Trojaner-Board - Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..

Trojaner-Board (https://www.trojaner-board.de/)

- Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)

- - Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix .. (https://www.trojaner-board.de/122486-malwarebytes-blockt-immer-chinesische-ip-ausgehend-findet-nix.html)

Malwarebytes "blockt" immer einer chinesische IP ... Ausgehend .. findet aber nix ..

Hallo Trojaner Cracks,
mich warnt schon ein paar Tag MB mit
IP: 60.195.249.214 ausgehend geblockt ...
GUT MB warnt (und macht auch hoffentlich wirklich "zu" ) aber welcher "Schlingel" will da nach Hause telefonieren???

Habe mal per MB gescannt, Spybot drübergelassen, ESET saußen lassen. ...

außer das Wandelprogramm SUPER welches ich schon JAHRE nutze (davon wurden 2 Dateien als Trojaner benannt) fand MB nix.
Infizierte Dateien: 2
C:\Programme\eRightSoft\SUPER\SUPER.exe (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Programme\eRightSoft\SUPER\spk\MKV_ax.spk (Trojan.Downloader) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Evtl. hab ich schon etwas Paranoia, hätte aber gerne was gefunden was mich beruhigen könnte ...

zu der CHINA Domain (Chinesisch Telecom) gibt es einiges im Netz, aber noch nix in Sachen Trojanerinfos ...

DANKE für jeden Tipp, wie ich dem Schlingel auf die Spur kommen kann.
frank

:hallo:

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Wähle Scanne Alle Benuzer

Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe

Unter Extra Registrierung, wähle bitte Benutze SafeList

Klicke nun auf Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt

Poste die Logfiles hier in den Thread.

sorry .. aber jetzt, inzwischen wählt mein Rechner eine andere IP an (soll SEDO gehören) 82.98.86.163 im Netz schreiben einige dass Sie auch nicht den Verursacher finden ...

MB findet nix ... im Protection Log (der je nach Tag ist der Log 500MB bis 3.5 GB groß!!! ) steht aber immer die Domain als geblockte im Sekundentakt!!!)

Letzte Woche war es der:
2012/08/22 10:00:58 +0200 MCS-FRANK frank IP-BLOCK 173.241.240.153 (Type: outgoing)

Heute ist es der 82.98.86.163

(das Log ist schon wieder 900 MB groß ...)

Keine Ahnung was da "abgeht" ...

DANKE für Jeden Tipp
frank

Hier die Logs:
MB

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.29.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
frank :: MCS-FRANK [Administrator]

29.08.2012 10:57:09
mbam-log-2012-08-29 (10-57-09).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 477266
Laufzeit: 5 Stunde(n), 30 Minute(n), 30 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

OT Log 1OTL Logfile:

Code:

OTL logfile created on: 29.08.2012 15:39:36 - Run 2

OTL by OldTimer - Version 3.2.59.1     Folder = \\MCS-SRV\RedirectedFolders\frank\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 53,40% Memory free

6,33 Gb Paging File | 4,94 Gb Available in Paging File | 77,95% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 54,99 Gb Total Space | 8,83 Gb Free Space | 16,06% Space Free | Partition Type: NTFS

Drive D: | 19,53 Gb Total Space | 2,93 Gb Free Space | 15,01% Space Free | Partition Type: NTFS

Drive E: | 294,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 930,39 Gb Total Space | 800,45 Gb Free Space | 86,03% Space Free | Partition Type: NTFS

Drive Q: | 5496,93 Gb Total Space | 553,88 Gb Free Space | 10,08% Space Free | Partition Type: NTFS

Drive R: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS

Drive S: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS

Drive U: | 232,83 Gb Total Space | 40,67 Gb Free Space | 17,47% Space Free | Partition Type: NTFS

 

Computer Name: MCS-FRANK | User Name: frank | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Adobe\Reader 8.0\Reader\AcroRd32.exe (Adobe Systems Incorporated)

PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()

PRC - C:\Programme\BitDefender\BitDefender 2008\bdagent.exe (BitDefender)

PRC - C:\Programme\BitDefender\BitDefender 2008\vsserv.exe (BitDefender)

PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

PRC - C:\Programme\UltraVNC\winvnc.exe (UltraVNC)

PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

PRC - C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - I:\PROGS\SHOPMAST\SMMAIN.EXE (mhTec GmbH)

PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Management Agent\bdemagent.exe (BitDefender)

PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe (DisplayLink Corp.)

PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe (DisplayLink Corp.)

PRC - C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)

PRC - C:\WINDOWS\system32\LxrJD31s.exe ()

PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\WINDOWS\system32\U2VSvr.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)

PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)

PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)

PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)

PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe (FinePrint Software, LLC)

PRC - C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\Gtwatch.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()

MOD - \\?\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\av32bit_ent_25848\avxdisk.dll ()

MOD - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()

MOD - C:\Programme\BitDefender\BitDefender 2008\bdfltlib.dll ()

MOD - c:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\smartscn.dll ()

MOD - \\?\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\trufos.dll ()

MOD - C:\WINDOWS\system32\LxrJD31s.exe ()

MOD - c:\Programme\Adobe\Reader 8.0\Reader\RdLang32.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\PPKLITE.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Weblink.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Acroform.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\updater.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Escript.deu ()

MOD - C:\WINDOWS\system32\U2VSvr.exe ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SendMail.deu ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\SaveAsRTF.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\ReadOutLoud.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Multimedia.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\makeaccessible.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\EWH32.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\DigSig.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Annots.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Checkers.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\accessibility.DEU ()

MOD - C:\Programme\BitDefender\BitDefender 2008\libexpatw.dll ()

MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpi5in.DLL ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\ccme_base.dll ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\cryptocme2.dll ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Search5.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\reflow.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\pddom.DEU ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\Hls.deu ()

MOD - C:\Programme\Adobe\Reader 8.0\Reader\plug_ins\eBook.DEU ()

MOD - C:\Programme\Gemeinsame Dateien\Acronis\Common\gc.dll ()

MOD - C:\Programme\Adobe\Acrobat 6.0\PDFMaker\Common\AdobePDFMakerX.DEU ()

MOD - C:\Programme\Adobe\Acrobat 6.0\PDFMaker\Common\AdobePDFMakerX.dll ()

MOD - C:\Programme\Adobe\Acrobat 6.0\Distillr\AdistRes.DEU ()

MOD - C:\WINDOWS\Gtwatch.exe ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (TeamViewer) -- \MCS-SRV\RedirectedFolders\frank\temp\TeamViewer3\TeamViewer_Host.exe File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (LIVESRV) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()

SRV - (VSSERV) -- C:\Programme\BitDefender\BitDefender 2008\vsserv.exe (BitDefender)

SRV - (scan) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\scan.dll (BitDefender)

SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SRV - (uvnc_service) -- C:\Programme\UltraVNC\winvnc.exe (UltraVNC)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (BitDefender Management Agent) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Management Agent\bdemagent.exe (BitDefender)

SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)

SRV - (LxrJD31s) -- C:\WINDOWS\System32\LxrJD31s.exe ()

SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware)

SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)

SRV - (U2VSvr) -- C:\WINDOWS\system32\U2VSvr.exe ()

SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)

SRV - (NasPmService) -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)

SRV - (XCOMM) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)

SRV - (FolderSize) -- C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)

SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (WmcCds) -- c:\Programme\Windows Media Connect\mswmccds.exe (Microsoft Corporation)

SRV - (WmcCdsLs) -- C:\Programme\Windows Media Connect\mswmcls.exe (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (PAC7302) -- system32\DRIVERS\PAC7302.SYS File not found

DRV - (lbrtfdc) --  File not found

DRV - (L6PODLV) -- System32\Drivers\L6PODLV.sys File not found

DRV - (IIUSBISP) -- System32\Drivers\iiusbisp.sys File not found

DRV - (i2omgmt) --  File not found

DRV - (FTD2XX) -- System32\Drivers\FTD2XX.sys File not found

DRV - (EVOLUSB) -- system32\drivers\evolusb.sys File not found

DRV - (Changer) --  File not found

DRV - (bdfsfltr) -- Reg Error: Invalid data type. File not found

DRV - (CardReaderFilter) -- C:\WINDOWS\system32\drivers\USBCRFT.SYS (ICSI Technology Ltd.)

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO)

DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)

DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)

DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender SRL)

DRV - (BDSelfPr) -- C:\Programme\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender LLC)

DRV - (bdftdif) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)

DRV - (trufos) -- C:\WINDOWS\system32\drivers\trufos.sys (BitDefender S.R.L.)

DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (mv2) -- C:\WINDOWS\system32\drivers\mv2.sys (UVNC BVBA)

DRV - (FNETTBOH_305) -- C:\WINDOWS\system32\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)

DRV - (FNETURPX) -- C:\WINDOWS\system32\drivers\FNETURPX.SYS (FNet Co., Ltd.)

DRV - (AsrAppCharger) -- C:\WINDOWS\system32\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)

DRV - (DisplayLinkGA) -- C:\WINDOWS\system32\drivers\DisplayLinkGAport.sys (DisplayLink Corp.)

DRV - (DisplayLinkmirror) -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys (DisplayLink Corp.)

DRV - (DisplayLinkFilter) -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys (DisplayLink Corp.)

DRV - (DisplayLinkUsbPort) -- C:\WINDOWS\system32\drivers\DisplayLinkUsbPort_5.2.24075.0.sys (hxxp://libusb-win32.sourceforge.net)

DRV - (LxrJD31d) -- C:\WINDOWS\system32\drivers\LxrJD31d.sys ()

DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV - (AMBFilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)

DRV - (T1PMrGrp) -- C:\WINDOWS\system32\drivers\T1PMrGrp.sys (Magic Control Technology Corp.)

DRV - (T1PExGrp) -- C:\WINDOWS\system32\drivers\T1PExGrp.sys (Magic Control Technology Corp.)

