| |  Rechner langsam TR/FraudPack.apqc + EXP/Java.WebStart JAVA/Dldr.Agent.CI + CG
Danke für die nette Begrüßung und schnelle ANTWORT!
Wie gewünscht die Logfiles.
Anti Malware Vollscan: Zitat:
Malwarebytes' Anti-Malware 1.46
Malwarebytes
Datenbank Version: 4086
Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702
10.05.2010 22:13:30
mbam-log-2010-05-10 (22-13-30).txt
Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Durchsuchte Objekte: 155039
Laufzeit: 43 Minute(n), 45 Sekunde(n)
Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 0
Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)
Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)
Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)
Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)
Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)
Infizierte Dateien:
(Keine bösartigen Objekte gefunden)
| OTL file NR 1: Zitat:
OTL logfile created on: 10.05.2010 22:31:56 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\HATICE\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.013,00 Mb Total Physical Memory | 317,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 66,40 Gb Total Space | 52,67 Gb Free Space | 79,33% Space Free | Partition Type: NTFS
Drive D: | 8,12 Gb Total Space | 0,56 Gb Free Space | 6,90% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NEMIDANEM
Current User Name: HATICE
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - C:\Dokumente und Einstellungen\HATICE\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWTray.exe (Lavasoft)
PRC - C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
PRC - C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Windows Live\Contacts\wlcomm.exe (Microsoft Corporation)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\PSIService.exe ()
========== Modules (SafeList) ==========
MOD - C:\Dokumente und Einstellungen\HATICE\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (Micro Star SCM) -- File not found
SRV - (Lavasoft Ad-Aware Service) -- C:\Programme\Lavasoft\Ad-Aware\AAWService.exe (Lavasoft)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (ProtexisLicensing) -- C:\WINDOWS\system32\PSIService.exe ()
SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®)
========== Driver Services (SafeList) ==========
DRV - (Lbd) -- C:\WINDOWS\system32\DRIVERS\Lbd.sys (Lavasoft AB)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira GmbH)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira GmbH)
DRV - (avgio) -- C:\Programme\Avira\AntiVir Desktop\avgio.sys (Avira GmbH)
DRV - (RSUSBSTOR) -- C:\WINDOWS\system32\drivers\RTS5121.sys (Realtek Semiconductor Corporation)
DRV - (RTLE8023xp) -- C:\WINDOWS\system32\drivers\Rtenicxp.sys (Realtek Semiconductor Corporation )
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (SynTP) -- C:\WINDOWS\system32\drivers\SynTP.sys (Synaptics, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (RT80x86) -- C:\WINDOWS\system32\drivers\rt2860.sys (Ralink Technology, Corp.)
DRV - (iaStor) -- C:\WINDOWS\system32\DRIVERS\iaStor.sys (Intel Corporation)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
O1 HOSTS File: ([2008.04.14 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Programme\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UCam_Menu] C:\Programme\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [swg] C:\Programme\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Programme\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll (Google Inc.)
O8 - Extra context menu item: Öffnen mit WordPerfect - C:\Programme\WordPerfect Office X3\Programs\WPLauncher.hta ()
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1211625236765 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1266619161125 (MUWebControl Class)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\HATICE\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\HATICE\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.05.24 11:22:51 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007.02.08 10:48:36 | 000,000,655 | RH-- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009.08.04 00:01:30 | 000,000,100 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell - "" = AutoRun
O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{65dbbaf8-2a2a-11dd-86eb-0015afb79a11}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - C:\WINDOWS\System32\lsdelete.exe ()
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.05.10 22:28:29 | 000,570,880 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HATICE\Desktop\OTL.exe
[2010.05.10 01:19:21 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HATICE\Desktop\virus
[2010.05.09 23:09:50 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HATICE\Anwendungsdaten\Malwarebytes
[2010.05.09 23:09:42 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.05.09 23:09:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.05.09 23:09:38 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010.05.09 23:09:38 | 000,000,000 | ---D | C] -- C:\Programme\Malwarebytes' Anti-Malware
[2010.05.09 23:01:21 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\HATICE\Recent
[2010.05.09 22:44:51 | 000,000,000 | ---D | C] -- C:\Programme\CCleaner
[2010.05.09 16:50:35 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HATICE\Desktop\mp3 player
[2010.05.02 00:36:53 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HATICE\Lokale Einstellungen\Anwendungsdaten\Identities
[2010.04.15 00:31:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\HATICE\Eigene Dateien\Meine empfangenen Dateien
[2010.04.12 23:40:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.05.10 22:28:38 | 000,570,880 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\HATICE\Desktop\OTL.exe
