I had a remote acces trojan on my home network (one desktop and two laptops)
viewtopic.php?f=12&t=60553
I reinstalled Laptop 1 completely new. As I had to copy my documents and so on I want to check if the trojan is really not present anymore.
Here are my logs of laptop 1:
DDS (Ver_2012-10-14.05) - NTFS_x86
Internet Explorer: 8.0.6001.18702
Run by HelmutN at 10:28:58 on 2012-10-14
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.511.242 [GMT 2:00]
.
AV: Avira Desktop *Enabled/Updated* {AD166499-45F9-482A-A743-FDD3350758C7}
FW: Online Armor Firewall *Enabled*
.
============== Running Processes ================
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Online Armor\OAcat.exe
C:\Program Files\Online Armor\oasrv.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir Desktop\sched.exe
C:\Program Files\Avira\AntiVir Desktop\avguard.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files\Online Armor\OAui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Online Armor\OAhlp.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\WINDOWS\System32\svchost.exe -k LocalService
C:\WINDOWS\System32\svchost.exe -k LocalService
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
EB: {32683183-48a0-441b-a342-7c2a440a9478} - <orphaned>
uRun: [CTFMON.EXE] c:\windows\system32\ctfmon.exe
mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min
mRun: [@OnlineArmor GUI] "c:\program files\online armor\OAui.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
dRun: [CTFMON.EXE] c:\windows\system32\CTFMON.EXE
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Windows\System: Allow-LogonScript-NetbiosDisabled = dword:1
mPolicies-Explorer: NoDriveTypeAutoRun = dword:145
IE: Nach Microsoft &Excel exportieren - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
DPF: Microsoft XML Parser for Java - file://c:\windows\java\classes\xmldso.cab
TCP: Interfaces\{293ED8FA-0655-4E86-B0BE-4A4DE8364322} : NameServer = 192.168.0.1
TCP: Interfaces\{72E7A426-CC93-427F-BD8B-66E39198EF9E} : NameServer = 192.168.0.1
Notify: AtiExtEvent - Ati2evxx.dll
SEH: OA Shell Helper - {4F07DA45-8170-4859-9B5F-037EF2970034} - c:\program files\online armor\oaevent.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\documents and settings\helmutn\application data\mozilla\firefox\profiles\80sypium.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_287.dll
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-10-9 36552]
R1 OADevice;OADriver;c:\windows\system32\drivers\OADriver.sys [2012-10-9 208320]
R1 oahlpXX;Online Armor helper driver;c:\windows\system32\drivers\oahlp32.sys [2012-10-9 44992]
R1 OAmon;OAmon;c:\windows\system32\drivers\OAmon.sys [2012-10-9 27648]
R1 OAnet;OAnet;c:\windows\system32\drivers\OAnet.sys [2012-10-9 31920]
R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-10-9 84256]
R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-10-9 108320]
R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-10-9 83792]
R2 OAcat;Online Armor Helper Service;c:\program files\online armor\oacat.exe [2012-10-9 216072]
R2 SvcOnlineArmor;Online Armor;c:\program files\online armor\oasrv.exe [2012-10-9 4463864]
R3 CONAN;CONAN;c:\windows\system32\drivers\o2mmb.sys [2012-10-9 191092]
R3 MbxStby;MbxStby;c:\windows\system32\drivers\MbxStby.sys [2012-10-9 6100]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\macromed\flash\FlashPlayerUpdateService.exe [2012-10-9 250808]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\mozilla maintenance service\maintenanceservice.exe [2012-10-9 115168]
.
=============== Created Last 30 ================
.
