| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows XP Recovery VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
23.05.2011, 14:20
| #1 |
 |  Windows XP Recovery Virus Hallo, habe mir den Recovery Virus eingefangen und versucht nach der Anleitung hier ihn wieder zu entfernen. Also rkill.com ausgeführt, Scan mit malwarebytes, unhide.exe ausgeführt. Allerdings startete das Tool tdsskiller nicht und ich glaube, dass Firefox dadurch immernoch webseiten weiterleitet. Hier mal aktuelle Logdateien Malwarebytes Code:
ATTFilter Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Datenbank Version: 6649
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
23.05.2011 13:30:25
mbam-log-2011-05-23 (13-30-25).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 223033
Laufzeit: 54 Minute(n), 1 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 2
Infizierte Dateiobjekte der Registrierung: 1
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ccSjkketwraagFu (Trojan.FakeMS.Gen) -> Value: ccSjkketwraagFu -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs\C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM\COMPONENTS\WIDGITOOLBARFF.DLL (Adware.WidgiToolbar) -> Value: WIDGITOOLBARFF.DLL -> Quarantined and deleted successfully.
Infizierte Dateiobjekte der Registrierung:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
c:\dokumente und einstellungen\all users\anwendungsdaten\ccsjkketwraagfu.exe (Trojan.FakeMS.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\15327012.exe (Rogue.WindowsRecoveryConsole) -> Quarantined and deleted successfully.
c:\programme\gemeinsame dateien\Spigot\wtxpcom\components\widgitoolbarff.dll (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c9985cff-74c4-4630-a132-265978abbb94}\RP119\A0017394.old (Adware.WidgiToolbar) -> Quarantined and deleted successfully.
c:\system volume information\_restore{c9985cff-74c4-4630-a132-265978abbb94}\RP134\A0019942.exe (Spyware.Password) -> Quarantined and deleted successfully.
Code:
ATTFilter OTL logfile created on: 23.05.2011 14:58:25 - Run 2 OTL by OldTimer - Version 3.2.23.0 Folder = C:\Dokumente und Einstellungen\Smithee\Desktop\Downloads Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1015,17 Mb Total Physical Memory | 577,25 Mb Available Physical Memory | 56,86% Memory free 2,39 Gb Paging File | 2,03 Gb Available in Paging File | 85,05% Paging File free Paging file location(s): C:\pagefile.sys 1524 3048 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme Drive C: | 81,65 Gb Total Space | 63,01 Gb Free Space | 77,17% Space Free | Partition Type: NTFS Drive D: | 62,47 Gb Total Space | 58,24 Gb Free Space | 93,23% Space Free | Partition Type: NTFS Computer Name: SMITHEEEPC | User Name: Smithee | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Dokumente und Einstellungen\Smithee\Desktop\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\Programme\ESRI\License\arcgis9x\ARCGIS.EXE () PRC - C:\WINDOWS\system32\HPZipm12.exe (HP) PRC - C:\Programme\ESRI\License\arcgis9x\lmgrd.exe () ========== Modules (SafeList) ========== MOD - C:\Dokumente und Einstellungen\Smithee\Desktop\Downloads\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (AppMgmt) -- File not found SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (Application Updater) -- C:\Programme\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZipm12.exe (HP) SRV - (ArcGIS License Manager) -- C:\Programme\ESRI\License\arcgis9x\lmgrd.exe () ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH) DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH) DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.) DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (fssfltr) -- C:\WINDOWS\system32\drivers\fssfltr_tdi.sys (Microsoft Corporation) DRV - (SaiKCB03) -- C:\WINDOWS\system32\drivers\SaiKCB03.sys (Saitek) DRV - (L1e) -- C:\WINDOWS\system32\drivers\l1e51x86.sys (Atheros Communications, Inc.) DRV - (AR5416) -- C:\WINDOWS\system32\drivers\athw.sys (Atheros Communications, Inc.) DRV - (BTKRNL) -- C:\WINDOWS\system32\drivers\btkrnl.sys (Broadcom Corporation.) DRV - (BTWUSB) -- C:\WINDOWS\system32\drivers\btwusb.sys (Broadcom Corporation.) DRV - (Ambfilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative) DRV - (BTWDNDIS) -- C:\WINDOWS\system32\drivers\btwdndis.sys (Broadcom Corporation.) DRV - (btaudio) -- C:\WINDOWS\system32\drivers\btaudio.sys (Broadcom Corporation.) DRV - (AsusACPI) -- C:\WINDOWS\system32\drivers\ASUSACPI.SYS (ASUSTeK Computer Inc.) DRV - (btwhid) -- C:\WINDOWS\system32\drivers\btwhid.sys (Broadcom Corporation.) DRV - (BTDriver) -- C:\WINDOWS\system32\drivers\btport.sys (Broadcom Corporation.) DRV - (btwmodem) -- C:\WINDOWS\system32\drivers\btwmodem.sys (Broadcom Corporation.) DRV - (Monfilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=302398" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 5 FF - prefs.js..extensions.enabledItems: 3 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.8.20100408.6 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=302398&p=" FF - prefs.js..network.proxy.socks_version: 0 FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.05.01 14:46:05 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.03.28 12:25:52 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Components: C:\Programme\Mozilla Thunderbird\components [2010.10.06 17:58:38 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.1.4\extensions\\Plugins: C:\Programme\Mozilla Thunderbird\plugins [2011.01.03 16:51:24 | 000,000,000 | ---D | M] [2010.01.07 00:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Smithee\Anwendungsdaten\Mozilla\Extensions [2010.01.07 00:04:04 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Smithee\Anwendungsdaten\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.05.14 11:43:00 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Smithee\Anwendungsdaten\Mozilla\Firefox\Profiles\m98yin71.default\extensions [2010.02.14 10:33:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Smithee\Anwendungsdaten\Mozilla\Firefox\Profiles\m98yin71.