Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 20.08.2012, 17:53   #1
frankmusik
 
Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .. - Standard

Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..



Hallo Trojaner Cracks,
mich warnt schon ein paar Tag MB mit
IP: 60.195.249.214 ausgehend geblockt ...
GUT MB warnt (und macht auch hoffentlich wirklich "zu" ) aber welcher "Schlingel" will da nach Hause telefonieren???

Habe mal per MB gescannt, Spybot drübergelassen, ESET saußen lassen. ...

außer das Wandelprogramm SUPER welches ich schon JAHRE nutze (davon wurden 2 Dateien als Trojaner benannt) fand MB nix.
Infizierte Dateien: 2
C:\Programme\eRightSoft\SUPER\SUPER.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\eRightSoft\SUPER\spk\MKV_ax.spk (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Evtl. hab ich schon etwas Paranoia, hätte aber gerne was gefunden was mich beruhigen könnte ...

zu der CHINA Domain (Chinesisch Telecom) gibt es einiges im Netz, aber noch nix in Sachen Trojanerinfos ...

DANKE für jeden Tipp, wie ich dem Schlingel auf die Spur kommen kann.
frank

Alt 22.08.2012, 01:33   #2
t'john
/// Helfer-Team
 
Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .. - Standard

Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 29.08.2012, 15:39   #3
frankmusik
 
Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .. - Standard

Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..



sorry .. aber jetzt, inzwischen wählt mein Rechner eine andere IP an (soll SEDO gehören) 82.98.86.163 im Netz schreiben einige dass Sie auch nicht den Verursacher finden ...

MB findet nix ... im Protection Log (der je nach Tag ist der Log 500MB bis 3.5 GB groß!!! ) steht aber immer die Domain als geblockte im Sekundentakt!!!)

Letzte Woche war es der:
2012/08/22 10:00:58 +0200 MCS-FRANK frank IP-BLOCK 173.241.240.153 (Type: outgoing)

Heute ist es der 82.98.86.163

(das Log ist schon wieder 900 MB groß ...)

Keine Ahnung was da "abgeht" ...

DANKE für Jeden Tipp
frank


Hier die Logs:
MB

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.29.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
frank :: MCS-FRANK [Administrator]

29.08.2012 10:57:09
mbam-log-2012-08-29 (10-57-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 477266
Laufzeit: 5 Stunde(n), 30 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OT Log 1OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 29.08.2012 15:39:36 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = \\MCS-SRV\RedirectedFolders\frank\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 53,40% Memory free
6,33 Gb Paging File | 4,94 Gb Available in Paging File | 77,95% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 54,99 Gb Total Space | 8,83 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 2,93 Gb Free Space | 15,01% Space Free | Partition Type: NTFS
Drive E: | 294,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 930,39 Gb Total Space | 800,45 Gb Free Space | 86,03% Space Free | Partition Type: NTFS
Drive Q: | 5496,93 Gb Total Space | 553,88 Gb Free Space | 10,08% Space Free | Partition Type: NTFS
Drive R: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS
Drive S: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS
Drive U: | 232,83 Gb Total Space | 40,67 Gb Free Space | 17,47% Space Free | Partition Type: NTFS
 
Computer Name: MCS-FRANK | User Name: frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)
PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()
PRC - C:\Programme\BitDefender\BitDefender 2008\bdagent.exe (BitDefender)
PRC - C:\Programme\BitDefender\BitDefender 2008\vsserv.exe (BitDefender)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\UltraVNC\winvnc.exe (UltraVNC)
PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - I:\PROGS\SHOPMAST\SMMAIN.EXE (mhTec GmbH)
PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Management Agent\bdemagent.exe (BitDefender)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe (DisplayLink Corp.)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe (DisplayLink Corp.)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
PRC - C:\WINDOWS\system32\LxrJD31s.exe ()
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\U2VSvr.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)
PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe (FinePrint Software, LLC)
PRC - C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\Gtwatch.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - \\?\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\av32bit_ent_25848\avxdisk.dll ()
MOD - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()
MOD - C:\Programme\BitDefender\BitDefender 2008\bdfltlib.dll ()
MOD - c:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\smartscn.dll ()
MOD - \\?\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\trufos.dll ()
MOD - C:\WINDOWS\system32\LxrJD31s.exe ()
MOD - c:\Programme\Adobe\Reader 8.0\Reader\RdLang32.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\PPKLITE.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Weblink.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Acroform.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\updater.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Escript.deu ()
MOD - C:\WINDOWS\system32\U2VSvr.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SendMail.deu ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\accessibility.DEU ()
MOD - C:\Programme\BitDefender\BitDefender 2008\libexpatw.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpi5in.DLL ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\ccme_base.dll ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\cryptocme2.dll ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\pddom.DEU ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Hls.deu ()
MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU ()
MOD - C:\Programme\Gemeinsame Dateien\Acronis\Common\gc.dll ()
MOD - C:\Programme\Adobe\Acrobat 6.0\PDFMaker\Common\AdobePDFMakerX.DEU ()
MOD - C:\Programme\Adobe\Acrobat 6.0\PDFMaker\Common\AdobePDFMakerX.dll ()
MOD - C:\Programme\Adobe\Acrobat 6.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\Gtwatch.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (TeamViewer) -- \MCS-SRV\RedirectedFolders\frank\temp\TeamViewer3\TeamViewer_Host.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LIVESRV) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()
SRV - (VSSERV) -- C:\Programme\BitDefender\BitDefender 2008\vsserv.exe (BitDefender)
SRV - (scan) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\scan.dll (BitDefender)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (uvnc_service) -- C:\Programme\UltraVNC\winvnc.exe (UltraVNC)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (BitDefender Management Agent) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Management Agent\bdemagent.exe (BitDefender)
SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (LxrJD31s) -- C:\WINDOWS\System32\LxrJD31s.exe ()
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (U2VSvr) -- C:\WINDOWS\system32\U2VSvr.exe ()
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (NasPmService) -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
SRV - (XCOMM) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)
SRV - (FolderSize) -- C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (WmcCds) -- c:\Programme\Windows Media Connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs) -- C:\Programme\Windows Media Connect\mswmcls.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (PAC7302) -- system32\DRIVERS\PAC7302.SYS File not found
DRV - (lbrtfdc) --  File not found
DRV - (L6PODLV) -- System32\Drivers\L6PODLV.sys File not found
DRV - (IIUSBISP) -- System32\Drivers\iiusbisp.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (FTD2XX) -- System32\Drivers\FTD2XX.sys File not found
DRV - (EVOLUSB) -- system32\drivers\evolusb.sys File not found
DRV - (Changer) --  File not found
DRV - (bdfsfltr) -- Reg Error: Invalid data type. File not found
DRV - (CardReaderFilter) -- C:\WINDOWS\system32\drivers\USBCRFT.SYS (ICSI Technology Ltd.)
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender SRL)
DRV - (BDSelfPr) -- C:\Programme\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender LLC)
DRV - (bdftdif) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (trufos) -- C:\WINDOWS\system32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (mv2) -- C:\WINDOWS\system32\drivers\mv2.sys (UVNC BVBA)
DRV - (FNETTBOH_305) -- C:\WINDOWS\system32\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV - (FNETURPX) -- C:\WINDOWS\system32\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV - (AsrAppCharger) -- C:\WINDOWS\system32\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)
DRV - (DisplayLinkGA) -- C:\WINDOWS\system32\drivers\DisplayLinkGAport.sys (DisplayLink Corp.)
DRV - (DisplayLinkmirror) -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys (DisplayLink Corp.)
DRV - (DisplayLinkFilter) -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys (DisplayLink Corp.)
DRV - (DisplayLinkUsbPort) -- C:\WINDOWS\system32\drivers\DisplayLinkUsbPort_5.2.24075.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (LxrJD31d) -- C:\WINDOWS\system32\drivers\LxrJD31d.sys ()
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (AMBFilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (T1PMrGrp) -- C:\WINDOWS\system32\drivers\T1PMrGrp.sys (Magic Control Technology Corp.)
DRV - (T1PExGrp) -- C:\WINDOWS\system32\drivers\T1PExGrp.sys (Magic Control Technology Corp.)
DRV - (t1pusb) -- C:\WINDOWS\system32\drivers\t1pusb.sys (Magic Control Technology Corp.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys (SiSoftware)
DRV - (MonFilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (UFBFilte) -- C:\WINDOWS\system32\drivers\UFBFilte.sys (www.winchiphead.com)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (YMIDUSB) -- C:\WINDOWS\system32\drivers\ymidusb.sys (YAMAHA Corporation)
DRV - (RDID1009) -- C:\WINDOWS\system32\drivers\Rdwm1009.sys (Roland Corporation)
DRV - (L6SeaMonkDev) -- C:\WINDOWS\system32\drivers\L6SM.sys (Line 6)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (GT681x) -- C:\WINDOWS\system32\drivers\gt681x.sys (   )
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de
 
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://10.0.0.109/cgi-bin/enter.cgi
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes,DefaultScope = {40A86AD6-695B-44A7-8741-4192D52B2491}
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{40A86AD6-695B-44A7-8741-4192D52B2491}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG_de
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de
 
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://10.0.10.109/cgi-bin/enter.cgi
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 64 59 0D 27 EB CC 01  [binary data]
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=290412_4_ctrl&babsrc=SP_ss&mntrId=d4479e0900000000000000252276520a
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: netviewero2o@netviewero2o:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: adonis.cuhk@gmail.com:1.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.04.20110724
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\palmOne\PACKAG~1\NPInstal.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netviewero2o@netviewero2o: C:\Programme\Netviewer\one2one\Plugin\FF plugin\ffone2one [2008.01.29 13:23:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.08.20 12:01:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.19 08:19:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.22 11:11:49 | 000,000,000 | ---D | M]
 
