Trojaner: Schwarzer Bildschirm, Dateien versteckt

jaw · 26.05.2011, 07:44

Hallo,

jetzt hat es auch noch einen 2ten Rechner erwischt...

anbei die Malware Log:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6672

Windows 5.1.2600 Service Pack 3 (Safe Mode)
Internet Explorer 8.0.6001.18702

26.05.2011 08:24:11
mbam-log-2011-05-26 (08-24-11).txt

Scan type: Full scan (C:\|D:\|)
Objects scanned: 1293588
Time elapsed: 15 hour(s), 57 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 2
Registry Data Items Infected: 6
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\pcotATwPWkOrt (Trojan.FakeAlert) -> Value: pcotATwPWkOrt -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\{A1604166-C1DC-8E57-682D-99B14FD71DEC} (Trojan.ZbotR.Gen) -> Value: {A1604166-C1DC-8E57-682D-99B14FD71DEC} -> Delete on reboot.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\dokumente und einstellungen\all users\anwendungsdaten\pcotatwpwkort.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\drivers\158D.sys (Rootkit.TDSS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spool\prtprocs\w32x86\946C.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\all users\anwendungsdaten\19193636.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\dokumente und einstellungen\administrator\anwendungsdaten\Foanip\fywu.exe (Trojan.ZbotR.Gen) -> Quarantined and deleted successfully.

dann die OTL-Log:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 26.05.2011 09:05:43 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 32,00 Gb Total Space | 3,58 Gb Free Space | 11,19% Space Free | Partition Type: NTFS
Drive D: | 200,89 Gb Total Space | 184,65 Gb Free Space | 91,92% Space Free | Partition Type: NTFS
Drive E: | 3,77 Gb Total Space | 3,41 Gb Free Space | 90,49% Space Free | Partition Type: FAT
 
Computer Name: SERVER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.05.19 19:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
PRC - [2011.02.01 14:49:28 | 000,220,552 | ---- | M] (Geek Software GmbH) -- C:\Programme\PDF24\pdf24.exe
PRC - [2010.12.20 18:08:46 | 000,963,976 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2010.06.10 19:33:51 | 000,419,920 | ---- | M] (LSI) -- C:\Programme\3ware\3DM2\WinAVAlarm.exe
PRC - [2010.06.10 19:33:23 | 001,368,656 | ---- | M] (LSI) -- C:\Programme\3ware\3DM2\3dm2.exe
PRC - [2009.09.18 18:03:08 | 000,138,792 | ---- | M] (Kaspersky Lab) -- C:\Programme\Kaspersky Lab\NetworkAgent 8\klnagent.exe
PRC - [2008.04.14 04:22:45 | 001,036,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe
PRC - [2003.09.25 16:58:32 | 000,262,201 | ---- | M] () -- C:\Programme\3ware\3DM\3dmd.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2011.05.19 19:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
MOD - [2008.04.14 04:20:11 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2010.06.10 19:33:23 | 001,368,656 | ---- | M] () [Auto | Running] -- C:\Programme\3ware\3DM2/3dm2.exe -- (3DM2)
SRV - [2010.03.12 20:29:22 | 000,311,680 | ---- | M] (Kaspersky Lab) [Auto | Stopped] -- C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe -- (AVP)
SRV - [2009.09.18 18:03:08 | 000,138,792 | ---- | M] (Kaspersky Lab) [Auto | Running] -- C:\Programme\Kaspersky Lab\NetworkAgent 8\klnagent.exe -- (klnagent)
SRV - [2008.11.04 02:06:28 | 000,441,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2008.06.26 10:25:28 | 000,031,592 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Programme\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2007.06.27 19:04:00 | 000,279,848 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [2006.10.26 14:40:34 | 000,335,872 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\mdm.exe -- (MDM)
SRV - [2005.11.14 02:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003.09.25 16:58:32 | 000,262,201 | ---- | M] () [Auto | Running] -- C:\Programme\3ware\3DM\3dmd.exe -- (3DM)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2011.02.28 20:42:19 | 000,231,512 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\klif.sys -- (KLIF)
DRV - [2009.11.12 18:49:02 | 000,126,480 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\kl1.sys -- (kl1)
DRV - [2009.10.06 19:54:16 | 005,922,816 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2009.09.14 14:42:46 | 000,032,272 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\klim5.sys -- (klim5)
DRV - [2008.08.05 21:10:12 | 001,684,736 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008.05.07 19:31:16 | 000,106,368 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2007.05.11 20:00:14 | 000,045,056 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) Intel(R)
DRV - [2006.11.30 16:14:22 | 000,090,800 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45unic.sys -- (se45unic) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM)
DRV - [2006.11.30 16:14:14 | 000,086,432 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45obex.sys -- (se45obex)
DRV - [2006.11.30 16:14:10 | 000,088,624 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mgmt.sys -- (se45mgmt) Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM)
DRV - [2006.11.30 16:14:10 | 000,018,704 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45nd5.sys -- (se45nd5) Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS)
DRV - [2006.11.30 16:14:04 | 000,097,088 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mdm.sys -- (se45mdm)
DRV - [2006.11.30 16:14:04 | 000,009,360 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45mdfl.sys -- (se45mdfl)
DRV - [2006.11.30 16:13:56 | 000,061,536 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\se45bus.sys -- (se45bus) Sony Ericsson Device 069 driver (WDM)
DRV - [2006.01.04 16:41:48 | 001,389,056 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2004.05.13 17:11:54 | 000,049,152 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\3wDrv100.sys -- (3wDrv100)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2842422991-2238310342-1594367054-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\S-1-5-21-2842422991-2238310342-1594367054-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2842422991-2238310342-1594367054-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2842422991-2238310342-1594367054-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 49 A6 F0 71 0F DF CB 01  [binary data]
IE - HKU\S-1-5-21-2842422991-2238310342-1594367054-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Components: C:\Programme\Mozilla Firefox\components [2011.04.29 11:03:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.18\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2011.04.29 11:03:17 | 000,000,000 | ---D | M]
 