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2010.10.15 12:17:18 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Dokumente und Einstellungen\Smithee\Anwendungsdaten\Mozilla\Firefox\Profiles\m98yin71.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2010.09.28 20:34:34 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Dokumente und Einstellungen\Smithee\Anwendungsdaten\Mozilla\Firefox\Profiles\m98yin71.default\extensions\firefox@tvunetworks.com [2011.03.27 12:50:56 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SMITHEE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\M98YIN71.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\SMITHEE\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\M98YIN71.DEFAULT\EXTENSIONS\{E4A8A97B-F2ED-450B-B12D-EE082BA24781}.XPI [2011.02.21 00:39:58 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAMME\GEMEINSAME DATEIEN\SPIGOT\WTXPCOM [2011.02.21 00:39:58 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAMME\PDFFORGE TOOLBAR\FF [2011.05.01 14:45:58 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Programme\Mozilla Firefox\components\browsercomps.dll [2009.12.21 07:47:02 | 000,063,488 | ---- | M] (Nullsoft) -- C:\Programme\Mozilla Firefox\plugins\npwachk.dll [2011.03.28 12:25:40 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml [2011.03.28 12:25:40 | 000,002,252 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\bing.xml [2011.03.28 12:25:40 | 000,001,153 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml [2011.03.28 12:25:40 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml [2011.03.28 12:25:40 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml [2011.03.28 12:25:40 | 000,001,105 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\4.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 01 00 00 00 [binary data] O8 - Extra context menu item: Senden an &Bluetooth-Gerät... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Senden an Bluetooth - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programme\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Java Plug-in 1.6.0_03) O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\Smithee\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\Smithee\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.12.30 00:33:43 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{e16c0e50-71a2-11df-9469-00224399deb8}\Shell - "" = AutoRun O33 - MountPoints2\{e16c0e50-71a2-11df-9469-00224399deb8}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{e16c0e50-71a2-11df-9469-00224399deb8}\Shell\AutoRun\command - "" = "E:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.05.23 13:34:50 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Smithee\Desktop\OTH.scr [2011.05.23 13:34:02 | 001,407,280 | ---- | C] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Smithee\Desktop\tdsskiller.exe [2011.05.23 12:26:50 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Smithee\Desktop\mbam-setup.com [2011.05.23 12:22:17 | 000,000,000 | R--D | C] -- C:\Dokumente und Einstellungen\Smithee\Recent [2011.05.23 11:58:10 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Smithee\Startmenü\Programme\Windows XP Recovery [2011.05.19 13:10:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Smithee\Desktop\Desktop [2011.05.19 13:06:54 | 000,000,000 | ---D | C] -- C:\Stefanie [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2011.05.23 14:01:29 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2011.05.23 14:01:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2011.05.23 14:01:14 | 1064,554,496 | -HS- | M] () -- C:\hiberfil.sys [2011.05.23 13:57:35 | 000,459,728 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat [2011.05.23 13:57:35 | 000,441,772 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat [2011.05.23 13:57:35 | 000,085,070 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat [2011.05.23 13:57:35 | 000,071,708 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat [2011.05.23 13:34:50 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Smithee\Desktop\OTH.scr [2011.05.23 13:34:29 | 000,606,104 | ---- | M] () -- C:\Dokumente und Einstellungen\Smithee\Desktop\unhide.exe [2011.05.23 12:27:00 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Dokumente und Einstellungen\Smithee\Desktop\mbam-setup.com [2011.05.23 12:14:06 | 001,007,108 | ---- | M] () -- C:\Dokumente und Einstellungen\Smithee\Desktop\rkill.com [2011.05.23 11:58:14 | 000,000,829 | ---- | M] () -- C:\Dokumente und