[2010.11.22 19:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Extensions
[2012.08.27 20:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions
[2011.01.28 18:26:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.23 14:25:35 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.10.07 09:13:25 | 000,000,000 | ---D | M] (Google Docs Viewer) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\adonis.cuhk@gmail.com
[2011.08.20 15:37:51 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\coralietab@mozdev.org
[2012.08.22 11:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.22 11:11:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.08.27 20:24:43 | 000,159,657 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRANK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y7Z9VVYH.DEFAULT\EXTENSIONS\NOTREAL.CCOPTIONS@ENVIRONMENTALCHEMISTRY.COM.XPI
[2012.07.11 08:25:40 | 000,163,080 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRANK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y7Z9VVYH.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2012.07.19 08:19:00 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2008.06.21 11:37:07 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Programme\mozilla firefox\plugins\npmusicn.dll
[2009.04.29 14:13:48 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll
[2009.08.09 01:30:36 | 000,107,760 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2012.01.02 14:59:23 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.09 12:15:18 | 000,002,356 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.01.02 14:59:23 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2008.04.07 13:30:00 | 000,000,917 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\conduit.xml
[2012.01.02 14:59:23 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.02 14:59:23 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.02 14:59:23 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.02 14:59:23 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.30 15:57:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2008\ietoolbar.dll (BitDefender)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] C:\Programme\BitDefender\BitDefender 2008\bdagent.exe (BitDefender)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Programme\BitDefender\BitDefender 2008\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\CMICNFG.CPL (C-Media Corporation)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe ()
O4 - HKLM..\Run: [ISW]  File not found
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [XFastUsb] C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe" File not found
O4 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1221609082-219370195-1423778804-500..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-18413201-578950046-47629304-1154..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-18413201-578950046-47629304-1154..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Verkauf\Startmenü\Programme\Autostart\AOM.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Web\AOM.exe (Adobe Systems, Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\Verkauf\Startmenü\Programme\Autostart\Spamihilator.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-500\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-500\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\S-1-5-21-18413201-578950046-47629304-1154\..Trusted Domains: midifiles.de ([remote] HTTPS in Local intranet)
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} hxxp://download.ebay.com/turbo_lister/DE/install.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232184983201 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1314978076284 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} hxxp://10.0.0.30/activex/AMC.cab (AxisMediaControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://10.0.0.32/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = m-city.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEF42BD-6369-4C6C-8189-0676CD17DC30}: NameServer = 10.0.10.2,10.0.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C32898C0-BD7E-4574-8C64-85DBD7AFADD4}: NameServer = 10.0.10.2,10.0.10.1,10.0.0.2
O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999.06.07 17:59:54 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.29 10:48:35 | 000,598,528 | ---- | C] (OldTimer Tools) -- \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe
[2012.08.29 10:44:35 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.08.29 10:13:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Vim 7.3
[2012.08.29 10:12:43 | 000,000,000 | ---D | C] -- C:\Programme\Vim
[2012.08.22 11:11:49 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012.08.22 11:11:47 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.08.22 11:11:47 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.08.22 11:11:47 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.08.20 12:02:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Check Point
[2012.08.20 12:01:51 | 000,000,000 | ---D | C] -- \\MCS-SRV\RedirectedFolders\frank\My Documents\ForceField Shared Files
[2012.08.20 12:01:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\CheckPoint
[2012.08.20 11:58:43 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2012.08.20 11:58:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2012.08.18 14:15:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2012.08.14 23:26:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browser.dll
[2012.08.14 16:55:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Viewer
[2012.08.14 16:55:07 | 000,000,000 | ---D | C] -- C:\Programme\SheetMusicNow
[2012.08.03 12:08:02 | 000,526,640 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.29 16:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.08.29 15:36:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.08.29 11:55:16 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2012.08.29 10:56:10 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.08.29 10:49:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe
[2012.08.28 21:11:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.08.28 12:07:15 | 000,102,400 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\bläsersuchedb1.mdb
[2012.08.28 11:26:37 | 000,002,204 | RHS- | M] () -- C:\Dokumente und Einstellungen\Frank\ntuser.pol
[2012.08.28 11:06:29 | 000,014,462 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2012.08.27 19:37:18 | 145,559,552 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\kundendatenbank2012.mdb
[2012.08.25 19:41:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\sicher.job
[2012.08.24 10:38:41 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.08.24 10:38:01 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.24 09:38:40 | 000,000,188 | ---- | M] () -- C:\WINDOWS\478905b7-cf84-42d3-b378-7896691e777c.xml
[2012.08.24 09:37:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.24 09:09:37 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2012.08.22 11:11:11 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012.08.22 11:11:11 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012.08.22 11:11:11 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.08.22 11:11:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.08.22 11:11:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.08.22 11:11:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.08.20 12:25:15 | 000,415,877 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.08.20 12:02:05 | 000,000,519 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoneAlarm Security.lnk
[2012.08.20 08:02:16 | 001,005,355 | ---- | M] () -- C:\thomann.mbw
[2012.08.19 16:12:29 | 000,000,249 | ---- | M] () -- C:\WINDOWS\Wininit.ini
[2012.08.18 14:15:33 | 000,000,830 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Spybot - Search & Destroy.lnk
[2012.08.18 08:42:29 | 000,417,485 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\voxg1Foto 1.JPG
[2012.08.15 15:54:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.08.15 03:15:29 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.08.15 03:10:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.08.15 01:36:38 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.08.15 01:36:36 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.08.14 16:55:12 | 000,000,793 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Sheet Music Now Viewer.lnk
[2012.08.12 22:18:46 | 000,000,797 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.03 12:08:02 | 000,526,640 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.28 11:28:45 | 000,102,400 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\bläsersuchedb1.mdb
[2012.08.20 12:09:58 | 000,415,877 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.08.20 12:02:05 | 000,000,519 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoneAlarm Security.lnk
[2012.08.20 08:02:16 | 001,005,355 | ---- | C] () -- C:\thomann.mbw
[2012.08.18 14:15:33 | 000,000,830 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Spybot - Search & Destroy.lnk
[2012.08.18 08:42:29 | 000,417,485 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\voxg1Foto 1.JPG
[2012.08.14 16:55:12 | 000,000,793 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Sheet Music Now Viewer.lnk
[2012.08.12 22:18:46 | 000,000,797 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.14 23:16:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.04.14 11:55:25 | 000,023,590 | ---- | C] () -- C:\WINDOWS\RenewUSB.dat
[2011.02.23 18:19:22 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011.02.23 18:19:20 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011.02.23 18:19:20 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011.02.23 18:19:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011.02.23 18:19:15 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011.02.23 18:19:15 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011.02.23 18:19:11 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011.02.23 18:19:03 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011.02.23 18:12:55 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011.02.23 18:04:14 | 000,006,221 | ---- | C] () -- C:\WINDOWS\System32\antispam.ini
[2011.01.27 22:01:34 | 000,000,484 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc
[2011.01.19 16:34:51 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.12.15 04:16:07 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2010.11.22 17:08:59 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.22 11:39:44 | 000,002,204 | RHS- | C] () -- C:\Dokumente und Einstellungen\Frank\ntuser.pol
[2010.11.22 11:27:49 | 000,014,462 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2009.07.02 17:35:32 | 010,440,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2007.04.11 18:32:41 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006.02.08 10:21:14 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
 
========== LOP Check ==========
 
[2006.12.28 15:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2011.08.26 09:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender
[2012.08.20 11:58:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2011.07.19 15:00:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Deutsche Post AG
[2007.11.30 20:35:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay
[2006.11.04 16:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\element5
[2011.03.17 18:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FNET
[2010.11.26 13:30:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG
[2009.05.25 18:03:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HotSync
[2008.06.21 11:37:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Musicnotes
[2009.11.25 14:19:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Printer's Apprentice
[2008.02.01 19:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solero
[2012.07.08 20:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2009.04.11 14:16:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.02.25 15:26:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.03.16 19:46:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.12.13 16:22:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\BitDefender
[2011.05.27 15:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Avery
[2010.12.13 16:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Bitdefender
[2012.08.20 12:01:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\CheckPoint
[2012.04.03 20:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\ElevatedDiagnostics
[2012.05.24 21:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Free Download Manager
[2011.02.11 20:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\GetRightToGo
[2011.06.20 12:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Gutscheinmieze
[2010.11.22 11:41:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\HotSync
[2011.07.06 15:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Nvu
[2011.01.12 00:53:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Opera
[2012.02.11 13:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\SmartStore
[2012.05.09 17:15:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\SolidDocuments
[2011.04.14 16:05:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\TeamViewer
[2011.02.03 18:03:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\TuneUp Software
[2012.04.10 15:28:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\UDC Profiles
[2010.11.22 11:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Windows Small Business Server
[2010.11.22 11:33:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\netadmin\Anwendungsdaten\HotSync
[2010.11.22 11:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\netadmin\Anwendungsdaten\Windows Small Business Server
[2007.11.06 16:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\AD ON Multimedia
[2010.01.25 20:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Crystal Player
[2009.05.04 15:56:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\gtk-2.0
[2009.05.25 17:01:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\HotSync
[2009.05.25 18:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Leadertech
[2005.12.06 12:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Line 6
[2010.09.28 16:50:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Netviewer
[2009.01.17 12:12:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\OfficeUpdate12
[2009.11.25 14:08:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Printer's Apprentice
[2007.04.03 17:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\SmartStore
[2010.11.20 17:31:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\SolidDocuments
[2010.11.22 11:07:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Spamihilator
[2008.08.14 14:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\TeamViewer
[2006.10.23 21:38:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\TuneUp Software
[2010.10.08 12:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\UDC Profiles
[2010.11.22 11:43:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\verkauf.M-CITY\Anwendungsdaten\HotSync
[2010.11.22 11:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\verkauf.M-CITY\Anwendungsdaten\Windows Small Business Server
[2012.08.29 16:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2012.08.25 19:41:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\sicher.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

OTL EXTRA LogOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 29.08.2012 15:39:36 - Run 2
OTL by OldTimer - Version 3.2.59.1     Folder = \\MCS-SRV\RedirectedFolders\frank\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 53,40% Memory free
6,33 Gb Paging File | 4,94 Gb Available in Paging File | 77,95% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 54,99 Gb Total Space | 8,83 Gb Free Space | 16,06% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 2,93 Gb Free Space | 15,01% Space Free | Partition Type: NTFS
Drive E: | 294,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 930,39 Gb Total Space | 800,45 Gb Free Space | 86,03% Space Free | Partition Type: NTFS
Drive Q: | 5496,93 Gb Total Space | 553,88 Gb Free Space | 10,08% Space Free | Partition Type: NTFS
Drive R: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS
Drive S: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS
Drive U: | 232,83 Gb Total Space | 40,67 Gb Free Space | 17,47% Space Free | Partition Type: NTFS
 
