Trojaner eingefangen, Firefox öffnet sich nur mit searchqu

agh · 28.07.2011, 20:46

Avira meldet mir TR/Trash.Gen. Nur zur Info. Darf ich löschen?

Grüße
agh

M-K-D-B · 28.07.2011, 20:57

Hallo agh,

Zitat:

Zitat von agh

Avira meldet mir TR/Trash.Gen. Nur zur Info. Darf ich löschen?

In Quarantäne verschieben und den Bericht dazu bitte posten.

Anschließend bitte die Anweisungen befolgen

Vielen Dank.

agh · 28.07.2011, 21:26

Hey,

zu Deiner Frage: Mit Ausnahme von Bing.com kenne ich keine der Seiten. Benutze aber auch nur Firefox (da ging immer Bing.com auf, was ich auch nicht brauche). Muss dazu sagen, dass ich das Netbook im Januar gebraucht gekauft habe... wer weiß, was da vorher so eingestellt wurde.

Code:

ATTFilter

ComboFix 11-07-28.06 - *** 28.07.2011  22:03:48.2.2 - x86
Microsoft Windows XP Home Edition  5.1.2600.3.1252.49.1033.18.1015.440 [GMT 2:00]
ausgeführt von:: c:\documents and settings\***\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\documents and settings\***\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2011-06-28 bis 2011-07-28  ))))))))))))))))))))))))))))))
.
.
2011-07-26 15:40 . 2011-07-26 15:40	--------	d-----w-	c:\documents and settings\***\Application Data\Malwarebytes
2011-07-26 15:40 . 2011-07-06 17:52	41272	----a-w-	c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-26 15:40 . 2011-07-26 15:40	--------	d-----w-	c:\documents and settings\All Users\Application Data\Malwarebytes
2011-07-26 15:40 . 2011-07-06 17:52	22712	----a-w-	c:\windows\system32\drivers\mbam.sys
2011-07-26 15:40 . 2011-07-26 15:40	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2011-07-25 17:50 . 2011-07-25 17:50	--------	d-----w-	c:\windows\system32\RTCOM
2011-07-25 17:50 . 2009-03-20 14:31	880640	----a-w-	c:\windows\system32\RTSndMgr.CPL
2011-07-25 17:50 . 2009-01-21 13:54	1206816	----a-w-	c:\windows\RtlUpd.exe
2011-07-25 17:50 . 2008-10-23 15:42	290816	----a-w-	c:\windows\vncutil.exe
2011-07-25 17:50 . 2008-08-19 11:26	77824	----a-w-	c:\windows\SOUNDMAN.EXE
2011-07-25 17:50 . 2007-11-20 16:15	1826816	----a-w-	c:\windows\SkyTel.exe
2011-07-25 17:50 . 2008-06-19 14:27	9715200	----a-w-	c:\windows\RTLCPL.EXE
2011-07-25 17:50 . 2009-03-30 15:13	5063168	----a-w-	c:\windows\system32\drivers\RtkHDAud.sys
2011-07-25 17:50 . 2009-03-17 12:07	122880	----a-w-	c:\windows\RtkAudioService.exe
2011-07-25 17:50 . 2009-03-27 09:22	17567744	----a-w-	c:\windows\RTHDCPL.EXE
2011-07-25 17:50 . 2009-03-10 12:32	2168320	----a-w-	c:\windows\MicCal.exe
2011-07-25 17:50 . 2006-01-04 13:41	1389056	----a-w-	c:\windows\system32\drivers\Monfilt.sys
2011-07-25 17:49 . 2008-08-05 18:10	1684736	----a-w-	c:\windows\system32\drivers\Ambfilt.sys
2011-07-25 17:49 . 2008-06-19 14:42	2808832	----a-w-	c:\windows\ALCWZRD.EXE
2011-07-25 17:49 . 2008-06-19 14:24	278528	----a-w-	c:\windows\system32\ALSNDMGR.CPL
2011-07-25 17:49 . 2009-03-02 09:14	57344	----a-w-	c:\windows\ALCMTR.EXE
2011-07-25 17:49 . 2009-03-17 11:58	540672	----a-w-	c:\windows\RtlExUpd.dll
2011-07-24 19:40 . 2011-07-24 19:44	--------	d-----w-	c:\program files\Real
2011-07-24 18:39 . 2008-04-13 22:15	60032	----a-w-	c:\windows\system32\drivers\USBAUDIO.sys
2011-07-24 18:23 . 2011-07-24 18:23	--------	d-----w-	c:\documents and settings\All Users\Application Data\boost_interprocess
2011-07-24 16:49 . 2011-07-24 16:49	--------	d-----w-	c:\documents and settings\***\Local Settings\Application Data\Ilivid Player
2011-07-24 16:48 . 2011-07-24 17:00	--------	d-----w-	c:\program files\iLivid
2011-07-24 16:47 . 2011-07-24 16:47	--------	d-----w-	c:\documents and settings\***\Local Settings\Application Data\PackageAware
2011-07-24 14:25 . 2011-07-24 14:25	404640	----a-w-	c:\windows\system32\FlashPlayerCPLApp.cpl
2011-07-23 16:54 . 2011-07-24 16:53	--------	d-----w-	c:\program files\Graboid
2011-07-18 20:17 . 2011-07-18 20:17	--------	d-----w-	c:\program files\Common Files\Canon
2011-06-29 17:12 . 2011-06-29 17:12	2106216	----a-w-	c:\program files\Mozilla Firefox\D3DCompiler_43.dll
2011-06-29 17:12 . 2011-06-29 17:12	1998168	----a-w-	c:\program files\Mozilla Firefox\d3dx9_43.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-30 20:44 . 2011-05-30 20:57	66616	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2011-06-30 20:44 . 2011-05-30 20:57	138192	----a-w-	c:\windows\system32\drivers\avipbb.sys
2011-06-02 14:02 . 2010-01-07 00:08	1858944	----a-w-	c:\windows\system32\win32k.sys
2011-05-02 15:31 . 2010-01-07 01:19	692736	----a-w-	c:\windows\system32\inetcomm.dll
