Morgen Arne,
da war ich wohl was übereifrig und habe bereits alte Scans gelöscht da es vorgestern ja bereits mal weg war.
Habe hier aber noch einen alten Scan den ich im Administratorkonte erstellt hatte.
Log Malewarebytes Code:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org
Database version: 4165
Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702
3.6.2010 13:47:39
mbam-log-2010-06-03 (13-47-39).txt
Scan type: Full scan (C:\|D:\|E:\|G:\|H:\|I:\|J:\|K:\|L:\|M:\|N:\|)
Objects scanned: 270678
Time elapsed: 23 minute(s), 43 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 14
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\avsoft (Trojan.Fraudpack) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted successfully.
Registry Values Infected:
(No malicious items detected)
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
(No malicious items detected)
Files Infected:
C:\System Volume Information\_restore{AD0C5DE3-CF94-42F2-B783-C176C0D1986F}\RP320\A0040485.exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
J:\Dokumente und Einstellungen\HelpAssistant\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4LY2A9Y4\oriqbjdp[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
J:\Dokumente und Einstellungen\HelpAssistant\Lokale Einstellungen\Temporary Internet Files\Content.IE5\AE3PCX4E\boappsdl[1].exe (Rootkit.TDSS.Gen) -> Quarantined and deleted successfully.
J:\Dokumente und Einstellungen\HelpAssistant\Lokale Einstellungen\Temporary Internet Files\Content.IE5\B5LJA8J0\rvqxfn[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
J:\Dokumente und Einstellungen\HelpAssistant\Lokale Einstellungen\Temporary Internet Files\Content.IE5\WGHW1YH0\hypwhc[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
J:\Dokumente und Einstellungen\HelpAssistant\Lokale Einstellungen\Temporary Internet Files\Content.IE5\YLXKTWEC\fwelcx[1].htm (Rootkit.Agent) -> Quarantined and deleted successfully.
J:\Dokumente und Einstellungen\HelpAssistant\Lokale Einstellungen\Temporary Internet Files\Content.IE5\ZCLTHW90\oriqbjdp[1].htm (Trojan.Downloader) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{AD0C5DE3-CF94-42F2-B783-C176C0D1986F}\RP313\A0038417.exe (Trojan.Pakes.) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{AD0C5DE3-CF94-42F2-B783-C176C0D1986F}\RP319\A0040420.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{AD0C5DE3-CF94-42F2-B783-C176C0D1986F}\RP319\A0040421.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{AD0C5DE3-CF94-42F2-B783-C176C0D1986F}\RP319\A0040422.dll (Trojan.GootKit) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{AD0C5DE3-CF94-42F2-B783-C176C0D1986F}\RP319\A0040423.sys (Rootkit.Tent) -> Quarantined and deleted successfully.
J:\System Volume Information\_restore{AD0C5DE3-CF94-42F2-B783-C176C0D1986F}\RP319\A0040424.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
N:\System Volume Information\_restore{50106703-844E-461A-9CD7-0A4C4AB7BA99}\RP82\A0017699.exe (Backdoor.Bifrose) -> Quarantined and deleted successfully. Hier die beiden OTL
OTL.TXT Code:
OTL logfile created on: 6.6.2010 08:45:48 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = J:\Dokumente und Einstellungen\ELA_BRENNEN\Desktop\Trojaner Board
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): J:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = J: | %SystemRoot% = J:\WINDOWS | %ProgramFiles% = J:\Programme
Drive C: | 149,04 Gb Total Space | 147,92 Gb Free Space | 99,25% Space Free | Partition Type: NTFS
Drive D: | 5,92 Gb Total Space | 0,89 Gb Free Space | 14,98% Space Free | Partition Type: NTFS
Drive E: | 262,87 Gb Total Space | 43,22 Gb Free Space | 16,44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 29,29 Gb Total Space | 9,28 Gb Free Space | 31,66% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 843,78 Gb Free Space | 90,58% Space Free | Partition Type: NTFS
Computer Name: MTDVD
Current User Name: ELA_BRENNEN
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Processes (SafeList) ==========