DRV - (t1pusb) -- C:\WINDOWS\system32\drivers\t1pusb.sys (Magic Control Technology Corp.)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys (SiSoftware)

DRV - (MonFilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (UFBFilte) -- C:\WINDOWS\system32\drivers\UFBFilte.sys (www.winchiphead.com)

DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)

DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)

DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)

DRV - (YMIDUSB) -- C:\WINDOWS\system32\drivers\ymidusb.sys (YAMAHA Corporation)

DRV - (RDID1009) -- C:\WINDOWS\system32\drivers\Rdwm1009.sys (Roland Corporation)

DRV - (L6SeaMonkDev) -- C:\WINDOWS\system32\drivers\L6SM.sys (Line 6)

DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)

DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)

DRV - (GT681x) -- C:\WINDOWS\system32\drivers\gt681x.sys (   )

DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de

 

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://10.0.0.109/cgi-bin/enter.cgi

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes,DefaultScope = {40A86AD6-695B-44A7-8741-4192D52B2491}

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{40A86AD6-695B-44A7-8741-4192D52B2491}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG_de

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de

 

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://10.0.10.109/cgi-bin/enter.cgi

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 64 59 0D 27 EB CC 01  [binary data]

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=290412_4_ctrl&babsrc=SP_ss&mntrId=d4479e0900000000000000252276520a

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: netviewero2o@netviewero2o:1.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4

FF - prefs.js..extensions.enabledItems: adonis.cuhk@gmail.com:1.8

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2

FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.04.20110724

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\palmOne\PACKAG~1\NPInstal.dll ()

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netviewero2o@netviewero2o: C:\Programme\Netviewer\one2one\Plugin\FF plugin\ffone2one [2008.01.29 13:23:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.08.20 12:01:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.07.19 08:19:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.22 11:11:49 | 000,000,000 | ---D | M]

 

[2010.11.22 19:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Extensions

[2012.08.27 20:24:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions

[2011.01.28 18:26:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.02.23 14:25:35 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2011.10.07 09:13:25 | 000,000,000 | ---D | M] (Google Docs Viewer) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\adonis.cuhk@gmail.com

[2011.08.20 15:37:51 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\coralietab@mozdev.org

[2012.08.22 11:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.08.22 11:11:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

[2012.08.27 20:24:43 | 000,159,657 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRANK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y7Z9VVYH.DEFAULT\EXTENSIONS\NOTREAL.CCOPTIONS@ENVIRONMENTALCHEMISTRY.COM.XPI

[2012.07.11 08:25:40 | 000,163,080 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRANK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y7Z9VVYH.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI

[2012.07.19 08:19:00 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2008.06.21 11:37:07 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Programme\mozilla firefox\plugins\npmusicn.dll

[2009.04.29 14:13:48 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll

[2009.08.09 01:30:36 | 000,107,760 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll

[2012.01.02 14:59:23 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.05.09 12:15:18 | 000,002,356 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml

[2012.01.02 14:59:23 | 000,002,252 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2008.04.07 13:30:00 | 000,000,917 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\conduit.xml

[2012.01.02 14:59:23 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.01.02 14:59:23 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.01.02 14:59:23 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.01.02 14:59:23 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.08.30 15:57:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()

O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2008\ietoolbar.dll (BitDefender)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [BDAgent] C:\Programme\BitDefender\BitDefender 2008\bdagent.exe (BitDefender)

O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Programme\BitDefender\BitDefender 2008\IEShow.exe (BitDefender)

O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\CMICNFG.CPL (C-Media Corporation)

O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)

O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe ()

O4 - HKLM..\Run: [ISW]  File not found

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [XFastUsb] C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)

O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()

O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()

O4 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe" File not found

O4 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-1221609082-219370195-1423778804-500..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()

O4 - HKU\S-1-5-21-18413201-578950046-47629304-1154..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-18413201-578950046-47629304-1154..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil32_11_3_300_271_Plugin.exe (Adobe Systems Incorporated)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\Verkauf\Startmenü\Programme\Autostart\AOM.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Web\AOM.exe (Adobe Systems, Incorporated)

O4 - Startup: C:\Dokumente und Einstellungen\Verkauf\Startmenü\Programme\Autostart\Spamihilator.lnk =  File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-500\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-500\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Policies\Microsoft\Internet Explorer\Main present

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Policies\Microsoft\Internet Explorer\PhishingFilter present

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O15 - HKU\S-1-5-21-18413201-578950046-47629304-1154\..Trusted Domains: midifiles.de ([remote] HTTPS in Local intranet)

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} hxxp://download.ebay.com/turbo_lister/DE/install.cab (Reg Error: Key error.)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232184983201 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1314978076284 (MUWebControl Class)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} hxxp://10.0.0.30/activex/AMC.cab (AxisMediaControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://10.0.0.32/activex/AxisCamControl.cab (CamImage Class)

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = m-city.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEF42BD-6369-4C6C-8189-0676CD17DC30}: NameServer = 10.0.10.2,10.0.10.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C32898C0-BD7E-4574-8C64-85DBD7AFADD4}: NameServer = 10.0.10.2,10.0.10.1,10.0.0.2

O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [1999.06.07 17:59:54 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.29 10:48:35 | 000,598,528 | ---- | C] (OldTimer Tools) -- \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe

[2012.08.29 10:44:35 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.08.29 10:13:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Vim 7.3

[2012.08.29 10:12:43 | 000,000,000 | ---D | C] -- C:\Programme\Vim

[2012.08.22 11:11:49 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll

[2012.08.22 11:11:47 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2012.08.22 11:11:47 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2012.08.22 11:11:47 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2012.08.20 12:02:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Check Point

[2012.08.20 12:01:51 | 000,000,000 | ---D | C] -- \\MCS-SRV\RedirectedFolders\frank\My Documents\ForceField Shared Files

[2012.08.20 12:01:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\CheckPoint

[2012.08.20 11:58:43 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint

[2012.08.20 11:58:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint

[2012.08.18 14:15:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy

[2012.08.14 23:26:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browser.dll

[2012.08.14 16:55:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Viewer

[2012.08.14 16:55:07 | 000,000,000 | ---D | C] -- C:\Programme\SheetMusicNow

[2012.08.03 12:08:02 | 000,526,640 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys

[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.29 16:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2012.08.29 15:36:02 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.08.29 11:55:16 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS

[2012.08.29 10:56:10 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.08.29 10:49:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe

[2012.08.28 21:11:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.08.28 12:07:15 | 000,102,400 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\bläsersuchedb1.mdb

[2012.08.28 11:26:37 | 000,002,204 | RHS- | M] () -- C:\Dokumente und Einstellungen\Frank\ntuser.pol

[2012.08.28 11:06:29 | 000,014,462 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol

[2012.08.27 19:37:18 | 145,559,552 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\kundendatenbank2012.mdb

[2012.08.25 19:41:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\sicher.job

[2012.08.24 10:38:41 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012.08.24 10:38:01 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.08.24 09:38:40 | 000,000,188 | ---- | M] () -- C:\WINDOWS\478905b7-cf84-42d3-b378-7896691e777c.xml

[2012.08.24 09:37:51 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.08.24 09:09:37 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI

[2012.08.22 11:11:11 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll

[2012.08.22 11:11:11 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2012.08.22 11:11:11 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2012.08.22 11:11:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2012.08.22 11:11:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2012.08.22 11:11:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2012.08.20 12:25:15 | 000,415,877 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2012.08.20 12:02:05 | 000,000,519 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoneAlarm Security.lnk

[2012.08.20 08:02:16 | 001,005,355 | ---- | M] () -- C:\thomann.mbw

[2012.08.19 16:12:29 | 000,000,249 | ---- | M] () -- C:\WINDOWS\Wininit.ini

[2012.08.18 14:15:33 | 000,000,830 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Spybot - Search & Destroy.lnk

[2012.08.18 08:42:29 | 000,417,485 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\voxg1Foto 1.JPG

[2012.08.15 15:54:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.08.15 03:15:29 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.08.15 03:10:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.08.15 01:36:38 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012.08.15 01:36:36 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012.08.14 16:55:12 | 000,000,793 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Sheet Music Now Viewer.lnk

[2012.08.12 22:18:46 | 000,000,797 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.08.03 12:08:02 | 000,526,640 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys

[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.08.28 11:28:45 | 000,102,400 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\bläsersuchedb1.mdb

[2012.08.20 12:09:58 | 000,415,877 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml

[2012.08.20 12:02:05 | 000,000,519 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoneAlarm Security.lnk

[2012.08.20 08:02:16 | 001,005,355 | ---- | C] () -- C:\thomann.mbw

[2012.08.18 14:15:33 | 000,000,830 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Spybot - Search & Destroy.lnk

[2012.08.18 08:42:29 | 000,417,485 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\voxg1Foto 1.JPG

[2012.08.14 16:55:12 | 000,000,793 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Sheet Music Now Viewer.lnk

[2012.08.12 22:18:46 | 000,000,797 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.14 23:16:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.04.14 11:55:25 | 000,023,590 | ---- | C] () -- C:\WINDOWS\RenewUSB.dat

[2011.02.23 18:19:22 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2011.02.23 18:19:20 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2011.02.23 18:19:20 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2011.02.23 18:19:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2011.02.23 18:19:15 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2011.02.23 18:19:15 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2011.02.23 18:19:11 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2011.02.23 18:19:03 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2011.02.23 18:12:55 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2011.02.23 18:04:14 | 000,006,221 | ---- | C] () -- C:\WINDOWS\System32\antispam.ini

[2011.01.27 22:01:34 | 000,000,484 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc

[2011.01.19 16:34:51 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010.12.15 04:16:07 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI

[2010.11.22 17:08:59 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.11.22 11:39:44 | 000,002,204 | RHS- | C] () -- C:\Dokumente und Einstellungen\Frank\ntuser.pol

[2010.11.22 11:27:49 | 000,014,462 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol

[2009.07.02 17:35:32 | 010,440,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda

[2007.04.11 18:32:41 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache

[2006.02.08 10:21:14 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

 
 ========== LOP Check ==========

 

[2006.12.28 15:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis

[2011.08.26 09:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender

[2012.08.20 11:58:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint

[2011.07.19 15:00:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Deutsche Post AG

[2007.11.30 20:35:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay

[2006.11.04 16:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\element5

[2011.03.17 18:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FNET

[2010.11.26 13:30:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG

[2009.05.25 18:03:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HotSync

[2008.06.21 11:37:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Musicnotes

[2009.11.25 14:19:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Printer's Apprentice

[2008.02.01 19:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solero

[2012.07.08 20:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer

[2009.04.11 14:16:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2011.02.25 15:26:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010.03.16 19:46:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010.12.13 16:22:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\BitDefender

[2011.05.27 15:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Avery

[2010.12.13 16:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Bitdefender

[2012.08.20 12:01:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\CheckPoint

[2012.04.03 20:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\ElevatedDiagnostics

[2012.05.24 21:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Free Download Manager

[2011.02.11 20:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\GetRightToGo

[2011.06.20 12:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Gutscheinmieze

[2010.11.22 11:41:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\HotSync

[2011.07.06 15:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Nvu

[2011.01.12 00:53:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Opera

[2012.02.11 13:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\SmartStore

[2012.05.09 17:15:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\SolidDocuments