[2011.04.21 09:06:22 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Extensions
[2011.04.28 08:45:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\lwfrgkf4.default\extensions
[2011.04.28 08:45:33 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Mozilla\Firefox\Profiles\lwfrgkf4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.04.28 08:55:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.04.29 11:03:11 | 000,001,392 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2011.04.29 11:03:11 | 000,002,344 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\eBay-de.xml
[2011.04.29 11:03:11 | 000,006,805 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2011.04.29 11:03:11 | 000,001,178 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2011.04.29 11:03:11 | 000,000,801 | ---- | M] () -- C:\Programme\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.02.14 13:31:40 | 000,251,695 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.1001-search.info
O1 - Hosts: 127.0.0.1	1001-search.info
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.123topsearch.com
O1 - Hosts: 127.0.0.1	123topsearch.com
O1 - Hosts: 127.0.0.1	www.132.com
O1 - Hosts: 127.0.0.1	132.com
O1 - Hosts: 127.0.0.1	www.136136.net
O1 - Hosts: 127.0.0.1	136136.net
O1 - Hosts: 8770 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVP] C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe (Kaspersky Lab)
O4 - HKLM..\Run: [LanguageShortcut] C:\Programme\CyberLink\PowerDVD\Language\Language.exe ()
O4 - HKLM..\Run: [PDFPrint] C:\Programme\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SunJavaUpdateSched]  File not found
O4 - HKLM..\Run: [WinAVAlarm] C:\Programme\3ware\3DM2\WinAVAlarm.exe (LSI)
O4 - Startup: C:\Dokumente und Einstellungen\Benutzer-01\Startmenü\Programme\Autostart\ERUNT AutoBackup.lnk = C:\Programme\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2842422991-2238310342-1594367054-500\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKU\S-1-5-21-2842422991-2238310342-1594367054-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2842422991-2238310342-1594367054-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2842422991-2238310342-1594367054-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 0
O9 - Extra Button: Statistik für Web-Anti-Virus - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\scieplgn.dll (Kaspersky Lab)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1231343131750 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1231343123250 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\KASPER~1\KASPER~2.0FO\adialhk.dll) - C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\adialhk.dll (Kaspersky Lab ZAO)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - C:\WINDOWS\system32\klogon.dll (Kaspersky Lab)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.06.19 11:59:41 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{bad35215-850e-11e0-8523-001cc02a3dca}\Shell\AutoRun\command - "" = E:\RECYCLER\..\RECYCLER\NOD32-RAMGuard.v.2009.exe -scanDisk
O33 - MountPoints2\{bad35215-850e-11e0-8523-001cc02a3dca}\Shell\open\command - "" = E:\RECYCLER\..\RECYCLER\NOD32-RAMGuard.v.2009.exe -scanDisk
O33 - MountPoints2\{bad35215-850e-11e0-8523-001cc02a3dca}\Shell\protect\command - "" = E:\RECYCLER\..\RECYCLER\NOD32-RAMGuard.v.2009.exe -scanDisk -protected
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2052.01.09 11:56:59 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\OpenOffice.org 3.0
[2052.01.09 11:56:32 | 000,000,000 | ---D | C] -- C:\Programme\OpenOffice.org 3
[2052.01.09 11:56:25 | 000,073,728 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2052.01.09 11:56:11 | 000,000,000 | ---D | C] -- C:\Programme\Java
[2052.01.09 11:56:10 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Java
[2011.05.26 08:49:29 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[2011.05.25 15:15:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Isuv
[2011.05.25 15:15:14 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Administrator\Anwendungsdaten\Foanip
[2011.05.25 12:55:35 | 000,000,000 | ---D | C] -- C:\Troja
[2011.05.25 12:48:16 | 000,000,000 | RH-D | C] -- C:\Dokumente und Einstellungen\Administrator\Recent
[2011.05.25 10:13:18 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Startmenü\Programme\Windows XP Recovery
[2011.04.29 13:41:38 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Reisekostenabrechnung
[2011.04.29 13:18:30 | 000,000,000 | -H-D | C] -- C:\Dokumente und Einstellungen\Administrator\Desktop\Verpflegungsmehraufwand
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2011.05.26 09:04:00 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{8F2DF141-0767-49D0-9478-D7692346D158}.job
[2011.05.26 08:41:20 | 000,000,434 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{B04BC8CD-8C98-4C5E-B55D-5AF76277D26E}.job