[2010.05.10 22:06:16 | 000,001,088 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010.05.10 21:11:20 | 000,000,470 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010.05.10 21:08:39 | 000,001,084 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010.05.10 21:08:37 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010.05.10 21:08:33 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010.05.10 21:08:31 | 1062,526,976 | -HS- | M] () -- C:\hiberfil.sys
[2010.05.10 03:54:15 | 004,194,304 | ---- | M] () -- C:\Dokumente und Einstellungen\HATICE\ntuser.dat
[2010.05.10 03:54:15 | 000,000,190 | -HS- | M] () -- C:\Dokumente und Einstellungen\HATICE\ntuser.ini
[2010.05.10 01:46:54 | 000,000,213 | ---- | M] () -- C:\Dokumente und Einstellungen\HATICE\Desktop\Rechner langsam TR-FraudPack.apqc + EXP-Java.WebStart JAVA-Dldr.Agent.CI + CG - Trojaner-Board.url
[2010.05.10 00:25:00 | 000,050,160 | ---- | M] () -- C:\Dokumente und Einstellungen\HATICE\Lokale Einstellungen\Anwendungsdaten\GDIPFONTCACHEV1.DAT
[2010.05.09 23:24:05 | 000,173,080 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010.05.09 22:28:31 | 000,000,131 | ---- | M] () -- C:\Dokumente und Einstellungen\HATICE\Desktop\YouTube - Geniş Aile 21.Bölüm 10.Kısım 01 Aralık 2009 (HQ).url
[2010.05.09 16:48:14 | 000,000,000 | -H-- | M] () -- C:\WINDOWS\System32\drivers\UMDF\Msft_User_WpdMtpDr_01_00_00.Wdf
[2010.05.06 04:13:27 | 000,000,154 | ---- | M] () -- C:\Dokumente und Einstellungen\HATICE\Desktop\YouTube - Kanal von fulldizishowtv.url
[2010.05.05 13:37:08 | 000,015,880 | ---- | M] () -- C:\WINDOWS\System32\lsdelete.exe
[2010.04.29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.04.29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.05.10 01:46:54 | 000,000,213 | ---- | C] () -- C:\Dokumente und Einstellungen\HATICE\Desktop\Rechner langsam TR-FraudPack.apqc + EXP-Java.WebStart JAVA-Dldr.Agent.CI + CG - Trojaner-Board.url
[2010.05.09 22:28:31 | 000,000,131 | ---- | C] () -- C:\Dokumente und Einstellungen\HATICE\Desktop\YouTube - Geniş Aile 21.Bölüm 10.Kısım 01 Aralık 2009 (HQ).url
[2010.05.06 04:13:27 | 000,000,154 | ---- | C] () -- C:\Dokumente und Einstellungen\HATICE\Desktop\YouTube - Kanal von fulldizishowtv.url
[2010.02.23 17:57:52 | 000,001,004 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008.06.10 12:32:52 | 006,184,960 | ---- | C] () -- C:\WINDOWS\System32\RTS5121icon.dll
[2008.05.25 09:46:24 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.05.24 18:36:41 | 000,120,200 | ---- | C] () -- C:\WINDOWS\System32\DLLDEV32i.dll
[2008.05.24 18:36:39 | 000,006,768 | ---- | C] () -- C:\WINDOWS\mgxoschk.ini
[2008.05.24 12:07:04 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4906.dll
[2008.05.24 11:46:30 | 000,001,088 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008.05.24 11:38:53 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
< End of report >
| OTL file Nr 2 extras: Zitat:
OTL Extras logfile created on: 10.05.2010 22:31:56 - Run 1
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Dokumente und Einstellungen\HATICE\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1.013,00 Mb Total Physical Memory | 317,00 Mb Available Physical Memory | 31,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 73,00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 66,40 Gb Total Space | 52,67 Gb Free Space | 79,33% Space Free | Partition Type: NTFS
Drive D: | 8,12 Gb Total Space | 0,56 Gb Free Space | 6,90% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Computer Name: NEMIDANEM
Current User Name: HATICE
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\HATICE\Lokale Einstellungen\Temp\alg.exe" = C:\Dokumente und Einstellungen\HATICE\Lokale Einstellungen\Temp\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Programme\MSN Messenger\livecall.exe" = C:\Programme\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found
"C:\Programme\Windows Live\Messenger\wlcsdk.exe" = C:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Dokumente und Einstellungen\HATICE\Lokale Einstellungen\Temp\alg.exe" = C:\Dokumente und Einstellungen\HATICE\Lokale Einstellungen\Temp\alg.exe:*:Enabled:Application Layer Gateway Service -- File not found
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5
"{338F08AB-C262-42C7-B000-34DE1A475273}" = Ad-Aware Email Scanner for Outlook
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{54DB13F1-0CE0-4BAB-BD5F-7DE150C043C8}" = WordPerfect Office X3
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows-Sicherungsprogramm
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A81200000003}" = Adobe Reader 8.1.2 - Deutsch
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D10CB652-9332-4242-B7A9-2D61570144F7}" = USB 2.0 Card Reader
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E0091C29-DEE8-4B24-BF65-8C35B5940D77}" = Letstrade
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F3D92514-CD5D-4E96-BE88-8258EB9BF85A}" = Azurewave Wireless LAN
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"Ad-Aware" = Ad-Aware
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"CCleaner" = CCleaner
"Firebird SQL Server D" = Firebird SQL Server - MAGIX Edition
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free Audio Dub_is1" = Free Audio Dub version 1.5
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"LetsTrade" = LetsTrade Komponenten
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Messenger Plus! Live" = Messenger Plus! Live
"Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Uninstall_is1" = Uninstall 1.0.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 16.04.2010 11:55:40 | Computer Name = NEMIDANEM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung SynTPEnh.exe, Version 10.2.3.0, fehlgeschlagenes
Modul SynTPEnh.exe, Version 10.2.3.0, Fehleradresse 0x000297cc.
