======List of files/folders created in the last 1 months======
 

2010-07-18 15:21:14 ----D---- C:\Program Files\trend micro

2010-07-18 15:21:12 ----D---- C:\rsit

2010-07-18 14:52:01 ----D---- C:\Program Files\CCleaner

2010-07-13 07:49:41 ----ASH---- C:\hiberfil.sys

2010-07-12 23:40:07 ----D---- C:\Documents and Settings\Joerg\Application Data\Malwarebytes

2010-07-12 23:39:59 ----A---- C:\WINDOWS\system32\drivers\mbamswissarmy.sys

2010-07-12 23:39:58 ----D---- C:\Program Files\Malwarebytes' Anti-Malware

2010-07-12 23:39:58 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes

2010-07-12 23:39:58 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
 

======List of files/folders modified in the last 1 months======
 

2010-07-18 15:21:14 ----RD---- C:\Program Files

2010-07-18 15:21:12 ----D---- C:\WINDOWS\Prefetch

2010-07-18 15:21:07 ----D---- C:\Documents and Settings\Joerg\Application Data\Skype

2010-07-18 14:56:51 ----D---- C:\WINDOWS\Minidump

2010-07-18 14:56:51 ----D---- C:\WINDOWS\Debug

2010-07-18 14:56:51 ----D---- C:\WINDOWS

2010-07-18 14:56:50 ----D---- C:\WINDOWS\Temp

2010-07-18 11:40:21 ----D---- C:\WINDOWS\system32

2010-07-18 11:40:21 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI

2010-07-18 11:37:44 ----D---- C:\Program Files\Mozilla Thunderbird

2010-07-18 11:37:07 ----D---- C:\Documents and Settings\Joerg\Application Data\skypePM

2010-07-18 11:36:50 ----D---- C:\WINDOWS\system32\CatRoot2

2010-07-18 11:18:58 ----N---- C:\WINDOWS\SchedLgU.Txt

2010-07-13 08:24:24 ----SHD---- C:\WINDOWS\Installer

2010-07-13 07:52:23 ----D---- C:\Program Files\Mozilla Firefox

2010-07-13 07:49:42 ----D---- C:\WINDOWS\repair

2010-07-13 07:49:41 ----D---- C:\WINDOWS\system32\drivers

2010-07-11 12:03:36 ----D---- C:\WINDOWS\system32\NtmsData

2010-07-11 03:07:51 ----SHD---- C:\System Volume Information

2010-07-11 02:54:11 ----D---- C:\WINDOWS\Registration

2010-06-25 21:58:50 ----RSD---- C:\WINDOWS\assembly

2010-06-25 21:52:13 ----D---- C:\WINDOWS\Microsoft.NET

2010-06-23 08:31:53 ----D---- C:\WINDOWS\WinSxS
 

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R0 iaStor;Intel AHCI Controller; C:\WINDOWS\system32\drivers\iaStor.sys [2008-09-12 327192]

R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2009-05-01 43528]

R1 avgio;avgio; \??\C:\Program Files\Avira\AntiVir Desktop\avgio.sys []

R1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2010-03-01 124784]

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]

R1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2009-05-11 28520]

R2 avgntflt;avgntflt; C:\WINDOWS\system32\DRIVERS\avgntflt.sys [2010-02-16 60936]

R2 fssfltr;FssFltr; C:\WINDOWS\system32\DRIVERS\fssfltr_tdi.sys [2009-02-07 55152]

R3 AR5416;Atheros AR5008 Wireless Network Adapter Service; C:\WINDOWS\system32\DRIVERS\athw.sys [2009-03-14 1528928]

R3 AsusACPI;ASUS ACPI Driver; C:\WINDOWS\system32\DRIVERS\ASUSACPI.sys [2008-04-09 10752]

R3 btaudio;Bluetooth Audio Device; C:\WINDOWS\system32\drivers\btaudio.sys [2008-05-30 534568]

R3 BTDriver;Bluetooth Virtual Communications Driver; C:\WINDOWS\system32\DRIVERS\btport.sys [2008-02-04 37160]

R3 BTKRNL;Bluetooth Bus Enumerator; C:\WINDOWS\system32\DRIVERS\btkrnl.sys [2008-08-19 991656]

R3 BTWDNDIS;Bluetooth LAN Access Server; C:\WINDOWS\system32\DRIVERS\btwdndis.sys [2008-07-24 156816]

R3 btwhid;btwhid; C:\WINDOWS\system32\DRIVERS\btwhid.sys [2008-03-10 57384]

R3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys [2008-08-19 47272]

R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-14 144384]

R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2007-12-19 5854688]

R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-03-30 5063168]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller; C:\WINDOWS\system32\DRIVERS\l1c51x86.sys [2009-03-02 38912]

R3 SynTP;Synaptics TouchPad Driver; C:\WINDOWS\system32\DRIVERS\SynTP.sys [2009-01-15 206512]

R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]

R3 usbvideo;USB µø°T¸Ë¸m (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]

R3 uvclf;uvclf; C:\WINDOWS\system32\DRIVERS\uvclf.sys [2008-11-19 39040]

R3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-28 503008]

S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]

S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]

S3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]

S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]

S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]

S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]

S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]

S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]

S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]

S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]

S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]

S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-29 77568]

S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-29 82944]
 

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
 

R2 AntiVirSchedulerService;Avira AntiVir Planer; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-02-24 135336]

R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-04-19 267432]

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2009-08-28 144672]

R2 Bonjour Service;Bonjour-Dienst; C:\Program Files\Bonjour\mDNSResponder.exe [2008-12-12 238888]

R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe [2008-09-02 346720]

R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-05-27 153376]

R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2009-05-19 240512]

R3 iPod Service;iPod-Dienst; C:\Program Files\iPod\bin\iPodService.exe [2009-11-12 545568]

S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]

S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]

S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]

S3 fsssvc;Windows Live Family Safety; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2009-02-07 533360]

S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]

S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]

S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]

S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-19 913408]

S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]

S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
 

-----------------EOF-----------------

--- --- ---

:hallo:

Eine Bereinigung ist mitunter mit viel Arbeit für Dich verbunden.