Computer Name: MCS-FRANK | User Name: frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]
"Enabled" = 1
"AllowUserPrefMerge" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]
"Enabled" = 1
"AllowUserPrefMerge" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]
"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]
"Enabled" = 1
"RemoteAddresses" = localsubnet
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]
"Enabled" = 1
"RemoteAddresses" = localsubnet
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]
"Enabled" = 1
"RemoteAddresses" = localsubnet
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]
"AllowUserPrefMerge" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]
"AllowUserPrefMerge" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\QNAP\Finder\Finder.exe" = C:\Programme\QNAP\Finder\Finder.exe:*:Enabled:Finder -- ()
"\\mcs-srv\mcs\installs\netviewer\Netviewer_Support.exe" = \\mcs-srv\mcs\installs\netviewer\Netviewer_Support.exe:*:Enabled:Netviewer application
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Programme\UltraVNC\winvnc.exe" = C:\Programme\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)
"C:\Programme\UltraVNC\vncviewer.exe" = C:\Programme\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe" = C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe:*:Enabled:SMBiz5 -- (SmartStore AG)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\Microsoft Office\Office\FRONTPG.EXE" = C:\Programme\Microsoft Office\Office\FRONTPG.EXE:*:Enabled:Microsoft FrontPage -- (Microsoft Corporation)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe" = C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe:*:Enabled:SMBiz5 -- (SmartStore AG)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)
"C:\Programme\BUFFALO\NASNAVI\NasNavi.exe" = C:\Programme\BUFFALO\NASNAVI\NasNavi.exe:*:Enabled:BUFFALO NASNavigator2 -- ()
"C:\Dokumente und Einstellungen\Verkauf\Desktop\Netviewer Service\NV_Support_Berater_DE.exe" = C:\Dokumente und Einstellungen\Verkauf\Desktop\Netviewer Service\NV_Support_Berater_DE.exe:*:Enabled:Netviewer application -- (Netviewer AG)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\Hewlett-Packard\HP Designjet System Maintenance\hp_dj_sme.exe" = C:\Programme\Hewlett-Packard\HP Designjet System Maintenance\hp_dj_sme.exe:*:Enabled:hp designjet system maintenance engine -- (Hewlett Packard)
"C:\Programme\QNAP\Finder\Finder.exe" = C:\Programme\QNAP\Finder\Finder.exe:*:Enabled:Finder -- ()
"C:\Programme\Spamihilator\spamihilator.exe" = C:\Programme\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator
"C:\Programme\Spamihilator\cdcc.exe" = C:\Programme\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration
"C:\Programme\Spamihilator\dccproc.exe" = C:\Programme\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter
"\\Mcs01\mcs_alt\installs\netviewer\NV_Support_Berater_DE.exe" = \\Mcs01\mcs_alt\installs\netviewer\NV_Support_Berater_DE.exe:*:Enabled:NV_Support_Berater_DE.exe
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00120407-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000
"{020CF65F-700F-4E55-AFB7-97024584A2B3}" = Komponenten der Ereigniskommunikation
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B8AE7AF-E2AC-40AB-A1CF-3259101E81E8}" = SmartStore.biz 6
"{0C567C3E-AD5A-4045-97C8-3CF640F10011}" = Netviewer one2one
"{0CD3CFF0-9A22-4CDA-BF1B-FA73C1D8B95B}" = Palm
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{334799B1-527F-475B-AF19-658124E2BE24}" = ZoneAlarm Security
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2975E7-DD28-4145-811A-225140FF87F0}" = Acronis True Image Home
"{41915A51-6F92-4F0E-87C4-8178785B96CC}" = HP Printer Settings Tools
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows-Journal-Viewer
"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent
"{49782B2F-49AE-423D-85D6-4EE7019CEA13}" = HP Easy Printer Care
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}" = USB Display Device (Trigger 1+) 9.10.0526.1259
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC9}" = Multi-Card Reader & Flash Disk
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{894A83F3-19C8-491D-807D-50784DC4EB9F}" = Deutsche Post E-Porto
"{8A0BD487-D185-4316-92CE-9E415C3AC6DB}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{8E8604C4-2979-4A96-99B3-3CBB7DD8C5FA}" = Printer's Apprentice 8.0
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{95720E85-F3FB-4F95-9399-7E3E3E26D7AB}" = hp designjet printer software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F3559-6776-4F67-B46E-5F973B901234}" = ZoneAlarm Antivirus
"{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}" = SolidConverterPDF
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}" = Visual C++ CRT 9.0
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1E98303-102A-46FB-A2D0-3838C3F64DF2}" = Komponenten der Kernkommunikation
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A32A6393-37DA-4E44-BB9F-C4F384F89EB9}" = HP Systemwartung für HP designjet 30 130 series
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AD799836-6B74-419B-A869-C326CA86ECCF}" = ZoneAlarm Firewall
"{B2395631-54D5-481E-B9A8-74B269546F40}" = Visual C++ CRT 8.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BDED922C-5E3A-42A7-B1D2-B21FDD036DB3}" = BitDefender Management Agent
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0A8F64F-36C8-489F-B813-90D60B541D1E}" = Komponenten der Gerätedatenkommunikation
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2231F9E-1ECD-439C-8E74-D966C87F717A}" = DisplayLink Core Software
"{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Komponenten der Betriebssystemkommunikation
"{D7D4E8A4-A08B-4341-A4FE-9E1980C00D2C}" = BitDefender Business Client
"{D91AB4D6-2CA1-4427-91B3-BB31D3C6D4EE}" = SmartStore.biz 5
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1
"{ECB904FE-CB4D-40A4-A884-E278410F0CE1}" = HP Printer Usage Report
"{EEF1D3A1-0ABD-4859-AD93-930773563393}" = PEARL PrintProfi Etiketten
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-Twin 2011-09-27 09.17.18" = Anti-Twin (Installation 27.09.2011)
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"AXIS Media Control" = AXIS Media Control
"BitDefender Business Client" = BitDefender Business Client
"BulkMailer 2012" = BulkMailer 2012 7.0.5
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"dots Pilot 2 Version 2.4" = dots Pilot 2 Version 2.4
"ESET Online Scanner" = ESET Online Scanner v3
"Finale NotePad 2006" = Finale NotePad 2006
"Finale NotePad 2008" = Finale NotePad 2008
"FinePrint" = FinePrint
"FinePrint (5.x)" = FinePrint (5.x)
"Format Konverter" = Format Konverter
"Free Download Manager_is1" = Free Download Manager 3.8
"FuzzyDupes" = FuzzyDupes 7.0.2
"getPlus(R)_dll" = getPlus(R)_dll
"HP Easy Printer Care" = HP Easy Printer Care
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Zweckform Assistent 2.5
"IrfanView" = IrfanView (remove only)
"JDSecure" = JD Secure 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"mEye_JIB" = mEye_JIB_2 2.0.0.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultipleIEs_is1" = MultipleIEs
"MySpaceIM" = MySpaceIM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"Opera 12.01.1532" = Opera 12.01
"PalmSource Package Installer" = PalmSource Package Installer 1.5
"pdfFactory Pro" = pdfFactory Pro
"Player" = QNAP Player
"PrintKey2000" = PrintKey2000
"PSRUTI" = PSRUTI (remove only)
"QNAP_FINDER" = QNAP Finder
"QNAPDecoder" = QNAP Decoder
"QNAPVioStorMonitor" = QNAP Web Monitor Component
"Samsung CLP-510 Series" = Samsung CLP-510 Series
"ScanExpress A3 USB v1.4" = ScanExpress A3 USB v1.4
"Sheet Music Now Viewer_is1" = Sheet Music Now Viewer 8.3.2.0
"ShockwaveFlash" = Macromedia Flash Player 8
"SiS 661FX_760_741_M661FX_M760_M741" = SiS 661FX_760_741_M661FX_M760_M741
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Solero Music Viewer_is1" = Solero Music Viewer 8.0.32.2
"ST5UNST #1" = Au2Email 3
"ST6UNST #1" = MusicFinderView
"Ultravnc2_is1" = UltraVnc
"UN060501" = BUFFALO NAS Navigator
"UN080307" = BUFFALO LinkStation(LS-WTGL/R1) Setup Guide
"Universal Document Converter_is1" = Universal Document Converter Server Edition
"Vim 7.3" = Vim 7.3 (self-installing)
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WinZip Companion for Outlook" = WinZip Companion for Outlook
"XFastUsb" = XFastUsb
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HPCLJ8500TypicalKey" = Deinst. - HP CLJ 8500-Standardversion
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2012 00:01:53 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073
Description = 
 
Error - 29.08.2012 01:11:27 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073
Description = 
 
Error - 29.08.2012 01:11:27 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073
Description = 
 
Error - 29.08.2012 01:48:19 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073
Description = 
 
Error - 29.08.2012 01:48:20 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073
Description = 
 
Error - 29.08.2012 02:10:33 | Computer Name = MCS-FRANK | Source = ESENT | ID = 439
Description = services (1264) Die Shadowkopfzeile für Datei C:\WINDOWS\Security\tmp.edb
 konnte nicht geschrieben werden. Fehler -1808.
 
Error - 29.08.2012 02:51:56 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073
Description = 
 
Error - 29.08.2012 02:51:56 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073
Description = 
 
Error - 29.08.2012 03:21:47 | Computer Name = MCS-FRANK | Source = ESENT | ID = 439
Description = wuauclt (5168) Die Shadowkopfzeile für Datei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
 konnte nicht geschrieben werden. Fehler -1808.
 
Error - 29.08.2012 03:51:38 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073
Description = 
 
[ System Events ]
Error - 24.08.2012 03:39:14 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 3" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%5
 
Error - 24.08.2012 03:40:17 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfsfltr" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 24.08.2012 03:40:21 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 24.08.2012 03:40:21 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 24.08.2012 03:40:21 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 26.08.2012 08:37:19 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7009
Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Adobe
 Flash Player Update Service.
 
Error - 26.08.2012 08:37:19 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 28.08.2012 03:18:44 | Computer Name = MCS-FRANK | Source = DCOM | ID = 10010
Description = Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 28.08.2012 18:33:00 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7034
Description = Dienst "BitDefender Desktop Update Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 29.08.2012 03:33:01 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7034
Description = Dienst "BitDefender Desktop Update Service" wurde unerwartet beendet.
 Dies ist bereits 2 Mal passiert.
 
 
< End of report >
         
--- --- ---
__________________

Alt 29.08.2012, 18:16   #4
t'john
/// Helfer-Team
 
Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .. - Standard

Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..





Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
DRV - (WDICA) -- File not found 
DRV - (PDRFRAME) -- File not found 
DRV - (PDRELI) -- File not found 
DRV - (PDFRAME) -- File not found 
DRV - (PDCOMP) -- File not found 
DRV - (PCIDump) -- File not found 
DRV - (PAC7302) -- system32\DRIVERS\PAC7302.SYS File not found 
DRV - (lbrtfdc) -- File not found 
DRV - (L6PODLV) -- System32\Drivers\L6PODLV.sys File not found 
DRV - (IIUSBISP) -- System32\Drivers\iiusbisp.sys File not found 
DRV - (i2omgmt) -- File not found 
DRV - (FTD2XX) -- System32\Drivers\FTD2XX.sys File not found 
DRV - (EVOLUSB) -- system32\drivers\evolusb.sys File not found 
DRV - (Changer) -- File not found 
DRV - (bdfsfltr) -- Reg Error: Invalid data type. File not found 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie 
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes,DefaultScope = {40A86AD6-695B-44A7-8741-4192D52B2491} 
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE 
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{40A86AD6-695B-44A7-8741-4192D52B2491}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG_de 
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} 
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC 
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=290412_4_ctrl&babsrc=SP_ss&mntrId=d4479e0900000000000000252276520a 
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 
FF - prefs.js..browser.startup.homepage: "http://www.google.de" 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 
FF - prefs.js..extensions.enabledItems: netviewero2o@netviewero2o:1.0 
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 
FF - prefs.js..extensions.enabledItems: adonis.cuhk@gmail.com:1.8 
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 
FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.04.20110724 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0 
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) 
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) 
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 
O3 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. 
O3 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () 
O3 - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) 
O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe () 
O4 - HKLM..\Run: [ISW] File not found 
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found 
O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) 
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe () 
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe () 
O4 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe" File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1 
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} http://download.ebay.com/turbo_lister/DE/install.cab (Reg Error: Key error.) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) 
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) 
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) 
O32 - HKLM CDRom: AutoRun - 1 
O32 - AutoRun File - [1999.06.07 17:59:54 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] 
 
:Files

C:\Users\frank\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\frank\AppData\Local\Temp\*.exe
C:\Users\frank\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 30.08.2012, 11:52   #5
frankmusik
 
Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .. - Standard

Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..



DANKE t´John

System ist zwar beim Fixen eingefroren, aber nach RESET gut gestartet.

Was mir gleich auffiel MB machte nicht mehr die LOGS ... (das hatte heute morgen schon wieder 1.3GB) sprich wollte wohl nicht wieder "nach Hause telefonieren".

Hier mal die OTL Logs.

DANKE für drüberkucken ob das jetzt alles wieder fein ist.
gruß frankOTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 30.08.2012 11:50:11 - Run 3
OTL by OldTimer - Version 3.2.59.1     Folder = \\MCS-SRV\RedirectedFolders\frank\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 52,46% Memory free
6,33 Gb Paging File | 4,86 Gb Available in Paging File | 76,71% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 54,99 Gb Total Space | 5,71 Gb Free Space | 10,39% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 2,93 Gb Free Space | 15,01% Space Free | Partition Type: NTFS
Drive E: | 294,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 930,39 Gb Total Space | 800,45 Gb Free Space | 86,03% Space Free | Partition Type: NTFS
Drive Q: | 5496,93 Gb Total Space | 550,91 Gb Free Space | 10,02% Space Free | Partition Type: NTFS
Drive R: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS
Drive S: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS
Drive U: | 232,83 Gb Total Space | 39,58 Gb Free Space | 17,00% Space Free | Partition Type: NTFS
 