[2011.05.26 08:39:09 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011.05.26 08:39:07 | 000,001,100 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011.05.26 08:29:56 | 000,031,888 | ---- | M] () -- C:\WINDOWS\3waenlog.dat
[2011.05.26 08:29:49 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011.05.25 12:56:18 | 000,000,768 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.25 12:24:47 | 000,000,160 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19193636r
[2011.05.25 12:24:47 | 000,000,136 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19193636
[2011.05.25 11:14:00 | 000,001,104 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011.05.25 10:16:48 | 000,000,392 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19193636
[2011.05.25 10:13:18 | 000,000,841 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Windows XP Recovery.lnk
[2011.05.25 09:19:52 | 000,002,503 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Word 2007.lnk
[2011.05.25 08:01:09 | 000,002,505 | -H-- | M] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Microsoft Office Excel 2007.lnk
[2011.05.19 19:19:52 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Dokumente und Einstellungen\Administrator\Desktop\OTL.exe
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2011.05.25 12:56:18 | 000,000,768 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.05.25 10:13:18 | 000,000,841 | -H-- | C] () -- C:\Dokumente und Einstellungen\Administrator\Desktop\Windows XP Recovery.lnk
[2011.05.25 10:13:18 | 000,000,160 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19193636r
[2011.05.25 10:13:18 | 000,000,136 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\~19193636
[2011.05.25 10:13:14 | 000,000,392 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\19193636
[2011.02.16 12:31:20 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011.02.16 12:31:20 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011.02.16 12:31:20 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011.02.16 12:31:20 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011.02.16 12:31:20 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011.02.14 12:56:02 | 000,114,243 | ---- | C] () -- C:\WINDOWS\System32\drivers\klin.dat
[2011.02.14 12:56:02 | 000,097,859 | ---- | C] () -- C:\WINDOWS\System32\drivers\klick.dat
[2009.12.07 19:15:39 | 000,031,888 | ---- | C] () -- C:\WINDOWS\3waenlog.dat
[2009.09.09 19:01:40 | 000,027,675 | ---- | C] () -- C:\WINDOWS\System32\drivers\klopp.dat
[2009.01.07 18:58:19 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4977.dll
[2008.07.11 13:59:06 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008.06.19 16:02:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008.06.19 15:09:07 | 000,524,288 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008.06.19 15:09:07 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008.06.19 13:49:45 | 000,000,842 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008.06.19 13:42:08 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008.06.19 12:28:24 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll
[2008.06.19 12:17:58 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008.06.19 12:16:36 | 000,302,032 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008.06.19 12:03:11 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008.06.19 11:54:45 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008.06.04 18:08:36 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\3wDrv100.sys
[2007.10.29 14:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2007.10.29 14:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2007.10.29 14:00:00 | 000,452,310 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2007.10.29 14:00:00 | 000,435,396 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2007.10.29 14:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2007.10.29 14:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2007.10.29 14:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2007.10.29 14:00:00 | 000,081,118 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2007.10.29 14:00:00 | 000,068,292 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2007.10.29 14:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2007.10.29 14:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2007.10.29 14:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2007.10.29 14:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2007.10.29 14:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2007.10.29 14:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2007.10.29 14:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2002.03.19 17:30:00 | 000,216,576 | ---- | C] () -- C:\WINDOWS\System32\PowerCalc.exe
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 177 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:8C35AEA7
@Alternate Data Stream - 125 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP:5C321E34