Error - 18.04.2010 03:20:30 | Computer Name = NEMIDANEM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung SynTPEnh.exe, Version 10.2.3.0, fehlgeschlagenes
Modul SynTPEnh.exe, Version 10.2.3.0, Fehleradresse 0x000297cc.
Error - 20.04.2010 12:41:51 | Computer Name = NEMIDANEM | Source = Application Hang | ID = 1002
Description = Stillstehende Anwendung iexplore.exe, Version 8.0.6001.18702, Stillstandmodul
hungapp, Version 0.0.0.0, Stillstandadresse 0x00000000.
Error - 22.04.2010 03:29:43 | Computer Name = NEMIDANEM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung SynTPEnh.exe, Version 10.2.3.0, fehlgeschlagenes
Modul SynTPEnh.exe, Version 10.2.3.0, Fehleradresse 0x000297cc.
Error - 26.04.2010 09:33:20 | Computer Name = NEMIDANEM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung SynTPEnh.exe, Version 10.2.3.0, fehlgeschlagenes
Modul SynTPEnh.exe, Version 10.2.3.0, Fehleradresse 0x000297cc.
Error - 28.04.2010 08:56:43 | Computer Name = NEMIDANEM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung SynTPEnh.exe, Version 10.2.3.0, fehlgeschlagenes
Modul SynTPEnh.exe, Version 10.2.3.0, Fehleradresse 0x000297cc.
Error - 29.04.2010 21:50:23 | Computer Name = NEMIDANEM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung SynTPEnh.exe, Version 10.2.3.0, fehlgeschlagenes
Modul SynTPEnh.exe, Version 10.2.3.0, Fehleradresse 0x000297cc.
Error - 05.05.2010 05:09:46 | Computer Name = NEMIDANEM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung SynTPEnh.exe, Version 10.2.3.0, fehlgeschlagenes
Modul SynTPEnh.exe, Version 10.2.3.0, Fehleradresse 0x000297cc.
Error - 05.05.2010 13:24:56 | Computer Name = NEMIDANEM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung SynTPEnh.exe, Version 10.2.3.0, fehlgeschlagenes
Modul SynTPEnh.exe, Version 10.2.3.0, Fehleradresse 0x000297cc.
Error - 06.05.2010 11:10:45 | Computer Name = NEMIDANEM | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung SynTPEnh.exe, Version 10.2.3.0, fehlgeschlagenes
Modul SynTPEnh.exe, Version 10.2.3.0, Fehleradresse 0x000297cc.
[ System Events ]
Error - 08.05.2010 10:57:32 | Computer Name = NEMIDANEM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 08.05.2010 16:45:44 | Computer Name = NEMIDANEM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 09.05.2010 06:38:03 | Computer Name = NEMIDANEM | Source = Dhcp | ID = 1002
Description = Die IP-Adresslease 192.168.1.2 für die Netzwerkkarte mit der Netzwerkadresse
0015AF9EE534 wurde durch den DHCP-Server 192.168.0.1 abgelehnt (der DHCP-Server
hat eine DHCPNACK-Meldung gesendet).
Error - 09.05.2010 06:38:10 | Computer Name = NEMIDANEM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 09.05.2010 10:41:17 | Computer Name = NEMIDANEM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 09.05.2010 12:56:55 | Computer Name = NEMIDANEM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 09.05.2010 17:24:11 | Computer Name = NEMIDANEM | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
wurde angehalten.
Error - 09.05.2010 17:24:17 | Computer Name = NEMIDANEM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 09.05.2010 19:24:18 | Computer Name = NEMIDANEM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
Error - 10.05.2010 15:08:42 | Computer Name = NEMIDANEM | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Micro Star SCM" wurde aufgrund folgenden Fehlers nicht
gestartet: %%2
< End of report >
|
Das wars...
Gruß
Nemidanem
|
10.05.2010, 00:44
Linear-Darstellung