Computer Name: MCS-FRANK | User Name: frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\QNAP\Finder\Finder.exe" = C:\Programme\QNAP\Finder\Finder.exe:*:Enabled:Finder -- ()
"\\mcs-srv\mcs\installs\netviewer\Netviewer_Support.exe" = \\mcs-srv\mcs\installs\netviewer\Netviewer_Support.exe:*:Enabled:Netviewer application
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Programme\UltraVNC\winvnc.exe" = C:\Programme\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)
"C:\Programme\UltraVNC\vncviewer.exe" = C:\Programme\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe" = C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe:*:Enabled:SMBiz5 -- (SmartStore AG)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\Microsoft Office\Office\FRONTPG.EXE" = C:\Programme\Microsoft Office\Office\FRONTPG.EXE:*:Enabled:Microsoft FrontPage -- (Microsoft Corporation)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe" = C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe:*:Enabled:SMBiz5 -- (SmartStore AG)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)
"C:\Programme\BUFFALO\NASNAVI\NasNavi.exe" = C:\Programme\BUFFALO\NASNAVI\NasNavi.exe:*:Enabled:BUFFALO NASNavigator2 -- ()
"C:\Dokumente und Einstellungen\Verkauf\Desktop\Netviewer Service\NV_Support_Berater_DE.exe" = C:\Dokumente und Einstellungen\Verkauf\Desktop\Netviewer Service\NV_Support_Berater_DE.exe:*:Enabled:Netviewer application -- (Netviewer AG)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\Hewlett-Packard\HP Designjet System Maintenance\hp_dj_sme.exe" = C:\Programme\Hewlett-Packard\HP Designjet System Maintenance\hp_dj_sme.exe:*:Enabled:hp designjet system maintenance engine -- (Hewlett Packard)
"C:\Programme\QNAP\Finder\Finder.exe" = C:\Programme\QNAP\Finder\Finder.exe:*:Enabled:Finder -- ()
"C:\Programme\Spamihilator\spamihilator.exe" = C:\Programme\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator
"C:\Programme\Spamihilator\cdcc.exe" = C:\Programme\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration
"C:\Programme\Spamihilator\dccproc.exe" = C:\Programme\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter
"\\Mcs01\mcs_alt\installs\netviewer\NV_Support_Berater_DE.exe" = \\Mcs01\mcs_alt\installs\netviewer\NV_Support_Berater_DE.exe:*:Enabled:NV_Support_Berater_DE.exe
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00120407-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000
"{020CF65F-700F-4E55-AFB7-97024584A2B3}" = Komponenten der Ereigniskommunikation
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B8AE7AF-E2AC-40AB-A1CF-3259101E81E8}" = SmartStore.biz 6
"{0C567C3E-AD5A-4045-97C8-3CF640F10011}" = Netviewer one2one
"{0CD3CFF0-9A22-4CDA-BF1B-FA73C1D8B95B}" = Palm
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{334799B1-527F-475B-AF19-658124E2BE24}" = ZoneAlarm Security
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2975E7-DD28-4145-811A-225140FF87F0}" = Acronis*True*Image*Home
"{41915A51-6F92-4F0E-87C4-8178785B96CC}" = HP Printer Settings Tools
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows-Journal-Viewer
"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent
"{49782B2F-49AE-423D-85D6-4EE7019CEA13}" = HP Easy Printer Care
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}" = USB Display Device (Trigger 1+) 9.10.0526.1259
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC9}" = Multi-Card Reader & Flash Disk
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{894A83F3-19C8-491D-807D-50784DC4EB9F}" = Deutsche Post E-Porto
"{8A0BD487-D185-4316-92CE-9E415C3AC6DB}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{8E8604C4-2979-4A96-99B3-3CBB7DD8C5FA}" = Printer's Apprentice 8.0
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{95720E85-F3FB-4F95-9399-7E3E3E26D7AB}" = hp designjet printer software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F3559-6776-4F67-B46E-5F973B901234}" = ZoneAlarm Antivirus
"{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}" = SolidConverterPDF
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}" = Visual C++ CRT 9.0
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1E98303-102A-46FB-A2D0-3838C3F64DF2}" = Komponenten der Kernkommunikation
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A32A6393-37DA-4E44-BB9F-C4F384F89EB9}" = HP Systemwartung für HP designjet 30 130 series
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AD799836-6B74-419B-A869-C326CA86ECCF}" = ZoneAlarm Firewall
"{B2395631-54D5-481E-B9A8-74B269546F40}" = Visual C++ CRT 8.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BDED922C-5E3A-42A7-B1D2-B21FDD036DB3}" = BitDefender Management Agent
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0A8F64F-36C8-489F-B813-90D60B541D1E}" = Komponenten der Gerätedatenkommunikation
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2231F9E-1ECD-439C-8E74-D966C87F717A}" = DisplayLink Core Software
"{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Komponenten der Betriebssystemkommunikation
"{D7D4E8A4-A08B-4341-A4FE-9E1980C00D2C}" = BitDefender Business Client
"{D91AB4D6-2CA1-4427-91B3-BB31D3C6D4EE}" = SmartStore.biz 5
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1
"{ECB904FE-CB4D-40A4-A884-E278410F0CE1}" = HP Printer Usage Report
"{EEF1D3A1-0ABD-4859-AD93-930773563393}" = PEARL PrintProfi Etiketten
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-Twin 2011-09-27 09.17.18" = Anti-Twin (Installation 27.09.2011)
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"AXIS Media Control" = AXIS Media Control
"BitDefender Business Client" = BitDefender Business Client
"BulkMailer 2012" = BulkMailer 2012 7.0.5
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"dots Pilot 2 Version 2.4" = dots Pilot 2 Version 2.4
"ESET Online Scanner" = ESET Online Scanner v3
"Finale NotePad 2006" = Finale NotePad 2006
"Finale NotePad 2008" = Finale NotePad 2008
"FinePrint" = FinePrint
"FinePrint (5.x)" = FinePrint (5.x)
"Format Konverter" = Format Konverter
"Free Download Manager_is1" = Free Download Manager 3.8
"FuzzyDupes" = FuzzyDupes 7.0.2
"getPlus(R)_dll" = getPlus(R)_dll
"HP Easy Printer Care" = HP Easy Printer Care
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Zweckform Assistent 2.5
"IrfanView" = IrfanView (remove only)
"JDSecure" = JD Secure 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"mEye_JIB" = mEye_JIB_2 2.0.0.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultipleIEs_is1" = MultipleIEs
"MySpaceIM" = MySpaceIM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"Opera 12.01.1532" = Opera 12.01
"PalmSource Package Installer" = PalmSource Package Installer 1.5
"pdfFactory Pro" = pdfFactory Pro
"Player" = QNAP Player
"PrintKey2000" = PrintKey2000
"PSRUTI" = PSRUTI (remove only)
"QNAP_FINDER" = QNAP Finder
"QNAPDecoder" = QNAP Decoder
"QNAPVioStorMonitor" = QNAP Web Monitor Component
"Samsung CLP-510 Series" = Samsung CLP-510 Series
"ScanExpress A3 USB v1.4" = ScanExpress A3 USB v1.4
"Sheet Music Now Viewer_is1" = Sheet Music Now Viewer 8.3.2.0
"ShockwaveFlash" = Macromedia Flash Player 8
"SiS 661FX_760_741_M661FX_M760_M741" = SiS 661FX_760_741_M661FX_M760_M741
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Solero Music Viewer_is1" = Solero Music Viewer 8.0.32.2
"ST5UNST #1" = Au2Email 3
"ST6UNST #1" = MusicFinderView
"Ultravnc2_is1" = UltraVnc
"UN060501" = BUFFALO NAS Navigator
"UN080307" = BUFFALO LinkStation(LS-WTGL/R1) Setup Guide
"Universal Document Converter_is1" = Universal Document Converter Server Edition
"Vim 7.3" = Vim 7.3 (self-installing)
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WinZip Companion for Outlook" = WinZip Companion for Outlook
"XFastUsb" = XFastUsb
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HPCLJ8500TypicalKey" = Deinst. - HP CLJ 8500-Standardversion
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.08.2012 02:10:33 | Computer Name = MCS-FRANK | Source = ESENT | ID = 439
Description = services (1264) Die Shadowkopfzeile für Datei C:\WINDOWS\Security\tmp.edb
 konnte nicht geschrieben werden. Fehler -1808.
 
Error - 29.08.2012 02:51:56 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073
Description = 
 
Error - 29.08.2012 02:51:56 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073
Description = 
 
Error - 29.08.2012 03:21:47 | Computer Name = MCS-FRANK | Source = ESENT | ID = 439
Description = wuauclt (5168) Die Shadowkopfzeile für Datei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb
 konnte nicht geschrieben werden. Fehler -1808.
 
Error - 29.08.2012 03:51:38 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073
Description = 
 
Error - 30.08.2012 05:29:19 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={54A2042D-FDA4-46CA-9A52-7AFF036C401C},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
Error - 30.08.2012 05:29:19 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={5D189CC2-EB49-4527-9827-DEA473D88771},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
Error - 30.08.2012 05:29:19 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={7B3D7DA3-65A4-4947-B548-99483C439C8F},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
Error - 30.08.2012 05:29:31 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={7B3D7DA3-65A4-4947-B548-99483C439C8F},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
Error - 30.08.2012 05:29:31 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={B4BD95A7-23E7-4227-A9E2-F038E8BF4A62},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
[ System Events ]
Error - 30.08.2012 03:47:35 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist
 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden
 durchgeführt: Starten Sie den Dienst neu..
 
Error - 30.08.2012 03:47:35 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7031
Description = Der Dienst "BitDefender Management Agent" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000
 Millisekunden durchgeführt: Starten Sie den Dienst neu..
 
Error - 30.08.2012 03:47:35 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7034
Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits
 1 Mal passiert.
 
Error - 30.08.2012 03:49:36 | Computer Name = MCS-FRANK | Source = DCOM | ID = 10010
Description = Der Server "{11295F3A-321C-4813-A349-FE4659E603A0}" konnte innerhalb
 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.
 
Error - 30.08.2012 05:28:41 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerk-DDE-Dienst" ist vom Dienst "Netzwerk-DDE-Serverdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 30.08.2012 05:28:41 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 3" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%5
 
Error - 30.08.2012 05:30:53 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfsfltr" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 30.08.2012 05:30:57 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 30.08.2012 05:30:57 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 30.08.2012 05:30:57 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
 
< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 30.08.2012 11:50:11 - Run 3
OTL by OldTimer - Version 3.2.59.1     Folder = \\MCS-SRV\RedirectedFolders\frank\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 52,46% Memory free
6,33 Gb Paging File | 4,86 Gb Available in Paging File | 76,71% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 54,99 Gb Total Space | 5,71 Gb Free Space | 10,39% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 2,93 Gb Free Space | 15,01% Space Free | Partition Type: NTFS
Drive E: | 294,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 930,39 Gb Total Space | 800,45 Gb Free Space | 86,03% Space Free | Partition Type: NTFS
Drive Q: | 5496,93 Gb Total Space | 550,91 Gb Free Space | 10,02% Space Free | Partition Type: NTFS
Drive R: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS
Drive S: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS
Drive U: | 232,83 Gb Total Space | 39,58 Gb Free Space | 17,00% Space Free | Partition Type: NTFS
 
Computer Name: MCS-FRANK | User Name: frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()
PRC - C:\Programme\BitDefender\BitDefender 2008\bdagent.exe (BitDefender)
PRC - C:\Programme\BitDefender\BitDefender 2008\vsserv.exe (BitDefender)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\UltraVNC\winvnc.exe (UltraVNC)
PRC - C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Management Agent\bdemagent.exe (BitDefender)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe (DisplayLink Corp.)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe (DisplayLink Corp.)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
PRC - C:\WINDOWS\system32\LxrJD31s.exe ()
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\U2VSvr.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)
PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe (FinePrint Software, LLC)
PRC - C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\Gtwatch.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()
MOD - \\?\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\av32bit_ent_25856\avxdisk.dll ()
MOD - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()
MOD - C:\Programme\BitDefender\BitDefender 2008\bdfltlib.dll ()
MOD - c:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\smartscn.dll ()
MOD - \\?\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\trufos.dll ()
MOD - C:\WINDOWS\system32\LxrJD31s.exe ()
MOD - C:\WINDOWS\system32\U2VSvr.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\BitDefender\BitDefender 2008\libexpatw.dll ()
MOD - C:\Programme\Gemeinsame Dateien\Acronis\Common\gc.dll ()
MOD - C:\Programme\Adobe\Acrobat 6.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\Gtwatch.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (TeamViewer) -- \MCS-SRV\RedirectedFolders\frank\temp\TeamViewer3\TeamViewer_Host.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LIVESRV) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()
SRV - (VSSERV) -- C:\Programme\BitDefender\BitDefender 2008\vsserv.exe (BitDefender)
SRV - (scan) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\scan.dll (BitDefender)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (uvnc_service) -- C:\Programme\UltraVNC\winvnc.exe (UltraVNC)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (BitDefender Management Agent) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Management Agent\bdemagent.exe (BitDefender)
SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (LxrJD31s) -- C:\WINDOWS\System32\LxrJD31s.exe ()
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (U2VSvr) -- C:\WINDOWS\system32\U2VSvr.exe ()
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (NasPmService) -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
SRV - (XCOMM) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)
SRV - (FolderSize) -- C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (WmcCds) -- c:\Programme\Windows Media Connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs) -- C:\Programme\Windows Media Connect\mswmcls.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (PAC7302) -- system32\DRIVERS\PAC7302.SYS File not found
DRV - (lbrtfdc) --  File not found
DRV - (L6PODLV) -- System32\Drivers\L6PODLV.sys File not found
DRV - (IIUSBISP) -- System32\Drivers\iiusbisp.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (FTD2XX) -- System32\Drivers\FTD2XX.sys File not found
DRV - (EVOLUSB) -- system32\drivers\evolusb.sys File not found
DRV - (Changer) --  File not found
DRV - (bdfsfltr) -- Reg Error: Invalid data type. File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (CardReaderFilter) -- C:\WINDOWS\system32\drivers\USBCRFT.SYS (ICSI Technology Ltd.)
DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender SRL)
DRV - (BDSelfPr) -- C:\Programme\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender LLC)
DRV - (bdftdif) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (trufos) -- C:\WINDOWS\system32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (mv2) -- C:\WINDOWS\system32\drivers\mv2.sys (UVNC BVBA)
DRV - (FNETTBOH_305) -- C:\WINDOWS\system32\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV - (FNETURPX) -- C:\WINDOWS\system32\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV - (AsrAppCharger) -- C:\WINDOWS\system32\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)
DRV - (DisplayLinkGA) -- C:\WINDOWS\system32\drivers\DisplayLinkGAport.sys (DisplayLink Corp.)
DRV - (DisplayLinkmirror) -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys (DisplayLink Corp.)
DRV - (DisplayLinkFilter) -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys (DisplayLink Corp.)
DRV - (DisplayLinkUsbPort) -- C:\WINDOWS\system32\drivers\DisplayLinkUsbPort_5.2.24075.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (LxrJD31d) -- C:\WINDOWS\system32\drivers\LxrJD31d.sys ()
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (AMBFilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (T1PMrGrp) -- C:\WINDOWS\system32\drivers\T1PMrGrp.sys (Magic Control Technology Corp.)
DRV - (T1PExGrp) -- C:\WINDOWS\system32\drivers\T1PExGrp.sys (Magic Control Technology Corp.)
DRV - (t1pusb) -- C:\WINDOWS\system32\drivers\t1pusb.sys (Magic Control Technology Corp.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys (SiSoftware)
DRV - (MonFilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (UFBFilte) -- C:\WINDOWS\system32\drivers\UFBFilte.sys (www.winchiphead.com)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (YMIDUSB) -- C:\WINDOWS\system32\drivers\ymidusb.sys (YAMAHA Corporation)
DRV - (RDID1009) -- C:\WINDOWS\system32\drivers\Rdwm1009.sys (Roland Corporation)
DRV - (L6SeaMonkDev) -- C:\WINDOWS\system32\drivers\L6SM.sys (Line 6)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (GT681x) -- C:\WINDOWS\system32\drivers\gt681x.sys (   )
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de
 