< End of report >

--- --- ---

und die Extras-OTL-Log:OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 26.05.2011 09:05:43 - Run 1
OTL by OldTimer - Version 3.2.22.3     Folder = C:\Dokumente und Einstellungen\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,00 Gb Total Physical Memory | 1,00 Gb Available Physical Memory | 72,00% Memory free
4,00 Gb Paging File | 3,00 Gb Available in Paging File | 90,00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 32,00 Gb Total Space | 3,58 Gb Free Space | 11,19% Space Free | Partition Type: NTFS
Drive D: | 200,89 Gb Total Space | 184,65 Gb Free Space | 91,92% Space Free | Partition Type: NTFS
Drive E: | 3,77 Gb Total Space | 3,41 Gb Free Space | 90,49% Space Free | Partition Type: FAT
 
Computer Name: SERVER | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = ChromeHTML] -- C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
 
[HKEY_USERS\S-1-5-21-2842422991-2238310342-1594367054-500\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
http [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Programme\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Programme\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
"" = 
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"15000:UDP" = 15000:UDP:*:Enabled:Kaspersky Administration Kit
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"15000:UDP" = 15000:UDP:*:Enabled:Kaspersky Administration Kit
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"Z:\CDS\Nero\Installation\SetupX.exe" = Z:\CDS\Nero\Installation\SetupX.exe:*:Enabled:Nero ProductSetup
"C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe" = C:\Programme\Kaspersky Lab\Kaspersky Anti-Virus 6.0 for Windows Workstations MP4\avp.exe:*:Enabled:Kaspersky Anti-Virus -- (Kaspersky Lab)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{107254A0-0ADF-11D4-9397-00D0B7020B38}" = 
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Suite
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{2CC982C0-7EAE-11D4-ACC3-0050568AD318}" = Avery Zweckform DesignPro
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{45B3A3BD-F90D-48FE-A147-D74878A51031}" = Nero 7 Essentials
"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent
"{4D635B68-FC59-11D3-A454-0050DACFFDD7}" = 3DM
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{6641E82C-4814-4E5A-BB1A-A9C2F38F627D}" = Kaspersky Lab Administrationsagent
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{777AD08E-B32A-4456-AFE1-094DBECEB268}" = Intel(R) Network Connections 13.5.32.0
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 2.9.1
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{8F023021-A7EB-45D3-9269-D65264C81729}" = Kaspersky Anti-Virus 6.0 für Windows Workstation
"{90120000-0010-0407-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders  (German) 12
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{9BD40163-B95D-4B07-8991-0AB775B6D88B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{A0516415-ED61-419A-981D-93596DA74165}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{322296D4-1EAE-4030-9FBC-D2787EB25FA2}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{26454C26-D259-4543-AA60-3189E09C5F76}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A90000000001}" = Adobe Reader 9 - Deutsch
"{B37C842A-B624-46B8-A727-654E72F1C91A}" = Calculator Powertoy for Windows XP
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C9BED750-1211-4480-B1A5-718A3BE15525}" = REALTEK GbE & FE Ethernet PCI-E NIC Driver
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"2413fd9e47cb8b2cac9f39dddd0aeb5a-1160852827" = 3ware Disk Management Tools
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"ERUNT_is1" = ERUNT 1.1j
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HECI" = Intel® Management-Engine-Interface
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{6641E82C-4814-4E5A-BB1A-A9C2F38F627D}" = Kaspersky Lab Administrationsagent
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.5.18)" = Mozilla Firefox (3.5.18)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROHYBRIDR" = 2007 Microsoft Office system
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.03.2011 06:50:31 | Computer Name = SERVER | Source = MsiInstaller | ID = 11704
Description = Product: Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
 -- Error 1704.An installation for Java(TM) 6 Update 24 is currently suspended. 
 You must undo the changes made by that installation to continue.  Do you want to
 undo those changes?
 