2012-10-12 15:33:03 -------- d-----w- c:\windows\ie8updates
2012-10-12 15:02:03 19424 ----a-w- c:\program files\mozilla firefox\xpcom.dll
2012-10-12 15:02:03 14676960 ----a-w- c:\program files\mozilla firefox\xul.dll
2012-10-12 15:02:02 96224 ----a-w- c:\program files\mozilla firefox\webapprt-stub.exe
2012-10-12 15:02:02 891808 ----a-w- c:\program files\mozilla firefox\uninstall\helper.exe
2012-10-12 15:02:02 270816 ----a-w- c:\program files\mozilla firefox\updater.exe
2012-10-12 15:02:02 157272 ----a-w- c:\program files\mozilla firefox\webapp-uninstaller.exe
2012-10-12 15:02:02 155104 ----a-w- c:\program files\mozilla firefox\softokn3.dll
2012-10-12 15:02:02 145376 ----a-w- c:\program files\mozilla firefox\ssl3.dll
2012-10-12 15:02:01 91104 ----a-w- c:\program files\mozilla firefox\smime3.dll
2012-10-12 14:51:07 630272 -c----w- c:\windows\system32\dllcache\msfeeds.dll
2012-10-12 14:51:06 55296 -c----w- c:\windows\system32\dllcache\msfeedsbs.dll
2012-10-12 14:51:04 12800 -c----w- c:\windows\system32\dllcache\xpshims.dll
2012-10-12 14:51:02 521728 -c----w- c:\windows\system32\dllcache\jsdbgui.dll
2012-10-12 14:51:02 2000384 -c----w- c:\windows\system32\dllcache\iertutil.dll
2012-10-12 14:51:01 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll
2012-10-12 14:51:00 247808 -c----w- c:\windows\system32\dllcache\ieproxy.dll
2012-10-12 14:40:04 -------- d-sh--w- c:\documents and settings\helmutn\IETldCache
2012-10-11 20:03:11 -------- dc-h--w- c:\windows\ie8
2012-10-11 19:25:52 272128 -c----w- c:\windows\system32\dllcache\bthport.sys
2012-10-11 19:25:33 953856 -c----w- c:\windows\system32\dllcache\mfc40u.dll
2012-10-11 19:24:58 456320 -c----w- c:\windows\system32\dllcache\mrxsmb.sys
2012-10-11 19:24:39 617472 -c----w- c:\windows\system32\dllcache\comctl32.dll
2012-10-11 19:24:31 471552 -c----w- c:\windows\system32\dllcache\aclayers.dll
2012-10-11 19:23:06 744448 -c----w- c:\windows\system32\dllcache\helpsvc.exe
2012-10-11 19:22:47 40960 -c----w- c:\windows\system32\dllcache\ndproxy.sys
2012-10-11 19:22:18 81920 -c----w- c:\windows\system32\dllcache\fontsub.dll
2012-10-11 19:22:18 119808 -c----w- c:\windows\system32\dllcache\t2embed.dll
2012-10-11 19:21:51 284160 -c----w- c:\windows\system32\dllcache\pdh.dll
2012-10-11 19:21:50 401408 -c----w- c:\windows\system32\dllcache\rpcss.dll
2012-10-11 19:21:50 110592 -c----w- c:\windows\system32\dllcache\services.exe
2012-10-11 19:21:49 473600 -c----w- c:\windows\system32\dllcache\fastprox.dll
2012-10-11 19:21:49 227840 -c----w- c:\windows\system32\dllcache\wmiprvse.exe
2012-10-11 19:21:48 617472 -c----w- c:\windows\system32\dllcache\advapi32.dll
2012-10-11 19:21:48 453120 -c----w- c:\windows\system32\dllcache\wmiprvsd.dll
2012-10-11 19:21:26 153088 -c----w- c:\windows\system32\dllcache\triedit.dll
2012-10-11 19:20:24 105472 -c----w- c:\windows\system32\dllcache\mup.sys
2012-10-11 19:20:14 203136 -c----w- c:\windows\system32\dllcache\rmcast.sys
2012-10-11 19:20:02 331776 -c----w- c:\windows\system32\dllcache\msadce.dll
2012-10-11 19:18:33 293376 ------w- c:\windows\system32\browserchoice.exe
2012-10-11 19:17:41 536576 -c----w- c:\windows\system32\dllcache\msado15.dll
2012-10-11 19:15:25 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2012-10-11 19:15:22 139784 -c----w- c:\windows\system32\dllcache\rdpwd.sys
2012-10-11 19:12:59 718336 -c----w- c:\windows\system32\dllcache\ntdll.dll
2012-10-11 19:12:55 2148864 -c----w- c:\windows\system32\dllcache\ntkrnlmp.exe