PRC - J:\Dokumente und Einstellungen\ELA_BRENNEN\Desktop\Trojaner Board\OTL.exe (OldTimer Tools)
PRC - J:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - J:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
PRC - J:\Programme\Kaspersky Lab\Kaspersky PURE\klwtblfs.exe (Kaspersky Lab)
PRC - J:\Programme\Gemeinsame Dateien\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
PRC - J:\Programme\Roxio 2010\Roxio Burn\Roxio Burn.exe ()
PRC - J:\Programme\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ()
PRC - J:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - J:\Programme\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
PRC - J:\Programme\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
PRC - J:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
PRC - L:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
PRC - J:\WINDOWS\SMINST\Scheduler.exe ()
========== Modules (SafeList) ==========
MOD - J:\Dokumente und Einstellungen\ELA_BRENNEN\Desktop\Trojaner Board\OTL.exe (OldTimer Tools)
MOD - J:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)
========== Win32 Services (SafeList) ==========
SRV - (AVP) -- J:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
SRV - (CSObjectsSrv) -- J:\Programme\Gemeinsame Dateien\InfoWatch\CryptoStorage\ProtectedObjectsSrv.exe (Infowatch)
SRV - (SandraAgentSrv) -- J:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe (SiSoftware)
SRV - (RoxWatch12) -- J:\Programme\Gemeinsame Dateien\Roxio Shared\12.0\SharedCOM\RoxWatch12.exe (Sonic Solutions)
SRV - (RoxMediaDB12) -- J:\Programme\Gemeinsame Dateien\Roxio Shared\12.0\SharedCOM\RoxMediaDB12.exe (Sonic Solutions)
SRV - (Norton Ghost) -- J:\Programme\Norton Ghost\Agent\VProSvc.exe (Symantec Corporation)
SRV - (SymSnapService) -- J:\Programme\Norton Ghost\Shared\Drivers\SymSnapService.exe (Symantec)
SRV - (LiveUpdate) -- J:\Programme\Symantec\LiveUpdate\LuComServer_3_2.EXE (Symantec Corporation)
SRV - (StarWindServiceAE) -- L:\Alcohol 120\StarWind\StarWindServiceAE.exe (Rocket Division Software)
SRV - (IDriverT) -- J:\Programme\Gemeinsame Dateien\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
========== Driver Services (SafeList) ==========
DRV - (KLIF) -- J:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (atksgt) -- J:\WINDOWS\system32\drivers\atksgt.sys ()
DRV - (lirsgt) -- J:\WINDOWS\system32\drivers\lirsgt.sys ()
DRV - (seehcri) -- J:\WINDOWS\system32\drivers\seehcri.sys (Sony Ericsson Mobile Communications)
DRV - (CSCrySec) -- J:\WINDOWS\system32\DRIVERS\CSCrySec.sys (Infowatch)
DRV - (CSVirtualDiskDrv) -- J:\WINDOWS\system32\drivers\CSVirtualDiskDrv.sys (Infowatch)
DRV - (ithsgt) -- J:\WINDOWS\system32\drivers\ithsgt.sys ()
DRV - (lilsgt) -- J:\WINDOWS\system32\drivers\lilsgt.sys ()
DRV - (sptd) -- J:\WINDOWS\System32\Drivers\sptd.sys ()
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- J:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (KLBG) -- J:\WINDOWS\system32\DRIVERS\klbg.sys (Kaspersky Lab)
DRV - (klmouflt) -- J:\WINDOWS\system32\drivers\klmouflt.sys (Kaspersky Lab)
DRV - (nv) -- J:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (klim5) -- J:\WINDOWS\system32\drivers\klim5.sys (Kaspersky Lab)
DRV - (kl1) -- J:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab)
DRV - (SANDRA) -- J:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\sandra.sys (SiSoftware)
DRV - (acedrv11) -- J:\WINDOWS\system32\drivers\acedrv11.sys (Protect Software GmbH)
DRV - (HDAudBus) -- J:\WINDOWS\system32\drivers\hdaudbus.sys (Windows (R) Server 2003 DDK provider)
DRV - (DumpDrv) -- J:\WINDOWS\system32\drivers\dumpdrv.sys (Microsoft Corporation)
DRV - (Aspi32) -- J:\WINDOWS\system32\drivers\aspi32.sys (Adaptec)
DRV - (WimFltr) -- J:\WINDOWS\system32\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (v2imount) -- J:\WINDOWS\system32\drivers\v2imount.sys (Symantec Corporation)
DRV - (VPROEVENTMONITOR) -- J:\WINDOWS\system32\drivers\vproeventmonitor.sys (Symantec Corporation)
DRV - (Si3112) -- J:\WINDOWS\system32\drivers\si3112.sys (Silicon Image, Inc.)