[2011.04.14 16:05:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\TeamViewer

[2011.02.03 18:03:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\TuneUp Software

[2012.04.10 15:28:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\UDC Profiles

[2010.11.22 11:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Windows Small Business Server

[2010.11.22 11:33:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\netadmin\Anwendungsdaten\HotSync

[2010.11.22 11:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\netadmin\Anwendungsdaten\Windows Small Business Server

[2007.11.06 16:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\AD ON Multimedia

[2010.01.25 20:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Crystal Player

[2009.05.04 15:56:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\gtk-2.0

[2009.05.25 17:01:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\HotSync

[2009.05.25 18:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Leadertech

[2005.12.06 12:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Line 6

[2010.09.28 16:50:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Netviewer

[2009.01.17 12:12:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\OfficeUpdate12

[2009.11.25 14:08:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Printer's Apprentice

[2007.04.03 17:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\SmartStore

[2010.11.20 17:31:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\SolidDocuments

[2010.11.22 11:07:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Spamihilator

[2008.08.14 14:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\TeamViewer

[2006.10.23 21:38:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\TuneUp Software

[2010.10.08 12:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\UDC Profiles

[2010.11.22 11:43:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\verkauf.M-CITY\Anwendungsdaten\HotSync

[2010.11.22 11:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\verkauf.M-CITY\Anwendungsdaten\Windows Small Business Server

[2012.08.29 16:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job

[2012.08.25 19:41:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\sicher.job

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

OTL EXTRA LogOTL Logfile:

Code:

OTL Extras logfile created on: 29.08.2012 15:39:36 - Run 2

OTL by OldTimer - Version 3.2.59.1     Folder = \\MCS-SRV\RedirectedFolders\frank\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 53,40% Memory free

6,33 Gb Paging File | 4,94 Gb Available in Paging File | 77,95% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 54,99 Gb Total Space | 8,83 Gb Free Space | 16,06% Space Free | Partition Type: NTFS

Drive D: | 19,53 Gb Total Space | 2,93 Gb Free Space | 15,01% Space Free | Partition Type: NTFS

Drive E: | 294,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 930,39 Gb Total Space | 800,45 Gb Free Space | 86,03% Space Free | Partition Type: NTFS

Drive Q: | 5496,93 Gb Total Space | 553,88 Gb Free Space | 10,08% Space Free | Partition Type: NTFS

Drive R: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS

Drive S: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS

Drive U: | 232,83 Gb Total Space | 40,67 Gb Free Space | 17,47% Space Free | Partition Type: NTFS

 

Computer Name: MCS-FRANK | User Name: frank | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)

 

[HKEY_USERS\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications]

"Enabled" = 1

"AllowUserPrefMerge" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\AuthorizedApplications\List]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts]

"Enabled" = 1

"AllowUserPrefMerge" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List]

"135:TCP:*:Enabled:Offer Remote Assistance - Port" = 135:TCP:*:Enabled:Offer Remote Assistance - Port

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings]

"Enabled" = 1

"RemoteAddresses" = localsubnet

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint]

"Enabled" = 1

"RemoteAddresses" = localsubnet

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop]

"Enabled" = 1

"RemoteAddresses" = localsubnet

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\AuthorizedApplications]

"AllowUserPrefMerge" = 1

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\GloballyOpenPorts]

"AllowUserPrefMerge" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

"5900:TCP" = 5900:TCP:*:Enabled:vnc5900

"5800:TCP" = 5800:TCP:*:Enabled:vnc5800

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)

"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Programme\QNAP\Finder\Finder.exe" = C:\Programme\QNAP\Finder\Finder.exe:*:Enabled:Finder -- ()

"\\mcs-srv\mcs\installs\netviewer\Netviewer_Support.exe" = \\mcs-srv\mcs\installs\netviewer\Netviewer_Support.exe:*:Enabled:Netviewer application

"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)

"C:\Programme\UltraVNC\winvnc.exe" = C:\Programme\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)

"C:\Programme\UltraVNC\vncviewer.exe" = C:\Programme\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)

"C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe" = C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe:*:Enabled:SMBiz5 -- (SmartStore AG)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)

"C:\Programme\Microsoft Office\Office\FRONTPG.EXE" = C:\Programme\Microsoft Office\Office\FRONTPG.EXE:*:Enabled:Microsoft FrontPage -- (Microsoft Corporation)

"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)

"C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe" = C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe:*:Enabled:SMBiz5 -- (SmartStore AG)

"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)

"C:\Programme\BUFFALO\NASNAVI\NasNavi.exe" = C:\Programme\BUFFALO\NASNAVI\NasNavi.exe:*:Enabled:BUFFALO NASNavigator2 -- ()

"C:\Dokumente und Einstellungen\Verkauf\Desktop\Netviewer Service\NV_Support_Berater_DE.exe" = C:\Dokumente und Einstellungen\Verkauf\Desktop\Netviewer Service\NV_Support_Berater_DE.exe:*:Enabled:Netviewer application -- (Netviewer AG)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)

"C:\Programme\Hewlett-Packard\HP Designjet System Maintenance\hp_dj_sme.exe" = C:\Programme\Hewlett-Packard\HP Designjet System Maintenance\hp_dj_sme.exe:*:Enabled:hp designjet system maintenance engine -- (Hewlett Packard)

"C:\Programme\QNAP\Finder\Finder.exe" = C:\Programme\QNAP\Finder\Finder.exe:*:Enabled:Finder -- ()

"C:\Programme\Spamihilator\spamihilator.exe" = C:\Programme\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator

"C:\Programme\Spamihilator\cdcc.exe" = C:\Programme\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration

"C:\Programme\Spamihilator\dccproc.exe" = C:\Programme\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter

"\\Mcs01\mcs_alt\installs\netviewer\NV_Support_Berater_DE.exe" = \\Mcs01\mcs_alt\installs\netviewer\NV_Support_Berater_DE.exe:*:Enabled:NV_Support_Berater_DE.exe

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00120407-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000

"{020CF65F-700F-4E55-AFB7-97024584A2B3}" = Komponenten der Ereigniskommunikation

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{0B8AE7AF-E2AC-40AB-A1CF-3259101E81E8}" = SmartStore.biz 6

"{0C567C3E-AD5A-4045-97C8-3CF640F10011}" = Netviewer one2one

"{0CD3CFF0-9A22-4CDA-BF1B-FA73C1D8B95B}" = Palm

"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu

"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver

"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{334799B1-527F-475B-AF19-658124E2BE24}" = ZoneAlarm Security

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D2975E7-DD28-4145-811A-225140FF87F0}" = Acronis True Image Home

"{41915A51-6F92-4F0E-87C4-8178785B96CC}" = HP Printer Settings Tools

"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows-Journal-Viewer

"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent

"{49782B2F-49AE-423D-85D6-4EE7019CEA13}" = HP Easy Printer Care

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}" = USB Display Device (Trigger 1+) 9.10.0526.1259

"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider

"{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC9}" = Multi-Card Reader & Flash Disk

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2

"{894A83F3-19C8-491D-807D-50784DC4EB9F}" = Deutsche Post E-Porto

"{8A0BD487-D185-4316-92CE-9E415C3AC6DB}" = Sibelius Scorch (Firefox, Opera, Netscape only)

"{8E8604C4-2979-4A96-99B3-3CBB7DD8C5FA}" = Printer's Apprentice 8.0

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies

"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU

"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer

"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter

"{95720E85-F3FB-4F95-9399-7E3E3E26D7AB}" = hp designjet printer software

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A2F3559-6776-4F67-B46E-5F973B901234}" = ZoneAlarm Antivirus

"{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}" = SolidConverterPDF

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}" = Visual C++ CRT 9.0

"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU

"{A1E98303-102A-46FB-A2D0-3838C3F64DF2}" = Komponenten der Kernkommunikation

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A32A6393-37DA-4E44-BB9F-C4F384F89EB9}" = HP Systemwartung für HP designjet 30 130 series

"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX

"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update

"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update

"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update

"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update

"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch

"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch

"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8

"{AD799836-6B74-419B-A869-C326CA86ECCF}" = ZoneAlarm Firewall

"{B2395631-54D5-481E-B9A8-74B269546F40}" = Visual C++ CRT 8.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BDED922C-5E3A-42A7-B1D2-B21FDD036DB3}" = BitDefender Management Agent

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0A8F64F-36C8-489F-B813-90D60B541D1E}" = Komponenten der Gerätedatenkommunikation

"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2231F9E-1ECD-439C-8E74-D966C87F717A}" = DisplayLink Core Software

"{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Komponenten der Betriebssystemkommunikation

"{D7D4E8A4-A08B-4341-A4FE-9E1980C00D2C}" = BitDefender Business Client

"{D91AB4D6-2CA1-4427-91B3-BB31D3C6D4EE}" = SmartStore.biz 5

"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1

"{ECB904FE-CB4D-40A4-A884-E278410F0CE1}" = HP Printer Usage Report

"{EEF1D3A1-0ABD-4859-AD93-930773563393}" = PEARL PrintProfi Etiketten

"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer

"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0

"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Anti-Twin 2011-09-27 09.17.18" = Anti-Twin (Installation 27.09.2011)

"ASRock App Charger_is1" = ASRock App Charger v1.0.4

"AXIS Media Control" = AXIS Media Control

"BitDefender Business Client" = BitDefender Business Client

"BulkMailer 2012" = BulkMailer 2012 7.0.5

"CCleaner" = CCleaner

"C-Media Audio" = C-Media 3D Audio

"dots Pilot 2 Version 2.4" = dots Pilot 2 Version 2.4

"ESET Online Scanner" = ESET Online Scanner v3

"Finale NotePad 2006" = Finale NotePad 2006

"Finale NotePad 2008" = Finale NotePad 2008

"FinePrint" = FinePrint

"FinePrint (5.x)" = FinePrint (5.x)

"Format Konverter" = Format Konverter

"Free Download Manager_is1" = Free Download Manager 3.8

"FuzzyDupes" = FuzzyDupes 7.0.2

"getPlus(R)_dll" = getPlus(R)_dll

"HP Easy Printer Care" = HP Easy Printer Care

"ie8" = Windows Internet Explorer 8

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager

"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Zweckform Assistent 2.5

"IrfanView" = IrfanView (remove only)

"JDSecure" = JD Secure 3.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300

"mEye_JIB" = mEye_JIB_2 2.0.0.0

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MultipleIEs_is1" = MultipleIEs