Einstellungen\Smithee\Desktop\Windows XP Recovery.lnk [2011.05.23 11:58:14 | 000,000,120 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15327012 [2011.05.23 11:58:13 | 000,000,144 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15327012r [2011.05.23 11:57:58 | 000,000,336 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\15327012 [2011.05.13 13:21:00 | 001,407,280 | ---- | M] (Kaspersky Lab ZAO) -- C:\Dokumente und Einstellungen\Smithee\Desktop\tdsskiller.exe [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2011.05.23 13:34:28 | 000,606,104 | ---- | C] () -- C:\Dokumente und Einstellungen\Smithee\Desktop\unhide.exe [2011.05.23 12:16:56 | 001,007,108 | ---- | C] () -- C:\Dokumente und Einstellungen\Smithee\Desktop\rkill.com [2011.05.23 11:58:14 | 000,000,829 | ---- | C] () -- C:\Dokumente und Einstellungen\Smithee\Desktop\Windows XP Recovery.lnk [2011.05.23 11:58:13 | 000,000,144 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15327012r [2011.05.23 11:58:13 | 000,000,120 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~15327012 [2011.05.23 11:57:58 | 000,000,336 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\15327012 [2010.12.13 20:22:38 | 000,001,363 | ---- | C] () -- C:\WINDOWS\BAUWAS.INI [2010.10.08 17:25:04 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2010.04.01 02:35:13 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\pdfcmnnt.dll [2010.02.13 16:38:21 | 000,103,981 | ---- | C] () -- C:\WINDOWS\hpoins08.dat [2010.02.13 16:38:21 | 000,004,445 | ---- | C] () -- C:\WINDOWS\hpomdl08.dat [2010.02.13 16:38:11 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2010.02.13 16:14:51 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat [2010.01.18 01:10:41 | 000,018,432 | ---- | C] () -- C:\Dokumente und Einstellungen\Smithee\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.01.07 01:37:21 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2009.12.31 05:48:49 | 000,000,140 | ---- | C] () -- C:\Dokumente und Einstellungen\Smithee\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat [2009.12.31 01:34:34 | 000,000,032 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\ezsid.dat [2009.12.30 23:56:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat [2009.02.25 13:58:02 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\drivers\rtkhdaud.dat [2009.02.18 16:52:24 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uvcrecordfix.exe [2009.02.18 16:38:02 | 000,024,576 | ---- | C] () -- C:\WINDOWS\Sleep.exe [2008.12.30 18:49:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini [2008.12.30 01:16:15 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll [2008.12.30 01:14:22 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\drivers\SamSfPa.dat [2008.12.30 00:36:19 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2008.12.30 00:31:22 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2008.12.30 00:25:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2008.12.30 00:24:10 | 000,262,232 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2008.12.30 00:17:44 | 000,005,312 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI [2008.12.30 00:17:39 | 000,459,728 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat [2008.12.30 00:17:39 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat [2008.12.30 00:17:39 | 000,085,070 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat [2008.12.30 00:17:39 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat [2008.12.30 00:17:33 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2008.12.30 00:17:32 | 000,441,772 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2008.12.30 00:17:32 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2008.12.30 00:17:32 | 000,071,708 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2008.12.30 00:17:32 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2008.12.30 00:17:32 | 000,004,562 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2008.12.30 00:17:31 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2008.12.30 00:17:31 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2008.12.30 00:17:29 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2008.12.30 00:17:29 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2008.12.30 00:17:27 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2008.12.30 00:17:25 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2008.11.14 19:12:56 | 000,012,208 | ---- | C] () -- C:\WINDOWS\AsTrayLang.ini [2008.10.22 14:57:08 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiCCB03_0C.dll [2008.10.22 14:57:08 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCCB03_10.dll [2008.10.22 14:57:08 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCCB03_0A.dll [2008.10.22 14:57:08 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiCCB03_11.dll [2008.10.22 14:57:06 | 000,843,776 | ---- | C] () -- C:\WINDOWS\System32\SaiCCB03.Dll [2008.10.22 14:57:06 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiCCB03_07.dll [2008.10.22 14:57:06 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiCCB03_09.dll [2008.10.22 14:57:06 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiCCB03_0402.dll [2008.09.02 08:25:26 | 002,854,912 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll [2008.08.28 05:10:24 | 000,000,173 | ---- | C] () -- C:\WINDOWS\explorer.exe.config [2008.07.30 20:31:52 | 000,021,864 | ---- | C] () -- C:\WINDOWS\AsAcpiSvrLang.ini [2001.11.14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll [1997.06.25 15:24:16 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\RegObj.dll < End of report > Code:
ATTFilter OTL Extras logfile created on: 23.05.2011 14:58:25 - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Dokumente und Einstellungen\Smithee\Desktop\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1015,17 Mb Total Physical Memory | 577,25 Mb Available Physical Memory | 56,86% Memory free
2,39 Gb Paging File | 2,03 Gb Available in Paging File | 85,05% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 81,65 Gb Total Space | 63,01 Gb Free Space | 77,17% Space Free | Partition Type: NTFS
Drive D: | 62,47 Gb Total Space | 58,24 Gb Free Space | 93,23% Space Free | Partition Type: NTFS
Computer Name: SMITHEEEPC | User Name: Smithee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Programme\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Enqueue] -- "C:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Programme\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\Miranda IM\miranda32.exe" = C:\Programme\Miranda IM\miranda32.exe:*:Enabled:Miranda IM -- ( )
"C:\Programme\SopCast\adv\SopAdver.exe" = C:\Programme\SopCast\adv\SopAdver.exe:*:Enabled:SopCast Adver -- (www.sopcast.com)
"C:\Programme\SopCast\SopCast.exe" = C:\Programme\SopCast\SopCast.exe:*:Enabled:SopCast Main Application -- (www.sopcast.com)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{053B3DA8-91B5-4682-A130-715412A1A252}" = Paint.NET v3.5.4
"{19F5658D-92E8-4A08-8657-D38ABB1574B2}" = Asus ACPI Driver
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{2217B0B4-35CB-48C6-B640-864DF2F30F99}" = OpenOffice.org 3.2
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR8121/AR8113/AR8114 Gigabit/Fast Ethernet Driver
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39D0E034-1042-4905-BECB-5502909FCB7C}" = Microsoft Works
"{3A608351-5980-4A47-AE08-3742C55B4016}" = Windows Live Family Safety
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{5033400B-0977-45AB-94CE-CC135A8E1BBB}" = ArcGIS Desktop
"{566BAEC0-74CB-4ACC-9E18-8779AC974FB0}" = Windows Live Toolbar
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{82F2B38B-1426-443D-874C-AC25675E7BEB}" = Windows Live Mail
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}" = Azurewave Wireless LAN
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90280407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional mit FrontPage
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A0B139A7-E8D5-49E8-A7BF-12421E652208}" = pdfforge Toolbar v4.3
"{a0fe116e-9a8a-466f-aee0-625cb7c207e3}" = Microsoft Visual C++ 2005 Redistributable - KB2467175
"{A13D16C5-38A9-4D96-9647-59FCCAB12A85}" = Visual Basic for Applications (R) Core - English
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.5 - Deutsch
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.8.7
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC13FB47-0B90-46C3-9BB7-57D2DB455D4D}" = Microsoft Xbox 360 Accessories 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FB97C283-1F3C-42D4-AE01-ADC1DC12F774}" = Visual Basic for Applications (R) Core
"7-Zip" = 7-Zip 9.10 beta
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"ArcGIS Desktop" = ArcGIS Desktop
"ArcGIS License Manager" = ArcGIS License Manager
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"DivX Setup.divx.com" = DivX-Setup
"DynaGeo_is1" = DynaGeo 3.5e
"Elantech" = ETDWare PS/2-x86 7.0.4.3 WHQL
"FileZilla Client" = FileZilla Client 3.3.1
"Fraps" = Fraps
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.9
"GEONExT_is1" = GEONExT 1.73
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"hp deskjet 5550 series_Driver" = hp deskjet 5550 series
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miranda IM" = Miranda IM 0.8.19
"Mozilla Firefox 4.0.1 (x86 de)" = Mozilla Firefox 4.0.1 (x86 de)
"Mozilla Thunderbird (3.1.4)" = Mozilla Thunderbird (3.1.4)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"numpy-py2.5" = Python 2.5 numpy-1.0.3
"Opera 11.01.1190" = Opera 11.01
"PartyPoker" = PartyPoker
"Python 2.5 numpy-1.0.3" = Python 2.5 numpy-1.0.3
"Python 2.5.1" = Python 2.5.1
"SopCast" = SopCast 3.2.4
"tvbrowser" = TV-Browser 2.7.5
"TVUPlayer" = TVUPlayer 2.5.3.1
"Tweak UI 2.10" = Tweak UI
"Uninstall_is1" = Uninstall 1.0.0.1
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.0.3
"WavePad" = WavePad Sound Editor
"Wdf01001" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.1
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XnView_is1" = XnView 1.97
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Winamp Detect" = Winamp Anwendungserkennung
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 12.12.2010 08:40:32 | Computer Name = SMITHEEEPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung avnotify.exe, Version 10.0.10.12, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 02.01.2011 17:42:13 | Computer Name = SMITHEEEPC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pprekop.exe, Version 4.2.0.172, fehlgeschlagenes
Modul ole32.dll, Version 5.1.2600.2182, Fehleradresse 0x10017bed.