DRV - (symsnap) -- J:\WINDOWS\system32\DRIVERS\symsnap.sys (StorageCraft)
DRV - (AsIO) -- J:\WINDOWS\system32\drivers\AsIO.sys ()
DRV - (c2scsi) -- J:\WINDOWS\system32\drivers\c2scsi.sys (Sonic Solutions)
DRV - (speedfan) -- J:\WINDOWS\system32\speedfan.sys (Windows (R) 2000 DDK provider)
DRV - (nvnetbus) -- J:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- J:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (AmdK8) -- J:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)
DRV - (nvatabus) -- J:\WINDOWS\system32\DRIVERS\nvatabus.sys (NVIDIA Corporation)
DRV - (giveio) -- J:\WINDOWS\system32\giveio.sys ()
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
FF - HKLM\software\mozilla\Thunderbird\Extensions\\{eea12ec4-729d-4703-bc37-106ce9879ce2}: J:\Programme\Kaspersky Lab\Kaspersky PURE\THBExt [2010.06.03 15:10:23 | 000,000,000 | ---D | M]
O1 HOSTS File: ([2010.06.04 19:15:02 | 000,403,841 | ---- | M]) - J:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 ad.ghura.pl
O1 - Hosts: 127.0.0.1 ircgalaxy.pl
O1 - Hosts: 127.0.0.1 ru.brans.pl
O1 - Hosts: 127.0.0.1 zief.pl
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 13968 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - J:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - J:\Programme\Kaspersky Lab\Kaspersky PURE\ievkbd.dll (Kaspersky Lab)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - J:\Programme\Gemeinsame Dateien\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - J:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] J:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] J:\Programme\Kaspersky Lab\Kaspersky PURE\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [Desktop Disc Tool] J:\Programme\Roxio 2010\Roxio Burn\RoxioBurnLauncher.exe ()
O4 - HKLM..\Run: [Norton Ghost 14.0] J:\Programme\Norton Ghost\Agent\VProTray.exe (Symantec Corporation)
O4 - HKLM..\Run: [NvCplDaemon] J:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] J:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] J:\Programme\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [Reminder] J:\WINDOWS\CREATOR\Remind_XP.exe ()
O4 - HKLM..\Run: [Scheduler] J:\WINDOWS\SMINST\Scheduler.exe ()
O4 - HKLM..\Run: [SunJavaUpdateSched] J:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - J:\Programme\Kaspersky Lab\Kaspersky PURE\ie_banner_deny.htm ()
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - J:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - J:\Programme\Kaspersky Lab\Kaspersky PURE\klwtbbho.dll (Kaspersky Lab)
O16 - DPF: {2665693B-C4F3-434B-83DB-7574CF50C8B7} hxxp://www.kaspersky.com/downloads/misc/kasperskylicensefinder.cab (Kaspersky License Finder)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - J:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - J:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - J:\WINDOWS\system32\klogon.dll - J:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: J:\Dokumente und Einstellungen\ELA_BRENNEN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: J:\Dokumente und Einstellungen\ELA_BRENNEN\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.10.31 10:29:50 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010.06.03 21:48:03 | 000,000,000 | ---- | M] () - J:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2010.06.06 08:37:33 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Anwendungsdaten\Sonic
[2010.06.05 20:05:28 | 000,000,000 | ---D | C] -- J:\Programme\ESET
[2010.06.05 19:36:09 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Desktop\Trojaner Board
[2010.06.05 16:52:49 | 000,000,000 | RH-D | C] -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Recent
[2010.06.05 16:50:01 | 000,000,000 | ---D | C] -- J:\Trojanerboard
[2010.06.05 15:46:53 | 000,000,000 | ---D | C] -- J:\Programme\trend micro
[2010.06.05 15:46:52 | 000,000,000 | ---D | C] -- J:\rsit
[2010.06.04 21:42:25 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- J:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010.06.04 21:42:24 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- J:\WINDOWS\System32\drivers\mbam.sys
[2010.06.03 21:47:47 | 000,000,000 | ---D | C] -- J:\Programme\Enigma Software Group
[2010.06.03 21:47:32 | 000,000,000 | ---D | C] -- J:\WINDOWS\4FC9DA9DF608454E8191D7EFFDCC5726.TMP
[2010.06.03 21:47:28 | 000,000,000 | ---D | C] -- J:\Programme\Gemeinsame Dateien\Wise Installation Wizard
[2010.06.03 20:28:14 | 000,000,000 | ---D | C] -- J:\Programme\CCleaner
[2010.06.03 15:10:26 | 000,039,352 | ---- | C] (Infowatch) -- J:\WINDOWS\System32\drivers\CSVirtualDiskDrv.sys