2012-10-11 19:12:54 2192896 -c----w- c:\windows\system32\dllcache\ntoskrnl.exe
2012-10-11 19:12:52 2027520 -c----w- c:\windows\system32\dllcache\ntkrpamp.exe
2012-10-11 19:12:51 2069632 -c----w- c:\windows\system32\dllcache\ntkrnlpa.exe
2012-10-11 19:12:37 218112 -c----w- c:\windows\system32\dllcache\wordpad.exe
2012-10-11 19:12:12 10496 -c----w- c:\windows\system32\dllcache\ndistapi.sys
2012-10-11 19:11:12 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-10-11 19:11:12 3072 ------w- c:\windows\system32\iacenc.dll
2012-10-11 19:07:07 590848 -c----w- c:\windows\system32\dllcache\rpcrt4.dll
2012-10-11 19:06:58 5120 ----a-w- c:\windows\system32\xpsp4res.dll
2012-10-10 20:07:34 -------- d-----w- c:\windows\system32\PreInstall
2012-10-10 20:07:30 -------- d--h--w- c:\windows\$hf_mig$
2012-10-10 18:18:49 -------- d-----w- c:\documents and settings\helmutn\local settings\application data\Temp
2012-10-10 18:18:49 -------- d-----w- c:\documents and settings\helmutn\local settings\application data\Adobe
2012-10-10 18:14:24 65024 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPP86.DLL
2012-10-10 18:14:23 22528 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\CNMPD86.DLL
2012-10-10 18:14:17 161792 ----a-w- c:\windows\system32\CNMLM86.DLL
2012-10-10 18:08:45 -------- d-----w- c:\program files\MSECache
2012-10-10 18:05:35 25856 -c--a-w- c:\windows\system32\dllcache\usbprint.sys
2012-10-10 18:05:35 25856 ----a-w- c:\windows\system32\drivers\usbprint.sys
2012-10-10 17:51:11 -------- d-----w- C:\biathwin
2012-10-10 17:51:10 -------- d-----w- C:\Biathlon
2012-10-10 17:37:13 -------- d-----w- c:\program files\VideoLAN
2012-10-10 17:21:37 677888 -c----w- c:\windows\system32\dllcache\lhmstsc.exe
2012-10-10 17:21:37 2067456 -c----w- c:\windows\system32\dllcache\lhmstscx.dll
2012-10-10 17:21:07 58880 -c----w- c:\windows\system32\dllcache\spoolsv.exe
2012-10-10 17:20:53 91648 -c----w- c:\windows\system32\dllcache\mtxoci.dll
2012-10-10 17:20:52 66560 -c----w- c:\windows\system32\dllcache\mtxclu.dll
2012-10-10 17:20:52 58880 -c----w- c:\windows\system32\dllcache\msdtclog.dll
2012-10-10 17:20:52 161792 -c----w- c:\windows\system32\dllcache\msdtcuiu.dll
2012-10-10 17:20:51 956928 -c----w- c:\windows\system32\dllcache\msdtctm.dll
2012-10-10 17:20:44 60416 -c----w- c:\windows\system32\dllcache\packager.exe
2012-10-10 17:20:14 45568 -c----w- c:\windows\system32\dllcache\wab.exe
2012-10-10 17:19:17 758784 -c--a-w- c:\windows\system32\dllcache\vgx.dll
2012-10-09 19:53:08 18944 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\mdippr.dll
2012-10-09 19:53:08 17920 ----a-w- c:\windows\system32\mdimon.dll
2012-10-09 19:48:59 -------- d-----w- c:\windows\SHELLNEW
2012-10-09 19:31:11 294912 ----a-r- c:\windows\system32\atiiiexx.dll
2012-10-09 19:31:11 131072 ----a-r- c:\windows\system32\ATIDEMGR.dll
2012-10-09 19:30:25 -------- d-----w- c:\program files\ATI Technologies
2012-10-09 19:29:20 34329 ------w- c:\windows\O2Remove.EXE
2012-10-09 19:28:56 6100 ----a-r- c:\windows\system32\drivers\MbxStby.sys
2012-10-09 19:28:56 191092 ----a-r- c:\windows\system32\drivers\o2mmb.sys
2012-10-09 19:27:18 212992 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\ILog.dll
2012-10-09 19:26:27 65536 ----a-w- c:\windows\SmCfg.exe
2012-10-09 19:26:27 528384 ----a-w- c:\windows\system32\SLLights.dll
2012-10-09 19:26:27 454656 ----a-w- c:\windows\system32\slcpappl.cpl
2012-10-09 19:26:27 368640 ----a-w- c:\windows\system32\slmh.exe