Bitte arbeite alle Schritte der Reihe nach ab.
Lese die Anleitungen sorgfältig. Sollte es Probleme geben, bitte stoppen und hier so gut es geht beschreiben.
Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst.
Bitte kein Crossposting ( posten in mehreren Foren).
Installiere oder Deinstalliere während der Bereinigung keine Software ausser Du wurdest dazu aufgefordert.
Lese Dir die Anleitung zuerst vollständig durch. Sollte etwas unklar sein, frage bevor Du beginnst.
Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Hinweis: Ich kann Dir niemals eine Garantie geben, dass ich auch alles finde. Eine Formatierung ist meist der Schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Vista und Win7 User
Alle Tools mit Rechtsklick "als Administrator ausführen" starten.

Schritt 1

Bitte

alle anderen Scanner gegen Viren, Spyware, usw. deaktiviert sein,
keine Verbindung zu einem Netzwerk/Internet bestehen (WLAN nicht vergessen),
nichts am Rechner getan werden,
nach jedem Scan der Rechner neu gestartet werden.

Gmer scannen lassen

Lade Dir Gmer von dieser Seite herunter
(auf den Button Download EXE drücken) und das Programm auf dem Desktop speichern.
Alle anderen Programme sollen geschlossen sein.
Starte gmer.exe (Programm hat einen willkürlichen Programm-Namen).
Vista und Win7 User mit Rechtsklick und als Administrator starten.
Entferne rechts den Haken bei
- IAT/EAT
- Alle Festplatten ausser die Systemplatte (normalerweise ist nur C:\ angehackt)
- Show all (sollte abgehackt sein)
Sollte sich ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?
Unbedingt auf "No" klicken.
Starte den Scan mit "Scan". Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird Gmer beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Hallo Daniel,

vielen Dank für die Antwort und das :hallo:

Nach mehreren Versuchen mit Abstürzen und Festhängen des Rechners wegen startenden Bildschrimschoners etc. hier nun der Scan von Gmer.

Bin schon gespannt, wie es weitergeht.

Gruß
Jörg

Zitat:

Zitat von Larusso

Poste die Logfiles direkt in deinen Thread. Nicht anhängen ausser ich fordere Dich dazu auf. Erschwert mir nämlich das auswerten.

Lade ComboFix von einem der unten aufgeführten Links herunter. Du musst diese umbenennen, bevor Du es auf den Desktop speicherst. Speichere ComboFix auf deinen Desktop.

**NB: Es ist wichtig, das ComboFix.exe auf dem Desktop gespeichert wird**

http://i266.photobucket.com/albums/i...ownload_FF.gif

http://i94.photobucket.com/albums/l8...x-Download.png

Deaktivere Deine Anti-Virus- und Anti-Spyware-Programme. Normalerweise kannst Du dies über einen Rechtsklick auf das Systemtray-Icon tun. Die Programme könnten sonst eventuell unsere Programme bei deren Arbeit stören.
Doppel-klicke auf ComboFix.exe und folge den Aufforderungen.
- Wenn ComboFix fertig ist, wird es ein Log für dich erstellen.
- Bitte poste mir den Inhalt von C:\ComboFix.txt hier in de Thread.

Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich ziehen und eine Bereinigung der Infektion noch erschweren.

Hallo,

sorry, ich poste ab jetzt dann direkt in den Thread.

Habe ComboFix ausgefuehrt, hier das logfile:

Combofix Logfile:

Code:

ComboFix 10-07-18.05 - Joerg 19.07.2010  20:00:50.1.2 - x86

Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1033.18.1015.665 [GMT 2:00]

ausgeführt von:: c:\documents and settings\Joerg\Desktop\Combo-Fix.exe

AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

.
 

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.
 

c:\program files\\setup.exe

c:\program files\Setup.exe

c:\windows\system32\Thumbs.db
 

Infizierte Kopie von c:\windows\system32\drivers\tcpip.sys wurde gefunden und desinfiziert 

Kopie von - Kitty had a snack :p wurde wiederhergestellt 

.

(((((((((((((((((((((((   Dateien erstellt von 2010-06-19 bis 2010-07-19  ))))))))))))))))))))))))))))))

.
 

2010-07-18 13:21 . 2010-07-18 13:21        --------        d-----w-        c:\program files\trend micro

2010-07-18 13:21 . 2010-07-18 13:21        --------        d-----w-        C:\rsit

2010-07-18 12:52 . 2010-07-18 12:52        --------        d-----w-        c:\program files\CCleaner

2010-07-12 21:47 . 2010-07-12 21:48        --------        d-----w-        c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe

2010-07-12 21:40 . 2010-07-12 21:40        --------        d-----w-        c:\documents and settings\Joerg\Application Data\Malwarebytes

2010-07-12 21:39 . 2010-04-29 10:19        38224        ----a-w-        c:\windows\system32\drivers\mbamswissarmy.sys

2010-07-12 21:39 . 2010-07-12 21:40        --------        d-----w-        c:\program files\Malwarebytes' Anti-Malware

2010-07-12 21:39 . 2010-07-12 21:39        --------        d-----w-        c:\documents and settings\All Users\Application Data\Malwarebytes

2010-07-12 21:39 . 2010-04-29 10:19        20952        ----a-w-        c:\windows\system32\drivers\mbam.sys