[2010.06.03 15:10:25 | 000,088,632 | ---- | C] (Infowatch) -- J:\WINDOWS\System32\drivers\CSCrySec.sys
[2010.06.03 15:09:46 | 000,000,000 | ---D | C] -- J:\Programme\Gemeinsame Dateien\InfoWatch
[2010.06.03 15:09:45 | 000,000,000 | ---D | C] -- J:\Programme\Kaspersky Lab
[2010.06.03 15:09:45 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab
[2010.06.03 15:09:28 | 000,315,408 | ---- | C] (Kaspersky Lab) -- J:\WINDOWS\System32\drivers\klif.sys
[2010.06.03 15:04:19 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Kaspersky Lab Setup Files
[2010.06.03 14:23:22 | 000,000,000 | -HSD | C] -- J:\WINDOWS\CSC
[2010.06.03 08:06:14 | 000,000,000 | ---D | C] -- J:\Programme\Spybot - Search & Destroy
[2010.06.03 08:06:14 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Spybot - Search & Destroy
[2010.06.03 07:57:27 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Macromedia
[2010.06.03 00:13:33 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\NetworkService\Anwendungsdaten\Adobe
[2010.06.03 00:01:29 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Anwendungsdaten\Malwarebytes
[2010.06.03 00:01:17 | 000,000,000 | ---D | C] -- J:\Programme\Malwarebytes' Anti-Malware
[2010.06.03 00:01:17 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Malwarebytes
[2010.06.02 23:14:16 | 000,182,656 | ---- | C] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\ndis.sys
[2010.06.02 23:12:44 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Lokale Einstellungen\Anwendungsdaten\bertsywnv
[2010.05.09 19:06:53 | 000,244,608 | ---- | C] (Sonic Solutions) -- J:\WINDOWS\System32\drivers\c2scsi.sys
[2010.05.08 20:35:04 | 000,000,000 | ---D | C] -- J:\Programme\Orban
[2010.05.08 06:09:46 | 000,000,000 | ---D | C] -- J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Sun
[2010.05.08 06:09:38 | 000,411,368 | ---- | C] (Sun Microsystems, Inc.) -- J:\WINDOWS\System32\deployJava1.dll
[329 J:\WINDOWS\*.tmp files -> J:\WINDOWS\*.tmp -> ]
[3 J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[1 J:\WINDOWS\System32\*.tmp files -> J:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2010.06.06 08:49:22 | 008,126,464 | -H-- | M] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\NTUSER.DAT
[2010.06.06 08:36:17 | 000,029,184 | ---- | M] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.06.06 08:29:06 | 000,002,206 | ---- | M] () -- J:\WINDOWS\System32\wpa.dbl
[2010.06.06 08:27:17 | 000,253,748 | ---- | M] () -- J:\WINDOWS\System32\NvApps.xml
[2010.06.06 08:27:13 | 000,000,006 | -H-- | M] () -- J:\WINDOWS\tasks\SA.DAT
[2010.06.06 08:27:12 | 000,002,048 | --S- | M] () -- J:\WINDOWS\bootstat.dat
[2010.06.05 23:46:01 | 000,004,096 | -HS- | M] () -- J:\VSNAP.IDX
[2010.06.05 23:45:28 | 004,314,876 | -H-- | M] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Lokale Einstellungen\Anwendungsdaten\IconCache.db
[2010.06.05 19:54:28 | 000,000,454 | ---- | M] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Desktop\Verknüpfung mit ParNRar.exe.lnk
[2010.06.05 16:53:53 | 000,000,744 | ---- | M] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Eigene Dateien\cc_20100605_165348.reg
[2010.06.05 15:48:01 | 000,000,190 | -HS- | M] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\ntuser.ini
[2010.06.04 22:05:47 | 001,069,422 | ---- | M] () -- J:\WINDOWS\System32\PerfStringBackup.INI
[2010.06.04 22:05:47 | 000,458,806 | ---- | M] () -- J:\WINDOWS\System32\perfh007.dat
[2010.06.04 22:05:47 | 000,440,820 | ---- | M] () -- J:\WINDOWS\System32\perfh009.dat
[2010.06.04 22:05:47 | 000,084,716 | ---- | M] () -- J:\WINDOWS\System32\perfc007.dat
[2010.06.04 22:05:47 | 000,071,138 | ---- | M] () -- J:\WINDOWS\System32\perfc009.dat
[2010.06.04 19:55:15 | 000,005,408 | ---- | M] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Eigene Dateien\cc_20100604_195512.reg
[2010.06.04 19:15:02 | 000,403,841 | ---- | M] () -- J:\WINDOWS\System32\drivers\etc\hosts
[2010.06.04 18:54:11 | 000,000,660 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Desktop\Zuma’s Revenge! Abenteuer.lnk
[2010.06.04 18:53:33 | 000,000,476 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Desktop\Alcohol 120%.lnk
[2010.06.03 21:48:03 | 000,000,000 | ---- | M] () -- J:\autoexec.bat
[2010.06.03 21:39:44 | 000,000,448 | ---- | M] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Eigene Dateien\cc_20100603_213941.reg
[2010.06.03 21:39:26 | 000,001,410 | ---- | M] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Eigene Dateien\cc_20100603_213922.reg