2012-10-09 19:26:27 208896 ----a-w- c:\windows\system32\amr_cpl.dll
2012-10-09 19:26:27 167936 ----a-w- c:\windows\system32\minirec.exe
2012-10-09 19:26:27 16128 -c--a-w- c:\windows\system32\dllcache\modemcsa.sys
2012-10-09 19:26:27 16128 ----a-w- c:\windows\system32\drivers\MODEMCSA.sys
2012-10-09 19:26:27 15040 ----a-w- c:\windows\system32\drivers\winddx.sys
2012-10-09 19:26:27 135168 ----a-w- c:\windows\system32\SLMOHServ.dll
2012-10-09 19:26:26 175104 -c--a-w- c:\windows\system32\dllcache\csamsp.dll
2012-10-09 19:26:26 175104 ----a-w- c:\windows\system32\csamsp.dll
2012-10-09 19:25:16 -------- d-----w- c:\windows\Modio
2012-10-09 19:22:06 466944 ----a-w- c:\windows\system32\w29NCPA.dll
2012-10-09 19:22:06 3298432 ----a-w- c:\windows\system32\drivers\w29n51.sys
2012-10-09 19:22:06 1671168 ----a-w- c:\windows\system32\w29mlres.dll
2012-10-09 19:18:57 5376 -c--a-w- c:\windows\system32\dllcache\mspclock.sys
2012-10-09 19:18:57 5376 ----a-w- c:\windows\system32\drivers\MSPCLOCK.sys
2012-10-09 19:18:52 159488 ----a-r- c:\windows\system32\drivers\vinyl97.sys
2012-10-09 19:18:50 4096 -c--a-w- c:\windows\system32\dllcache\ksuser.dll
2012-10-09 19:18:50 4096 ----a-w- c:\windows\system32\ksuser.dll
2012-10-09 19:18:50 146048 -c--a-w- c:\windows\system32\dllcache\portcls.sys
2012-10-09 19:18:50 146048 ----a-w- c:\windows\system32\drivers\portcls.sys
2012-10-09 19:18:48 60160 -c--a-w- c:\windows\system32\dllcache\drmk.sys
2012-10-09 19:18:48 60160 ----a-w- c:\windows\system32\drivers\drmk.sys
2012-10-09 19:18:48 129536 ----a-w- c:\windows\system32\ksproxy.ax
2012-10-09 19:18:38 36864 ----a-w- c:\windows\system32\UnAudioNT.dll
2012-10-09 19:18:37 -------- d-----w- c:\program files\VIAudioi
2012-10-09 19:18:32 328704 ----a-w- c:\windows\IsUn0407.exe
2012-10-09 19:10:09 221184 ------w- c:\program files\common files\installshield\iscript\iscript.dll
2012-10-09 19:10:03 221184 ------w- c:\program files\common files\installshield\engine\6\intel 32\iuser.dll
2012-10-09 19:09:57 32768 ------w- c:\program files\common files\installshield\engine\6\intel 32\objectps.dll
2012-10-09 19:09:48 77824 ------w- c:\program files\common files\installshield\engine\6\intel 32\ctor.dll
2012-10-09 19:09:45 610436 ----a-w- c:\program files\common files\installshield\engine\6\intel 32\IKernel.exe
2012-10-09 19:06:29 12160 -c--a-w- c:\windows\system32\dllcache\mouhid.sys
2012-10-09 19:06:29 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2012-10-09 19:06:22 10368 -c--a-w- c:\windows\system32\dllcache\hidusb.sys
2012-10-09 19:06:22 10368 ----a-w- c:\windows\system32\drivers\hidusb.sys
2012-10-09 19:03:23 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-09 19:03:23 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 19:01:11 -------- d-----w- c:\documents and settings\helmutn\local settings\application data\Mozilla
2012-10-09 18:59:39 -------- d-----w- c:\program files\Mozilla Maintenance Service
2012-10-09 18:38:32 -------- d-----w- c:\windows\system32\appmgmt
2012-10-09 18:13:50 -------- d-----w- c:\documents and settings\helmutn\application data\Avira
2012-10-09 18:06:44 -------- d-----w- c:\documents and settings\helmutn\application data\CallingID
2012-10-09 18:06:41 -------- d-----w- c:\documents and settings\helmutn\local settings\application data\DoNotTrackPlus
2012-10-09 17:46:57 -------- d-----w- c:\windows\system32\SoftwareDistribution
2012-10-09 17:45:45 -------- d-----w- c:\documents and settings\helmutn\application data\OnlineArmor