2010-07-11 09:41 . 2010-07-11 09:41        --------        d-----w-        c:\documents and settings\Sontschi\Application Data\DivX

2010-07-11 00:53 . 2010-07-11 00:53        --------        d-----w-        c:\documents and settings\Sontschi\Application Data\Avira

2010-07-11 00:24 . 2010-07-12 21:42        --------        d-----w-        c:\documents and settings\Joerg\Local Settings\Application Data\moaenqwbx

2010-07-05 06:42 . 2010-07-05 06:42        --------        d-----w-        c:\documents and settings\Joerg\Local Settings\Application Data\Identities

2010-06-28 20:34 . 2010-06-28 20:34        664        ----a-w-        c:\windows\system32\d3d9caps.dat
 

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2010-07-18 20:31 . 2009-09-25 20:31        --------        d-----w-        c:\documents and settings\Joerg\Application Data\Skype

2010-07-18 20:12 . 2009-09-25 20:34        --------        d-----w-        c:\documents and settings\Joerg\Application Data\skypePM

2010-07-18 14:27 . 2009-12-23 18:28        --------        d-----w-        c:\program files\Mozilla Thunderbird

2010-07-18 08:34 . 2010-03-11 18:14        --------        d-----w-        c:\documents and settings\Sontschi\Application Data\Skype

2010-07-18 07:07 . 2010-03-11 18:22        --------        d-----w-        c:\documents and settings\Sontschi\Application Data\skypePM

2010-07-16 06:57 . 2010-03-07 14:32        1        ----a-w-        c:\documents and settings\Joerg\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-07-02 20:41 . 2010-06-12 12:14        1        ----a-w-        c:\documents and settings\Sontschi\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys

2010-06-12 12:14 . 2010-06-12 12:14        --------        d-----w-        c:\documents and settings\Sontschi\Application Data\OpenOffice.org

2010-06-12 06:53 . 2009-04-21 00:26        --------        d-----w-        c:\documents and settings\All Users\Application Data\Microsoft Help

2010-05-27 18:42 . 2010-05-27 18:42        --------        d-----w-        c:\program files\Common Files\Java

2010-05-27 18:40 . 2010-05-27 18:41        411368        ----a-w-        c:\windows\system32\deployJava1.dll

2010-05-27 18:40 . 2010-05-27 18:40        --------        d-----w-        c:\program files\Java

2010-05-27 18:38 . 2010-05-27 18:38        --------        d-----w-        c:\documents and settings\Joerg\Application Data\Avira

2010-05-24 19:51 . 2010-05-24 19:51        348160        ----a-w-        c:\documents and settings\Sontschi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-55599abb-n\msvcr71.dll

2010-05-24 19:51 . 2010-05-24 19:51        503808        ----a-w-        c:\documents and settings\Sontschi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-55599abb-n\msvcp71.dll

2010-05-24 19:51 . 2010-05-24 19:51        61440        ----a-w-        c:\documents and settings\Sontschi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-16429acf-n\decora-sse.dll

2010-05-24 19:51 . 2010-05-24 19:51        499712        ----a-w-        c:\documents and settings\Sontschi\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-55599abb-n\jmc.dll

2010-05-24 19:51 . 2010-05-24 19:51        12800        ----a-w-        c:\documents and settings\Sontschi\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-16429acf-n\decora-d3d.dll

2010-05-24 18:15 . 2010-05-24 18:15        348160        ----a-w-        c:\documents and settings\Joerg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65a789e8-n\msvcr71.dll

2010-05-24 18:15 . 2010-05-24 18:15        61440        ----a-w-        c:\documents and settings\Joerg\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6af21b01-n\decora-sse.dll

2010-05-24 18:15 . 2010-05-24 18:15        503808        ----a-w-        c:\documents and settings\Joerg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65a789e8-n\msvcp71.dll

2010-05-24 18:15 . 2010-05-24 18:15        499712        ----a-w-        c:\documents and settings\Joerg\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-65a789e8-n\jmc.dll

2010-05-24 18:15 . 2010-05-24 18:15        12800        ----a-w-        c:\documents and settings\Joerg\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-6af21b01-n\decora-d3d.dll

2010-05-06 10:41 . 2009-04-01 23:44        916480        ----a-w-        c:\windows\system32\wininet.dll

2010-05-02 05:22 . 2009-04-01 23:44        1851264        ----a-w-        c:\windows\system32\win32k.sys

2010-02-03 06:42 . 2010-02-03 06:42        146495042        ----a-w-        c:\program files\openofficeorg1.cab

2010-02-03 06:41 . 2010-02-03 06:41        10181120        ----a-w-        c:\program files\openofficeorg32.msi

2010-02-01 22:11 . 2010-02-01 22:11        290        ----a-w-        c:\program files\setup.ini

2009-05-01 21:02 . 2009-05-01 21:02        1044480        ----a-w-        c:\program files\mozilla firefox\plugins\libdivx.dll

2009-05-01 21:02 . 2009-05-01 21:02        200704        ----a-w-        c:\program files\mozilla firefox\plugins\ssldivx.dll

.
 

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4
 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]

"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]

"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2008-12-04 114688]

"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2008-12-18 622592]

"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2008-05-21 94208]

"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-01-15 1418536]

"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-01-15 79144]

"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]

"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]

"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]

"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-10-14 39792]

"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-03-02 282792]

"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]

"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]

"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
 

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]

"ctfmon.exe"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
 

c:\documents and settings\Sontschi\Start Menu\Programs\Startup\

OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-12-15 384000]
 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

@="Driver"
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]

2008-10-14 23:04        39792        ----a-w-        c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
 

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]

2009-02-07 01:51        3885408        ----a-w-        c:\program files\Windows Live\Messenger\msnmsgr.exe
 

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"%windir%\\system32\\sessmgr.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=

"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=

"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
 

R2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [26.09.2009 13:42 135336]

R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [01.04.2009 04:41 38912]

R3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [01.04.2009 04:41 39040]

S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [21.04.2009 02:02 1684736]

.