2011-06-29 17:12 . 2011-06-02 14:19	142296	----a-w-	c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2011-07-27_19.09.20   )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-28 17:10 . 2011-07-28 17:10	16384              c:\windows\Temp\Perflib_Perfdata_7e4.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\documents and settings\***\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\documents and settings\***\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\documents and settings\***\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36	94208	----a-w-	c:\documents and settings\***\Application Data\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2009-11-09 401072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-12-19 135168]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2007-12-19 159744]
"Persistence"="c:\windows\system32\igfxpers.exe" [2007-12-19 131072]
"AsusACPIServer"="c:\program files\EeePC\ACPI\AsAcpiSvr.exe" [2009-12-12 994216]
"AsusEPCMonitor"="c:\program files\EeePC\ACPI\AsEPCMon.exe" [2009-05-09 98304]
"AsusTray"="c:\program files\EeePC\ACPI\AsTray.exe" [2009-06-26 118784]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-04-09 1512744]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-04-09 79144]
"LiveUpdate"="c:\program files\Asus\LiveUpdate\LiveUpdate.exe" [2010-01-29 751592]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2008-04-14 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2008-04-14 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2008-04-14 455168]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-12-13 421160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2011-03-28 281768]
"RTHDCPL"="RTHDCPL.EXE" [2009-03-27 17567744]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\***\Start Menu\Programs\Startup\
Dropbox.lnk - c:\documents and settings\***\Application Data\Dropbox\bin\Dropbox.exe [2011-5-25 24176560]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
SuperHybridEngine.lnk - c:\program files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe [2010-1-7 385024]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MsnMsgr]
2009-07-27 00:44	3883856	----a-w-	c:\program files\Windows Live\Messenger\msnmsgr.exe
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Documents and Settings\\***\\Application Data\\Dropbox\\bin\\Dropbox.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Avira\\AntiVir Desktop\\avcenter.exe"=
.
R1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [23.07.2010 04:38 11448]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [30.05.2011 22:57 136360]
R2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [28.02.2010 02:33 821664]
R2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [24.04.2010 01:10 483688]
R3 L1c;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller;c:\windows\system32\drivers\l1c51x86.sys [28.08.2009 08:40 38912]
R3 Sftfs;Sftfs;c:\windows\system32\drivers\Sftfsxp.sys [02.12.2009 22:23 554344]
R3 Sftplay;Sftplay;c:\windows\system32\drivers\Sftplayxp.sys [02.12.2009 22:23 211432]
R3 Sftredir;Sftredir;c:\windows\system32\drivers\Sftredirxp.sys [02.12.2009 22:23 20584]
R3 Sftvol;Sftvol;c:\windows\system32\drivers\Sftvolxp.sys [02.12.2009 22:23 18280]
R3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [24.04.2010 01:10 209768]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [25.07.2011 19:49 1684736]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [26.07.2011 17:40 41272]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [09.01.2010 21:37 4640000]
S3 SCR3xx USB Smart Card Reader;SCR3xx USB Smart Card Reader;c:\windows\system32\drivers\SCR3XX2K.sys [23.07.2010 04:26 47488]
S3 uvclf;uvclf;c:\windows\system32\drivers\uvclf.sys [07.01.2010 20:30 39040]
.
.
------- Zusätzlicher Suchlauf -------
.
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send To Bluetooth - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: bing.com
Trusted Zone: doccentral.com
Trusted Zone: fnismls.com
Trusted Zone: getmedianow.com
Trusted Zone: live.com
Trusted Zone: rdesk.com
Trusted Zone: rexplorer.net
Trusted Zone: safemls.net
Trusted Zone: showingtime.com
Trusted Zone: sitexdata.com
Trusted Zone: spellchecker.net
Trusted Zone: transactionpoint.com
Trusted Zone: trpoint.com
Trusted Zone: xmlsweb.com
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\documents and settings\***\Application Data\Mozilla\Firefox\Profiles\dqyohhf8.default\
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2011-07-28 22:10
Windows 5.1.2600 Service Pack 3 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'explorer.exe'(860)
c:\windows\system32\WININET.dll
c:\documents and settings\***\Application Data\Dropbox\bin\DropboxExt.14.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Zeit der Fertigstellung: 2011-07-28  22:12:19
ComboFix-quarantined-files.txt  2011-07-28 20:12
ComboFix2.txt  2011-07-27 19:19
.
Vor Suchlauf: 111.326.400.512 bytes free
Nach Suchlauf: 111.308.185.600 bytes free
.
- - End Of File - - A00CBE416270E473DB76C54F7E749316