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://10.0.10.109/cgi-bin/enter.cgi
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 64 59 0D 27 EB CC 01  [binary data]
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=290412_4_ctrl&babsrc=SP_ss&mntrId=d4479e0900000000000000252276520a
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: netviewero2o@netviewero2o:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: adonis.cuhk@gmail.com:1.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.04.20110724
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\palmOne\PACKAG~1\NPInstal.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netviewero2o@netviewero2o: C:\Programme\Netviewer\one2one\Plugin\FF plugin\ffone2one [2008.01.29 13:23:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.08.20 12:01:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.30 11:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.22 11:11:49 | 000,000,000 | ---D | M]
 
[2010.11.22 19:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Extensions
[2012.08.30 11:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions
[2011.01.28 18:26:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.23 14:25:35 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.10.07 09:13:25 | 000,000,000 | ---D | M] (Google Docs Viewer) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\adonis.cuhk@gmail.com
[2011.08.20 15:37:51 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\coralietab@mozdev.org
[2012.08.22 11:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.22 11:11:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.08.30 11:41:57 | 000,159,657 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRANK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y7Z9VVYH.DEFAULT\EXTENSIONS\NOTREAL.CCOPTIONS@ENVIRONMENTALCHEMISTRY.COM.XPI
[2012.07.11 08:25:40 | 000,163,080 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRANK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y7Z9VVYH.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2012.08.30 11:40:55 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2008.06.21 11:37:07 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Programme\mozilla firefox\plugins\npmusicn.dll
[2009.04.29 14:13:48 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll
[2009.08.09 01:30:36 | 000,107,760 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2012.01.02 14:59:23 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.09 12:15:18 | 000,002,356 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.08.30 11:40:21 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2008.04.07 13:30:00 | 000,000,917 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\conduit.xml
[2012.01.02 14:59:23 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.02 14:59:23 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.02 14:59:23 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.02 14:59:23 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.30 15:57:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2008\ietoolbar.dll (BitDefender)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] C:\Programme\BitDefender\BitDefender 2008\bdagent.exe (BitDefender)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Programme\BitDefender\BitDefender 2008\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\CMICNFG.CPL (C-Media Corporation)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe ()
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [XFastUsb] C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-18413201-578950046-47629304-1154..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Verkauf\Startmenü\Programme\Autostart\AOM.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Web\AOM.exe (Adobe Systems, Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\Verkauf\Startmenü\Programme\Autostart\Spamihilator.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} hxxp://download.ebay.com/turbo_lister/DE/install.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232184983201 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1314978076284 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} hxxp://10.0.0.30/activex/AMC.cab (AxisMediaControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://10.0.0.32/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = m-city.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEF42BD-6369-4C6C-8189-0676CD17DC30}: NameServer = 10.0.10.2,10.0.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C32898C0-BD7E-4574-8C64-85DBD7AFADD4}: NameServer = 10.0.10.2,10.0.10.1,10.0.0.2
O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999.06.07 17:59:54 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.30 11:37:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.08.29 10:48:35 | 000,598,528 | ---- | C] (OldTimer Tools) -- \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe
[2012.08.29 10:13:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Vim 7.3
[2012.08.29 10:12:43 | 000,000,000 | ---D | C] -- C:\Programme\Vim
[2012.08.22 11:11:49 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012.08.22 11:11:47 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.08.22 11:11:47 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.08.22 11:11:47 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.08.20 12:02:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Check Point
[2012.08.20 12:01:51 | 000,000,000 | ---D | C] -- \\MCS-SRV\RedirectedFolders\frank\My Documents\ForceField Shared Files
[2012.08.20 12:01:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\CheckPoint
[2012.08.20 11:58:43 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2012.08.20 11:58:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2012.08.18 14:15:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2012.08.14 23:26:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browser.dll
[2012.08.14 16:55:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Viewer
[2012.08.14 16:55:07 | 000,000,000 | ---D | C] -- C:\Programme\SheetMusicNow
[2012.08.03 12:08:02 | 000,526,640 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.30 12:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.08.30 11:48:32 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.08.30 11:48:31 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.08.30 11:48:31 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.08.30 11:32:58 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.08.30 11:32:05 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2012.08.30 11:30:53 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.08.30 11:29:34 | 000,001,368 | RHS- | M] () -- C:\Dokumente und Einstellungen\Frank\ntuser.pol
[2012.08.30 11:29:28 | 000,008,964 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2012.08.30 11:28:12 | 000,000,188 | ---- | M] () -- C:\WINDOWS\478905b7-cf84-42d3-b378-7896691e777c.xml
[2012.08.30 11:27:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.08.29 19:41:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\sicher.job
[2012.08.29 10:49:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe
[2012.08.28 21:11:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.08.28 12:07:15 | 000,102,400 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\bläsersuchedb1.mdb
[2012.08.27 19:37:18 | 145,559,552 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\kundendatenbank2012.mdb
[2012.08.24 09:09:37 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2012.08.22 11:11:11 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012.08.22 11:11:11 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012.08.22 11:11:11 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.08.22 11:11:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.08.22 11:11:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.08.22 11:11:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.08.20 12:25:15 | 000,415,877 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.08.20 12:02:05 | 000,000,519 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoneAlarm Security.lnk
[2012.08.20 08:02:16 | 001,005,355 | ---- | M] () -- C:\thomann.mbw
[2012.08.19 16:12:29 | 000,000,249 | ---- | M] () -- C:\WINDOWS\Wininit.ini
[2012.08.18 14:15:33 | 000,000,830 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Spybot - Search & Destroy.lnk
[2012.08.18 08:42:29 | 000,417,485 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\voxg1Foto 1.JPG
[2012.08.15 15:54:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.08.15 03:15:29 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.08.15 03:10:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.08.14 16:55:12 | 000,000,793 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Sheet Music Now Viewer.lnk
[2012.08.12 22:18:46 | 000,000,797 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.03 12:08:02 | 000,526,640 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.28 11:28:45 | 000,102,400 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\bläsersuchedb1.mdb
[2012.08.20 12:09:58 | 000,415,877 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.08.20 12:02:05 | 000,000,519 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoneAlarm Security.lnk
[2012.08.20 08:02:16 | 001,005,355 | ---- | C] () -- C:\thomann.mbw
[2012.08.18 14:15:33 | 000,000,830 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Spybot - Search & Destroy.lnk
[2012.08.18 08:42:29 | 000,417,485 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\voxg1Foto 1.JPG
[2012.08.14 16:55:12 | 000,000,793 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Sheet Music Now Viewer.lnk
[2012.08.12 22:18:46 | 000,000,797 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.14 23:16:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.04.14 11:55:25 | 000,023,590 | ---- | C] () -- C:\WINDOWS\RenewUSB.dat
[2011.02.23 18:19:22 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011.02.23 18:19:20 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011.02.23 18:19:20 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011.02.23 18:19:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011.02.23 18:19:15 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011.02.23 18:19:15 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011.02.23 18:19:11 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011.02.23 18:19:03 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011.02.23 18:12:55 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011.02.23 18:04:14 | 000,006,221 | ---- | C] () -- C:\WINDOWS\System32\antispam.ini
[2011.01.27 22:01:34 | 000,000,484 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc
[2011.01.19 16:34:51 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.12.15 04:16:07 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2010.11.22 17:08:59 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.22 11:39:44 | 000,001,368 | RHS- | C] () -- C:\Dokumente und Einstellungen\Frank\ntuser.pol
[2010.11.22 11:27:49 | 000,008,964 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2009.07.02 17:35:32 | 010,440,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2007.04.11 18:32:41 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006.02.08 10:21:14 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
 
========== LOP Check ==========
 
[2006.12.28 15:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2011.08.26 09:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender
[2012.08.20 11:58:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2011.07.19 15:00:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Deutsche Post AG
[2007.11.30 20:35:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay
[2006.11.04 16:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\element5
[2011.03.17 18:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FNET
[2010.11.26 13:30:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG
[2009.05.25 18:03:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HotSync
[2008.06.21 11:37:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Musicnotes
[2009.11.25 14:19:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Printer's Apprentice
[2008.02.01 19:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solero
[2012.07.08 20:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2009.04.11 14:16:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.02.25 15:26:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.03.16 19:46:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.12.13 16:22:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\BitDefender
[2011.05.27 15:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Avery
[2010.12.13 16:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Bitdefender
[2012.08.20 12:01:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\CheckPoint
[2012.04.03 20:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\ElevatedDiagnostics
[2012.05.24 21:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Free Download Manager
[2011.02.11 20:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\GetRightToGo
[2011.06.20 12:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Gutscheinmieze
[2010.11.22 11:41:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\HotSync
[2011.07.06 15:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Nvu
[2011.01.12 00:53:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Opera
[2012.02.11 13:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\SmartStore
[2012.05.09 17:15:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\SolidDocuments
[2011.04.14 16:05:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\TeamViewer
[2011.02.03 18:03:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\TuneUp Software
[2012.04.10 15:28:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\UDC Profiles
[2010.11.22 11:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Windows Small Business Server
[2010.11.22 11:33:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\netadmin\Anwendungsdaten\HotSync
[2010.11.22 11:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\netadmin\Anwendungsdaten\Windows Small Business Server
[2007.11.06 16:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\AD ON Multimedia
[2010.01.25 20:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Crystal Player
[2009.05.04 15:56:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\gtk-2.0
[2009.05.25 17:01:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\HotSync
[2009.05.25 18:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Leadertech
[2005.12.06 12:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Line 6
[2010.09.28 16:50:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Netviewer
[2009.01.17 12:12:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\OfficeUpdate12
[2009.11.25 14:08:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Printer's Apprentice
[2007.04.03 17:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\SmartStore
[2010.11.20 17:31:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\SolidDocuments
[2010.11.22 11:07:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Spamihilator
[2008.08.14 14:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\TeamViewer
[2006.10.23 21:38:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\TuneUp Software
[2010.10.08 12:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\UDC Profiles
[2010.11.22 11:43:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\verkauf.M-CITY\Anwendungsdaten\HotSync
[2010.11.22 11:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\verkauf.M-CITY\Anwendungsdaten\Windows Small Business Server
[2012.08.30 12:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2012.08.29 19:41:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\sicher.job

< End of report >
         
--- --- ---


Alt 30.08.2012, 19:48   #6
t'john
/// Helfer-Team
 
Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .. - Standard

Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..



Fuehre den Fix aus!

Anleitung beachten!
__________________
--> Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..

Alt 06.09.2012, 09:28   #7
frankmusik
 
Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .. - Standard

Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..



Sorry t´john ...
ich mußte 2 mal den Scan abbrechen ..und der MB dauerte auch noch über 40h ....

Habe den FIX nochmal ausgeführt, dieses mal kamen Meldungn .. "kann nicht gefunden werden ... " d.h. beim ersten FIX liefen wohl Teile durch.

Aber jetzt ALLE Protokolle ganz frisch.