Inhalt des "geplante Tasks" Ordners
 

2010-04-01 c:\windows\Tasks\AppleSoftwareUpdate.job

- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]

.

.

------- Zusätzlicher Suchlauf -------

.

uStart Page = hxxp://eeepc.asus.com/global

uInternet Settings,ProxyOverride = <local>

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office12\EXCEL.EXE/3000

IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm

IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm

FF - ProfilePath - c:\documents and settings\Joerg\Application Data\Mozilla\Firefox\Profiles\xes3cqgt.default\

FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/firefox

FF - prefs.js: network.proxy.type - 0

FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\Windows Live\Photo Gallery\NPWLPG.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
 

---- FIREFOX Richtlinien ----

c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true); 

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type",                  5);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);

c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);

c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation",  false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);

c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);

.
 

**************************************************************************
 

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net

Rootkit scan 2010-07-19 20:10

Windows 5.1.2600 Service Pack 3 NTFS
 

Scanne versteckte Prozesse... 
 

Scanne versteckte Autostarteinträge... 
 

Scanne versteckte Dateien... 
 

Scan erfolgreich abgeschlossen

versteckte Dateien: 0
 

**************************************************************************

.

Zeit der Fertigstellung: 2010-07-19  20:12:19

ComboFix-quarantined-files.txt  2010-07-19 18:12
 

Vor Suchlauf: 50.344.955.904 bytes free

Nach Suchlauf: 51.098.865.664 bytes free
 

WindowsXP-KB310994-SP2-Home-BootDisk-DEU.exe

[boot loader]

timeout=2

default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS

[operating systems]

c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
 

- - End Of File - - 98DC82E3EA0E63395FAC5962820ADFD9

--- --- ---

Gruss
Joerg

Sieht gut aus, noch Probleme ?

Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.

Bitte poste in Deiner nächsten Antwort
OTL.txt
Extras.txt

Hi,

scheint in Ordnung zu sein. Die 2 Symptome, die mir aufgefallen waren, also Firewall aus und nicht wieder aktivierbar und Linkumleitung Google, treten nicht mehr auf.

:dankeschoen::dankeschoen::dankeschoen:

Die Statusleiste unten rechts ist nach Ausfuehrung von Combofix veraendert, der Status von einigen Programmen (z.B. Avira oder ein Tool, das Direktzugriff auf einige Funktionen der Grafik wie Aenderung der Aufloesung erlaubte) wird nicht mehr angezeigt. Aber das hat sicher nichts mit dem urspruenglichen Problem zu tun.

Hier die logfiles:

OTL Logfile:

Code:

OTL logfile created on: 20.07.2010 20:09:48 - Run 2

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Documents and Settings\Joerg\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

1.015,00 Mb Total Physical Memory | 581,00 Mb Available Physical Memory | 57,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 72,06 Gb Total Space | 47,59 Gb Free Space | 66,05% Space Free | Partition Type: NTFS

Drive D: | 72,05 Gb Total Space | 42,89 Gb Free Space | 59,53% Space Free | Partition Type: NTFS

Drive E: | 3,69 Gb Total Space | 1,35 Gb Free Space | 36,75% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: JEANNIE

Current User Name: Joerg

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Documents and Settings\Joerg\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)

PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

 

 
 ========== Modules (SafeList) ==========

 

MOD - C:\Documents and Settings\Joerg\Desktop\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

 

 
 ========== Win32 Services (SafeList) ==========

 

SRV - (AppMgmt) -- C:\WINDOWS\System32\appmgmts.dll File not found

SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)

SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)

SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation)

SRV - (fsssvc) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (catchme) -- C:\DOCUME~1\Joerg\LOCALS~1\Temp\catchme.sys File not found

DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)

DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)

DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)

DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)

DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)

DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)

DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)

DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)

DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)

DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.)

DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.)

DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.)

DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)

DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)

DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.)

DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.)

DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)

DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://eeepc.asus.com/global

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

 
 ========== FireFox ==========

 

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/firefox"

FF - prefs.js..extensions.enabledItems: {CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}:3.1.0625

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4

FF - prefs.js..network.proxy.type: 0

 

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010.07.13 07:52:04 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010.07.13 07:52:04 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010.02.18 08:50:24 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

 

[2009.12.23 20:28:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joerg\Application Data\Mozilla\Extensions

[2009.12.23 20:28:54 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joerg\Application Data\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}

[2010.07.19 22:52:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Joerg\Application Data\Mozilla\Firefox\Profiles\xes3cqgt.default\extensions

[2010.05.16 13:48:34 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Joerg\Application Data\Mozilla\Firefox\Profiles\xes3cqgt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010.02.26 08:32:41 | 000,000,000 | ---D | M] (AmbientFox) -- C:\Documents and Settings\Joerg\Application Data\Mozilla\Firefox\Profiles\xes3cqgt.default\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}

[2010.07.03 09:45:58 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Joerg\Application Data\Mozilla\Firefox\Profiles\xes3cqgt.default\extensions\{CE6E6E3B-84DD-4cac-9F63-8D2AE4F30A4B}

[2010.05.29 13:42:13 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Joerg\Application Data\Mozilla\Firefox\Profiles\xes3cqgt.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}

[2009.09.26 00:16:12 | 000,001,042 | ---- | M] () -- C:\Documents and Settings\Joerg\Application Data\Mozilla\Firefox\Profiles\xes3cqgt.default\searchplugins\wikipedia-eng.xml