2012-10-09 17:45:45 -------- d-----w- c:\documents and settings\all users\application data\OnlineArmor
2012-10-09 17:45:22 44992 ----a-w- c:\windows\system32\drivers\oahlp32.sys
2012-10-09 17:45:22 31920 ----a-w- c:\windows\system32\drivers\OAnet.sys
2012-10-09 17:45:22 27648 ----a-w- c:\windows\system32\drivers\OAmon.sys
2012-10-09 17:45:22 208320 ----a-w- c:\windows\system32\drivers\OADriver.sys
2012-10-09 17:44:52 -------- d-----w- c:\program files\Online Armor
2012-10-09 17:44:18 -------- d-----w- c:\documents and settings\helmutn\application data\Malwarebytes
2012-10-09 17:43:54 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2012-10-09 17:43:51 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-10-09 17:43:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-10-09 17:40:49 83792 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-10-09 17:40:49 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-10-09 17:40:47 -------- d-----w- c:\program files\Avira
2012-10-09 17:40:47 -------- d-----w- c:\documents and settings\all users\application data\Avira
2012-10-09 17:25:56 9728 ------w- c:\windows\system32\rwnh.dll
2012-10-09 17:21:31 33792 -c----w- c:\windows\system32\dllcache\custsat.dll
2012-10-09 17:18:47 -------- d-----w- c:\windows\network diagnostic
2012-10-09 17:18:45 144384 ------w- c:\windows\system32\drivers\hdaudbus.sys
2012-10-09 17:18:44 10240 ------w- c:\windows\system32\drivers\sffp_mmc.sys
2012-10-09 17:16:51 19569 ----a-w- c:\windows\005445_.tmp
2012-10-09 17:04:07 -------- d-----w- c:\windows\system32\wbem\AutoRecover
2012-10-09 17:02:34 -------- d-s---w- c:\windows\system32\Microsoft
2012-10-09 16:55:59 44672 ------w- c:\windows\system32\drivers\uagp35.sys
2012-10-09 16:48:58 2897920 ------w- c:\windows\system32\xpsp2res.dll
2012-10-09 16:47:50 19528 ----a-w- c:\windows\003575_.tmp
2012-10-09 16:47:46 -------- d-----w- c:\windows\system32\ReinstallBackups
2012-10-09 16:47:38 26144 ----a-w- c:\windows\system32\spupdsvc.exe
2012-10-08 20:02:29 -------- d-----w- c:\windows\ServicePackFiles
2012-10-08 20:01:58 214528 ----a-w- c:\program files\internet explorer\connection wizard\icwconn1.exe
2012-10-08 20:00:59 326432 ----a-w- c:\windows\system32\msexcl40.dll
.
==================== Find3M ====================
.
2012-10-09 19:33:32 86016 ----a-w- c:\windows\system32\ati2evxx.dll
2012-10-09 19:33:32 81920 ----a-w- c:\windows\system32\ATIDDC.DLL
2012-10-09 19:33:32 65536 ----a-w- c:\windows\system32\Ati2mdxx.exe
2012-10-09 19:33:32 6524928 ----a-w- c:\windows\system32\atioglxx.dll
2012-10-09 19:33:32 376832 ----a-w- c:\windows\system32\ati2evxx.exe
2012-10-09 19:33:32 30720 ----a-w- c:\windows\system32\ati2edxx.dll
2012-10-09 19:33:32 24064 ----a-w- c:\windows\system32\ativcoxx.dll
2012-10-09 19:33:32 17408 ----a-w- c:\windows\system32\atitvo32.dll
2012-10-09 19:33:32 118784 ----a-w- c:\windows\system32\atipdlxx.dll
2012-10-09 19:33:32 102400 ----a-w- c:\windows\system32\Oemdspif.dll
2012-08-28 15:14:53 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:14:53 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:14:52 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07:15 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53:22 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-21 13:29:19 2192896 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-21 12:58:06 2069632 ----a-w- c:\windows\system32\ntkrnlpa.exe
.