DANKE für prüfen ob ich "sauber" bin.

gruß frank


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.29.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
frank :: MCS-FRANK [Administrator]

Schutz: Aktiviert

03.09.2012 18:49:07
mbam-log-2012-09-03 (18-49-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|Q:\|R:\|S:\|U:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 997165
Laufzeit: 2 Tag(en), 9 Stunde(n), 40 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 06.09.2012 10:05:54 - Run 5
OTL by OldTimer - Version 3.2.59.1     Folder = \\MCS-SRV\RedirectedFolders\frank\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 48,30% Memory free
6,33 Gb Paging File | 4,67 Gb Available in Paging File | 73,76% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 54,99 Gb Total Space | 13,15 Gb Free Space | 23,91% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 2,93 Gb Free Space | 15,01% Space Free | Partition Type: NTFS
Drive E: | 294,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 930,39 Gb Total Space | 814,85 Gb Free Space | 87,58% Space Free | Partition Type: NTFS
Drive Q: | 5496,93 Gb Total Space | 2374,24 Gb Free Space | 43,19% Space Free | Partition Type: NTFS
Drive R: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS
Drive S: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS
Drive U: | 232,83 Gb Total Space | 39,87 Gb Free Space | 17,12% Space Free | Partition Type: NTFS
 
Computer Name: MCS-FRANK | User Name: frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"UpdatesDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
"5900:TCP" = 5900:TCP:*:Enabled:vnc5900
"5800:TCP" = 5800:TCP:*:Enabled:vnc5800
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015
"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016
"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)
"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"C:\Programme\QNAP\Finder\Finder.exe" = C:\Programme\QNAP\Finder\Finder.exe:*:Enabled:Finder -- ()
"\\mcs-srv\mcs\installs\netviewer\Netviewer_Support.exe" = \\mcs-srv\mcs\installs\netviewer\Netviewer_Support.exe:*:Enabled:Netviewer application
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Programme\UltraVNC\winvnc.exe" = C:\Programme\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)
"C:\Programme\UltraVNC\vncviewer.exe" = C:\Programme\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)
"C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe" = C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe:*:Enabled:SMBiz5 -- (SmartStore AG)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\Microsoft Office\Office\FRONTPG.EXE" = C:\Programme\Microsoft Office\Office\FRONTPG.EXE:*:Enabled:Microsoft FrontPage -- (Microsoft Corporation)
"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)
"C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe" = C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe:*:Enabled:SMBiz5 -- (SmartStore AG)
"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)
"C:\Programme\BUFFALO\NASNAVI\NasNavi.exe" = C:\Programme\BUFFALO\NASNAVI\NasNavi.exe:*:Enabled:BUFFALO NASNavigator2 -- ()
"C:\Dokumente und Einstellungen\Verkauf\Desktop\Netviewer Service\NV_Support_Berater_DE.exe" = C:\Dokumente und Einstellungen\Verkauf\Desktop\Netviewer Service\NV_Support_Berater_DE.exe:*:Enabled:Netviewer application -- (Netviewer AG)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)
"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)
"C:\Programme\Hewlett-Packard\HP Designjet System Maintenance\hp_dj_sme.exe" = C:\Programme\Hewlett-Packard\HP Designjet System Maintenance\hp_dj_sme.exe:*:Enabled:hp designjet system maintenance engine -- (Hewlett Packard)
"C:\Programme\QNAP\Finder\Finder.exe" = C:\Programme\QNAP\Finder\Finder.exe:*:Enabled:Finder -- ()
"C:\Programme\Spamihilator\spamihilator.exe" = C:\Programme\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator
"C:\Programme\Spamihilator\cdcc.exe" = C:\Programme\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration
"C:\Programme\Spamihilator\dccproc.exe" = C:\Programme\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter
"\\Mcs01\mcs_alt\installs\netviewer\NV_Support_Berater_DE.exe" = \\Mcs01\mcs_alt\installs\netviewer\NV_Support_Berater_DE.exe:*:Enabled:NV_Support_Berater_DE.exe
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00120407-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000
"{020CF65F-700F-4E55-AFB7-97024584A2B3}" = Komponenten der Ereigniskommunikation
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{0B8AE7AF-E2AC-40AB-A1CF-3259101E81E8}" = SmartStore.biz 6
"{0C567C3E-AD5A-4045-97C8-3CF640F10011}" = Netviewer one2one
"{0CD3CFF0-9A22-4CDA-BF1B-FA73C1D8B95B}" = Palm
"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu
"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1
"{334799B1-527F-475B-AF19-658124E2BE24}" = ZoneAlarm Security
"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D2975E7-DD28-4145-811A-225140FF87F0}" = Acronis*True*Image*Home
"{41915A51-6F92-4F0E-87C4-8178785B96CC}" = HP Printer Settings Tools
"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows-Journal-Viewer
"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent
"{49782B2F-49AE-423D-85D6-4EE7019CEA13}" = HP Easy Printer Care
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}" = USB Display Device (Trigger 1+) 9.10.0526.1259
"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider
"{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC9}" = Multi-Card Reader & Flash Disk
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{894A83F3-19C8-491D-807D-50784DC4EB9F}" = Deutsche Post E-Porto
"{8A0BD487-D185-4316-92CE-9E415C3AC6DB}" = Sibelius Scorch (Firefox, Opera, Netscape only)
"{8E8604C4-2979-4A96-99B3-3CBB7DD8C5FA}" = Printer's Apprentice 8.0
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies
"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{95720E85-F3FB-4F95-9399-7E3E3E26D7AB}" = hp designjet printer software
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A2F3559-6776-4F67-B46E-5F973B901234}" = ZoneAlarm Antivirus
"{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}" = SolidConverterPDF
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}" = Visual C++ CRT 9.0
"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU
"{A1E98303-102A-46FB-A2D0-3838C3F64DF2}" = Komponenten der Kernkommunikation
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A32A6393-37DA-4E44-BB9F-C4F384F89EB9}" = HP Systemwartung für HP designjet 30 130 series
"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update
"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update
"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update
"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch
"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch
"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch
"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8
"{AD799836-6B74-419B-A869-C326CA86ECCF}" = ZoneAlarm Firewall
"{B2395631-54D5-481E-B9A8-74B269546F40}" = Visual C++ CRT 8.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BDED922C-5E3A-42A7-B1D2-B21FDD036DB3}" = BitDefender Management Agent
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C0A8F64F-36C8-489F-B813-90D60B541D1E}" = Komponenten der Gerätedatenkommunikation
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c
"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D2231F9E-1ECD-439C-8E74-D966C87F717A}" = DisplayLink Core Software
"{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Komponenten der Betriebssystemkommunikation
"{D7D4E8A4-A08B-4341-A4FE-9E1980C00D2C}" = BitDefender Business Client
"{D91AB4D6-2CA1-4427-91B3-BB31D3C6D4EE}" = SmartStore.biz 5
"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0
"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack
"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1
"{ECB904FE-CB4D-40A4-A884-E278410F0CE1}" = HP Printer Usage Report
"{EEF1D3A1-0ABD-4859-AD93-930773563393}" = PEARL PrintProfi Etiketten
"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer
"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0
"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-Twin 2011-09-27 09.17.18" = Anti-Twin (Installation 27.09.2011)
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"AXIS Media Control" = AXIS Media Control
"BitDefender Business Client" = BitDefender Business Client
"BulkMailer 2012" = BulkMailer 2012 7.0.5
"CCleaner" = CCleaner
"C-Media Audio" = C-Media 3D Audio
"DiffDaff_is1" = DiffDaff Version 1.0
"dots Pilot 2 Version 2.4" = dots Pilot 2 Version 2.4
"ESET Online Scanner" = ESET Online Scanner v3
"Finale NotePad 2006" = Finale NotePad 2006
"Finale NotePad 2008" = Finale NotePad 2008
"FinePrint" = FinePrint
"FinePrint (5.x)" = FinePrint (5.x)
"Format Konverter" = Format Konverter
"Free Download Manager_is1" = Free Download Manager 3.8
"FuzzyDupes" = FuzzyDupes 7.0.2
"getPlus(R)_dll" = getPlus(R)_dll
"HP Easy Printer Care" = HP Easy Printer Care
"ie8" = Windows Internet Explorer 8
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Zweckform Assistent 2.5
"IrfanView" = IrfanView (remove only)
"JDSecure" = JD Secure 3.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"mEye_JIB" = mEye_JIB_2 2.0.0.0
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MultipleIEs_is1" = MultipleIEs
"MySpaceIM" = MySpaceIM
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"Opera 12.01.1532" = Opera 12.01
"PalmSource Package Installer" = PalmSource Package Installer 1.5
"pdfFactory Pro" = pdfFactory Pro
"Player" = QNAP Player
"PrintKey2000" = PrintKey2000
"PSRUTI" = PSRUTI (remove only)
"QNAP_FINDER" = QNAP Finder
"QNAPDecoder" = QNAP Decoder
"QNAPVioStorMonitor" = QNAP Web Monitor Component
"Samsung CLP-510 Series" = Samsung CLP-510 Series
"ScanExpress A3 USB v1.4" = ScanExpress A3 USB v1.4
"Sheet Music Now Viewer_is1" = Sheet Music Now Viewer 8.3.2.0
"ShockwaveFlash" = Macromedia Flash Player 8
"SiS 661FX_760_741_M661FX_M760_M741" = SiS 661FX_760_741_M661FX_M760_M741
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"Solero Music Viewer_is1" = Solero Music Viewer 8.0.32.2
"ST5UNST #1" = Au2Email 3
"ST6UNST #1" = MusicFinderView
"Ultravnc2_is1" = UltraVnc
"UN060501" = BUFFALO NAS Navigator
"UN080307" = BUFFALO LinkStation(LS-WTGL/R1) Setup Guide
"Universal Document Converter_is1" = Universal Document Converter Server Edition
"Vim 7.3" = Vim 7.3 (self-installing)
"Windows Media Connect" = Windows Media Connect
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WinZip Companion for Outlook" = WinZip Companion for Outlook
"XFastUsb" = XFastUsb
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Adobe Digital Editions" = Adobe Digital Editions
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HPCLJ8500TypicalKey" = Deinst. - HP CLJ 8500-Standardversion
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 06.09.2012 01:49:46 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={54A2042D-FDA4-46CA-9A52-7AFF036C401C},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
Error - 06.09.2012 01:49:46 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={5D189CC2-EB49-4527-9827-DEA473D88771},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
Error - 06.09.2012 01:49:46 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={7B3D7DA3-65A4-4947-B548-99483C439C8F},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
Error - 06.09.2012 02:05:00 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={7B3D7DA3-65A4-4947-B548-99483C439C8F},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
Error - 06.09.2012 02:05:00 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={B4BD95A7-23E7-4227-A9E2-F038E8BF4A62},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
Error - 06.09.2012 03:30:49 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={54A2042D-FDA4-46CA-9A52-7AFF036C401C},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
Error - 06.09.2012 03:30:50 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={5D189CC2-EB49-4527-9827-DEA473D88771},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
Error - 06.09.2012 03:30:50 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={7B3D7DA3-65A4-4947-B548-99483C439C8F},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
Error - 06.09.2012 03:40:01 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={7B3D7DA3-65A4-4947-B548-99483C439C8F},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
Error - 06.09.2012 03:40:01 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104
Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={B4BD95A7-23E7-4227-A9E2-F038E8BF4A62},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL
 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das
 Gruppenrichtlinienobjekt wird übersprungen.
 
[ System Events ]
Error - 03.09.2012 11:51:23 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 03.09.2012 11:51:23 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 03.09.2012 11:57:09 | Computer Name = MCS-FRANK | Source = System Error | ID = 1003
Description = Fehlercode 000000fe, 1. Parameter 00000001, 2. Parameter 00000000,
 3. Parameter 00000000, 4. Parameter 00000000.
 
Error - 03.09.2012 12:07:48 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerk-DDE-Dienst" ist vom Dienst "Netzwerk-DDE-Serverdienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058
 
Error - 03.09.2012 12:07:48 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "TeamViewer 3" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%5
 
Error - 03.09.2012 12:08:57 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfsfltr" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 03.09.2012 12:08:59 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 03.09.2012 12:08:59 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 03.09.2012 12:08:59 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000
Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%31
 
Error - 03.09.2012 12:16:22 | Computer Name = MCS-FRANK | Source = System Error | ID = 1003
Description = Fehlercode 000000fe, 1. Parameter 00000001, 2. Parameter 00000000,
 3. Parameter 00000000, 4. Parameter 00000000.
 