"MySpaceIM" = MySpaceIM

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NVIDIA Drivers" = NVIDIA Drivers

"Nvu_is1" = Nvu 1.0

"Opera 12.01.1532" = Opera 12.01

"PalmSource Package Installer" = PalmSource Package Installer 1.5

"pdfFactory Pro" = pdfFactory Pro

"Player" = QNAP Player

"PrintKey2000" = PrintKey2000

"PSRUTI" = PSRUTI (remove only)

"QNAP_FINDER" = QNAP Finder

"QNAPDecoder" = QNAP Decoder

"QNAPVioStorMonitor" = QNAP Web Monitor Component

"Samsung CLP-510 Series" = Samsung CLP-510 Series

"ScanExpress A3 USB v1.4" = ScanExpress A3 USB v1.4

"Sheet Music Now Viewer_is1" = Sheet Music Now Viewer 8.3.2.0

"ShockwaveFlash" = Macromedia Flash Player 8

"SiS 661FX_760_741_M661FX_M760_M741" = SiS 661FX_760_741_M661FX_M760_M741

"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver

"Solero Music Viewer_is1" = Solero Music Viewer 8.0.32.2

"ST5UNST #1" = Au2Email 3

"ST6UNST #1" = MusicFinderView

"Ultravnc2_is1" = UltraVnc

"UN060501" = BUFFALO NAS Navigator

"UN080307" = BUFFALO LinkStation(LS-WTGL/R1) Setup Guide

"Universal Document Converter_is1" = Universal Document Converter Server Edition

"Vim 7.3" = Vim 7.3 (self-installing)

"Windows Media Connect" = Windows Media Connect

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WinRAR archiver" = WinRAR archiver

"WinZip Companion for Outlook" = WinZip Companion for Outlook

"XFastUsb" = XFastUsb

"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall

"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Adobe Digital Editions" = Adobe Digital Editions

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"HPCLJ8500TypicalKey" = Deinst. - HP CLJ 8500-Standardversion

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 29.08.2012 00:01:53 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073

Description = 

 

Error - 29.08.2012 01:11:27 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073

Description = 

 

Error - 29.08.2012 01:11:27 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073

Description = 

 

Error - 29.08.2012 01:48:19 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073

Description = 

 

Error - 29.08.2012 01:48:20 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073

Description = 

 

Error - 29.08.2012 02:10:33 | Computer Name = MCS-FRANK | Source = ESENT | ID = 439

Description = services (1264) Die Shadowkopfzeile für Datei C:\WINDOWS\Security\tmp.edb

 konnte nicht geschrieben werden. Fehler -1808.

 

Error - 29.08.2012 02:51:56 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073

Description = 

 

Error - 29.08.2012 02:51:56 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073

Description = 

 

Error - 29.08.2012 03:21:47 | Computer Name = MCS-FRANK | Source = ESENT | ID = 439

Description = wuauclt (5168) Die Shadowkopfzeile für Datei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb

 konnte nicht geschrieben werden. Fehler -1808.

 

Error - 29.08.2012 03:51:38 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073

Description = 

 

[ System Events ]

Error - 24.08.2012 03:39:14 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "TeamViewer 3" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%5

 

Error - 24.08.2012 03:40:17 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "bdfsfltr" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%31

 

Error - 24.08.2012 03:40:21 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%31

 

Error - 24.08.2012 03:40:21 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%31

 

Error - 24.08.2012 03:40:21 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%31

 

Error - 26.08.2012 08:37:19 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7009

Description = Zeitüberschreitung (30000 ms) beim Verbindungsversuch mit Dienst Adobe

 Flash Player Update Service.

 

Error - 26.08.2012 08:37:19 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "Adobe Flash Player Update Service" wurde aufgrund folgenden

 Fehlers nicht gestartet:   %%1053

 

Error - 28.08.2012 03:18:44 | Computer Name = MCS-FRANK | Source = DCOM | ID = 10010

Description = Der Server "{98D9A6F1-4696-4B5E-A2E8-36B3F9C1E12C}" konnte innerhalb

 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

 

Error - 28.08.2012 18:33:00 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7034

Description = Dienst "BitDefender Desktop Update Service" wurde unerwartet beendet.

 Dies ist bereits 1 Mal passiert.

 

Error - 29.08.2012 03:33:01 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7034

Description = Dienst "BitDefender Desktop Update Service" wurde unerwartet beendet.

 Dies ist bereits 2 Mal passiert.

 

 

< End of report >

--- --- ---

:hallo:

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

:OTL

DRV - (WDICA) -- File not found 

DRV - (PDRFRAME) -- File not found 

DRV - (PDRELI) -- File not found 

DRV - (PDFRAME) -- File not found 

DRV - (PDCOMP) -- File not found 

DRV - (PCIDump) -- File not found 

DRV - (PAC7302) -- system32\DRIVERS\PAC7302.SYS File not found 

DRV - (lbrtfdc) -- File not found 

DRV - (L6PODLV) -- System32\Drivers\L6PODLV.sys File not found 

DRV - (IIUSBISP) -- System32\Drivers\iiusbisp.sys File not found 

DRV - (i2omgmt) -- File not found 

DRV - (FTD2XX) -- System32\Drivers\FTD2XX.sys File not found 

DRV - (EVOLUSB) -- system32\drivers\evolusb.sys File not found 

DRV - (Changer) -- File not found 

DRV - (bdfsfltr) -- Reg Error: Invalid data type. File not found 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie 

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie 

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes,DefaultScope = {40A86AD6-695B-44A7-8741-4192D52B2491} 

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC 

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = http://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE 

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{40A86AD6-695B-44A7-8741-4192D52B2491}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG_de 

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} 

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC 

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&affID=110819&tt=290412_4_ctrl&babsrc=SP_ss&mntrId=d4479e0900000000000000252276520a 

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local 

FF - prefs.js..browser.startup.homepage: "http://www.google.de" 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 

FF - prefs.js..extensions.enabledItems: netviewero2o@netviewero2o:1.0 

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0 

FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4 

FF - prefs.js..extensions.enabledItems: adonis.cuhk@gmail.com:1.8 

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2 

FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.04.20110724 

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26 

FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found 

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) 

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) 

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. 

O3 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. 

O3 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll () 

O3 - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies) 

O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe () 

O4 - HKLM..\Run: [ISW] File not found 

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found 

O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD) 

O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe () 

O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe () 

O4 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe" File not found 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 1 

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 

O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 

O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} http://download.ebay.com/turbo_lister/DE/install.cab (Reg Error: Key error.) 

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) 

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01) 

O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) 

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34) 

O32 - HKLM CDRom: AutoRun - 1 

O32 - AutoRun File - [1999.06.07 17:59:54 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] 

 

:Files
 

C:\Users\frank\AppData\Local\{*}

C:\ProgramData\*.exe

C:\ProgramData\TEMP

C:\Users\frank\AppData\Local\Temp\*.exe

C:\Users\frank\AppData\LocalLow\Sun\Java\Deployment\cache

%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk

%SystemRoot%\System32\*.tmp

%SystemRoot%\SysWOW64\*.tmp

ipconfig /flushdns /c

:Commands

[purity]

[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

DANKE t´John

System ist zwar beim Fixen eingefroren, aber nach RESET gut gestartet.

Was mir gleich auffiel MB machte nicht mehr die LOGS ... (das hatte heute morgen schon wieder 1.3GB) sprich wollte wohl nicht wieder "nach Hause telefonieren".

Hier mal die OTL Logs.

DANKE für drüberkucken ob das jetzt alles wieder fein ist.
gruß frankOTL Logfile:

Code:

OTL Extras logfile created on: 30.08.2012 11:50:11 - Run 3

OTL by OldTimer - Version 3.2.59.1     Folder = \\MCS-SRV\RedirectedFolders\frank\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 52,46% Memory free

6,33 Gb Paging File | 4,86 Gb Available in Paging File | 76,71% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 54,99 Gb Total Space | 5,71 Gb Free Space | 10,39% Space Free | Partition Type: NTFS

Drive D: | 19,53 Gb Total Space | 2,93 Gb Free Space | 15,01% Space Free | Partition Type: NTFS

Drive E: | 294,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 930,39 Gb Total Space | 800,45 Gb Free Space | 86,03% Space Free | Partition Type: NTFS

Drive Q: | 5496,93 Gb Total Space | 550,91 Gb Free Space | 10,02% Space Free | Partition Type: NTFS

Drive R: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS

Drive S: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS

Drive U: | 232,83 Gb Total Space | 39,58 Gb Free Space | 17,00% Space Free | Partition Type: NTFS

 

Computer Name: MCS-FRANK | User Name: frank | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)

 

[HKEY_USERS\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

"5900:TCP" = 5900:TCP:*:Enabled:vnc5900

"5800:TCP" = 5800:TCP:*:Enabled:vnc5800

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)

"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Programme\QNAP\Finder\Finder.exe" = C:\Programme\QNAP\Finder\Finder.exe:*:Enabled:Finder -- ()

"\\mcs-srv\mcs\installs\netviewer\Netviewer_Support.exe" = \\mcs-srv\mcs\installs\netviewer\Netviewer_Support.exe:*:Enabled:Netviewer application

"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)

"C:\Programme\UltraVNC\winvnc.exe" = C:\Programme\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)

"C:\Programme\UltraVNC\vncviewer.exe" = C:\Programme\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)

"C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe" = C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe:*:Enabled:SMBiz5 -- (SmartStore AG)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)

"C:\Programme\Microsoft Office\Office\FRONTPG.EXE" = C:\Programme\Microsoft Office\Office\FRONTPG.EXE:*:Enabled:Microsoft FrontPage -- (Microsoft Corporation)

"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)

"C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe" = C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe:*:Enabled:SMBiz5 -- (SmartStore AG)

"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)

"C:\Programme\BUFFALO\NASNAVI\NasNavi.exe" = C:\Programme\BUFFALO\NASNAVI\NasNavi.exe:*:Enabled:BUFFALO NASNavigator2 -- ()

"C:\Dokumente und Einstellungen\Verkauf\Desktop\Netviewer Service\NV_Support_Berater_DE.exe" = C:\Dokumente und Einstellungen\Verkauf\Desktop\Netviewer Service\NV_Support_Berater_DE.exe:*:Enabled:Netviewer application -- (Netviewer AG)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)

"C:\Programme\Hewlett-Packard\HP Designjet System Maintenance\hp_dj_sme.exe" = C:\Programme\Hewlett-Packard\HP Designjet System Maintenance\hp_dj_sme.exe:*:Enabled:hp designjet system maintenance engine -- (Hewlett Packard)