Error - 10.03.2011 06:52:28 | Computer Name = SERVER | Source = MsiInstaller | ID = 11722
Description = Produkt: Java(TM) 6 Update 24 -- Fehler 1722. Es liegt ein dieses 
Windows Installer-Paket betreffendes Problem vor. Ein Programm, das im Rahmen der
 Installation ausgeführt wurde, wurde nicht erfolgreich abgeschlossen. Wenden Sie
 sich an das Supportpersonal oder den Hersteller des Pakets. Aktion: patchjre, Pfad:
 C:\Programme\Java\jre6\patchjre.exe, Befehl: -s "C:\Programme\Java\jre6" 
 
Error - 14.03.2011 08:32:47 | Computer Name = SERVER | Source = Microsoft Office 12 | ID = 1000
Description = Faulting application outlook.exe, version 12.0.6514.5000, stamp 4a89dc70,
 faulting module unknown, version 0.0.0.0, stamp 00000000, debug? 0, fault address
 0x0016017e.
 
Error - 29.03.2011 04:50:23 | Computer Name = SERVER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung pdf24-editor.exe, Version 2.9.1.0, fehlgeschlagenes
 Modul pdf24-editor.exe, Version 2.9.1.0, Fehleradresse 0x0000e8a7.
 
Error - 04.04.2011 06:07:23 | Computer Name = SERVER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung acrord32.exe, Version 9.0.0.332, fehlgeschlagenes
 Modul kmps52d4.dll, Version 5.2.13.4, Fehleradresse 0x000c6bb1.
 
Error - 11.04.2011 05:14:56 | Computer Name = SERVER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung designp.exe, Version 3.50.2930.0, fehlgeschlagenes
 Modul designp.exe, Version 3.50.2930.0, Fehleradresse 0x000f7186.
 
Error - 05.05.2011 03:17:26 | Computer Name = SERVER | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
 
Error - 19.05.2011 02:54:10 | Computer Name = SERVER | Source = Microsoft Office 12 | ID = 2001
Description = Rejected Safe Mode action : Microsoft Office Outlook.
 
Error - 25.05.2011 04:27:27 | Computer Name = SERVER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung services.exe, Version 5.1.2600.5755, fehlgeschlagenes
 Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00001de6.
 
Error - 25.05.2011 06:28:32 | Computer Name = SERVER | Source = Application Error | ID = 1000
Description = Fehlgeschlagene Anwendung services.exe, Version 5.1.2600.5755, fehlgeschlagenes
 Modul ntdll.dll, Version 5.1.2600.5755, Fehleradresse 0x00001de6.
 