[2010.06.03 21:38:05 | 000,031,938 | ---- | M] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Eigene Dateien\cc_20100603_213801.reg
[2010.06.03 18:14:13 | 000,001,410 | ---- | M] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Eigene Dateien\cc_20100603_181408.reg
[2010.06.03 18:11:15 | 000,031,642 | ---- | M] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Eigene Dateien\cc_20100603_181106.reg
[2010.06.03 17:18:43 | 000,000,532 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Desktop\Die Traumvilla.lnk
[2010.06.03 16:00:40 | 000,182,656 | ---- | M] (Microsoft Corporation) -- J:\WINDOWS\System32\dllcache\ndis.sys
[2010.06.03 15:17:45 | 000,113,933 | ---- | M] () -- J:\WINDOWS\System32\drivers\klin.dat
[2010.06.03 15:17:24 | 000,097,549 | ---- | M] () -- J:\WINDOWS\System32\drivers\klick.dat
[2010.06.03 15:11:49 | 000,000,038 | ---- | M] () -- J:\WINDOWS\System32\online_{1c38cbec-b0e8-4b36-80d0-597eae212d0d}
[2010.06.03 15:11:48 | 000,000,038 | ---- | M] () -- J:\WINDOWS\System32\{1c38cbec-b0e8-4b36-80d0-597eae212d0d}
[2010.06.03 15:09:28 | 000,315,408 | ---- | M] (Kaspersky Lab) -- J:\WINDOWS\System32\drivers\klif.sys
[2010.06.03 14:32:30 | 000,403,841 | R--- | M] () -- J:\WINDOWS\System32\drivers\etc\hosts.20100603-194504.backup
[2010.06.03 13:53:30 | 000,403,841 | R--- | M] () -- J:\WINDOWS\System32\drivers\etc\hosts.20100603-143230.backup
[2010.06.03 13:34:22 | 000,000,552 | ---- | M] () -- J:\WINDOWS\System32\d3d8caps.dat
[2010.06.03 08:31:56 | 000,403,841 | R--- | M] () -- J:\WINDOWS\System32\drivers\etc\hosts.20100603-135330.backup
[2010.06.02 23:14:59 | 000,000,909 | ---- | M] () -- J:\WINDOWS\System32\drivers\etc\hosts.20100603-083156.backup
[2010.05.29 16:29:23 | 000,000,616 | ---- | M] () -- J:\Dokumente und Einstellungen\All Users\Desktop\Ela.lnk
[2010.05.29 10:00:22 | 000,001,984 | ---- | M] () -- J:\WINDOWS\System32\d3d9caps.dat
[2010.05.08 20:35:05 | 000,000,813 | ---- | M] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Desktop\AAC-aacPlus Plugin Read Me.lnk
[2010.05.08 20:35:04 | 000,001,611 | ---- | M] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Desktop\Tuner2 - your ears will know.lnk
[329 J:\WINDOWS\*.tmp files -> J:\WINDOWS\*.tmp -> ]
[3 J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[1 J:\WINDOWS\System32\*.tmp files -> J:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2010.06.05 16:53:52 | 000,000,744 | ---- | C] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Eigene Dateien\cc_20100605_165348.reg
[2010.06.04 19:55:14 | 000,005,408 | ---- | C] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Eigene Dateien\cc_20100604_195512.reg
[2010.06.03 21:48:03 | 000,000,000 | ---- | C] () -- J:\autoexec.bat
[2010.06.03 21:39:43 | 000,000,448 | ---- | C] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Eigene Dateien\cc_20100603_213941.reg
[2010.06.03 21:39:24 | 000,001,410 | ---- | C] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Eigene Dateien\cc_20100603_213922.reg
[2010.06.03 21:38:04 | 000,031,938 | ---- | C] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Eigene Dateien\cc_20100603_213801.reg
[2010.06.03 18:14:12 | 000,001,410 | ---- | C] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Eigene Dateien\cc_20100603_181408.reg
[2010.06.03 18:11:12 | 000,031,642 | ---- | C] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Eigene Dateien\cc_20100603_181106.reg
[2010.06.03 15:11:49 | 000,000,038 | ---- | C] () -- J:\WINDOWS\System32\online_{1c38cbec-b0e8-4b36-80d0-597eae212d0d}
[2010.06.03 15:11:48 | 000,000,038 | ---- | C] () -- J:\WINDOWS\System32\{1c38cbec-b0e8-4b36-80d0-597eae212d0d}
[2010.06.03 15:10:46 | 000,113,933 | ---- | C] () -- J:\WINDOWS\System32\drivers\klin.dat
[2010.06.03 15:10:46 | 000,097,549 | ---- | C] () -- J:\WINDOWS\System32\drivers\klick.dat
[2010.06.03 13:34:22 | 000,000,552 | ---- | C] () -- J:\WINDOWS\System32\d3d8caps.dat
[2010.05.08 20:35:04 | 000,001,611 | ---- | C] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Desktop\Tuner2 - your ears will know.lnk
[2010.05.08 20:35:04 | 000,000,813 | ---- | C] () -- J:\Dokumente und Einstellungen\ELA_BRENNEN\Desktop\AAC-aacPlus Plugin Read Me.lnk
[2010.04.21 16:26:05 | 000,024,576 | ---- | C] () -- J:\WINDOWS\System32\AsIO.dll
[2010.04.21 16:26:05 | 000,012,400 | ---- | C] () -- J:\WINDOWS\System32\drivers\AsIO.sys
[2010.04.21 16:25:57 | 000,001,746 | ---- | C] () -- J:\WINDOWS\Language_trs.ini
[2010.03.17 18:16:00 | 000,278,984 | ---- | C] () -- J:\WINDOWS\System32\drivers\atksgt.sys
[2010.03.17 18:16:00 | 000,025,416 | ---- | C] () -- J:\WINDOWS\System32\drivers\lirsgt.sys