"C:\Programme\QNAP\Finder\Finder.exe" = C:\Programme\QNAP\Finder\Finder.exe:*:Enabled:Finder -- ()

"C:\Programme\Spamihilator\spamihilator.exe" = C:\Programme\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator

"C:\Programme\Spamihilator\cdcc.exe" = C:\Programme\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration

"C:\Programme\Spamihilator\dccproc.exe" = C:\Programme\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter

"\\Mcs01\mcs_alt\installs\netviewer\NV_Support_Berater_DE.exe" = \\Mcs01\mcs_alt\installs\netviewer\NV_Support_Berater_DE.exe:*:Enabled:NV_Support_Berater_DE.exe

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00120407-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000

"{020CF65F-700F-4E55-AFB7-97024584A2B3}" = Komponenten der Ereigniskommunikation

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{0B8AE7AF-E2AC-40AB-A1CF-3259101E81E8}" = SmartStore.biz 6

"{0C567C3E-AD5A-4045-97C8-3CF640F10011}" = Netviewer one2one

"{0CD3CFF0-9A22-4CDA-BF1B-FA73C1D8B95B}" = Palm

"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu

"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver

"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{334799B1-527F-475B-AF19-658124E2BE24}" = ZoneAlarm Security

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D2975E7-DD28-4145-811A-225140FF87F0}" = Acronis*True*Image*Home

"{41915A51-6F92-4F0E-87C4-8178785B96CC}" = HP Printer Settings Tools

"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows-Journal-Viewer

"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent

"{49782B2F-49AE-423D-85D6-4EE7019CEA13}" = HP Easy Printer Care

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}" = USB Display Device (Trigger 1+) 9.10.0526.1259

"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider

"{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC9}" = Multi-Card Reader & Flash Disk

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2

"{894A83F3-19C8-491D-807D-50784DC4EB9F}" = Deutsche Post E-Porto

"{8A0BD487-D185-4316-92CE-9E415C3AC6DB}" = Sibelius Scorch (Firefox, Opera, Netscape only)

"{8E8604C4-2979-4A96-99B3-3CBB7DD8C5FA}" = Printer's Apprentice 8.0

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies

"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU

"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer

"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter

"{95720E85-F3FB-4F95-9399-7E3E3E26D7AB}" = hp designjet printer software

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A2F3559-6776-4F67-B46E-5F973B901234}" = ZoneAlarm Antivirus

"{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}" = SolidConverterPDF

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}" = Visual C++ CRT 9.0

"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU

"{A1E98303-102A-46FB-A2D0-3838C3F64DF2}" = Komponenten der Kernkommunikation

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A32A6393-37DA-4E44-BB9F-C4F384F89EB9}" = HP Systemwartung für HP designjet 30 130 series

"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX

"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update

"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update

"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update

"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update

"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch

"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch

"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8

"{AD799836-6B74-419B-A869-C326CA86ECCF}" = ZoneAlarm Firewall

"{B2395631-54D5-481E-B9A8-74B269546F40}" = Visual C++ CRT 8.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BDED922C-5E3A-42A7-B1D2-B21FDD036DB3}" = BitDefender Management Agent

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0A8F64F-36C8-489F-B813-90D60B541D1E}" = Komponenten der Gerätedatenkommunikation

"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2231F9E-1ECD-439C-8E74-D966C87F717A}" = DisplayLink Core Software

"{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Komponenten der Betriebssystemkommunikation

"{D7D4E8A4-A08B-4341-A4FE-9E1980C00D2C}" = BitDefender Business Client

"{D91AB4D6-2CA1-4427-91B3-BB31D3C6D4EE}" = SmartStore.biz 5

"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1

"{ECB904FE-CB4D-40A4-A884-E278410F0CE1}" = HP Printer Usage Report

"{EEF1D3A1-0ABD-4859-AD93-930773563393}" = PEARL PrintProfi Etiketten

"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer

"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0

"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Anti-Twin 2011-09-27 09.17.18" = Anti-Twin (Installation 27.09.2011)

"ASRock App Charger_is1" = ASRock App Charger v1.0.4

"AXIS Media Control" = AXIS Media Control

"BitDefender Business Client" = BitDefender Business Client

"BulkMailer 2012" = BulkMailer 2012 7.0.5

"CCleaner" = CCleaner

"C-Media Audio" = C-Media 3D Audio

"dots Pilot 2 Version 2.4" = dots Pilot 2 Version 2.4

"ESET Online Scanner" = ESET Online Scanner v3

"Finale NotePad 2006" = Finale NotePad 2006

"Finale NotePad 2008" = Finale NotePad 2008

"FinePrint" = FinePrint

"FinePrint (5.x)" = FinePrint (5.x)

"Format Konverter" = Format Konverter

"Free Download Manager_is1" = Free Download Manager 3.8

"FuzzyDupes" = FuzzyDupes 7.0.2

"getPlus(R)_dll" = getPlus(R)_dll

"HP Easy Printer Care" = HP Easy Printer Care

"ie8" = Windows Internet Explorer 8

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager

"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Zweckform Assistent 2.5

"IrfanView" = IrfanView (remove only)

"JDSecure" = JD Secure 3.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300

"mEye_JIB" = mEye_JIB_2 2.0.0.0

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MultipleIEs_is1" = MultipleIEs

"MySpaceIM" = MySpaceIM

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NVIDIA Drivers" = NVIDIA Drivers

"Nvu_is1" = Nvu 1.0

"Opera 12.01.1532" = Opera 12.01

"PalmSource Package Installer" = PalmSource Package Installer 1.5

"pdfFactory Pro" = pdfFactory Pro

"Player" = QNAP Player

"PrintKey2000" = PrintKey2000

"PSRUTI" = PSRUTI (remove only)

"QNAP_FINDER" = QNAP Finder

"QNAPDecoder" = QNAP Decoder

"QNAPVioStorMonitor" = QNAP Web Monitor Component

"Samsung CLP-510 Series" = Samsung CLP-510 Series

"ScanExpress A3 USB v1.4" = ScanExpress A3 USB v1.4

"Sheet Music Now Viewer_is1" = Sheet Music Now Viewer 8.3.2.0

"ShockwaveFlash" = Macromedia Flash Player 8

"SiS 661FX_760_741_M661FX_M760_M741" = SiS 661FX_760_741_M661FX_M760_M741

"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver

"Solero Music Viewer_is1" = Solero Music Viewer 8.0.32.2

"ST5UNST #1" = Au2Email 3

"ST6UNST #1" = MusicFinderView

"Ultravnc2_is1" = UltraVnc

"UN060501" = BUFFALO NAS Navigator

"UN080307" = BUFFALO LinkStation(LS-WTGL/R1) Setup Guide

"Universal Document Converter_is1" = Universal Document Converter Server Edition

"Vim 7.3" = Vim 7.3 (self-installing)

"Windows Media Connect" = Windows Media Connect

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WinRAR archiver" = WinRAR archiver

"WinZip Companion for Outlook" = WinZip Companion for Outlook

"XFastUsb" = XFastUsb

"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall

"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"HPCLJ8500TypicalKey" = Deinst. - HP CLJ 8500-Standardversion

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 29.08.2012 02:10:33 | Computer Name = MCS-FRANK | Source = ESENT | ID = 439

Description = services (1264) Die Shadowkopfzeile für Datei C:\WINDOWS\Security\tmp.edb

 konnte nicht geschrieben werden. Fehler -1808.

 

Error - 29.08.2012 02:51:56 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073

Description = 

 

Error - 29.08.2012 02:51:56 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073

Description = 

 

Error - 29.08.2012 03:21:47 | Computer Name = MCS-FRANK | Source = ESENT | ID = 439

Description = wuauclt (5168) Die Shadowkopfzeile für Datei C:\WINDOWS\SoftwareDistribution\DataStore\Logs\tmp.edb

 konnte nicht geschrieben werden. Fehler -1808.

 

Error - 29.08.2012 03:51:38 | Computer Name = MCS-FRANK | Source = MBAMService | ID = 131073

Description = 

 

Error - 30.08.2012 05:29:19 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={54A2042D-FDA4-46CA-9A52-7AFF036C401C},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

Error - 30.08.2012 05:29:19 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={5D189CC2-EB49-4527-9827-DEA473D88771},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

Error - 30.08.2012 05:29:19 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={7B3D7DA3-65A4-4947-B548-99483C439C8F},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

Error - 30.08.2012 05:29:31 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={7B3D7DA3-65A4-4947-B548-99483C439C8F},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

Error - 30.08.2012 05:29:31 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={B4BD95A7-23E7-4227-A9E2-F038E8BF4A62},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

[ System Events ]

Error - 30.08.2012 03:47:35 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7031

Description = Der Dienst "Apple Mobile Device" wurde unerwartet beendet. Dies ist

 bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden

 durchgeführt: Starten Sie den Dienst neu..

 

Error - 30.08.2012 03:47:35 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7031

Description = Der Dienst "BitDefender Management Agent" wurde unerwartet beendet.

 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000

 Millisekunden durchgeführt: Starten Sie den Dienst neu..

 

Error - 30.08.2012 03:47:35 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7034

Description = Dienst "Dienst "Bonjour"" wurde unerwartet beendet. Dies ist bereits

 1 Mal passiert.

 

Error - 30.08.2012 03:49:36 | Computer Name = MCS-FRANK | Source = DCOM | ID = 10010

Description = Der Server "{11295F3A-321C-4813-A349-FE4659E603A0}" konnte innerhalb

 des angegebenen Zeitabschnitts mit DCOM nicht registriert werden.