[2009.12.05 00:46:31 | 000,001,720 | ---- | M] () -- C:\Documents and Settings\Joerg\Application Data\Mozilla\Firefox\Profiles\xes3cqgt.default\searchplugins\youtube-videosuche.xml

[2010.07.19 22:52:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010.05.27 20:41:03 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}

[2010.05.27 20:40:33 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2010.07.13 07:51:52 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml

[2010.07.13 07:51:52 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml

[2010.07.13 07:51:52 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml

[2010.07.13 07:51:53 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml

[2010.07.13 07:51:53 | 000,001,105 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2010.07.19 20:10:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)

O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)

O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)

O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()

O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)

O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics, Inc.)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)

O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()

O8 - Extra context menu item: Send To Bluetooth - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)

O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)

O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)

O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation)

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)

O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\3.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\3.bmp

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2009.04.02 02:57:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2010.07.19 19:31:09 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010.07.19 19:27:06 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010.07.19 19:27:06 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010.07.19 19:27:06 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010.07.19 19:27:06 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010.07.19 19:26:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010.07.19 19:26:02 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010.07.18 15:21:14 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro

[2010.07.18 15:21:12 | 000,000,000 | ---D | C] -- C:\rsit

[2010.07.18 15:08:48 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joerg\Desktop\OTL.exe

[2010.07.18 14:56:49 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Joerg\Recent

[2010.07.18 14:52:01 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010.07.12 23:47:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010.07.12 23:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe

[2010.07.12 23:40:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joerg\Application Data\Malwarebytes

[2010.07.12 23:39:59 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010.07.12 23:39:58 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010.07.12 23:39:58 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010.07.12 23:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010.07.11 02:37:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010.07.11 02:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joerg\Local Settings\Application Data\moaenqwbx

[2010.07.05 08:42:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joerg\Local Settings\Application Data\Identities

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2010.07.19 20:13:31 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI

[2010.07.19 20:13:31 | 000,441,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010.07.19 20:13:31 | 000,071,708 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010.07.19 20:12:20 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT

[2010.07.19 20:10:24 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini

[2010.07.19 20:10:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts

[2010.07.19 20:00:10 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010.07.19 19:59:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010.07.19 19:59:14 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys

[2010.07.19 19:58:38 | 003,407,872 | -H-- | M] () -- C:\Documents and Settings\Joerg\NTUSER.DAT

[2010.07.19 19:58:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Joerg\ntuser.ini

[2010.07.19 19:31:18 | 000,000,281 | RHS- | M] () -- C:\boot.ini

[2010.07.19 19:24:52 | 003,738,712 | R--- | M] () -- C:\Documents and Settings\Joerg\Desktop\Combo-Fix.exe

[2010.07.19 13:55:13 | 004,835,558 | -H-- | M] () -- C:\Documents and Settings\Joerg\Local Settings\Application Data\IconCache.db

[2010.07.18 18:02:50 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Joerg\Desktop\c8tlosrb.exe

[2010.07.18 15:08:49 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joerg\Desktop\OTL.exe

[2010.07.18 14:52:07 | 000,000,682 | ---- | M] () -- C:\Documents and Settings\Joerg\Desktop\CCleaner.lnk

[2010.07.16 08:58:30 | 000,012,288 | ---- | M] () -- C:\Documents and Settings\Joerg\Desktop\Einkaufsliste_Vereinsfest.xls

[2010.07.05 08:44:29 | 000,252,928 | ---- | M] () -- C:\Documents and Settings\Joerg\Desktop\Tokuhon Durchsicht.doc

[2010.07.04 17:21:35 | 000,038,337 | ---- | M] () -- C:\Documents and Settings\Joerg\Desktop\Tokuhon Durchsicht.odt

[2010.06.28 22:34:31 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2010.07.19 19:31:18 | 000,000,211 | ---- | C] () -- C:\Boot.bak

[2010.07.19 19:31:13 | 000,262,448 | ---- | C] () -- C:\cmldr

[2010.07.19 19:27:06 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010.07.19 19:27:06 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010.07.19 19:27:06 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010.07.19 19:27:06 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010.07.19 19:27:06 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010.07.19 19:24:47 | 003,738,712 | R--- | C] () -- C:\Documents and Settings\Joerg\Desktop\Combo-Fix.exe

[2010.07.18 18:02:52 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Joerg\Desktop\c8tlosrb.exe

[2010.07.18 14:52:06 | 000,000,682 | ---- | C] () -- C:\Documents and Settings\Joerg\Desktop\CCleaner.lnk

[2010.07.16 08:58:21 | 000,012,288 | ---- | C] () -- C:\Documents and Settings\Joerg\Desktop\Einkaufsliste_Vereinsfest.xls

[2010.07.13 07:49:41 | 1064,554,496 | -HS- | C] () -- C:\hiberfil.sys

[2010.07.05 08:44:15 | 000,252,928 | ---- | C] () -- C:\Documents and Settings\Joerg\Desktop\Tokuhon Durchsicht.doc

[2010.06.28 22:34:31 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010.06.26 15:18:58 | 000,038,337 | ---- | C] () -- C:\Documents and Settings\Joerg\Desktop\Tokuhon Durchsicht.odt

[2009.10.02 20:05:32 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll

[2009.10.02 20:05:32 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll

[2009.04.21 03:02:47 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini

[2009.04.21 02:04:02 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll

[2009.04.02 01:44:28 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI

[2008.11.15 03:12:56 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini

[2008.09.02 16:25:26 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll

[2008.07.31 04:31:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini

[2005.02.17 21:41:32 | 000,000,603 | ---- | C] () -- C:\WINDOWS\System32\BTNeighborhood.dll.manifest