============= FINISH: 10:32:20,64 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-10-14.05)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 08.10.2012 19:51:14
System Uptime: 14.10.2012 08:59:19 (2 hours ago)
.
Motherboard: To be filled by O.E.M. | | To be filled by O.E.M.
Processor: Intel(R) Pentium(R) M processor 1.70GHz | CPU 1 | 1699/400mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 75 GiB total, 9,359 GiB free.
D: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP1: 08.10.2012 20:03:07 - System Checkpoint
RP2: 08.10.2012 20:12:54 - Online Armor Installation
RP3: 08.10.2012 21:57:56 - Installed Windows XP Service Pack 1.
RP4: 09.10.2012 18:47:52 - Installed Windows XP Service Pack 2.
RP5: 09.10.2012 19:17:03 - Installed Windows XP Service Pack 3.
RP6: 09.10.2012 19:45:33 - Online Armor Installation
RP7: 09.10.2012 20:38:14 - Removed Ask Toolbar.
RP8: 09.10.2012 21:28:36 - Installed O2Micro MemoryCardBus Windows Driver
RP9: 09.10.2012 21:47:06 - Microsoft Office Professional Edition 2003 wird installiert
RP10: 10.10.2012 20:10:28 - Compatibility Pack für 2007 Office System wird installiert
RP11: 10.10.2012 22:07:18 - Software Distribution Service 3.0
RP12: 11.10.2012 21:46:41 - Software Distribution Service 3.0
RP13: 12.10.2012 17:31:47 - Software Distribution Service 3.0
RP14: 12.10.2012 17:45:33 - Installed Windows XP WgaNotify.
RP15: 14.10.2012 09:37:05 - System Checkpoint
.
==== Installed Programs ======================
.
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.4) - Deutsch
ATI Display Driver
Avira Free Antivirus
Compatibility Pack für 2007 Office System
Hotfix for Windows XP (KB2756822)
Hotfix for Windows XP (KB952287)
Hotfix for Windows XP (KB976002-v5)
Malwarebytes Anti-Malware Version 1.65.0.1400
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Mozilla Firefox 16.0.1 (x86 de)
Mozilla Maintenance Service
O2Micro MemoryCardBus Windows Driver
Online Armor 6.0
Security Update for Microsoft Windows (KB2564958)
Security Update for Windows Internet Explorer 8 (KB2510531)
Security Update for Windows Internet Explorer 8 (KB2544521)
Security Update for Windows Internet Explorer 8 (KB2744842)
Security Update for Windows Media Player (KB2378111)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB954155)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player (KB975558)
Security Update for Windows Media Player (KB978695)
Security Update for Windows XP (KB2115168)
Security Update for Windows XP (KB2229593)
Security Update for Windows XP (KB2296011)
Security Update for Windows XP (KB2347290)
Security Update for Windows XP (KB2360937)
Security Update for Windows XP (KB2387149)
Security Update for Windows XP (KB2393802)
Security Update for Windows XP (KB2419632)
Security Update for Windows XP (KB2423089)
Security Update for Windows XP (KB2440591)
Security Update for Windows XP (KB2443105)
Security Update for Windows XP (KB2476490)
Security Update for Windows XP (KB2478960)
Security Update for Windows XP (KB2478971)
Security Update for Windows XP (KB2479943)
Security Update for Windows XP (KB2481109)
Security Update for Windows XP (KB2483185)
Security Update for Windows XP (KB2485663)
Security Update for Windows XP (KB2506212)
Security Update for Windows XP (KB2507618)
Security Update for Windows XP (KB2507938)
Security Update for Windows XP (KB2508429)
Security Update for Windows XP (KB2509553)
Security Update for Windows XP (KB2510581)
Security Update for Windows XP (KB2535512)
Security Update for Windows XP (KB2536276-v2)
Security Update for Windows XP (KB2544521)
Security Update for Windows XP (KB2544893-v2)
Security Update for Windows XP (KB2566454)
Security Update for Windows XP (KB2570947)
Security Update for Windows XP (KB2584146)
Security Update for Windows XP (KB2585542)
Security Update for Windows XP (KB2592799)
Security Update for Windows XP (KB2598479)
Security Update for Windows XP (KB2603381)
Security Update for Windows XP (KB2618451)
Security Update for Windows XP (KB2619339)
Security Update for Windows XP (KB2620712)
Security Update for Windows XP (KB2624667)
Security Update for Windows XP (KB2631813)
Security Update for Windows XP (KB2646524)