 

Error - 30.08.2012 05:28:41 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerk-DDE-Dienst" ist vom Dienst "Netzwerk-DDE-Serverdienst"

 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058

 

Error - 30.08.2012 05:28:41 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "TeamViewer 3" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%5

 

Error - 30.08.2012 05:30:53 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "bdfsfltr" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%31

 

Error - 30.08.2012 05:30:57 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%31

 

Error - 30.08.2012 05:30:57 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%31

 

Error - 30.08.2012 05:30:57 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%31

 

 

< End of report >

--- --- ---
OTL Logfile:

Code:

OTL logfile created on: 30.08.2012 11:50:11 - Run 3

OTL by OldTimer - Version 3.2.59.1     Folder = \\MCS-SRV\RedirectedFolders\frank\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 1,70 Gb Available Physical Memory | 52,46% Memory free

6,33 Gb Paging File | 4,86 Gb Available in Paging File | 76,71% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 54,99 Gb Total Space | 5,71 Gb Free Space | 10,39% Space Free | Partition Type: NTFS

Drive D: | 19,53 Gb Total Space | 2,93 Gb Free Space | 15,01% Space Free | Partition Type: NTFS

Drive E: | 294,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 930,39 Gb Total Space | 800,45 Gb Free Space | 86,03% Space Free | Partition Type: NTFS

Drive Q: | 5496,93 Gb Total Space | 550,91 Gb Free Space | 10,02% Space Free | Partition Type: NTFS

Drive R: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS

Drive S: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS

Drive U: | 232,83 Gb Total Space | 39,58 Gb Free Space | 17,00% Space Free | Partition Type: NTFS

 

Computer Name: MCS-FRANK | User Name: frank | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)

PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()

PRC - C:\Programme\BitDefender\BitDefender 2008\bdagent.exe (BitDefender)

PRC - C:\Programme\BitDefender\BitDefender 2008\vsserv.exe (BitDefender)

PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

PRC - C:\Programme\UltraVNC\winvnc.exe (UltraVNC)

PRC - C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Management Agent\bdemagent.exe (BitDefender)

PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe (DisplayLink Corp.)

PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe (DisplayLink Corp.)

PRC - C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)

PRC - C:\WINDOWS\system32\LxrJD31s.exe ()

PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\WINDOWS\system32\U2VSvr.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)

PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)

PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)

PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)

PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fpdisp5a.exe (FinePrint Software, LLC)

PRC - C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\Gtwatch.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_271.dll ()

MOD - \\?\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\av32bit_ent_25856\avxdisk.dll ()

MOD - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()

MOD - C:\Programme\BitDefender\BitDefender 2008\bdfltlib.dll ()

MOD - c:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\smartscn.dll ()

MOD - \\?\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\trufos.dll ()

MOD - C:\WINDOWS\system32\LxrJD31s.exe ()

MOD - C:\WINDOWS\system32\U2VSvr.exe ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\Programme\BitDefender\BitDefender 2008\libexpatw.dll ()

MOD - C:\Programme\Gemeinsame Dateien\Acronis\Common\gc.dll ()

MOD - C:\Programme\Adobe\Acrobat 6.0\Distillr\AdistRes.DEU ()

MOD - C:\WINDOWS\Gtwatch.exe ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (TeamViewer) -- \MCS-SRV\RedirectedFolders\frank\temp\TeamViewer3\TeamViewer_Host.exe File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)

SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (LIVESRV) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()

SRV - (VSSERV) -- C:\Programme\BitDefender\BitDefender 2008\vsserv.exe (BitDefender)

SRV - (scan) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\scan.dll (BitDefender)

SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SRV - (uvnc_service) -- C:\Programme\UltraVNC\winvnc.exe (UltraVNC)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (BitDefender Management Agent) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Management Agent\bdemagent.exe (BitDefender)

SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)

SRV - (LxrJD31s) -- C:\WINDOWS\System32\LxrJD31s.exe ()

SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware)

SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)

SRV - (U2VSvr) -- C:\WINDOWS\system32\U2VSvr.exe ()

SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)

SRV - (NasPmService) -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)

SRV - (XCOMM) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)

SRV - (FolderSize) -- C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)

SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (WmcCds) -- c:\Programme\Windows Media Connect\mswmccds.exe (Microsoft Corporation)

SRV - (WmcCdsLs) -- C:\Programme\Windows Media Connect\mswmcls.exe (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (PAC7302) -- system32\DRIVERS\PAC7302.SYS File not found

DRV - (lbrtfdc) --  File not found

DRV - (L6PODLV) -- System32\Drivers\L6PODLV.sys File not found

DRV - (IIUSBISP) -- System32\Drivers\iiusbisp.sys File not found

DRV - (i2omgmt) --  File not found

DRV - (FTD2XX) -- System32\Drivers\FTD2XX.sys File not found

DRV - (EVOLUSB) -- system32\drivers\evolusb.sys File not found

DRV - (Changer) --  File not found

DRV - (bdfsfltr) -- Reg Error: Invalid data type. File not found

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (CardReaderFilter) -- C:\WINDOWS\system32\drivers\USBCRFT.SYS (ICSI Technology Ltd.)

DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO)

DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)

DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)

DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender SRL)

DRV - (BDSelfPr) -- C:\Programme\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender LLC)

DRV - (bdftdif) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)

DRV - (trufos) -- C:\WINDOWS\system32\drivers\trufos.sys (BitDefender S.R.L.)

DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (mv2) -- C:\WINDOWS\system32\drivers\mv2.sys (UVNC BVBA)

DRV - (FNETTBOH_305) -- C:\WINDOWS\system32\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)

DRV - (FNETURPX) -- C:\WINDOWS\system32\drivers\FNETURPX.SYS (FNet Co., Ltd.)

DRV - (AsrAppCharger) -- C:\WINDOWS\system32\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)

DRV - (DisplayLinkGA) -- C:\WINDOWS\system32\drivers\DisplayLinkGAport.sys (DisplayLink Corp.)

DRV - (DisplayLinkmirror) -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys (DisplayLink Corp.)

DRV - (DisplayLinkFilter) -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys (DisplayLink Corp.)

DRV - (DisplayLinkUsbPort) -- C:\WINDOWS\system32\drivers\DisplayLinkUsbPort_5.2.24075.0.sys (hxxp://libusb-win32.sourceforge.net)

DRV - (LxrJD31d) -- C:\WINDOWS\system32\drivers\LxrJD31d.sys ()

DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV - (AMBFilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)

DRV - (T1PMrGrp) -- C:\WINDOWS\system32\drivers\T1PMrGrp.sys (Magic Control Technology Corp.)

DRV - (T1PExGrp) -- C:\WINDOWS\system32\drivers\T1PExGrp.sys (Magic Control Technology Corp.)

DRV - (t1pusb) -- C:\WINDOWS\system32\drivers\t1pusb.sys (Magic Control Technology Corp.)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys (SiSoftware)

DRV - (MonFilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (UFBFilte) -- C:\WINDOWS\system32\drivers\UFBFilte.sys (www.winchiphead.com)

DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)

DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)

DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)

DRV - (YMIDUSB) -- C:\WINDOWS\system32\drivers\ymidusb.sys (YAMAHA Corporation)

DRV - (RDID1009) -- C:\WINDOWS\system32\drivers\Rdwm1009.sys (Roland Corporation)

DRV - (L6SeaMonkDev) -- C:\WINDOWS\system32\drivers\L6SM.sys (Line 6)

DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)

DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)

DRV - (GT681x) -- C:\WINDOWS\system32\drivers\gt681x.sys (   )

DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de

 

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://10.0.10.109/cgi-bin/enter.cgi

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 64 59 0D 27 EB CC 01  [binary data]

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=290412_4_ctrl&babsrc=SP_ss&mntrId=d4479e0900000000000000252276520a

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: netviewero2o@netviewero2o:1.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4

FF - prefs.js..extensions.enabledItems: adonis.cuhk@gmail.com:1.8

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2

FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.04.20110724

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\palmOne\PACKAG~1\NPInstal.dll ()

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netviewero2o@netviewero2o: C:\Programme\Netviewer\one2one\Plugin\FF plugin\ffone2one [2008.01.29 13:23:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.08.20 12:01:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.30 11:40:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.22 11:11:49 | 000,000,000 | ---D | M]

 

[2010.11.22 19:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Extensions

[2012.08.30 11:41:57 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions

[2011.01.28 18:26:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.02.23 14:25:35 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2011.10.07 09:13:25 | 000,000,000 | ---D | M] (Google Docs Viewer) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\adonis.cuhk@gmail.com

[2011.08.20 15:37:51 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\coralietab@mozdev.org

[2012.08.22 11:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.08.22 11:11:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

[2012.08.30 11:41:57 | 000,159,657 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRANK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y7Z9VVYH.DEFAULT\EXTENSIONS\NOTREAL.CCOPTIONS@ENVIRONMENTALCHEMISTRY.COM.XPI

[2012.07.11 08:25:40 | 000,163,080 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRANK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y7Z9VVYH.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI

[2012.08.30 11:40:55 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2008.06.21 11:37:07 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Programme\mozilla firefox\plugins\npmusicn.dll

[2009.04.29 14:13:48 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll

[2009.08.09 01:30:36 | 000,107,760 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll

[2012.01.02 14:59:23 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.05.09 12:15:18 | 000,002,356 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml

[2012.08.30 11:40:21 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2008.04.07 13:30:00 | 000,000,917 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\conduit.xml

[2012.01.02 14:59:23 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.01.02 14:59:23 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.01.02 14:59:23 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.01.02 14:59:23 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.08.30 15:57:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()

O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2008\ietoolbar.dll (BitDefender)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [BDAgent] C:\Programme\BitDefender\BitDefender 2008\bdagent.exe (BitDefender)

O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Programme\BitDefender\BitDefender 2008\IEShow.exe (BitDefender)

O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\CMICNFG.CPL (C-Media Corporation)

O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)

O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe ()

O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [XFastUsb] C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)

O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()

O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()

O4 - HKU\S-1-5-21-18413201-578950046-47629304-1154..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\Verkauf\Startmenü\Programme\Autostart\AOM.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Web\AOM.exe (Adobe Systems, Incorporated)

O4 - Startup: C:\Dokumente und Einstellungen\Verkauf\Startmenü\Programme\Autostart\Spamihilator.lnk =  File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} hxxp://download.ebay.com/turbo_lister/DE/install.cab (Reg Error: Key error.)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232184983201 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1314978076284 (MUWebControl Class)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} hxxp://10.0.0.30/activex/AMC.cab (AxisMediaControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://10.0.0.32/activex/AxisCamControl.cab (CamImage Class)

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = m-city.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEF42BD-6369-4C6C-8189-0676CD17DC30}: NameServer = 10.0.10.2,10.0.10.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C32898C0-BD7E-4574-8C64-85DBD7AFADD4}: NameServer = 10.0.10.2,10.0.10.1,10.0.0.2

O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [1999.06.07 17:59:54 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.30 11:37:59 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.08.29 10:48:35 | 000,598,528 | ---- | C] (OldTimer Tools) -- \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe

[2012.08.29 10:13:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Vim 7.3

[2012.08.29 10:12:43 | 000,000,000 | ---D | C] -- C:\Programme\Vim

[2012.08.22 11:11:49 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll

[2012.08.22 11:11:47 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2012.08.22 11:11:47 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2012.08.22 11:11:47 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2012.08.20 12:02:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Check Point