Error - 23.03.2011 07:53:09 | Computer Name = SMITHEEEPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung EXCEL.EXE, Version 10.0.2614.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 23.03.2011 07:53:10 | Computer Name = SMITHEEEPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung EXCEL.EXE, Version 10.0.2614.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 23.03.2011 07:53:22 | Computer Name = SMITHEEEPC | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung EXCEL.EXE, Version 10.0.2614.0, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 23.03.2011 07:53:39 | Computer Name = SMITHEEEPC | Source = Microsoft Office 10 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Excel.
Error - 19.05.2011 14:39:03 | Computer Name = SMITHEEEPC | Source = SecurityCenter | ID = 1802
Description = Das Windows-Sicherheitscenter konnte keine Ereignisabfragen mit der
WMI herstellen, um Antivirus- und Firewallprogramme von Drittanbietern zu überwachen.
Error - 23.05.2011 06:13:32 | Computer Name = SMITHEEEPC | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung iexplore.exe, Version 8.0.6001.18702, fehlgeschlagenes
Modul skypeieplugin.dll, Version 4.2.0.4825, Fehleradresse 0x0004c6fb.
Error - 23.05.2011 06:22:13 | Computer Name = SMITHEEEPC | Source = FLEXlm | ID = 0
Description =
Error - 23.05.2011 07:31:42 | Computer Name = SMITHEEEPC | Source = FLEXlm | ID = 0
Description =
[ System Events ]
Error - 23.05.2011 07:42:36 | Computer Name = SMITHEEEPC | Source = Service Control Manager | ID = 7034
Description = Dienst "SeaPort" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 23.05.2011 07:42:36 | Computer Name = SMITHEEEPC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 23.05.2011 07:45:10 | Computer Name = SMITHEEEPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP SRTSPX
Error - 23.05.2011 07:57:33 | Computer Name = SMITHEEEPC | Source = Service Control Manager | ID = 7034
Description = Dienst "Application Updater" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 23.05.2011 07:57:33 | Computer Name = SMITHEEEPC | Source = Service Control Manager | ID = 7034
Description = Dienst "ArcGIS License Manager" wurde unerwartet beendet. Dies ist
bereits 1 Mal passiert.
Error - 23.05.2011 07:57:33 | Computer Name = SMITHEEEPC | Source = Service Control Manager | ID = 7034
Description = Dienst "Java Quick Starter" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 23.05.2011 07:57:33 | Computer Name = SMITHEEEPC | Source = Service Control Manager | ID = 7034
Description = Dienst "Pml Driver HPZ12" wurde unerwartet beendet. Dies ist bereits
1 Mal passiert.
Error - 23.05.2011 07:57:33 | Computer Name = SMITHEEEPC | Source = Service Control Manager | ID = 7034
Description = Dienst "SeaPort" wurde unerwartet beendet. Dies ist bereits 1 Mal
passiert.
Error - 23.05.2011 07:57:33 | Computer Name = SMITHEEEPC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Bluetooth Service" wurde unerwartet beendet. Dies ist
bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
durchgeführt: Starten Sie den Dienst neu..
Error - 23.05.2011 08:01:45 | Computer Name = SMITHEEEPC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
SRTSP SRTSPX
< End of report >
|
| Themen zu Windows XP Recovery Virus |
| 0x00000001, 7-zip, antivir, avira, bho, converter, desktop, disabletaskmgr, eraser, error, excel.exe, firefox, flash player, home, iexplore.exe, internet browser, kaspersky, logfile, mozilla, mozilla thunderbird, mp3, oldtimer, pdfforge toolbar, plug-in, realtek, registry, scan, sched.exe, searchplugins, security, senden, shell32.dll, shortcut, software, spigot, spyware.password, starten, super, system, virus, windows, windows internet, windows xp, windows-sicherheitscenter |
Baum-Darstellung