[2010.03.17 18:11:58 | 000,000,023 | ---- | C] () -- J:\WINDOWS\launcher.ini
[2010.01.30 20:53:03 | 000,000,034 | ---- | C] () -- J:\WINDOWS\cdplayer.ini
[2009.12.19 23:07:12 | 000,005,120 | ---- | C] () -- J:\WINDOWS\System32\ff_vfw.dll
[2009.12.19 23:07:12 | 000,000,547 | ---- | C] () -- J:\WINDOWS\System32\ff_vfw.dll.manifest
[2009.11.21 22:46:59 | 000,162,432 | ---- | C] () -- J:\WINDOWS\System32\drivers\ithsgt.sys
[2009.11.21 22:46:59 | 000,012,032 | ---- | C] () -- J:\WINDOWS\System32\drivers\lilsgt.sys
[2009.11.08 21:13:43 | 000,716,272 | ---- | C] () -- J:\WINDOWS\System32\drivers\sptd.sys
[2009.10.31 10:25:55 | 000,394,752 | ---- | C] () -- J:\WINDOWS\System32\cygwinb19.dll
[2008.04.12 09:56:36 | 001,800,192 | ---- | C] () -- J:\WINDOWS\System32\hmtcdres.dll
[2008.04.12 09:56:33 | 000,394,240 | ---- | C] () -- J:\WINDOWS\System32\hmtcd.dll
[2008.01.20 15:15:43 | 000,000,342 | ---- | C] () -- J:\WINDOWS\System32\Oeminfo.ini
[2004.01.30 16:07:46 | 000,245,408 | ---- | C] () -- J:\WINDOWS\System32\unicows.dll
[1996.04.03 21:33:26 | 000,005,248 | ---- | C] () -- J:\WINDOWS\System32\giveio.sys
========== Alternate Data Streams ==========
@Alternate Data Stream - 156 bytes -> J:\Dokumente und Einstellungen\ELA_BRENNEN\Desktop\Postal2.eXe:SummaryInformation
@Alternate Data Stream - 118 bytes -> J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:7881FECE
@Alternate Data Stream - 116 bytes -> J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:48FEA089
@Alternate Data Stream - 111 bytes -> J:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:EC2381A4
< End of report > EXTRA.TXT Code:
OTL Extras logfile created on: 6.6.2010 08:45:48 - Run 1
OTL by OldTimer - Version 3.2.5.3 Folder = J:\Dokumente und Einstellungen\ELA_BRENNEN\Desktop\Trojaner Board
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: d.M.yyyy
3,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 75,00% Memory free
5,00 Gb Paging File | 4,00 Gb Available in Paging File | 89,00% Paging File free
Paging file location(s): J:\pagefile.sys 2046 4092 [binary data]
%SystemDrive% = J: | %SystemRoot% = J:\WINDOWS | %ProgramFiles% = J:\Programme
Drive C: | 149,04 Gb Total Space | 147,92 Gb Free Space | 99,25% Space Free | Partition Type: NTFS
Drive D: | 5,92 Gb Total Space | 0,89 Gb Free Space | 14,98% Space Free | Partition Type: NTFS
Drive E: | 262,87 Gb Total Space | 43,22 Gb Free Space | 16,44% Space Free | Partition Type: NTFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 29,29 Gb Total Space | 9,28 Gb Free Space | 31,66% Space Free | Partition Type: NTFS
Drive L: | 931,51 Gb Total Space | 843,78 Gb Free Space | 90,58% Space Free | Partition Type: NTFS
Computer Name: MTDVD
Current User Name: ELA_BRENNEN
Logged in as Administrator.
Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" =
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5605:TCP" = 5605:TCP:*:Enabled:Services
"9710:TCP" = 9710:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"2257:TCP" = 2257:TCP:*:Enabled:Services
"3014:TCP" = 3014:TCP:*:Enabled:Services
"9863:TCP" = 9863:TCP:*:Enabled:Services
"9864:TCP" = 9864:TCP:*:Enabled:Services
"5395:TCP" = 5395:TCP:*:Enabled:Services
"9290:TCP" = 9290:TCP:*:Enabled:Services
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"44580:TCP" = 44580:TCP:*:Enabled:System16
"65533:TCP" = 65533:TCP:*:Enabled:Services
"52344:TCP" = 52344:TCP:*:Enabled:Services
"5605:TCP" = 5605:TCP:*:Enabled:Services
"9710:TCP" = 9710:TCP:*:Enabled:Services
"3389:TCP" = 3389:TCP:*:Enabled:Remote Desktop
"2257:TCP" = 2257:TCP:*:Enabled:Services
"3014:TCP" = 3014:TCP:*:Enabled:Services
"9863:TCP" = 9863:TCP:*:Enabled:Services
"9864:TCP" = 9864:TCP:*:Enabled:Services
"5395:TCP" = 5395:TCP:*:Enabled:Services
"9290:TCP" = 9290:TCP:*:Enabled:Services
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"J:\Programme\Windows Live\Messenger\wlcsdk.exe" = J:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"J:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe" = J:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"J:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe" = J:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP4\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"J:\Programme\TeamViewer\Version4\TeamViewer.exe" = J:\Programme\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application -- (TeamViewer GmbH)
"J:\WINDOWS\SMINST\Scheduler.exe" = J:\WINDOWS\SMINST\Scheduler.exe:*:Enabled:Scheduler -- ()