[2012.08.20 12:01:51 | 000,000,000 | ---D | C] -- \\MCS-SRV\RedirectedFolders\frank\My Documents\ForceField Shared Files

[2012.08.20 12:01:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\CheckPoint

[2012.08.20 11:58:43 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint

[2012.08.20 11:58:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint

[2012.08.18 14:15:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy

[2012.08.14 23:26:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browser.dll

[2012.08.14 16:55:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Viewer

[2012.08.14 16:55:07 | 000,000,000 | ---D | C] -- C:\Programme\SheetMusicNow

[2012.08.03 12:08:02 | 000,526,640 | ---- | C] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys

[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.08.30 12:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2012.08.30 11:48:32 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.08.30 11:48:31 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012.08.30 11:48:31 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012.08.30 11:32:58 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012.08.30 11:32:05 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS

[2012.08.30 11:30:53 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.08.30 11:29:34 | 000,001,368 | RHS- | M] () -- C:\Dokumente und Einstellungen\Frank\ntuser.pol

[2012.08.30 11:29:28 | 000,008,964 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol

[2012.08.30 11:28:12 | 000,000,188 | ---- | M] () -- C:\WINDOWS\478905b7-cf84-42d3-b378-7896691e777c.xml

[2012.08.30 11:27:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.08.29 19:41:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\sicher.job

[2012.08.29 10:49:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe

[2012.08.28 21:11:32 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.08.28 12:07:15 | 000,102,400 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\bläsersuchedb1.mdb

[2012.08.27 19:37:18 | 145,559,552 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\kundendatenbank2012.mdb

[2012.08.24 09:09:37 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI

[2012.08.22 11:11:11 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll

[2012.08.22 11:11:11 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2012.08.22 11:11:11 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2012.08.22 11:11:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2012.08.22 11:11:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2012.08.22 11:11:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2012.08.20 12:25:15 | 000,415,877 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2012.08.20 12:02:05 | 000,000,519 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoneAlarm Security.lnk

[2012.08.20 08:02:16 | 001,005,355 | ---- | M] () -- C:\thomann.mbw

[2012.08.19 16:12:29 | 000,000,249 | ---- | M] () -- C:\WINDOWS\Wininit.ini

[2012.08.18 14:15:33 | 000,000,830 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Spybot - Search & Destroy.lnk

[2012.08.18 08:42:29 | 000,417,485 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\voxg1Foto 1.JPG

[2012.08.15 15:54:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.08.15 03:15:29 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.08.15 03:10:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.08.14 16:55:12 | 000,000,793 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Sheet Music Now Viewer.lnk

[2012.08.12 22:18:46 | 000,000,797 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.08.03 12:08:02 | 000,526,640 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\System32\vsdatant.sys

[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.08.28 11:28:45 | 000,102,400 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\bläsersuchedb1.mdb

[2012.08.20 12:09:58 | 000,415,877 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml

[2012.08.20 12:02:05 | 000,000,519 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoneAlarm Security.lnk

[2012.08.20 08:02:16 | 001,005,355 | ---- | C] () -- C:\thomann.mbw

[2012.08.18 14:15:33 | 000,000,830 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Spybot - Search & Destroy.lnk

[2012.08.18 08:42:29 | 000,417,485 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\voxg1Foto 1.JPG

[2012.08.14 16:55:12 | 000,000,793 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Sheet Music Now Viewer.lnk

[2012.08.12 22:18:46 | 000,000,797 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.14 23:16:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.04.14 11:55:25 | 000,023,590 | ---- | C] () -- C:\WINDOWS\RenewUSB.dat

[2011.02.23 18:19:22 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2011.02.23 18:19:20 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2011.02.23 18:19:20 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2011.02.23 18:19:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2011.02.23 18:19:15 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2011.02.23 18:19:15 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2011.02.23 18:19:11 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2011.02.23 18:19:03 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2011.02.23 18:12:55 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2011.02.23 18:04:14 | 000,006,221 | ---- | C] () -- C:\WINDOWS\System32\antispam.ini

[2011.01.27 22:01:34 | 000,000,484 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc

[2011.01.19 16:34:51 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010.12.15 04:16:07 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI

[2010.11.22 17:08:59 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.11.22 11:39:44 | 000,001,368 | RHS- | C] () -- C:\Dokumente und Einstellungen\Frank\ntuser.pol

[2010.11.22 11:27:49 | 000,008,964 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol

[2009.07.02 17:35:32 | 010,440,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda

[2007.04.11 18:32:41 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache

[2006.02.08 10:21:14 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

 
 ========== LOP Check ==========

 

[2006.12.28 15:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis

[2011.08.26 09:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender

[2012.08.20 11:58:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint

[2011.07.19 15:00:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Deutsche Post AG

[2007.11.30 20:35:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay

[2006.11.04 16:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\element5

[2011.03.17 18:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FNET

[2010.11.26 13:30:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG

[2009.05.25 18:03:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HotSync

[2008.06.21 11:37:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Musicnotes

[2009.11.25 14:19:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Printer's Apprentice

[2008.02.01 19:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solero

[2012.07.08 20:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer

[2009.04.11 14:16:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2011.02.25 15:26:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010.03.16 19:46:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010.12.13 16:22:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\BitDefender

[2011.05.27 15:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Avery

[2010.12.13 16:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Bitdefender

[2012.08.20 12:01:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\CheckPoint

[2012.04.03 20:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\ElevatedDiagnostics

[2012.05.24 21:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Free Download Manager

[2011.02.11 20:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\GetRightToGo

[2011.06.20 12:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Gutscheinmieze

[2010.11.22 11:41:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\HotSync

[2011.07.06 15:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Nvu

[2011.01.12 00:53:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Opera

[2012.02.11 13:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\SmartStore

[2012.05.09 17:15:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\SolidDocuments

[2011.04.14 16:05:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\TeamViewer

[2011.02.03 18:03:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\TuneUp Software

[2012.04.10 15:28:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\UDC Profiles

[2010.11.22 11:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Windows Small Business Server

[2010.11.22 11:33:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\netadmin\Anwendungsdaten\HotSync

[2010.11.22 11:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\netadmin\Anwendungsdaten\Windows Small Business Server

[2007.11.06 16:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\AD ON Multimedia

[2010.01.25 20:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Crystal Player

[2009.05.04 15:56:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\gtk-2.0

[2009.05.25 17:01:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\HotSync

[2009.05.25 18:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Leadertech

[2005.12.06 12:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Line 6

[2010.09.28 16:50:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Netviewer

[2009.01.17 12:12:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\OfficeUpdate12

[2009.11.25 14:08:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Printer's Apprentice

[2007.04.03 17:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\SmartStore

[2010.11.20 17:31:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\SolidDocuments

[2010.11.22 11:07:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Spamihilator

[2008.08.14 14:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\TeamViewer

[2006.10.23 21:38:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\TuneUp Software

[2010.10.08 12:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\UDC Profiles

[2010.11.22 11:43:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\verkauf.M-CITY\Anwendungsdaten\HotSync

[2010.11.22 11:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\verkauf.M-CITY\Anwendungsdaten\Windows Small Business Server

[2012.08.30 12:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job

[2012.08.29 19:41:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\sicher.job
 

< End of report >

--- --- ---

Fuehre den Fix aus!

Anleitung beachten!

Sorry t´john ...
ich mußte 2 mal den Scan abbrechen ..und der MB dauerte auch noch über 40h ....

Habe den FIX nochmal ausgeführt, dieses mal kamen Meldungn .. "kann nicht gefunden werden ... " d.h. beim ersten FIX liefen wohl Teile durch.

Aber jetzt ALLE Protokolle ganz frisch.

DANKE für prüfen ob ich "sauber" bin.

gruß frank

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.29.03

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
frank :: MCS-FRANK [Administrator]

Schutz: Aktiviert

03.09.2012 18:49:07
mbam-log-2012-09-03 (18-49-07).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|I:\|Q:\|R:\|S:\|U:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 997165
Laufzeit: 2 Tag(en), 9 Stunde(n), 40 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
OTL Logfile:

Code:

OTL Extras logfile created on: 06.09.2012 10:05:54 - Run 5

OTL by OldTimer - Version 3.2.59.1     Folder = \\MCS-SRV\RedirectedFolders\frank\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 48,30% Memory free

6,33 Gb Paging File | 4,67 Gb Available in Paging File | 73,76% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 54,99 Gb Total Space | 13,15 Gb Free Space | 23,91% Space Free | Partition Type: NTFS

Drive D: | 19,53 Gb Total Space | 2,93 Gb Free Space | 15,01% Space Free | Partition Type: NTFS

Drive E: | 294,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 930,39 Gb Total Space | 814,85 Gb Free Space | 87,58% Space Free | Partition Type: NTFS

Drive Q: | 5496,93 Gb Total Space | 2374,24 Gb Free Space | 43,19% Space Free | Partition Type: NTFS

Drive R: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS

Drive S: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS

Drive U: | 232,83 Gb Total Space | 39,87 Gb Free Space | 17,12% Space Free | Partition Type: NTFS

 

Computer Name: MCS-FRANK | User Name: frank | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Extra Registry (SafeList) ==========

 

 
 ========== File Associations ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

.html [@ = Opera.HTML] -- C:\Programme\Opera\Opera.exe (Opera Software)

 

[HKEY_USERS\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

 
 ========== Shell Spawning ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

exefile [open] -- "%1" %*

http [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Programme\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

 
 ========== Security Center Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"UpdatesDisableNotify" = 0

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring" = 1

 
 ========== System Restore Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

 
 ========== Firewall Settings ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

"EnableFirewall" = 1

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"EnableFirewall" = 0

"DoNotAllowExceptions" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

"5900:TCP" = 5900:TCP:*:Enabled:vnc5900

"5800:TCP" = 5800:TCP:*:Enabled:vnc5800

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 0

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009

"1723:TCP" = 1723:TCP:*:Enabled:@xpsp2res.dll,-22015

"1701:UDP" = 1701:UDP:*:Enabled:@xpsp2res.dll,-22016

"500:UDP" = 500:UDP:*:Enabled:@xpsp2res.dll,-22017

 
 ========== Authorized Applications List ==========

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)

"C:\Programme\Opera\opera.exe" = C:\Programme\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)

"C:\Programme\QNAP\Finder\Finder.exe" = C:\Programme\QNAP\Finder\Finder.exe:*:Enabled:Finder -- ()

"\\mcs-srv\mcs\installs\netviewer\Netviewer_Support.exe" = \\mcs-srv\mcs\installs\netviewer\Netviewer_Support.exe:*:Enabled:Netviewer application