Zwei Virusmeldungen bekommen, hier die Reports:

Code:

ATTFilter

Avira AntiVir Personal
Report file date: Thursday, July 28, 2011  20:18

Scanning for 3294984 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee        : Avira AntiVir Personal - Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows XP
Windows version : (Service Pack 3)  [5.1.2600]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : ***

Version information:
BUILD.DAT       : 10.2.0.696     35934 Bytes  29.06.2011 17:32:00
AVSCAN.EXE      : 10.3.0.7      484008 Bytes  30.06.2011 20:44:24
AVSCAN.DLL      : 10.0.5.0       47464 Bytes  30.06.2011 20:44:24
LUKE.DLL        : 10.3.0.5       45416 Bytes  30.06.2011 20:44:25
LUKERES.DLL     : 10.0.0.1       12648 Bytes  10.02.2010 22:40:49
AVSCPLR.DLL     : 10.3.0.7      119656 Bytes  30.06.2011 20:44:26
AVREG.DLL       : 10.3.0.9       88833 Bytes  14.07.2011 21:21:05
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06.11.2009 08:05:36
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14.12.2010 14:15:47
VBASE002.VDF    : 7.11.3.0     1950720 Bytes  09.02.2011 14:15:47
VBASE003.VDF    : 7.11.5.225   1980416 Bytes  07.04.2011 20:58:13
VBASE004.VDF    : 7.11.8.178   2354176 Bytes  31.05.2011 06:40:47
VBASE005.VDF    : 7.11.10.251  1788416 Bytes  07.07.2011 00:01:56
VBASE006.VDF    : 7.11.10.252     2048 Bytes  07.07.2011 00:01:56
VBASE007.VDF    : 7.11.10.253     2048 Bytes  07.07.2011 00:01:56
VBASE008.VDF    : 7.11.10.254     2048 Bytes  07.07.2011 00:01:56
VBASE009.VDF    : 7.11.10.255     2048 Bytes  07.07.2011 00:01:56
VBASE010.VDF    : 7.11.11.0       2048 Bytes  07.07.2011 00:01:56
VBASE011.VDF    : 7.11.11.1       2048 Bytes  07.07.2011 00:01:56
VBASE012.VDF    : 7.11.11.2       2048 Bytes  07.07.2011 00:01:56
VBASE013.VDF    : 7.11.11.75    688128 Bytes  12.07.2011 21:19:08
VBASE014.VDF    : 7.11.11.104   978944 Bytes  13.07.2011 21:19:29
VBASE015.VDF    : 7.11.11.137   655360 Bytes  14.07.2011 21:19:46
VBASE016.VDF    : 7.11.11.184   699392 Bytes  18.07.2011 18:37:18
VBASE017.VDF    : 7.11.11.214   414208 Bytes  19.07.2011 20:33:19
VBASE018.VDF    : 7.11.11.242   772096 Bytes  20.07.2011 20:33:42
VBASE019.VDF    : 7.11.12.3    1291776 Bytes  20.07.2011 20:34:19
VBASE020.VDF    : 7.11.12.30    844288 Bytes  21.07.2011 12:17:04
VBASE021.VDF    : 7.11.12.67    149504 Bytes  24.07.2011 19:00:08
VBASE022.VDF    : 7.11.12.93    195072 Bytes  25.07.2011 19:00:08
VBASE023.VDF    : 7.11.12.113   150528 Bytes  26.07.2011 17:41:08
VBASE024.VDF    : 7.11.12.114     2048 Bytes  26.07.2011 17:41:08
VBASE025.VDF    : 7.11.12.115     2048 Bytes  26.07.2011 17:41:08
VBASE026.VDF    : 7.11.12.116     2048 Bytes  26.07.2011 17:41:08
VBASE027.VDF    : 7.11.12.117     2048 Bytes  26.07.2011 17:41:08
VBASE028.VDF    : 7.11.12.118     2048 Bytes  26.07.2011 17:41:09
VBASE029.VDF    : 7.11.12.119     2048 Bytes  26.07.2011 17:41:09
VBASE030.VDF    : 7.11.12.120     2048 Bytes  26.07.2011 17:41:09
VBASE031.VDF    : 7.11.12.139    70656 Bytes  27.07.2011 17:41:09
Engineversion   : 8.2.6.18  
AEVDF.DLL       : 8.1.2.1       106868 Bytes  28.03.2011 14:15:27
AESCRIPT.DLL    : 8.1.3.73     1622395 Bytes  16.07.2011 20:25:09
AESCN.DLL       : 8.1.7.2       127349 Bytes  28.03.2011 14:15:27
AESBX.DLL       : 8.2.1.34      323957 Bytes  02.06.2011 09:36:07
AERDL.DLL       : 8.1.9.13      639349 Bytes  14.07.2011 21:20:53
AEPACK.DLL      : 8.2.9.5       676214 Bytes  14.07.2011 21:20:47
AEOFFICE.DLL    : 8.1.2.12      201083 Bytes  16.07.2011 20:25:08
AEHEUR.DLL      : 8.1.2.146    3633527 Bytes  20.07.2011 20:35:11
AEHELP.DLL      : 8.1.17.6      254326 Bytes  20.07.2011 20:34:27
AEGEN.DLL       : 8.1.5.6       401780 Bytes  30.05.2011 20:58:21
AEEMU.DLL       : 8.1.3.0       393589 Bytes  28.03.2011 14:15:19
AECORE.DLL      : 8.1.22.4      196983 Bytes  14.07.2011 21:19:51
AEBB.DLL        : 8.1.1.0        53618 Bytes  28.03.2011 14:15:19
AVWINLL.DLL     : 10.0.0.0       19304 Bytes  28.03.2011 14:15:31
AVPREF.DLL      : 10.0.3.2       44904 Bytes  30.06.2011 20:44:24
AVREP.DLL       : 10.0.0.10     174120 Bytes  30.05.2011 20:58:26
AVARKT.DLL      : 10.0.26.1     255336 Bytes  30.06.2011 20:44:23
AVEVTLOG.DLL    : 10.0.0.9      203112 Bytes  30.06.2011 20:44:23
SQLITE3.DLL     : 3.6.19.0      355688 Bytes  17.06.2010 13:27:22
AVSMTP.DLL      : 10.0.0.17      63848 Bytes  28.03.2011 14:15:30
NETNT.DLL       : 10.0.0.0       11624 Bytes  28.03.2011 14:15:39
RCIMAGE.DLL     : 10.0.0.35    2589544 Bytes  30.06.2011 20:44:22
RCTEXT.DLL      : 10.0.64.0      97640 Bytes  30.06.2011 20:44:22

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_ad8ee9fe\guard_slideup.avp
Logging.............................: Default
Primary action......................: repair
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Thursday, July 28, 2011  20:18

The scan of running processes will be started
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'Dropbox.exe' - '1' Module(s) have been scanned
Scan process 'SuperHybridEngine.exe' - '1' Module(s) have been scanned
Scan process 'Eee Docking.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'igfxext.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'LiveUpdate.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'AsTray.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'AsEPCMon.exe' - '1' Module(s) have been scanned
Scan process 'AsAcpiSvr.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'CVHSVC.EXE' - '1' Module(s) have been scanned
Scan process 'sftlist.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sftvsa.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'dsNcService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{D381B82D-B18D-48EB-B0CA-2AC064E0E1C1}\RP91\A0030912.exe'
C:\System Volume Information\_restore{D381B82D-B18D-48EB-B0CA-2AC064E0E1C1}\RP91\A0030912.exe
  [0] Archive type: NSIS
  --> ProgramFilesDir/GameUpdaterSrv_new.exe
      [DETECTION] Is the TR/Dldr.Small.pop Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '4c11094d.qua'.


End of the scan: Thursday, July 28, 2011  20:18
Used time: 00:23 Minute(s)

The scan has been done completely.

      0 Scanned directories
    659 Files were scanned
      2 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
    657 Files not concerned
      2 Archives were scanned
      0 Warnings
      1 Notes

Code:

ATTFilter

Avira AntiVir Personal
Report file date: Thursday, July 28, 2011  21:43

Scanning for 3294984 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee        : Avira AntiVir Personal - Free Antivirus
Serial number   : 0000149996-ADJIE-0000001
Platform        : Windows XP
Windows version : (Service Pack 3)  [5.1.2600]
Boot mode       : Normally booted
Username        : SYSTEM
Computer name   : ***