[2005.02.17 21:41:30 | 000,000,593 | ---- | C] () -- C:\WINDOWS\System32\btcss.dll.manifest

[2001.11.14 22:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

< End of report >

--- --- ---

OTL Logfile:

Code:

OTL Extras logfile created on: 20.07.2010 20:09:48 - Run 2

OTL by OldTimer - Version 3.2.9.1     Folder = C:\Documents and Settings\Joerg\Desktop

Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy

 

1.015,00 Mb Total Physical Memory | 581,00 Mb Available Physical Memory | 57,00% Memory free

2,00 Gb Paging File | 2,00 Gb Available in Paging File | 87,00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 72,06 Gb Total Space | 47,59 Gb Free Space | 66,05% Space Free | Partition Type: NTFS

Drive D: | 72,05 Gb Total Space | 42,89 Gb Free Space | 59,53% Space Free | Partition Type: NTFS

Drive E: | 3,69 Gb Total Space | 1,35 Gb Free Space | 36,75% Space Free | Partition Type: FAT32

F: Drive not present or media not loaded

G: Drive not present or media not loaded

H: Drive not present or media not loaded

I: Drive not present or media not loaded

 

Computer Name: JEANNIE

Current User Name: Joerg

Logged in as Administrator.

 

Current Boot Mode: Normal

Scan Mode: Current user

Company Name Whitelist: Off

Skip Microsoft Files: Off

File Age = 30 Days

Output = Minimal

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

 

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~4\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote -- (Microsoft Corporation)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe" = C:\Program Files\Logitech\Logitech Harmony Remote Software 7\HarmonyRemote.exe:*:Enabled:Logitech Harmony Remote Software 7 -- ()

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{0AAA9C97-74D4-47CE-B089-0B147EF3553C}" = Windows Live Messenger

"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime

"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works

"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate

"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20

"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program

"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform

"{3C52E7DA-C431-4239-B66B-1BF703D5B194}" = Windows Live Photo Gallery

"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support

"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device

"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack

"{4DE3E3D9-AE81-45DE-9195-3015F7B1DBF3}" = Junk Mail filter update

"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC

"{5C6F884D-680C-448B-B4C9-22296EE1B206}" = Logitech Harmony Remote Software 7

"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.6

"{63C1109E-D977-49ED-BCE3-D00D0BF187D6}" = Windows Live Mail

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6A92E5C5-0578-443D-91F3-92ECE5F2CAE2}" = Windows Live Writer

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762

"{76CD2979-09C0-493A-84B3-8FD97EF4BCEA}" = Windows Live Family Safety

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec

"{8471021C-F529-43DE-84DF-3612E10F58C4}" = Remote Control USB Driver

"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software

"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine

"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)

"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player

"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN Card

"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard

"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (English) 12

"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007

"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007

"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007

"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007

"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007

"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007

"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007

"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007

"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007

"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)

"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)

"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{A1BF9950-8CDB-468E-83FA-EACFB00EA7D5}" = Windows Live Sync

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes

"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder

"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter

"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support

"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3

"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder

"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player

"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C6CA8874-5F22-4AF0-9BE3-016BF299C536}" = Windows Live Essentials

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{E06C8E13-7A8C-434C-8548-34BC4762212D}" = Logitech Harmony Remote Software 7

"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant

"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]

"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver

"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call

"7-Zip" = 7-Zip 4.65

"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX

"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin

"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus

"AVS DVD Player_is1" = AVS DVD Player version 2.4

"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.2

"CCleaner" = CCleaner

"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters

"Eee Storage" = Eee Storage 1.2.17.333

"EeePC_1008" = EeePC_1008 Screen Saver

"FLV Player" = FLV Player 2.0 (build 25)

"HDMI" = Intel(R) Graphics Media Accelerator Driver

"HOMESTUDENTR" = Microsoft Office Home and Student 2007

"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs

"ie8" = Windows Internet Explorer 8

"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Mozilla Firefox (3.6.6)" = Mozilla Firefox (3.6.6)

"Mozilla Thunderbird (3.0.1)" = Mozilla Thunderbird (3.0.1)

"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP

"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs

"SynTPDeinstKey" = Synaptics Pointing Device Driver

"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7

"Windows Media Format Runtime" = Windows Media Format 11 runtime

"Windows Media Player" = Windows Media Player 11

"WinLiveSuite_Wave3" = Windows Live Essentials

"WMFDist11" = Windows Media Format 11 runtime

"wmp11" = Windows Media Player 11

"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

 
 ========== Last 10 Event Log Errors ==========

 

[ Application Events ]

Error - 18.07.2010 03:28:38 | Computer Name = JEANNIE | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 18.07.2010 03:28:38 | Computer Name = JEANNIE | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 with error: The connection with the server was terminated abnormally  

 

Error - 18.07.2010 03:28:38 | Computer Name = JEANNIE | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 18.07.2010 03:28:38 | Computer Name = JEANNIE | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 with error: This network connection does not exist.  

 

Error - 18.07.2010 03:38:42 | Computer Name = JEANNIE | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 18.07.2010 03:38:42 | Computer Name = JEANNIE | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 with error: The connection with the server was terminated abnormally  

 

Error - 18.07.2010 03:38:42 | Computer Name = JEANNIE | Source = crypt32 | ID = 131083

Description = Failed extract of third-party root list from auto update cab at: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>

 with error: A required certificate is not within its validity period when verifying

 against the current system clock or the timestamp in the signed file.  

 

Error - 18.07.2010 03:38:42 | Computer Name = JEANNIE | Source = crypt32 | ID = 131080

Description = Failed auto update retrieval of third-party root list sequence number

 from: <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt>

 with error: This network connection does not exist.  