[ Kaspersky Event Log Events ]
Error - 14.02.2011 06:28:06 | Computer Name = CAD-NEU | Source = klnagent | ID = 1
Description = Integrationsmodul des Administrationsagenten für die Anwendung Kaspersky
 Anti-Virus 6.0 for Windows Workstations konnte nicht initialisiert werden. Der 
Modul lieferte den Fehler 1185 ('Object (null) is not initialized').   Fehlerinformationen:
 1185/0 (Object (null) is not initialized), O:\PPP\Connector\cnt_csc.cpp, 79. 
 
Error - 14.02.2011 06:28:10 | Computer Name = CAD-NEU | Source = klnagent | ID = 1
Description = Integrationsmodul des Administrationsagenten für die Anwendung Kaspersky
 Anti-Virus 6.0 for Windows Workstations konnte nicht initialisiert werden. Der 
Modul lieferte den Fehler 1185 ('Object (null) is not initialized').   Fehlerinformationen:
 1185/0 (Object (null) is not initialized), O:\PPP\Connector\cnt_csc.cpp, 79. 
 
Error - 14.02.2011 06:28:14 | Computer Name = CAD-NEU | Source = klnagent | ID = 1
Description = Integrationsmodul des Administrationsagenten für die Anwendung Kaspersky
 Anti-Virus 6.0 for Windows Workstations konnte nicht initialisiert werden. Der 
Modul lieferte den Fehler 1185 ('Object (null) is not initialized').   Fehlerinformationen:
 1185/0 (Object (null) is not initialized), O:\PPP\Connector\cnt_csc.cpp, 79. 
 
Error - 14.02.2011 06:28:20 | Computer Name = CAD-NEU | Source = klnagent | ID = 1
Description = Integrationsmodul des Administrationsagenten für die Anwendung Kaspersky
 Anti-Virus 6.0 for Windows Workstations konnte nicht initialisiert werden. Der 
Modul lieferte den Fehler 1185 ('Object (null) is not initialized').   Fehlerinformationen:
 1185/0 (Object (null) is not initialized), O:\PPP\Connector\cnt_csc.cpp, 79. 
 
Error - 14.02.2011 06:28:33 | Computer Name = CAD-NEU | Source = klnagent | ID = 1
Description = Integrationsmodul des Administrationsagenten für die Anwendung Kaspersky
 Anti-Virus 6.0 for Windows Workstations konnte nicht initialisiert werden. Der 
Modul lieferte den Fehler 1185 ('Object (null) is not initialized').   Fehlerinformationen:
 1185/0 (Object (null) is not initialized), O:\PPP\Connector\cnt_csc.cpp, 79. 
 
Error - 14.02.2011 06:28:41 | Computer Name = CAD-NEU | Source = klnagent | ID = 1
Description = Integrationsmodul des Administrationsagenten für die Anwendung Kaspersky
 Anti-Virus 6.0 for Windows Workstations konnte nicht initialisiert werden. Der 
Modul lieferte den Fehler 1185 ('Object (null) is not initialized').   Fehlerinformationen:
 1185/0 (Object (null) is not initialized), O:\PPP\Connector\cnt_csc.cpp, 79. 
 
Error - 14.02.2011 06:28:47 | Computer Name = CAD-NEU | Source = klnagent | ID = 1
Description = Integrationsmodul des Administrationsagenten für die Anwendung Kaspersky
 Anti-Virus 6.0 for Windows Workstations konnte nicht initialisiert werden. Der 
Modul lieferte den Fehler 1185 ('Object (null) is not initialized').   Fehlerinformationen:
 1185/0 (Object (null) is not initialized), O:\PPP\Connector\cnt_csc.cpp, 79. 
 
Error - 14.02.2011 06:28:55 | Computer Name = CAD-NEU | Source = klnagent | ID = 1
Description = Integrationsmodul des Administrationsagenten für die Anwendung Kaspersky
 Anti-Virus 6.0 for Windows Workstations konnte nicht initialisiert werden. Der 
Modul lieferte den Fehler 1185 ('Object (null) is not initialized').   Fehlerinformationen:
 1185/0 (Object (null) is not initialized), O:\PPP\Connector\cnt_csc.cpp, 79. 
 