 
< End of report >
         
--- --- ---

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 06.09.2012 10:05:54 - Run 5
OTL by OldTimer - Version 3.2.59.1     Folder = \\MCS-SRV\RedirectedFolders\frank\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,25 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 48,30% Memory free
6,33 Gb Paging File | 4,67 Gb Available in Paging File | 73,76% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 54,99 Gb Total Space | 13,15 Gb Free Space | 23,91% Space Free | Partition Type: NTFS
Drive D: | 19,53 Gb Total Space | 2,93 Gb Free Space | 15,01% Space Free | Partition Type: NTFS
Drive E: | 294,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive I: | 930,39 Gb Total Space | 814,85 Gb Free Space | 87,58% Space Free | Partition Type: NTFS
Drive Q: | 5496,93 Gb Total Space | 2374,24 Gb Free Space | 43,19% Space Free | Partition Type: NTFS
Drive R: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS
Drive S: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS
Drive U: | 232,83 Gb Total Space | 39,87 Gb Free Space | 17,12% Space Free | Partition Type: NTFS
 
Computer Name: MCS-FRANK | User Name: frank | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()
PRC - C:\Programme\BitDefender\BitDefender 2008\bdagent.exe (BitDefender)
PRC - C:\Programme\BitDefender\BitDefender 2008\vsserv.exe (BitDefender)
PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Programme\UltraVNC\winvnc.exe (UltraVNC)
PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
PRC - C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Management Agent\bdemagent.exe (BitDefender)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe (DisplayLink Corp.)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe (DisplayLink Corp.)
PRC - C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
PRC - C:\WINDOWS\system32\LxrJD31s.exe ()
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\system32\U2VSvr.exe ()
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)
PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)
PRC - C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\Gtwatch.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - \\?\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\av32bit_ent_25915\avxdisk.dll ()
MOD - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()
MOD - C:\Programme\BitDefender\BitDefender 2008\bdfltlib.dll ()
MOD - c:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\smartscn.dll ()
MOD - \\?\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\trufos.dll ()
MOD - C:\WINDOWS\system32\LxrJD31s.exe ()
MOD - C:\WINDOWS\system32\U2VSvr.exe ()
MOD - C:\Programme\WinRAR\RarExt.dll ()
MOD - C:\Programme\BitDefender\BitDefender 2008\libexpatw.dll ()
MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpi5in.DLL ()
MOD - C:\Programme\Gemeinsame Dateien\Acronis\Common\gc.dll ()
MOD - C:\Programme\Adobe\Acrobat 6.0\Distillr\AdistRes.DEU ()
MOD - C:\WINDOWS\Gtwatch.exe ()
 
 
========== Services (SafeList) ==========
 
SRV - (TeamViewer) -- \MCS-SRV\RedirectedFolders\frank\temp\TeamViewer3\TeamViewer_Host.exe File not found
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (LIVESRV) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()
SRV - (VSSERV) -- C:\Programme\BitDefender\BitDefender 2008\vsserv.exe (BitDefender)
SRV - (scan) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\scan.dll (BitDefender)
SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (uvnc_service) -- C:\Programme\UltraVNC\winvnc.exe (UltraVNC)
SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (BitDefender Management Agent) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Management Agent\bdemagent.exe (BitDefender)
SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)
SRV - (LxrJD31s) -- C:\WINDOWS\System32\LxrJD31s.exe ()
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware)
SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)
SRV - (U2VSvr) -- C:\WINDOWS\system32\U2VSvr.exe ()
SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)
SRV - (NasPmService) -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)
SRV - (XCOMM) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)
SRV - (FolderSize) -- C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)
SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (WmcCds) -- c:\Programme\Windows Media Connect\mswmccds.exe (Microsoft Corporation)
SRV - (WmcCdsLs) -- C:\Programme\Windows Media Connect\mswmcls.exe (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (WDICA) --  File not found
DRV - (PDRFRAME) --  File not found
DRV - (PDRELI) --  File not found
DRV - (PDFRAME) --  File not found
DRV - (PDCOMP) --  File not found
DRV - (PCIDump) --  File not found
DRV - (PAC7302) -- system32\DRIVERS\PAC7302.SYS File not found
DRV - (lbrtfdc) --  File not found
DRV - (L6PODLV) -- System32\Drivers\L6PODLV.sys File not found
DRV - (IIUSBISP) -- System32\Drivers\iiusbisp.sys File not found
DRV - (i2omgmt) --  File not found
DRV - (FTD2XX) -- System32\Drivers\FTD2XX.sys File not found
DRV - (EVOLUSB) -- system32\drivers\evolusb.sys File not found
DRV - (Changer) --  File not found
DRV - (bdfsfltr) -- Reg Error: Invalid data type. File not found
DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (CardReaderFilter) -- C:\WINDOWS\system32\drivers\USBCRFT.SYS (ICSI Technology Ltd.)
DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)
DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO)
DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)
DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)
DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender SRL)
DRV - (BDSelfPr) -- C:\Programme\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender LLC)
DRV - (bdftdif) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)
DRV - (trufos) -- C:\WINDOWS\system32\drivers\trufos.sys (BitDefender S.R.L.)
DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (mv2) -- C:\WINDOWS\system32\drivers\mv2.sys (UVNC BVBA)
DRV - (FNETTBOH_305) -- C:\WINDOWS\system32\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)
DRV - (FNETURPX) -- C:\WINDOWS\system32\drivers\FNETURPX.SYS (FNet Co., Ltd.)
DRV - (AsrAppCharger) -- C:\WINDOWS\system32\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)
DRV - (DisplayLinkGA) -- C:\WINDOWS\system32\drivers\DisplayLinkGAport.sys (DisplayLink Corp.)
DRV - (DisplayLinkmirror) -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys (DisplayLink Corp.)
DRV - (DisplayLinkFilter) -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys (DisplayLink Corp.)
DRV - (DisplayLinkUsbPort) -- C:\WINDOWS\system32\drivers\DisplayLinkUsbPort_5.2.24075.0.sys (hxxp://libusb-win32.sourceforge.net)
DRV - (LxrJD31d) -- C:\WINDOWS\system32\drivers\LxrJD31d.sys ()
DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV - (AMBFilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)
DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (T1PMrGrp) -- C:\WINDOWS\system32\drivers\T1PMrGrp.sys (Magic Control Technology Corp.)
DRV - (T1PExGrp) -- C:\WINDOWS\system32\drivers\T1PExGrp.sys (Magic Control Technology Corp.)
DRV - (t1pusb) -- C:\WINDOWS\system32\drivers\t1pusb.sys (Magic Control Technology Corp.)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys (SiSoftware)
DRV - (MonFilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)
DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)
DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)
DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)
DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)
DRV - (UFBFilte) -- C:\WINDOWS\system32\drivers\UFBFilte.sys (www.winchiphead.com)
DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)
DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)
DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)
DRV - (YMIDUSB) -- C:\WINDOWS\system32\drivers\ymidusb.sys (YAMAHA Corporation)
DRV - (RDID1009) -- C:\WINDOWS\system32\drivers\Rdwm1009.sys (Roland Corporation)
DRV - (L6SeaMonkDev) -- C:\WINDOWS\system32\drivers\L6SM.sys (Line 6)
DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)
DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)
DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)
DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)
DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)
DRV - (GT681x) -- C:\WINDOWS\system32\drivers\gt681x.sys (   )
DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)
DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de
 
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://10.0.0.109/cgi-bin/enter.cgi
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes,DefaultScope = {40A86AD6-695B-44A7-8741-4192D52B2491}
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{40A86AD6-695B-44A7-8741-4192D52B2491}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG_de
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de
IE - HKU\S-1-5-21-1221609082-219370195-1423778804-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de
 
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://10.0.10.109/cgi-bin/enter.cgi
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 64 59 0D 27 EB CC 01  [binary data]
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=290412_4_ctrl&babsrc=SP_ss&mntrId=d4479e0900000000000000252276520a
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: netviewero2o@netviewero2o:1.0
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4
FF - prefs.js..extensions.enabledItems: adonis.cuhk@gmail.com:1.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.04.20110724
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\palmOne\PACKAG~1\NPInstal.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netviewero2o@netviewero2o: C:\Programme\Netviewer\one2one\Plugin\FF plugin\ffone2one [2008.01.29 13:23:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.08.20 12:01:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.30 11:40:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.22 11:11:49 | 000,000,000 | ---D | M]
 