 

Error - 18.07.2010 16:13:23 | Computer Name = JEANNIE | Source = Application Hang | ID = 1002

Description = Hanging application Skype.exe, version 3.6.0.248, hang module hungapp,

 version 0.0.0.0, hang address 0x00000000.

 

Error - 18.07.2010 16:14:05 | Computer Name = JEANNIE | Source = Application Error | ID = 1000

Description = Faulting application c8tlosrb.exe, version 1.0.15.15281, faulting 

module c8tlosrb.exe, version 1.0.15.15281, fault address 0x0005c887.

 

[ OSession Events ]

Error - 16.03.2010 00:01:29 | Computer Name = JEANNIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 31

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 23.03.2010 03:08:58 | Computer Name = JEANNIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 27

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 23.03.2010 03:16:44 | Computer Name = JEANNIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 21

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 02.05.2010 05:14:01 | Computer Name = JEANNIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 179

 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error - 11.06.2010 11:43:07 | Computer Name = JEANNIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 559

 seconds with 480 seconds of active time.  This session ended with a crash.

 

Error - 11.06.2010 11:43:44 | Computer Name = JEANNIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 19

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 11.06.2010 11:48:22 | Computer Name = JEANNIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 16

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 11.06.2010 11:48:51 | Computer Name = JEANNIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 18

 seconds with 0 seconds of active time.  This session ended with a crash.

 

Error - 11.06.2010 12:00:04 | Computer Name = JEANNIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 101

 seconds with 60 seconds of active time.  This session ended with a crash.

 

Error - 11.06.2010 14:12:15 | Computer Name = JEANNIE | Source = Microsoft Office 12 Sessions | ID = 7001

Description = ID: 1, Application Name: Microsoft Office Excel, Application Version:

 12.0.6524.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 7920

 seconds with 0 seconds of active time.  This session ended with a crash.

 

[ System Events ]

Error - 19.07.2010 04:07:46 | Computer Name = JEANNIE | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

 with the following error:   %%2

 

Error - 19.07.2010 04:24:56 | Computer Name = JEANNIE | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

 with the following error:   %%2

 

Error - 19.07.2010 04:30:18 | Computer Name = JEANNIE | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

 with the following error:   %%2

 

Error - 19.07.2010 05:51:28 | Computer Name = JEANNIE | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

 with the following error:   %%2

 

Error - 19.07.2010 05:53:40 | Computer Name = JEANNIE | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

 with the following error:   %%2

 

Error - 19.07.2010 05:58:15 | Computer Name = JEANNIE | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

 with the following error:   %%2

 

Error - 19.07.2010 06:00:41 | Computer Name = JEANNIE | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

 with the following error:   %%2

 

Error - 19.07.2010 07:50:44 | Computer Name = JEANNIE | Source = Service Control Manager | ID = 7011

Description = Timeout (30000 milliseconds) waiting for a transaction response from

 the AntiVirSchedulerService service.

 

Error - 19.07.2010 07:57:19 | Computer Name = JEANNIE | Source = Service Control Manager | ID = 7023

Description = The Windows Firewall/Internet Connection Sharing (ICS) service terminated

 with the following error:   %%2

 

Error - 19.07.2010 13:59:29 | Computer Name = JEANNIE | Source = Service Control Manager | ID = 7023

Description = The HID Input Service service terminated with the following error:

   %%126

 

 

< End of report >

--- --- ---

Hi,

hab mal selbst ein bisschen gesucht, das Avira Icon wird mit dem Start der avgnt.exe eingeblendet, dann haben sich wohl beim Start immer die Asus Tools
astray.exe, asacpisvr.exe und asepcmon.exe zur Steuerung der Grafik, Touchpad, WLAN ein/ausschalten usw. geladen. Ich wuerde dann shorcuts auf die 4 Dateien in den Autostart Ordner fuer alle User packen, damit ich Zugriff auf die entsprechenden Funktionen habe. Es sei denn aus Deiner Sicht spricht was dagegen.

Gruss
Joerg

Seltsam, die Dateien befinden sich alle im Autostart
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)

Oder ich versteh gerade nicht was Du meinst

Vielleicht sollte ich doch mal nach jedem Scan etc,. den Rechner neu starten wie angeraten und nicht nur staendig in den Ruhezustand versetzen.:headbang:

Alles ok hier!
Danke nochmal.

Gruss
Joerg

:applaus:

Logfile ist sauber :daumenhoc

Hier noch die letzten paar Schritte zur Säuberung Deines Rechners.

Schritt 1

Starte bitte Adobe Reader.
Im Reiter Help klicke bitte auch Check for Updates

Schritt 2

Java aktualisieren

Deine Javaversion ist veraltet. Da einige Schädlinge (z. B. Vundo) über Java-Exploits in das System eindringen, muss Java aktualisiert werden und alte Versionen müssen vom System entfernt werden, da die alten Versionen ein Sicherheitsrisiko darstellen. Lade JavaRa von prm753 herunter und entpacke es auf den Desktop. JavaRA ist geeignet für Windows 9x, 2k, XP und Vista (mit deaktivierter Benuterkontensteuerung).

Schließe alle Browserfenster.
Doppelklicke die JavaRa.exe, um das Programm zu starten.
Die Sprache auswählen, nimm Englisch und klicke "Select".
Klicke auf Additional Task, mache Haken bei Remove Useless JRE Files und [b]Remove Sun Download Manager[b].
Klicke auf Go und jeweils auf Ok und schließe das Fenster "Additional Tasks" wieder.
Klicke auf Remove Older Versions, um alte Java-Versionen, die auf dem Rechner installiert sind, zu entfernen.
Klicke auf Yes wenn es verlangt wird. Wenn JavaRa fertig, erscheint eine Notiz, dass ein Logfile erstellt wurde, klicke OK.
Das Logfile wird im Editor geöffnet, bitte speichern und später hier posten.
Kontrolliere in Systemsteuerung => Programme, ob noch Java-Versionen vorhanden sind und deinstalliere diese.
Rechner neu starten.