"J:\Programme\Windows Live\Messenger\wlcsdk.exe" = J:\Programme\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"J:\Programme\Sony Ericsson\Update Service\Update Service.exe" = J:\Programme\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service -- ()
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{026B0D6F-C5E5-4950-AB17-66B2335E6160}" = Roxio WinOnCD 2010
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0819E89D-6214-4B6F-A18D-4633CB4E0E4A}" = Softwareupdate für Webordner
"{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 20
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java(TM) 6 Update 3
"{3F9F7336-6DF8-476F-ABF6-C70A17FAF619}" = ST Wiederherstellungs- & Sicherungsprogramme
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{5A06423A-210C-49FB-950E-CB0EB8C5CEC7}" = Roxio BackOnTrack
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{60356853-9941-8377-6786-285351479053}" = Die Traumvilla
"{60B2315F-680F-4EB3-B8DD-CCDC86A7CCAB}" = Roxio File Backup
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{733CDF24-0A93-426E-AA89-DF281EB54793}" = Roxio CinePlayer
"{74DC8A26-4E05-40B6-AD11-C9428A1AE150}" = Roxio WinOnCD 2010
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86DDDAAD-AEB9-42E5-BE01-0E8FABD2BB29}" = Roxio Video Capture USB
"{89A15676-78AE-4D51-BF5B-DEE3E0D46C94}" = Roxio WinOnCD 2010
"{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A00EC4E-27E1-42C4-98DD-662F32AC8870}" = Roxio CinePlayer Decoder Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A121EEDE-C68F-461D-91AA-D48BA226AF1C}" = Roxio Activation Module
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A33E7B0C-B99C-4EC9-B702-8A328B161AF9}" = Roxio Burn
"{A35A3F7A-D70A-49df-B4F5-B6A4CDC185CC}" = HP Photosmart C4340 All-In-One Driver 11.0 Rel .3
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.2 - Deutsch
"{AF9E97C1-7431-426D-A8D5-ABE40995C0B1}" = DirectX 9 Runtime
"{B0255743-165B-4BD5-8DA8-37DFB9930014}" = Norton Ghost
"{BA10AC78-E687-4523-8B93-540428FC256F}" = Fahrenheit
"{BC073E47-100A-4DB3-9D05-7072FC3ECB8A}" = PS_AIO_03_C4340_Software_Min
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = AMD Processor Driver
"{C2C284D2-6BD7-3B34-B0C5-B2CAED168DF7}" = Microsoft .NET Framework 3.0 Service Pack 2 Language Pack - DEU
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP4
"{C314CE45-3392-3B73-B4E1-139CD41CA933}" = Microsoft .NET Framework 2.0 Service Pack 2 Language Pack - DEU
"{C89B5E3A-690F-4CEE-909A-BF869E198B0A}" = Scan
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DB0A8A2A-4EA7-4FE3-802E-8A6DEE32696C}_is1" = Orban/Coding Technologies AAC/aacPlus Player Plugin™ 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{E96B0085-6659-486b-A221-5042A042728D}" = Toolbox
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"aEton CommunicaEor" = aEton CommunicaEor
"Alabama Smith 2" = Alabama Smith 2
"Amazing Adventures - The Caribbean Secret Deluxe_is1" = Amazing Adventures - The Caribbean Secret Deluxe
"Ancient Secrets - Quest For The Golden Key Deluxe_is1" = Ancient Secrets - Quest For The Golden Key Deluxe
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber Lame-MP3-Plugin
"Big City Mystery_is1" = Big City Mystery
"Curse of the Pharaoh - Die Traenen der Sachmet_is1" = Curse of the Pharaoh - Die Traenen der Sachmet
"Das Vermächtnis - Der Baum des Lebens_is1" = Das Vermächtnis - Der Baum des Lebens (1.00)
"Der Inquisitor_is1" = Der Inquisitor
"Detektivbuero_is1" = Detektivbuero
"Die Jaeger des Geisterhauses 2" = Die Jaeger des Geisterhauses 2
"Die Klinik - Rätselhafte Geheimnisse_is1" = Die Klinik - Rätselhafte Geheimnisse
"DinerTown Detective Agency Deluxe_is1" = DinerTown Detective Agency Deluxe
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"ESET Online Scanner" = ESET Online Scanner v3
"ffdshow_is1" = ffdshow [rev 497] [2006-11-04]
"G.H.O.S.T - Das Phantom auf dem Mittelaltermarkt_is1" = G.H.O.S.T - Das Phantom auf dem Mittelaltermarkt
"Geheimnisse von London_is1" = Geheimnisse von London
"Go West" = Go West
"Hide & Secret 3 - Pharaoh's Quest_is1" = Hide & Secret 3 - Pharaoh's Quest
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"InstallShield_{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin
"InstallWIX_{1A59064A-12A9-469F-99F6-04BF118DBCFF}" = Kaspersky PURE
"Jäger des Geisterhauses_is1" = Jäger des Geisterhauses
"Juice Mania_is1" = Juice Mania
"Kajko2DE_is1" = Knights - Wunder Mittel v. 1.017
"Liong - The Lost Amulets_is1" = Liong - The Lost Amulets
"LiveUpdate" = LiveUpdate 3.2 (Symantec Corporation)
"Mahjong Tales - Ancient Wisdom" = Mahjong Tales - Ancient Wisdom (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Marco Polo - Eine Fantastische Reise_is1" = Marco Polo - Eine Fantastische Reise