Version information:
BUILD.DAT       : 10.2.0.696     35934 Bytes  29.06.2011 17:32:00
AVSCAN.EXE      : 10.3.0.7      484008 Bytes  30.06.2011 20:44:24
AVSCAN.DLL      : 10.0.5.0       47464 Bytes  30.06.2011 20:44:24
LUKE.DLL        : 10.3.0.5       45416 Bytes  30.06.2011 20:44:25
LUKERES.DLL     : 10.0.0.1       12648 Bytes  10.02.2010 22:40:49
AVSCPLR.DLL     : 10.3.0.7      119656 Bytes  30.06.2011 20:44:26
AVREG.DLL       : 10.3.0.9       88833 Bytes  14.07.2011 21:21:05
VBASE000.VDF    : 7.10.0.0    19875328 Bytes  06.11.2009 08:05:36
VBASE001.VDF    : 7.11.0.0    13342208 Bytes  14.12.2010 14:15:47
VBASE002.VDF    : 7.11.3.0     1950720 Bytes  09.02.2011 14:15:47
VBASE003.VDF    : 7.11.5.225   1980416 Bytes  07.04.2011 20:58:13
VBASE004.VDF    : 7.11.8.178   2354176 Bytes  31.05.2011 06:40:47
VBASE005.VDF    : 7.11.10.251  1788416 Bytes  07.07.2011 00:01:56
VBASE006.VDF    : 7.11.10.252     2048 Bytes  07.07.2011 00:01:56
VBASE007.VDF    : 7.11.10.253     2048 Bytes  07.07.2011 00:01:56
VBASE008.VDF    : 7.11.10.254     2048 Bytes  07.07.2011 00:01:56
VBASE009.VDF    : 7.11.10.255     2048 Bytes  07.07.2011 00:01:56
VBASE010.VDF    : 7.11.11.0       2048 Bytes  07.07.2011 00:01:56
VBASE011.VDF    : 7.11.11.1       2048 Bytes  07.07.2011 00:01:56
VBASE012.VDF    : 7.11.11.2       2048 Bytes  07.07.2011 00:01:56
VBASE013.VDF    : 7.11.11.75    688128 Bytes  12.07.2011 21:19:08
VBASE014.VDF    : 7.11.11.104   978944 Bytes  13.07.2011 21:19:29
VBASE015.VDF    : 7.11.11.137   655360 Bytes  14.07.2011 21:19:46
VBASE016.VDF    : 7.11.11.184   699392 Bytes  18.07.2011 18:37:18
VBASE017.VDF    : 7.11.11.214   414208 Bytes  19.07.2011 20:33:19
VBASE018.VDF    : 7.11.11.242   772096 Bytes  20.07.2011 20:33:42
VBASE019.VDF    : 7.11.12.3    1291776 Bytes  20.07.2011 20:34:19
VBASE020.VDF    : 7.11.12.30    844288 Bytes  21.07.2011 12:17:04
VBASE021.VDF    : 7.11.12.67    149504 Bytes  24.07.2011 19:00:08
VBASE022.VDF    : 7.11.12.93    195072 Bytes  25.07.2011 19:00:08
VBASE023.VDF    : 7.11.12.113   150528 Bytes  26.07.2011 17:41:08
VBASE024.VDF    : 7.11.12.114     2048 Bytes  26.07.2011 17:41:08
VBASE025.VDF    : 7.11.12.115     2048 Bytes  26.07.2011 17:41:08
VBASE026.VDF    : 7.11.12.116     2048 Bytes  26.07.2011 17:41:08
VBASE027.VDF    : 7.11.12.117     2048 Bytes  26.07.2011 17:41:08
VBASE028.VDF    : 7.11.12.118     2048 Bytes  26.07.2011 17:41:09
VBASE029.VDF    : 7.11.12.119     2048 Bytes  26.07.2011 17:41:09
VBASE030.VDF    : 7.11.12.120     2048 Bytes  26.07.2011 17:41:09
VBASE031.VDF    : 7.11.12.139    70656 Bytes  27.07.2011 17:41:09
Engineversion   : 8.2.6.18  
AEVDF.DLL       : 8.1.2.1       106868 Bytes  28.03.2011 14:15:27
AESCRIPT.DLL    : 8.1.3.73     1622395 Bytes  16.07.2011 20:25:09
AESCN.DLL       : 8.1.7.2       127349 Bytes  28.03.2011 14:15:27
AESBX.DLL       : 8.2.1.34      323957 Bytes  02.06.2011 09:36:07
AERDL.DLL       : 8.1.9.13      639349 Bytes  14.07.2011 21:20:53
AEPACK.DLL      : 8.2.9.5       676214 Bytes  14.07.2011 21:20:47
AEOFFICE.DLL    : 8.1.2.12      201083 Bytes  16.07.2011 20:25:08
AEHEUR.DLL      : 8.1.2.146    3633527 Bytes  20.07.2011 20:35:11
AEHELP.DLL      : 8.1.17.6      254326 Bytes  20.07.2011 20:34:27
AEGEN.DLL       : 8.1.5.6       401780 Bytes  30.05.2011 20:58:21
AEEMU.DLL       : 8.1.3.0       393589 Bytes  28.03.2011 14:15:19
AECORE.DLL      : 8.1.22.4      196983 Bytes  14.07.2011 21:19:51
AEBB.DLL        : 8.1.1.0        53618 Bytes  28.03.2011 14:15:19
AVWINLL.DLL     : 10.0.0.0       19304 Bytes  28.03.2011 14:15:31
AVPREF.DLL      : 10.0.3.2       44904 Bytes  30.06.2011 20:44:24
AVREP.DLL       : 10.0.0.10     174120 Bytes  30.05.2011 20:58:26
AVARKT.DLL      : 10.0.26.1     255336 Bytes  30.06.2011 20:44:23
AVEVTLOG.DLL    : 10.0.0.9      203112 Bytes  30.06.2011 20:44:23
SQLITE3.DLL     : 3.6.19.0      355688 Bytes  17.06.2010 13:27:22
AVSMTP.DLL      : 10.0.0.17      63848 Bytes  28.03.2011 14:15:30
NETNT.DLL       : 10.0.0.0       11624 Bytes  28.03.2011 14:15:39
RCIMAGE.DLL     : 10.0.0.35    2589544 Bytes  30.06.2011 20:44:22
RCTEXT.DLL      : 10.0.64.0      97640 Bytes  30.06.2011 20:44:22

Configuration settings for the scan:
Jobname.............................: avguard_async_scan
Configuration file..................: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\AVGUARD_ad8ee9fe\guard_slideup.avp
Logging.............................: Default
Primary action......................: interactive
Secondary action....................: quarantine
Scan master boot sector.............: on
Scan boot sector....................: off
Process scan........................: on
Scan registry.......................: off
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: Complete