Downloade nun Java (Java Runtime Environment (JRE) 6 Update XX) von Oracle und installiere es. Vor dem Download musst Du die Lizenzbedingungen akzeptieren, indem Du "Accept License Agreement" aktivierst. Erweiterte Optionen anhaken, Sponsoren-Programm (Toolbar oder ähnliches) ggfs. abwählen.

Schritt 3

Combofix deinstallieren

Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking und Anti-Malware Programme deaktivieren.

Start => Ausführen (bei Vista (Windows-Taste + R) => dort reinschreiben ComboFix /uninstall => Enter drücken - damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch auch dieser die Schädlinge verschwinden.

Nun die eben deaktivierten Programme wieder aktivieren.

Schritt 4

Tool CleanUp

Starte bitte die OTL.exe.
Klicke nun auf den Bereinigung Button. Dies wird die meisten Tools und Logfiles entfernen.
Sollte denoch etwas bestehen bleiben, bitte manuell entfernen sowie den Papierkorb leeren.

Schritt 5

Automatische Updates

Sehen wir nach ob die Updates für Windows sich automatisch downloaden. Das ist der beste Weg um all die Sicherheits- Patches und Fixes zu erhalten.

Windows + R Taste drücken. Kopiere nun folgenden Text in die Kommandozeile

RunDll32.exe shell32.dll,Control_RunDLL wscui.cpl

und klicke auf OK.
Stelle sicher das die automatischen Updates aktiviert sind.

Schritt 6

Um Dich für die Zukunft vor weiteren Infizierungen zu schützen empfehle ich Dir noch ein paar Programme.

SpywareBlaster
Ein Tutorial zur Verwendung findest Du Hier
MalwareBytes Anti Malware
Dies ist eines der besten Anti-Malware Tools auf dem Markt. Es ist ein On- Demond Scan Tool welches viele aktuelle Malware erkennt und auch entfernt.
Update das Tool und lass es einmal in der Woche laufen. Die Kaufversion biete zudem noch einen Hintergrundwächter.
Ein Tutorial zur Verwendung findest Du hier.
Hinweis: MBAM ersetzt keine Anti- Viren- Software.
Temp File Cleaner
TFC ist ein wirklich starkes Tool zum entfernen von Temp Dateien vom IE und WIndows, leert den Papierkorb und noch viel mehr.
Ausserdem hilft es Deinen Computer zu beschleunigen.
Du kannst Dir TFC ( by OldTimer ) hier downloaden.
MVPs hosts file
Ein Tutorial findest Du hier. Leider habe ich bis jetzt kein deutschsprachiges gefunden.
Halte Dein System aktuell
Ich kann gar nicht oft genug betonen, wie wichtig es ist, dass der PC auf dem aktuellsten Stand der Dinge ist.
Es werden oft genug Sicherheitslücken in Windows eigenen Anwendungen gefunden. Diese "Löcher" gehören entfernt, weil Angreifer diese womöglich nutzen um unauthorisiert auf Dein System zu zugreifen.
Jeden zweiten Dienstag im Monat ist Update Tag. Besuche bitte dazu die Microsoft Update Seite.
Halte Deine Software aktuell
Der einfachste Weg dafür ist der Secunia Online Software.

Schritt 7

Tipps für sicheres Surfen

Das sind meine Vorschläge.
Verwende einen alternativen Browser statt den IE.
Ich empfehle Mozilla Firefox.

Für Firefox gibt es verschiedenste AddOns um sicher durch das WWW zu kommen.

NoScript
Dieses AddOn blockt JavaScript, Java and Flash und andere Plugins. Sie werden nur dann ausgeführt wenn Du es bestätigst.
AdblockPlus
Dieses AddOn blockt die meisten Werbung von selbst. Ein Rechtsklick auf den Banner um diesen zu AdBlockPlus hinzu zu fügen reicht und dieser wird nicht mehr geladen.
Es spart ausserdem Downloadkapazität.
WOT (Web of trust)
Dieses AddOn warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst.

Don'ts

Klicke nicht auf alles nur weil es Dich dazu auffordert und schön bunt ist.
verwende keine peer to peer oder Filesharing Software (Emule, uTorrent,..)
Lass die Finger von Cracks, Keygens, Serials oder anderer illegaler Software.
Öffne keine Anhänge von Dir nicht bekannten Emails. Achte vor allem auf die Dateiendung wie zb deinFoto.jpg.exe

Nun bleibt mir nur noch dir viel Spass beim sicheren Surfen zu wünschen.

Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.

Hi,

ok, Schritte 1-5 sind erledigt, 6 und 7 schaue ich mir die naechsten Tage nochmal in Ruhe an.

Damit sind meine Fragn alle geklaert, mir bleibt nur nochmal zu sagen:
:dankeschoen::dankeschoen::dankeschoen:

Beste Gruesse
Joerg

und der Vollstaendigkeit halber das JavaRa logfile wie gewuenscht:

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jul 20 22:24:07 2010

Found and removed: C:\Documents and Settings\Joerg\Application Data\Sun\Java\jre1.6.0_18

------------------------------------

Finished reporting.

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Tue Jul 20 22:24:34 2010

Found and removed: Software\JavaSoft\Java2D\1.5.0_11

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

------------------------------------

Finished reporting.

Dieses Thema scheint erledigt und wird aus den Abos gelöscht. Solltest Du das Thema erneut benötigen, bitte eine PN an mich.

Jeder andere möge bitte einen eigenen Thread starten.