Security Update for Windows XP (KB2653956)
Security Update for Windows XP (KB2655992)
Security Update for Windows XP (KB2659262)
Security Update for Windows XP (KB2661637)
Security Update for Windows XP (KB2676562)
Security Update for Windows XP (KB2686509)
Security Update for Windows XP (KB2691442)
Security Update for Windows XP (KB2698365)
Security Update for Windows XP (KB2705219-v2)
Security Update for Windows XP (KB2712808)
Security Update for Windows XP (KB2719985)
Security Update for Windows XP (KB2723135-v2)
Security Update for Windows XP (KB2724197)
Security Update for Windows XP (KB2731847-v2)
Security Update for Windows XP (KB2744842)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB923789)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956844)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB969059)
Security Update for Windows XP (KB970430)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB972270)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
Security Update for Windows XP (KB973904)
Security Update for Windows XP (KB974112)
Security Update for Windows XP (KB974318)
Security Update for Windows XP (KB974392)
Security Update for Windows XP (KB974571)
Security Update for Windows XP (KB975025)
Security Update for Windows XP (KB975467)
Security Update for Windows XP (KB975560)
Security Update for Windows XP (KB975713)
Security Update for Windows XP (KB977816)
Security Update for Windows XP (KB977914)
Security Update for Windows XP (KB978338)
Security Update for Windows XP (KB978542)
Security Update for Windows XP (KB978706)
Security Update for Windows XP (KB979309)
Security Update for Windows XP (KB979482)
Security Update for Windows XP (KB979687)
Security Update for Windows XP (KB981322)
Security Update for Windows XP (KB981997)
Security Update for Windows XP (KB982132)
Security Update for Windows XP (KB982665)
Smart Link 56K Modem
Update for Windows XP (KB2345886)
Update for Windows XP (KB2661254-v2)
Update for Windows XP (KB2736233)
Update for Windows XP (KB2749655)
Update for Windows XP (KB898461)
Update for Windows XP (KB951978)
Update for Windows XP (KB955759)
Update for Windows XP (KB968389)
Update for Windows XP (KB971029)
Update for Windows XP (KB973815)
VIA Audio Driver Setup Program
VLC media player 2.0.3
WebFldrs XP
Windows Genuine Advantage Notifications (KB905474)
Windows Internet Explorer 8
Windows XP Service Pack 3
.
==== Event Viewer Messages From Past Week ========
.
14.10.2012 10:29:23, error: Service Control Manager [7016] - The SmartLinkService service has reported an invalid current state 0.
12.10.2012 17:43:00, error: Service Control Manager [7001] - The SSDP Discovery Service service depends on the HTTP service which failed to start because of the following error: Access is denied.
12.10.2012 17:43:00, error: Service Control Manager [7000] - The HTTP service failed to start due to the following error: Access is denied.
12.10.2012 17:38:56, error: MRxSmb [8003] - The master browser has received a server announcement from the computer COMPUTER that believes that it is the master browser for the domain on transport NetBT_Tcpip_{293ED8FA-0655-4E86-. The master browser is stopping or an election is being forced.
11.10.2012 20:46:17, error: NetBT [4307] - Initialization failed because the transport refused to open initial Addresses.
09.10.2012 20:48:38, error: MRxSmb [8003] - The master browser has received a server announcement from the computer MEDIA-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{72E7A426-CC93-427F-. The master browser is stopping or an election is being forced.
09.10.2012 20:23:36, error: DCOM [10000] - Unable to start a DCOM Server: {43AB7B5D-4C40-4103-A549-7002A116A7D5}. The error: "%5" Happened while starting this command: C:\Program Files\Ask.com\CallingIDSDK\CIDGlobalLight.exe -Embedding
09.10.2012 18:40:23, error: Service Control Manager [7026] - The following boot-start or system-start driver(s) failed to load: OADevice
08.10.2012 20:12:59, error: Service Control Manager [7003] - The OADriver service depends on the following nonexistent service: FltMgr
.
==== End Of File ===========================
Thank you
Helmut13