Start of the scan: Thursday, July 28, 2011  21:43

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'plugin-container.exe' - '1' Module(s) have been scanned
Scan process 'firefox.exe' - '1' Module(s) have been scanned
Scan process 'iPodService.exe' - '1' Module(s) have been scanned
Scan process 'Dropbox.exe' - '1' Module(s) have been scanned
Scan process 'SuperHybridEngine.exe' - '1' Module(s) have been scanned
Scan process 'Eee Docking.exe' - '1' Module(s) have been scanned
Scan process 'RTHDCPL.EXE' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'iTunesHelper.exe' - '1' Module(s) have been scanned
Scan process 'igfxext.exe' - '1' Module(s) have been scanned
Scan process 'jusched.exe' - '1' Module(s) have been scanned
Scan process 'LiveUpdate.exe' - '1' Module(s) have been scanned
Scan process 'SynTPEnh.exe' - '1' Module(s) have been scanned
Scan process 'AsTray.exe' - '1' Module(s) have been scanned
Scan process 'igfxsrvc.exe' - '1' Module(s) have been scanned
Scan process 'AsEPCMon.exe' - '1' Module(s) have been scanned
Scan process 'AsAcpiSvr.exe' - '1' Module(s) have been scanned
Scan process 'hkcmd.exe' - '1' Module(s) have been scanned
Scan process 'igfxtray.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'wmiapsrv.exe' - '1' Module(s) have been scanned
Scan process 'CVHSVC.EXE' - '1' Module(s) have been scanned
Scan process 'sftlist.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sftvsa.exe' - '1' Module(s) have been scanned
Scan process 'SeaPort.exe' - '1' Module(s) have been scanned
Scan process 'jqs.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'dsNcService.exe' - '1' Module(s) have been scanned
Scan process 'mDNSResponder.exe' - '1' Module(s) have been scanned
Scan process 'AppleMobileDeviceService.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'SCardSvr.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting the file scan:

Begin scan in 'C:\System Volume Information\_restore{D381B82D-B18D-48EB-B0CA-2AC064E0E1C1}\RP91\A0030933.dll'
C:\System Volume Information\_restore{D381B82D-B18D-48EB-B0CA-2AC064E0E1C1}\RP91\A0030933.dll
  [DETECTION] Is the TR/Trash.Gen Trojan

Beginning disinfection:
C:\System Volume Information\_restore{D381B82D-B18D-48EB-B0CA-2AC064E0E1C1}\RP91\A0030933.dll
  [DETECTION] Is the TR/Trash.Gen Trojan
  [NOTE]      The file was moved to the quarantine directory under the name '4c111b89.qua'.


End of the scan: Thursday, July 28, 2011  21:56
Used time: 00:09 Minute(s)

The scan has been done completely.

      0 Scanned directories
    653 Files were scanned
      1 Viruses and/or unwanted programs were found
      0 Files were classified as suspicious
      0 files were deleted
      0 Viruses and unwanted programs were repaired
      1 Files were moved to quarantine
      0 Files were renamed
      0 Files cannot be scanned
    652 Files not concerned
      1 Archives were scanned
      0 Warnings
      1 Notes


The scan results will be transferred to the Guard.

DANKE!

Schönen Abend
agh

M-K-D-B · 29.07.2011, 08:47

Hallo agh,

Zitat:

Zitat von agh

zu Deiner Frage: Mit Ausnahme von Bing.com kenne ich keine der Seiten.

Danke für die Rückmeldung. Das hab ich mir schon gedacht.

Zitat:

Zitat von agh

Muss dazu sagen, dass ich das Netbook im Januar gebraucht gekauft habe... wer weiß, was da vorher so eingestellt wurde.

Von wem hast du das Netbook? Von einem Verwandten, einem guten Freund oder ledigleich einem Bekannten?
Grundsätzlich ist es bei einem gebrauchten Gerät ratsam, neu aufzusetzen. Man weiß nie, was der Vorbesitzer mit dem Computer alles gemacht hat.
Das Netbook wird andererseits kein DVD-Laufwerk besitzen, oder? Ohne Windows DVD und Laufwerk wird das sowieso schwierig...
Ich schlage vor, wir führen die Bereinigung zu Ende.

Zitat:

Zitat von agh

C:\System Volume Information\_restore{D381B82D-B18D-48EB-B0CA-2AC064E0E1C1}\RP91\A0030912.exe

C:\System Volume Information\_restore{D381B82D-B18D-48EB-B0CA-2AC064E0E1C1}\RP91\A0030933.dll

Dabei handelt es sich um zwei Einträge in der Systemwiederherstellung. Solange du den Computer nicht zu einem dieser früheren Punkte wiederherstellst, besteht dadurch keine Gefahr.
Am Ende der Bereinigung kümmern wir uns darum.

Ich hätte gerne einen kleinen Zwischenbericht:
Wie läuft dein Rechner derzeit?
Öffnet Firefox immer noch ungewollte Seiten? Gibt es sonst noch Probleme?

Aufgrund privater Feierlichkeiten bin ich voraussichtlich ab Sonntag Nachmittag wieder online. Bitte poste alle gewünschten Informationen bis dahin. Ich werde mich sofort um dein Thema kümmern, wenn ich wieder da bin.

Schritt # 1: Systemscan mit OTL

Starte bitte OTL.exe.
Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.

Schritt # 2: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

die Beantwortung der gestellten Fragen und
die beiden neuen Logfiles von OTL (OTL.txt und Extras.txt).

agh · 30.07.2011, 09:41

Hallo M-K-D-B,

ich habe das Netbook von Leuten, die ich überhaupt nicht kenne über eine Kleinanzeige gekauft.

Genau, das Gerät hat kein DVD-Laufwerk, deswegen habe ich auch bisher von neu aufsetzen abgesehen.

Ansonsten läuft der Rechner gut UND Firefox öffnet sich jetzt wieder mit Google! Habs nochmal eingestellt und dieseml hat er es angenommen und es bleibt auch so. Juhu!

Vielen Dank!

Und hier noch die gewünschten Logfiles

Code:

ATTFilter

OTL Extras logfile created on: 30.07.2011 10:13:00 - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Documents and Settings\***\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1015,17 Mb Total Physical Memory | 459,14 Mb Available Physical Memory | 45,23% Memory free
2,40 Gb Paging File | 1,87 Gb Available in Paging File | 78,15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,12 Gb Total Space | 103,77 Gb Free Space | 72,00% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\WINWORD.EXE" /n /dde
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\Diane Raimondo\Application Data\Dropbox\bin\Dropbox.exe" = C:\Documents and Settings\***\Application Data\Dropbox\bin\Dropbox.exe:*:Enabled:Dropbox -- (Dropbox, Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox -- (Mozilla Corporation)
"C:\Program Files\Avira\AntiVir Desktop\avcenter.exe" = C:\Program Files\Avira\AntiVir Desktop\avcenter.exe:*:Enabled:Start AntiVir -- (Avira GmbH)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{139E303E-1050-497F-98B1-9AE87B15C463}" = Windows Live Family Safety
"{15BC8CD0-A65B-47D0-A2DD-90A824590FA8}" = Microsoft Works
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 20
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2BEB27D1-0CBC-4B3D-8FE1-18CDDB74AED0}" = EeeSplendid
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = ASUS USB2.0 UVC VGA WebCam
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3FB39BED-37C8-4E60-8E02-315B8C2B07E3}" = USB2.0 UVC Camera Device
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C72CA49A-9237-4810-8449-45DA3BD26D64}" = EzMessenger
"{C9B8D365-A6C3-4C4D-9624-0F0078FEB1B4}" = Sentrilock Card Utility
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{D806E63B-0C11-4061-8DA9-1E980FB9A9EB}" = Data Sync
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"2010 Backgammon" = 2010 Backgammon 5.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"C4B4D7F5499921DF57A4F6B55E59E0F50C2FE298" = Windows Driver Package - SCM Microsystems Inc. (SCR3xx USB Smart Card Reader) SmartCardReader  (11/07/2006 4.35.00.01)
"CANONIJINBOXADDON100" = Canon Inkjet Printer Driver Add-On Module
"Eee Docking_is1" = Eee Docking 1.3.10.0
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"ie8" = Windows Internet Explorer 8
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Juniper Network Connect 7.1.0" = Juniper Networks Network Connect 7.1.0
"Juniper_Setup_Client Activex Control" = Juniper Networks, Inc. Setup Client Activex Control
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.1.1800
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 5.0 (x86 en-US)" = Mozilla Firefox 5.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa 3" = Picasa 3
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 25.07.2011 15:09:34 | Computer Name = *** | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{2cbba416-89d0-11e0-8ce6-485b39369b50},0xc0000000,0x00000003,...).
  hr = 0x80070005.
 
Error - 25.07.2011 15:14:02 | Computer Name = *** | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{2cbba416-89d0-11e0-8ce6-485b39369b50},0xc0000000,0x00000003,...).
  hr = 0x80070005.
 
Error - 25.07.2011 15:50:46 | Computer Name = *** | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{2cbba416-89d0-11e0-8ce6-485b39369b50},0xc0000000,0x00000003,...).
  hr = 0x80070005.
 
Error - 25.07.2011 15:53:27 | Computer Name = *** | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error CreateFileW(\\?\Volume{2cbba416-89d0-11e0-8ce6-485b39369b50},0xc0000000,0x00000003,...).
  hr = 0x80070005.
 
Error - 26.07.2011 11:53:58 | Computer Name = *** | Source = WmiAdapter | ID = 4099
Description = Open of service failed.
 
Error - 26.07.2011 12:36:11 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.07.2011 12:36:11 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 310656
 
Error - 26.07.2011 12:36:11 | Computer Name = *** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 310656
 
Error - 28.07.2011 17:00:17 | Computer Name = *** | Source = CVHSVC | ID = 100
Description = Information only.  (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
 DownloadLatest Failed: There are currently no active network connections. Background
 Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 
Error - 29.07.2011 01:40:23 | Computer Name = *** | Source = CVHSVC | ID = 100
Description = Information only.  (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
 DownloadLatest Failed: There are currently no active network connections. Background
 Intelligent Transfer Service (BITS) will try again when an adapter is connected.

 
[ System Events ]
Error - 25.06.2011 13:39:13 | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the SharedAccess service.
 
Error - 25.06.2011 13:39:43 | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the ShellHWDetection service.
 
Error - 25.06.2011 13:40:13 | Computer Name = *** | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
 the ShellHWDetection service.
 
Error - 04.07.2011 15:09:57 | Computer Name = *** | Source = W32Time | ID = 39452689
Description = Time Provider NtpClient: An error occurred during DNS lookup of the
 manually  configured peer 'time.windows.com,0x1'. NtpClient will try the DNS lookup
 again in 15  minutes.  The error was: A socket operation was attempted to an unreachable
 host. (0x80072751)
 
Error - 04.07.2011 15:09:57 | Computer Name = *** | Source = W32Time | ID = 39452701
Description = The time provider NtpClient is configured to acquire time from one
 or more  time sources, however none of the sources are currently accessible.   No attempt
 to contact a source will be made for 14 minutes.  NtpClient has no source of accurate
 time. 
 
Error - 12.07.2011 02:12:19 | Computer Name = *** | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.50 for the Network Card with network
 address 1C4BD6A34F79 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 20.07.2011 16:30:33 | Computer Name = *** | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.1.50 for the Network Card with network
 address 1C4BD6A34F79 has been  denied by the DHCP server 192.168.1.1 (The DHCP Server
 sent a DHCPNACK message).
 
Error - 24.07.2011 14:41:41 | Computer Name = *** | Source = System Error | ID = 1003
Description = Error code 00000035, parameter1 85f50700, parameter2 00000000, parameter3
 00000000, parameter4 00000000.
 
Error - 26.07.2011 11:53:58 | Computer Name = *** | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WMI Performance Adapter
 service to connect.
 
Error - 26.07.2011 11:53:58 | Computer Name = *** | Source = Service Control Manager | ID = 7000
Description = The WMI Performance Adapter service failed to start due to the following
 error:   %%1053
 
 
< End of report >

Code:

ATTFilter

OTL logfile created on: 30.07.2011 10:13:00 - Run 2
OTL by OldTimer - Version 3.2.26.1     Folder = C:\Documents and Settings\***\My Documents\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
1015,17 Mb Total Physical Memory | 459,14 Mb Available Physical Memory | 45,23% Memory free
2,40 Gb Paging File | 1,87 Gb Available in Paging File | 78,15% Paging File free
Paging file location(s): C:\pagefile.sys 1536 1536 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144,12 Gb Total Space | 103,77 Gb Free Space | 72,00% Space Free | Partition Type: NTFS
 
Computer Name: *** | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Documents and Settings\***\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\***\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe ()
PRC - C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
PRC - C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
 
 
========== Modules (SafeList) ==========
 
MOD - C:\Documents and Settings\***\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
 
 
========== Win32 Services (SafeList) ==========
 
SRV - (AppMgmt) --  File not found
SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (dsNcService) -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe (Juniper Networks)
SRV - (sftvsa) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (dsNcAdpt) -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys (Juniper Networks)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (Sftvol) -- C:\WINDOWS\system32\drivers\Sftvolxp.sys (Microsoft Corporation)
DRV - (Sftredir) -- C:\WINDOWS\system32\drivers\Sftredirxp.sys (Microsoft Corporation)
DRV - (Sftplay) -- C:\WINDOWS\system32\drivers\Sftplayxp.sys (Microsoft Corporation)
DRV - (Sftfs) -- C:\WINDOWS\system32\drivers\Sftfsxp.sys (Microsoft Corporation)
DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation)
DRV - (AsUpIO) -- C:\WINDOWS\system32\drivers\AsUpIO.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.)
DRV - (SNP2UVC) USB2.0 PC Camera (SNP2UVC) -- C:\WINDOWS\system32\drivers\snp2uvc.sys ()
DRV - (L1c) -- C:\WINDOWS\system32\drivers\l1c51x86.sys (Atheros Communications, Inc.)
DRV - (uvclf) -- C:\WINDOWS\system32\drivers\uvclf.sys (GenesysLogic Technologies, Inc.)
DRV - (kbfiltr) -- C:\WINDOWS\system32\drivers\kbfiltr.sys ( )
DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys ()
DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.)
DRV - (SCR3xx USB Smart Card Reader) -- C:\WINDOWS\system32\drivers\SCR3XX2K.sys (SCM Microsystems Inc.)
DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/intl/searchpane/en-au/prov2.htm
 