"Masters of Mystery - Crime of Fashion_is1" = Masters of Mystery - Crime of Fashion
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Nancy Drew - Das Phantom von Venedig_is1" = Nancy Drew - Das Phantom von Venedig
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA nView Desktop Manager" = NVIDIA nView Desktop Manager
"Par-N-Rar" = Par-N-Rar 1.24
"Party Planner Deluxe_is1" = Party Planner Deluxe
"PRE-XP-SP3" = Sereby's XP SP2 Updatepack Version 1.8.4
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PuppetShow - Mystery of Joyville_is1" = PuppetShow - Mystery of Joyville
"QuickPar" = QuickPar 0.9
"SpeedFan" = SpeedFan (remove only)
"Sunset Studio - Love on the High Seas Deluxe_is1" = Sunset Studio - Love on the High Seas Deluxe
"TeamViewer 4" = TeamViewer 4
"Update Service" = Update Service
"Virtual Families_is1" = Virtual Families
"WIC" = Windows Imaging Component
"Windows Presentation Foundation Language Pack (DEU)" = Windows Presentation Foundation Language Pack (DEU)
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"Womens Murder Club_is1" = Womens Murder Club
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0
"Zuma’s Revenge! Abenteuer" = Zuma’s Revenge! Abenteuer
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"360WAVESPATCHERCLT" = 360WavesPatcher (Client setup)
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 21.11.2009 15:49:52 | Computer Name = MTDVD | Source = MsiInstaller | ID = 11313
Description = Produkt: Fahrenheit -- Fehler 1313. Das Laufwerk M:\ steht im Augenblick
nicht zur Verfügung. Bitte wählen Sie ein anderes Laufwerk aus.
Error - 21.11.2009 15:49:57 | Computer Name = MTDVD | Source = MsiInstaller | ID = 11313
Description = Produkt: Fahrenheit -- Fehler 1313. Das Laufwerk M:\ steht im Augenblick
nicht zur Verfügung. Bitte wählen Sie ein anderes Laufwerk aus.
Error - 30.11.2009 10:06:54 | Computer Name = MTDVD | Source = Norton Ghost | ID = 100
Description = Fehler EC8F17B7: Wiederherstellungspunkte können nicht erstellt werden
für Auftrag: Laufwerk-Backup von WINXP (J:\). Fehler EC8F03EA: Vom ausgewählten
Laufwerk kann kein virtuelles Volume-Image erstellt werden. Fehler E0BC0002: Objekt
SME~Computer~BgM1549F232Region-0~VM1549F232Region-0-1 nicht gefunden. Details: 0xE0BC0002
Quelle:
Norton Ghost
Error - 13.1.2010 13:46:49 | Computer Name = MTDVD | Source = MsiInstaller | ID = 11313
Description = Produkt: Ich sehe was ... die große Schatzsuche -- Fehler 1313. Das
Laufwerk M:\ steht im Augenblick nicht zur Verfügung. Bitte wählen Sie ein anderes
Laufwerk aus.
Error - 13.1.2010 13:46:53 | Computer Name = MTDVD | Source = MsiInstaller | ID = 11313
Description = Produkt: Ich sehe was ... die große Schatzsuche -- Fehler 1313. Das
Laufwerk M:\ steht im Augenblick nicht zur Verfügung. Bitte wählen Sie ein anderes
Laufwerk aus.
Error - 13.1.2010 13:46:56 | Computer Name = MTDVD | Source = MsiInstaller | ID = 11313
Description = Produkt: Ich sehe was ... die große Schatzsuche -- Fehler 1313. Das
Laufwerk M:\ steht im Augenblick nicht zur Verfügung. Bitte wählen Sie ein anderes
Laufwerk aus.
[ System Events ]
Error - 5.6.2010 10:40:15 | Computer Name = MTDVD | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Si3112
Error - 5.6.2010 13:51:01 | Computer Name = MTDVD | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASInsHelp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 5.6.2010 13:51:01 | Computer Name = MTDVD | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio
Hard Drive Watcher 12.
Error - 5.6.2010 13:51:01 | Computer Name = MTDVD | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Si3112
Error - 5.6.2010 14:51:55 | Computer Name = MTDVD | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASInsHelp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 5.6.2010 14:51:55 | Computer Name = MTDVD | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio
Hard Drive Watcher 12.
Error - 5.6.2010 14:51:56 | Computer Name = MTDVD | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Si3112
Error - 6.6.2010 02:29:04 | Computer Name = MTDVD | Source = Service Control Manager | ID = 7000
Description = Der Dienst "ASInsHelp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2
Error - 6.6.2010 02:29:04 | Computer Name = MTDVD | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Roxio
Hard Drive Watcher 12.
Error - 6.6.2010 02:29:05 | Computer Name = MTDVD | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
Si3112
< End of report > |