Error - 24.02.2011 09:56:45 | Computer Name = CAD-NEU | Source = klnagent | ID = 1
Description = #1197 (0) Fehler 1197/0x0 ('Operation failed because the timeout period
 expired') ist beim Bearbeiten der Ausnahmenliste der Firewall aufgetreten.
 
Error - 25.05.2011 04:38:51 | Computer Name = SERVER | Source = klnagent | ID = 1
Description = #1197 (0) Fehler 1197/0x0 ('Operation failed because the timeout period
 expired') ist beim Bearbeiten der Ausnahmenliste der Firewall aufgetreten.
 
[ OSession Events ]
Error - 04.02.2010 06:47:25 | Computer Name = PROFI-EDITION | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 731
 seconds with 120 seconds of active time.  This session ended with a crash.
 
Error - 04.02.2010 06:47:41 | Computer Name = PROFI-EDITION | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 6
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.02.2010 06:47:53 | Computer Name = PROFI-EDITION | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 04.02.2010 06:48:01 | Computer Name = PROFI-EDITION | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 8, Application Name: Microsoft Office Publisher, Application Version:
 12.0.6501.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
Error - 14.03.2011 08:32:45 | Computer Name = SERVER | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version:
 12.0.6514.5000, Microsoft Office Version: 12.0.6425.1000. This session lasted 184
 seconds with 120 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25.05.2011 06:54:18 | Computer Name = SERVER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 25.05.2011 06:55:16 | Computer Name = SERVER | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Fips  intelppm  kl1  KLIF
 
Error - 26.05.2011 02:24:48 | Computer Name = SERVER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1084" aufgetreten, als der Dienst "EventSystem"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {1BE1F766-5536-11D1-B726-00C04FB926AF}
 
Error - 26.05.2011 02:29:55 | Computer Name = SERVER | Source = sr | ID = 1
Description = Beim Verarbeiten der Datei "" auf Volume "HarddiskVolume1" ist im 
Wiederherstellungsfilter der unerwartete Fehler "0xC0000001" aufgetreten. Die Volumeüberwachung
 wurde angehalten.
 
Error - 26.05.2011 02:30:15 | Computer Name = SERVER | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
 SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)
 für die COM-Serveranwendung mit CLSID   {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}   gewährt.
 Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
 geändert werden.
 
Error - 26.05.2011 02:30:38 | Computer Name = SERVER | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
 SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)
 für die COM-Serveranwendung mit CLSID   {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}   gewährt.
 Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
 geändert werden.
 
Error - 26.05.2011 02:30:38 | Computer Name = SERVER | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
 SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)
 für die COM-Serveranwendung mit CLSID   {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}   gewährt.
 Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
 geändert werden.
 
Error - 26.05.2011 02:39:33 | Computer Name = SERVER | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
 SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)
 für die COM-Serveranwendung mit CLSID   {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}   gewährt.
 Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
 geändert werden.
 
Error - 26.05.2011 02:39:33 | Computer Name = SERVER | Source = DCOM | ID = 10016
Description = Durch die Berechtigungseinstellungen (Anwendungsspezifisch) wird der
 SID (S-1-5-18) für Benutzer NT-AUTORITÄT\SYSTEM keine Startberechtigung (Lokal)
 für die COM-Serveranwendung mit CLSID   {24FF4FDC-1D9F-4195-8C79-0DA39248FF48}   gewährt.
 Diese Sicherheitsberechtigung kann mit dem Verwaltungsprogramm für Komponentendienste
 geändert werden.
 
Error - 26.05.2011 03:06:58 | Computer Name = SERVER | Source = DCOM | ID = 10005
Description = Bei DCOM ist der Fehler "%1058" aufgetreten, als der Dienst "wuauserv"
 mit den Argumenten ""  gestartet wurde, um den folgenden Server zu verwenden:  {E60687F7-01A1-40AA-86AC-DB1CBF673334}
 
 
< End of report >

--- --- ---

Trojaner: Schwarzer Bildschirm, Dateien versteckt

Log-Analyse und Auswertung: Trojaner: Schwarzer Bildschirm, Dateien versteckt

Trojaner: Schwarzer Bildschirm, Dateien versteckt

Ähnliche Themen: Trojaner: Schwarzer Bildschirm, Dateien versteckt