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.07.24 21:44:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.07.24 21:44:47 | 000,000,000 | ---D | M]
 
[2011.07.27 20:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Diane Raimondo\Application Data\Mozilla\Extensions
[2011.07.27 20:48:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Diane Raimondo\Application Data\Mozilla\Firefox\Profiles\dqyohhf8.default\extensions
[2011.01.07 20:13:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Diane Raimondo\Application Data\Mozilla\Firefox\Profiles\dqyohhf8.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.07.27 20:48:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) -- 
[2010.07.23 03:48:36 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011.06.29 19:12:22 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2011.07.24 18:47:50 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
 
O1 HOSTS File: ([2011.07.27 21:08:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O4 - HKLM..\Run: [AsusACPIServer] C:\Program Files\EeePC\ACPI\AsAcpiSvr.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusEPCMonitor] C:\Program Files\EeePC\ACPI\AsEPCMon.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [AsusTray] C:\Program Files\EeePC\ACPI\AsTray.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [LiveUpdate] C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe ()
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKCU..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SuperHybridEngine.lnk = C:\Program Files\ASUS\EeePC\Super Hybrid Engine\SuperHybridEngine.exe (ASUSTeK Computer Inc.)
O4 - Startup: C:\Documents and Settings\Diane Raimondo\Start Menu\Programs\Startup\Dropbox.lnk = C:\Documents and Settings\Diane Raimondo\Application Data\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: bing.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: doccentral.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: fnismls.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: getmedianow.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: live.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: rdesk.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: rexplorer.net ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: safemls.net ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: showingtime.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: sitexdata.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: spellchecker.net ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: transactionpoint.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: trpoint.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: xmlsweb.com ([]* in Trusted Sites)
O16 - DPF: {0854D220-A90A-466D-BC02-6683183802B7} hxxp://ulster.fnismls.com/Paragon/Codebase/FNISPrintControl.cab (PrintPreview Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework//microsoft/wrc32.ocx (WRC Class)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\***\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\***\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.01.07 03:20:59 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.07.28 21:58:25 | 004,156,822 | R--- | C] (Swearware) -- C:\Documents and Settings\Diane Raimondo\Desktop\ComboFix.exe
[2011.07.27 20:58:24 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011.07.27 20:56:26 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011.07.27 20:56:26 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011.07.27 20:56:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011.07.27 20:56:26 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011.07.27 20:56:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011.07.27 20:56:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011.07.27 20:56:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011.07.27 20:56:03 | 000,000,000 | R--D | C] -- C:\Documents and Settings\***\Start Menu\Programs\Administrative Tools
[2011.07.27 20:11:45 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.07.26 17:40:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\Malwarebytes
[2011.07.26 17:40:29 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.07.26 17:40:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.26 17:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011.07.26 17:40:22 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.07.26 17:40:21 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011.07.25 19:50:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\RTCOM
[2011.07.25 19:50:06 | 001,206,816 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlUpd.exe
[2011.07.25 19:50:06 | 000,880,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\RTSndMgr.CPL
[2011.07.25 19:50:06 | 000,290,816 | ---- | C] (Realtek Semiconductor Crop.) -- C:\WINDOWS\vncutil.exe
[2011.07.25 19:50:06 | 000,077,824 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
[2011.07.25 19:50:04 | 009,715,200 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RTLCPL.EXE
[2011.07.25 19:50:03 | 005,063,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\drivers\RtkHDAud.sys
[2011.07.25 19:50:03 | 000,122,880 | ---- | C] (Realtek Semiconductor) -- C:\WINDOWS\RtkAudioService.exe
[2011.07.25 19:50:01 | 002,168,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\MicCal.exe
[2011.07.25 19:50:01 | 001,389,056 | ---- | C] (Creative Technology Ltd.) -- C:\WINDOWS\System32\drivers\Monfilt.sys
[2011.07.25 19:49:57 | 002,808,832 | ---- | C] (RealTek Semicoductor Corp.) -- C:\WINDOWS\ALCWZRD.EXE
[2011.07.25 19:49:57 | 001,684,736 | ---- | C] (Creative) -- C:\WINDOWS\System32\drivers\Ambfilt.sys
[2011.07.25 19:49:57 | 000,278,528 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\System32\ALSNDMGR.CPL
[2011.07.25 19:49:56 | 000,057,344 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\ALCMTR.EXE
[2011.07.25 19:49:56 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2011.07.25 19:49:42 | 000,540,672 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\RtlExUpd.dll
[2011.07.24 21:42:11 | 000,000,000 | R--D | C] -- C:\Documents and Settings\***\My Documents\My Videos
[2011.07.24 21:40:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Real
[2011.07.24 21:40:25 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2011.07.24 21:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Application Data\Real
[2011.07.24 20:40:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011.07.24 20:23:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011.07.24 18:49:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\***\Local Settings\Application Data\Ilivid Player
[2011.07.24 18:48:12 | 000,000,000 | ---D | C] -- C:\Program Files\iLivid
[2011.07.24 18:47:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Diane Raimondo\Local Settings\Application Data\PackageAware
[2011.07.24 16:25:58 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.07.23 18:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Graboid
[2011.07.18 22:17:48 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Canon
[2010.01.07 20:35:52 | 000,013,880 | ---- | C] ( ) -- C:\WINDOWS\System32\drivers\kbfiltr.sys
[2010.01.07 20:28:03 | 000,196,608 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2uvc.dll
[2010.01.07 20:28:01 | 000,225,280 | ---- | C] ( ) -- C:\WINDOWS\System32\rsnp2uvc.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.07.30 09:55:07 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.07.28 21:58:50 | 004,156,822 | R--- | M] (Swearware) -- C:\Documents and Settings\***\Desktop\ComboFix.exe
[2011.07.27 21:08:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011.07.27 20:58:29 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011.07.26 22:52:12 | 000,021,174 | ---- | M] () -- C:\Documents and Settings\***\Desktop\GMER.zip
[2011.07.26 22:13:34 | 000,000,945 | ---- | M] () -- C:\Documents and Settings\***\Desktop\Shortcut to OTL.exe.lnk
[2011.07.26 17:40:29 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.25 19:49:32 | 000,001,746 | ---- | M] () -- C:\WINDOWS\Language_trs.ini
[2011.07.24 16:25:58 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011.07.20 22:30:27 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.07.16 22:22:38 | 000,246,312 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011.07.14 23:19:26 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,022,712 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011.07.03 23:18:47 | 000,488,618 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011.07.03 23:18:47 | 000,089,818 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011.06.30 22:44:26 | 000,138,192 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2011.06.30 22:44:26 | 000,066,616 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.07.27 20:58:29 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011.07.27 20:58:25 | 000,262,448 | RHS- | C] () -- C:\cmldr
[2011.07.27 20:56:26 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.07.27 20:56:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.07.27 20:56:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.07.27 20:56:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.07.27 20:56:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.07.26 22:52:12 | 000,021,174 | ---- | C] () -- C:\Documents and Settings\***\Desktop\GMER.zip
[2011.07.26 22:13:34 | 000,000,945 | ---- | C] () -- C:\Documents and Settings\***\Desktop\Shortcut to OTL.exe.lnk
[2011.07.26 17:40:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.25 19:49:32 | 000,001,746 | ---- | C] () -- C:\WINDOWS\Language_trs.ini
[2011.07.24 20:39:27 | 000,060,032 | ---- | C] () -- C:\WINDOWS\System32\drivers\USBAUDIO.sys
[2011.07.14 23:18:50 | 000,524,288 | ---- | C] () -- C:\1005HA.ROM
[2011.05.12 21:53:33 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\***\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.01.14 16:10:43 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2011.01.09 14:20:33 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010.07.31 19:31:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010.07.23 04:38:43 | 000,011,448 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUpIO.sys
[2010.07.23 04:29:04 | 000,000,085 | ---- | C] () -- C:\WINDOWS\SentriLockCardUtilSuppressedMsg.INI
[2010.07.23 03:50:43 | 000,006,144 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2010.01.08 00:08:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010.01.07 21:22:58 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uvcrecordfix.exe
[2010.01.07 21:22:58 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Sleep.exe
[2010.01.07 20:28:03 | 001,759,616 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2uvc.sys
[2010.01.07 20:28:03 | 000,028,544 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncduvc.sys
[2010.01.07 20:28:03 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2uvc.ini
[2010.01.07 20:25:23 | 000,025,616 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini
[2010.01.07 20:25:23 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini
[2010.01.07 20:20:41 | 000,013,930 | ---- | C] () -- C:\WINDOWS\System32\RaCoInst.dat
[2010.01.07 20:18:09 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat
[2010.01.07 20:18:09 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat
[2010.01.07 19:57:18 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2010.01.07 03:23:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010.01.07 03:19:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010.01.07 02:08:40 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2010.01.07 02:08:29 | 000,488,618 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2010.01.07 02:08:29 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2010.01.07 02:08:29 | 000,089,818 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2010.01.07 02:08:29 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2010.01.07 02:08:29 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2010.01.07 02:08:28 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2010.01.07 02:08:27 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2010.01.07 02:08:27 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2010.01.07 02:08:26 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2010.01.07 02:08:25 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2010.01.07 02:08:23 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2010.01.07 02:08:21 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2010.01.06 19:15:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010.01.06 19:14:39 | 000,246,312 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT

< End of report >

Viele Grüße
agh

M-K-D-B · 31.07.2011, 13:24

Hallo agh,

ich bin wieder da.

So gehts weiter:

Schritt # 1: Fix mit OTL

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
FF - prefs.js..browser.search.defaultenginename: "Search Results"
FF - prefs.js..browser.search.order.1: "Search Results"
[2011.07.24 18:47:50 | 000,002,501 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchResults.xml
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) -  - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O15 - HKCU\..Trusted Domains: doccentral.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: fnismls.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: getmedianow.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: live.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: rdesk.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: rexplorer.net ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: safemls.net ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: showingtime.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: sitexdata.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: spellchecker.net ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: transactionpoint.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: trpoint.com ([]* in Trusted Sites)
O15 - HKCU\..Trusted Domains: xmlsweb.com ([]* in Trusted Sites)

:commands
[Emptytemp]

Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt # 2: Kontrollscan mit Malwarebytes' Anti-Malware (MBAM)

Vista und Win7 User mit Rechtsklick "als Administrator starten"
Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter "Log Dateien" finden.

Schritt # 3: Deine Rückmeldung
Zur weiteren Analyse benötige ich zusammen mit deiner nächsten Antwort

das Logfile des OTL-Fix und
das Logfile von MBAM.

agh · 31.07.2011, 19:40

Hallo M-K-D-B,

willkommen zurück ;-)

Wie es scheint, sieht es ganz gut aus auf meinem Rechner oder?
Hier sind die Ergebnisse!

Code:

ATTFilter

All processes killed
========== OTL ==========
Prefs.js: "Search Results" removed from browser.search.defaultenginename
Prefs.js: "Search Results" removed from browser.search.order.1
C:\Program Files\Mozilla Firefox\searchplugins\SearchResults.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\doccentral.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\fnismls.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\getmedianow.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\live.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rdesk.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\rexplorer.net\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\safemls.net\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\showingtime.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\sitexdata.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\spellchecker.net\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\transactionpoint.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\trpoint.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\xmlsweb.com\ deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
->Flash cache emptied: 321 bytes
 
User: ***
->Temp folder emptied: 659018 bytes
->Temporary Internet Files folder emptied: 3374440 bytes
->Java cache emptied: 2133416 bytes
->FireFox cache emptied: 113056116 bytes
->Flash cache emptied: 27343 bytes
 
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 49286 bytes
 
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 21002 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 114,00 mb
 
 
OTL by OldTimer - Version 3.2.26.1 log created on 07312011_202042

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Code:

ATTFilter

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Datenbank Version: 7340

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

31.07.2011 20:35:22
mbam-log-2011-07-31 (20-35-22).txt

Art des Suchlaufs: Quick-Scan
Durchsuchte Objekte: 152603
Laufzeit: 5 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
(Keine bösartigen Objekte gefunden)

Weiterhin danke und einen schönen Abend.

agh

Trojaner eingefangen, Firefox öffnet sich nur mit searchqu

Plagegeister aller Art und deren Bekämpfung: Trojaner eingefangen, Firefox öffnet sich nur mit searchqu