[2010.11.22 19:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Extensions
[2012.09.06 10:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions
[2011.01.28 18:26:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.02.23 14:25:35 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.10.07 09:13:25 | 000,000,000 | ---D | M] (Google Docs Viewer) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\adonis.cuhk@gmail.com
[2011.08.20 15:37:51 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\coralietab@mozdev.org
[2012.09.06 10:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\staged
[2012.08.22 11:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.08.22 11:11:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}
[2012.09.06 10:04:43 | 000,159,657 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRANK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y7Z9VVYH.DEFAULT\EXTENSIONS\NOTREAL.CCOPTIONS@ENVIRONMENTALCHEMISTRY.COM.XPI
[2012.07.11 08:25:40 | 000,163,080 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRANK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y7Z9VVYH.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI
[2012.08.30 11:40:55 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll
[2008.06.21 11:37:07 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Programme\mozilla firefox\plugins\npmusicn.dll
[2009.04.29 14:13:48 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll
[2009.08.09 01:30:36 | 000,107,760 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll
[2012.01.02 14:59:23 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.05.09 12:15:18 | 000,002,356 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml
[2012.08.30 11:40:21 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml
[2008.04.07 13:30:00 | 000,000,917 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\conduit.xml
[2012.01.02 14:59:23 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml
[2012.01.02 14:59:23 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.01.02 14:59:23 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.01.02 14:59:23 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.08.30 15:57:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()
O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2008\ietoolbar.dll (BitDefender)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BDAgent] C:\Programme\BitDefender\BitDefender 2008\bdagent.exe (BitDefender)
O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Programme\BitDefender\BitDefender 2008\IEShow.exe (BitDefender)
O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\CMICNFG.CPL (C-Media Corporation)
O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)
O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe ()
O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)
O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [XFastUsb] C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe" File not found
O4 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-21-1221609082-219370195-1423778804-500..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()
O4 - HKU\S-1-5-21-18413201-578950046-47629304-1154..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\Verkauf\Startmenü\Programme\Autostart\AOM.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Web\AOM.exe (Adobe Systems, Incorporated)
O4 - Startup: C:\Dokumente und Einstellungen\Verkauf\Startmenü\Programme\Autostart\Spamihilator.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} hxxp://download.ebay.com/turbo_lister/DE/install.cab (Reg Error: Key error.)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232184983201 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1314978076284 (MUWebControl Class)
O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)
O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} hxxp://10.0.0.30/activex/AMC.cab (AxisMediaControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://10.0.0.32/activex/AxisCamControl.cab (CamImage Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = m-city.local
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEF42BD-6369-4C6C-8189-0676CD17DC30}: NameServer = 10.0.10.2,10.0.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C32898C0-BD7E-4574-8C64-85DBD7AFADD4}: NameServer = 10.0.10.2,10.0.10.1,10.0.0.2
O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [1999.06.07 17:59:54 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.31 13:12:20 | 000,000,000 | ---D | C] -- C:\Programme\DiffDaff
[2012.08.31 13:12:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DiffDaff
[2012.08.30 18:49:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.08.30 18:02:34 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2012.08.29 10:48:35 | 000,598,528 | ---- | C] (OldTimer Tools) -- \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe
[2012.08.29 10:13:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Vim 7.3
[2012.08.29 10:12:43 | 000,000,000 | ---D | C] -- C:\Programme\Vim
[2012.08.22 11:11:49 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012.08.22 11:11:47 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.08.22 11:11:47 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.08.22 11:11:47 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.08.20 12:02:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Check Point
[2012.08.20 12:01:51 | 000,000,000 | ---D | C] -- \\MCS-SRV\RedirectedFolders\frank\My Documents\ForceField Shared Files
[2012.08.20 12:01:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\CheckPoint
[2012.08.20 11:58:43 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint
[2012.08.20 11:58:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2012.08.18 14:15:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy
[2012.08.14 23:26:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browser.dll
[2012.08.14 16:55:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Viewer
[2012.08.14 16:55:07 | 000,000,000 | ---D | C] -- C:\Programme\SheetMusicNow
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.06 10:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job
[2012.09.06 09:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012.09.05 19:41:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\sicher.job
[2012.09.05 10:36:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.09.03 18:48:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2012.09.03 18:12:22 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2012.09.03 18:11:24 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS
[2012.09.03 18:09:16 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.09.03 18:06:53 | 000,000,188 | ---- | M] () -- C:\WINDOWS\478905b7-cf84-42d3-b378-7896691e777c.xml
[2012.09.03 18:06:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.09.03 08:01:24 | 001,005,520 | ---- | M] () -- C:\thomann.mbw
[2012.09.03 04:01:24 | 000,171,769 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\musikcity018412-04009TELEX BL.jpg
[2012.09.03 04:01:24 | 000,124,831 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\musikcity018412-04009PI.CI.PDF
[2012.08.31 13:23:47 | 000,013,323 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\~diffdafftop.htm
[2012.08.31 13:23:47 | 000,001,479 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\DiffDaff.htm
[2012.08.31 13:23:47 | 000,001,135 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\~diffdaff2.htm
[2012.08.31 13:23:47 | 000,001,135 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\~diffdaff1.htm
[2012.08.30 11:48:31 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012.08.30 11:48:31 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012.08.30 11:29:34 | 000,001,368 | RHS- | M] () -- C:\Dokumente und Einstellungen\Frank\ntuser.pol
[2012.08.30 11:29:28 | 000,008,964 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2012.08.29 10:49:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe
[2012.08.28 12:07:15 | 000,102,400 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\bläsersuchedb1.mdb
[2012.08.27 19:37:18 | 145,559,552 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\kundendatenbank2012.mdb
[2012.08.24 09:09:37 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI
[2012.08.22 11:11:11 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll
[2012.08.22 11:11:11 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll
[2012.08.22 11:11:11 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe
[2012.08.22 11:11:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe
[2012.08.22 11:11:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe
[2012.08.22 11:11:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl
[2012.08.20 12:25:15 | 000,415,877 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.08.20 12:02:05 | 000,000,519 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoneAlarm Security.lnk
[2012.08.19 16:12:29 | 000,000,249 | ---- | M] () -- C:\WINDOWS\Wininit.ini
[2012.08.18 14:15:33 | 000,000,830 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Spybot - Search & Destroy.lnk
[2012.08.18 08:42:29 | 000,417,485 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\voxg1Foto 1.JPG
[2012.08.15 15:54:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2012.08.15 03:15:29 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.08.15 03:10:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.08.14 16:55:12 | 000,000,793 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Sheet Music Now Viewer.lnk
[2012.08.12 22:18:46 | 000,000,797 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.03 08:01:24 | 001,005,520 | ---- | C] () -- C:\thomann.mbw
[2012.09.03 04:01:24 | 000,171,769 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\musikcity018412-04009TELEX BL.jpg
[2012.09.03 04:01:24 | 000,124,831 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\musikcity018412-04009PI.CI.PDF
[2012.08.31 13:13:46 | 000,013,323 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\~diffdafftop.htm
[2012.08.31 13:13:46 | 000,001,479 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\DiffDaff.htm
[2012.08.31 13:13:46 | 000,001,135 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\~diffdaff2.htm
[2012.08.31 13:13:46 | 000,001,135 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\~diffdaff1.htm
[2012.08.28 11:28:45 | 000,102,400 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\bläsersuchedb1.mdb
[2012.08.20 12:09:58 | 000,415,877 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml
[2012.08.20 12:02:05 | 000,000,519 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoneAlarm Security.lnk
[2012.08.18 14:15:33 | 000,000,830 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Spybot - Search & Destroy.lnk
[2012.08.18 08:42:29 | 000,417,485 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\voxg1Foto 1.JPG
[2012.08.14 16:55:12 | 000,000,793 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Sheet Music Now Viewer.lnk
[2012.08.12 22:18:46 | 000,000,797 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.02.14 23:16:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.04.14 11:55:25 | 000,023,590 | ---- | C] () -- C:\WINDOWS\RenewUSB.dat
[2011.02.23 18:19:22 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2011.02.23 18:19:20 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2011.02.23 18:19:20 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2011.02.23 18:19:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2011.02.23 18:19:15 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2011.02.23 18:19:15 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011.02.23 18:19:11 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2011.02.23 18:19:03 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2011.02.23 18:12:55 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin
[2011.02.23 18:04:14 | 000,006,221 | ---- | C] () -- C:\WINDOWS\System32\antispam.ini
[2011.01.27 22:01:34 | 000,000,484 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc
[2011.01.19 16:34:51 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2010.12.15 04:16:07 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2010.11.22 17:08:59 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.11.22 11:39:44 | 000,001,368 | RHS- | C] () -- C:\Dokumente und Einstellungen\Frank\ntuser.pol
[2010.11.22 11:27:49 | 000,008,964 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol
[2009.07.02 17:35:32 | 010,440,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2007.04.11 18:32:41 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2006.02.08 10:21:14 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html
 
========== LOP Check ==========
 
[2006.12.28 15:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis
[2011.08.26 09:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender
[2012.08.20 11:58:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint
[2011.07.19 15:00:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Deutsche Post AG
[2007.11.30 20:35:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay
[2006.11.04 16:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\element5
[2011.03.17 18:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FNET
[2010.11.26 13:30:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG
[2009.05.25 18:03:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HotSync
[2008.06.21 11:37:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Musicnotes
[2009.11.25 14:19:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Printer's Apprentice
[2008.02.01 19:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solero
[2012.07.08 20:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer
[2009.04.11 14:16:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software
[2011.02.25 15:26:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.03.16 19:46:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010.12.13 16:22:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\BitDefender
[2011.05.27 15:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Avery
[2010.12.13 16:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Bitdefender
[2012.08.20 12:01:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\CheckPoint
[2012.04.03 20:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\ElevatedDiagnostics
[2012.05.24 21:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Free Download Manager
[2011.02.11 20:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\GetRightToGo
[2011.06.20 12:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Gutscheinmieze
[2010.11.22 11:41:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\HotSync
[2011.07.06 15:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Nvu
[2011.01.12 00:53:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Opera
[2012.02.11 13:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\SmartStore
[2012.05.09 17:15:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\SolidDocuments
[2011.04.14 16:05:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\TeamViewer
[2011.02.03 18:03:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\TuneUp Software
[2012.04.10 15:28:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\UDC Profiles
[2010.11.22 11:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Windows Small Business Server
[2010.11.22 11:33:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\netadmin\Anwendungsdaten\HotSync
[2010.11.22 11:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\netadmin\Anwendungsdaten\Windows Small Business Server
[2007.11.06 16:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\AD ON Multimedia
[2010.01.25 20:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Crystal Player
[2009.05.04 15:56:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\gtk-2.0
[2009.05.25 17:01:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\HotSync
[2009.05.25 18:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Leadertech
[2005.12.06 12:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Line 6
[2010.09.28 16:50:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Netviewer
[2009.01.17 12:12:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\OfficeUpdate12
[2009.11.25 14:08:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Printer's Apprentice
[2007.04.03 17:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\SmartStore
[2010.11.20 17:31:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\SolidDocuments
[2010.11.22 11:07:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Spamihilator
[2008.08.14 14:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\TeamViewer
[2006.10.23 21:38:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\TuneUp Software
[2010.10.08 12:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\UDC Profiles
[2010.11.22 11:43:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\verkauf.M-CITY\Anwendungsdaten\HotSync
[2010.11.22 11:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\verkauf.M-CITY\Anwendungsdaten\Windows Small Business Server
[2012.09.06 10:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job
[2012.09.05 19:41:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\sicher.job
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 06.09.2012, 18:34   #8
t'john
/// Helfer-Team
 
Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .. - Standard

Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..



Du sollst den Fix ausfuehren: http://www.trojaner-board.de/122486-...tml#post902863

Warum startest du OTL uber einen Netzwerkpfad?
Zitat:
\\MCS-SRV\RedirectedFolders\frank\Desktop
Solltest du dich wiederholt nicht an die Anleitung halten breche ich das hier ab.
__________________
Mfg, t'john
Das TB unterstützen

Alt 07.09.2012, 08:33   #9
frankmusik
 
Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .. - Standard

Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..



Hallo T´john.. jetzt blick ich das Problem .. sorry ...

aber der komplette Rechner ist mit eigene Dateien (und auch Desktop) auf dem Server ... wenn ich was auf den Desktop lege ist es im Redirect ...

Ich habe auf meinem PC keinen "eigenen Desktop" mehr .. hatten wir mal wegen der Sicherung so angelegt ... ob das clever war ist ne andere Frage ..

Geht es dann garnicht?

Sorry nochmal
gruß frank

Alt 08.09.2012, 13:21   #10
t'john
/// Helfer-Team
 
Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .. - Standard

Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..



OTL braucht Datenzugriff um zu funktionieren.
__________________
Mfg, t'john
Das TB unterstützen

Alt 27.10.2012, 04:47   #11
t'john
/// Helfer-Team
 
Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .. - Standard

Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..



Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..
block, blockt, dateien, domain, erfolgreich, eset, geblockt, gelöscht, gescannt, hoffe, jahre, malwarebytes, nutze, paranoia, programme, quarantäne, sache, sachen, soft, spybot, super, telefonieren, troja, trojaner, warnt, wirklich



Ähnliche Themen: Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..


  1. Audio Werbung im Hintergrund ausgehend von "Steam"
    Plagegeister aller Art und deren Bekämpfung - 16.09.2015 (9)
  2. Avira findet Schadsoftware "SystemkService.exe", die aber nicht korrekt entfernt wird
    Log-Analyse und Auswertung - 05.06.2014 (7)
  3. Malwarebytes Blockt IP Ausgänge aber findet nichts
    Plagegeister aller Art und deren Bekämpfung - 31.10.2013 (16)
  4. Spybot findet "mysearchdial" kann es aber nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (9)
  5. Malwarebytes bereibigt "PUP.Optional.xxx.A", aber AdwCleaner findet noch was in der Registry
    Log-Analyse und Auswertung - 14.10.2013 (13)
  6. Malwarebytes findet 2 Infektionen "PUP.optional"
    Log-Analyse und Auswertung - 19.09.2013 (3)
  7. ESET findet "multiple threats" trotz grünem Licht von MalwareBytes, AdwCleaner und JRT
    Plagegeister aller Art und deren Bekämpfung - 23.07.2013 (11)
  8. Malwarebytes findet "Trojan.Agent" - dieser ist aber nach löschen jedesmal wieder da
    Plagegeister aller Art und deren Bekämpfung - 01.01.2013 (14)
  9. MalwareBytes findet "PUP.VShareRedir"
    Plagegeister aller Art und deren Bekämpfung - 13.11.2012 (3)
  10. malwarebytes findet 42 "PUP.Blabblers" Viren beim Vollscan
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (1)
  11. Search completion automatisches redirect, malwarebytes findet "PUP.VShareRedir"
    Log-Analyse und Auswertung - 27.02.2012 (25)
  12. Malwarebytes meldet ständig, dass es eine unsichere ip blockt, aber findet nichts
    Log-Analyse und Auswertung - 10.02.2012 (11)
  13. Malwarebytes findet " PUP.VShareRedir "Registry bitte Logfile auswerten!
    Log-Analyse und Auswertung - 09.01.2012 (17)
  14. Malwarebytes Antimalware findet "Trojan.Agent", MBAM/OTL Logs mit dabei
    Log-Analyse und Auswertung - 24.06.2011 (1)
  15. "service.exe" in C:\TEMP\ von Norton gefunden, taucht aber immer wieder auf!
    Plagegeister aller Art und deren Bekämpfung - 06.09.2010 (26)
  16. Malwarebytes findet "tyrdwirh.sys" und kann diese nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 25.01.2010 (1)
  17. AntiVir findet und löscht "TR/Dldr.Small.ayl.0" -Der Trojaner kommt aber immer wieder
    Log-Analyse und Auswertung - 24.02.2006 (9)

Zum Thema Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .. - Hallo Trojaner Cracks, mich warnt schon ein paar Tag MB mit IP: 60.195.249.214 ausgehend geblockt ... GUT MB warnt (und macht auch hoffentlich wirklich "zu" ) aber welcher "Schlingel" will - Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .....
Archiv
Du betrachtest: Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .. auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.