"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)

"C:\Programme\UltraVNC\winvnc.exe" = C:\Programme\UltraVNC\winvnc.exe:*:Enabled:winvnc.exe -- (UltraVNC)

"C:\Programme\UltraVNC\vncviewer.exe" = C:\Programme\UltraVNC\vncviewer.exe:*:Enabled:vncviewer.exe -- (UltraVNC)

"C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe" = C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe:*:Enabled:SMBiz5 -- (SmartStore AG)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)

"C:\Programme\Microsoft Office\Office\FRONTPG.EXE" = C:\Programme\Microsoft Office\Office\FRONTPG.EXE:*:Enabled:Microsoft FrontPage -- (Microsoft Corporation)

"C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe" = C:\Programme\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper -- (Opera Software)

 

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\Program Files\WS_FTP\WS_FTP95.exe" = C:\Program Files\WS_FTP\WS_FTP95.exe:*:Enabled:WS_FTP 95 -- (Ipswitch, Inc. 81 Hartwell Ave. Lexington, MA)

"C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe" = C:\Programme\SmartStore\SmartStore.biz 5\SMBiz5.exe:*:Enabled:SMBiz5 -- (SmartStore AG)

"C:\Programme\Mozilla Firefox\firefox.exe" = C:\Programme\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe" = C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPRun.exe:*:Enabled:HP Easy Printer Care HPPRun -- (Hewlett-Packard Company)

"C:\Programme\BUFFALO\NASNAVI\NasNavi.exe" = C:\Programme\BUFFALO\NASNAVI\NasNavi.exe:*:Enabled:BUFFALO NASNavigator2 -- ()

"C:\Dokumente und Einstellungen\Verkauf\Desktop\Netviewer Service\NV_Support_Berater_DE.exe" = C:\Dokumente und Einstellungen\Verkauf\Desktop\Netviewer Service\NV_Support_Berater_DE.exe:*:Enabled:Netviewer application -- (Netviewer AG)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe:*:Enabled:SiSoftware Deployment Agent Service -- (SiSoftware)

"C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe" = C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\RpcSandraSrv.exe:*:Enabled:SiSoftware Sandra Agent Service -- (SiSoftware)

"C:\Programme\Hewlett-Packard\HP Designjet System Maintenance\hp_dj_sme.exe" = C:\Programme\Hewlett-Packard\HP Designjet System Maintenance\hp_dj_sme.exe:*:Enabled:hp designjet system maintenance engine -- (Hewlett Packard)

"C:\Programme\QNAP\Finder\Finder.exe" = C:\Programme\QNAP\Finder\Finder.exe:*:Enabled:Finder -- ()

"C:\Programme\Spamihilator\spamihilator.exe" = C:\Programme\Spamihilator\spamihilator.exe:*:Enabled:Spamihilator

"C:\Programme\Spamihilator\cdcc.exe" = C:\Programme\Spamihilator\cdcc.exe:*:Enabled:Spamihilator DCC Filter Configuration

"C:\Programme\Spamihilator\dccproc.exe" = C:\Programme\Spamihilator\dccproc.exe:*:Enabled:Spamihilator DCC Filter

"\\Mcs01\mcs_alt\installs\netviewer\NV_Support_Berater_DE.exe" = \\Mcs01\mcs_alt\installs\netviewer\NV_Support_Berater_DE.exe:*:Enabled:NV_Support_Berater_DE.exe

 

 
 ========== HKEY_LOCAL_MACHINE Uninstall List ==========

 

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{00120407-78E1-11D2-B60F-006097C998E7}" = Microsoft FrontPage 2000

"{020CF65F-700F-4E55-AFB7-97024584A2B3}" = Komponenten der Ereigniskommunikation

"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended

"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics

"{0B8AE7AF-E2AC-40AB-A1CF-3259101E81E8}" = SmartStore.biz 6

"{0C567C3E-AD5A-4045-97C8-3CF640F10011}" = Netviewer one2one

"{0CD3CFF0-9A22-4CDA-BF1B-FA73C1D8B95B}" = Palm

"{1545207E-C6F3-31D7-9918-BDBB65075FBF}" = Microsoft .NET Framework 3.5 Language Pack - deu

"{15CCBC5D-66A7-4131-8D36-E05F27B0E68F}" = Sibelius Scorch (ActiveX Only)

"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148

"{20B1B020-DEAE-48D1-9960-D4C3185D758B}" = Phase 5 HTML-Editor

"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform

"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer

"{26A24AE4-039D-4CA4-87B4-2F83216034FF}" = Java(TM) 6 Update 34

"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes

"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour

"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support

"{31821EFE-1B31-4744-9FB0-208F92BD7168}" = Visual FoxPro ODBC Driver

"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10

"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1

"{334799B1-527F-475B-AF19-658124E2BE24}" = ZoneAlarm Security

"{350C97B3-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile

"{3D2975E7-DD28-4145-811A-225140FF87F0}" = Acronis*True*Image*Home

"{41915A51-6F92-4F0E-87C4-8178785B96CC}" = HP Printer Settings Tools

"{43DCF766-6838-4F9A-8C91-D92DA586DFA8}" = Microsoft Windows-Journal-Viewer

"{492F8345-095D-467F-926C-278870D93ECF}" = Windows Small Business Server 2008 ClientAgent

"{49782B2F-49AE-423D-85D6-4EE7019CEA13}" = HP Easy Printer Care

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime

"{5888428E-699C-4E71-BF71-94EE06B497DA}" = TuneUp Utilities 2008

"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable

"{7527CD9F-894E-47B3-9AFB-3E680E007051}" = HP Proactive Services

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{81C5AD1D-C7C6-48AC-AC85-8F04293B1780}" = USB Display Device (Trigger 1+) 9.10.0526.1259

"{838257FC-952A-467B-86BF-21DB6B137A3F}" = Windows Small Business Server 2008 WMI Provider

"{83F3EED2-DDE2-4434-8FBE-9D2A1E7C2BC9}" = Multi-Card Reader & Flash Disk

"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570

"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2

"{894A83F3-19C8-491D-807D-50784DC4EB9F}" = Deutsche Post E-Porto

"{8A0BD487-D185-4316-92CE-9E415C3AC6DB}" = Sibelius Scorch (Firefox, Opera, Netscape only)

"{8E8604C4-2979-4A96-99B3-3CBB7DD8C5FA}" = Printer's Apprentice 8.0

"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System

"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In

"{91110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003

"{91490409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Primary Interop Assemblies

"{9309DD7E-EBFE-3C95-8B47-30D3A012F606}" = Microsoft .NET Framework 2.0 Service Pack 1 Language Pack - DEU

"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer

"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter

"{95720E85-F3FB-4F95-9399-7E3E3E26D7AB}" = hp designjet printer software

"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17

"{9A2F3559-6776-4F67-B46E-5F973B901234}" = ZoneAlarm Antivirus

"{9BC76CCE-A9EC-4A3A-9B51-D823805E1D1F}" = SolidConverterPDF

"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161

"{9ED38F62-7A50-4145-8C5D-0FCFFBF10A7B}" = Visual C++ CRT 9.0

"{A1071AEB-B0EF-3F5F-BC84-83A270EBE496}" = Microsoft .NET Framework 3.0 Service Pack 1 Language Pack - DEU

"{A1E98303-102A-46FB-A2D0-3838C3F64DF2}" = Komponenten der Kernkommunikation

"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2

"{A32A6393-37DA-4E44-BB9F-C4F384F89EB9}" = HP Systemwartung für HP designjet 30 130 series

"{ABC52CF9-2D43-4278-A152-CB2CD3ED8FE9}" = MIDI-OX

"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update

"{AC76BA86-0000-7EC8-7489-000000000603}" = Adobe Acrobat and Reader 6.0.3 Update

"{AC76BA86-0000-7EC8-7489-000000000605}" = Adobe Acrobat and Reader 6.0.5 Update

"{AC76BA86-0000-7EC8-7489-000000000606}" = Adobe Acrobat and Reader 6.0.6 Update

"{AC76BA86-1033-F400-7760-000000000001}" = Adobe Acrobat 6.0.1 Professional - English, Français, Deutsch

"{AC76BA86-7AD7-1031-7B44-A82000000003}" = Adobe Reader 8.2.0 - Deutsch

"{AC76BA86-7AD7-1031-7B44-A83000000003}" = Adobe Reader 8.3.1 - Deutsch

"{AC76BA86-7AD7-2448-0000-800000000003}" = Chinese Traditional Fonts Support For Adobe Reader 8

"{AD799836-6B74-419B-A869-C326CA86ECCF}" = ZoneAlarm Firewall

"{B2395631-54D5-481E-B9A8-74B269546F40}" = Visual C++ CRT 8.0

"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy

"{BDED922C-5E3A-42A7-B1D2-B21FDD036DB3}" = BitDefender Management Agent

"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2

"{C0A8F64F-36C8-489F-B813-90D60B541D1E}" = Komponenten der Gerätedatenkommunikation

"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2196}_is1" = SiSoftware Sandra Lite 2009.SP3c

"{C8FD5BC1-92EF-4C15-92A9-F9AC7F61985F}" = HP Update

"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack

"{C9A87D86-FDFD-418B-BF96-EF09320973B3}" = PC Inspector smart recovery

"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support

"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection

"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1

"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware

"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1

"{D2231F9E-1ECD-439C-8E74-D966C87F717A}" = DisplayLink Core Software

"{D5842AC3-59C7-4DDD-BB33-54FE544DB3DA}" = Komponenten der Betriebssystemkommunikation

"{D7D4E8A4-A08B-4341-A4FE-9E1980C00D2C}" = BitDefender Business Client

"{D91AB4D6-2CA1-4427-91B3-BB31D3C6D4EE}" = SmartStore.biz 5

"{E728E952-DD4F-4BCD-A5C8-40FBFEFF91FE}" = OpenOffice.org Installer 1.0

"{E78BFA60-5393-4C38-82AB-E8019E464EB4}" = Microsoft .NET Framework 1.1 German Language Pack

"{EC25B803-4BDB-47F7-B877-FCE7D7966C0F}" = Visual C++ CRT 9.0 SP1

"{ECB904FE-CB4D-40A4-A884-E278410F0CE1}" = HP Printer Usage Report

"{EEF1D3A1-0ABD-4859-AD93-930773563393}" = PEARL PrintProfi Etiketten

"{F6869CD2-3DB4-476D-A4C7-B3AE7C3ACF7B}" = Windows Media Connect

"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"{F7B0E599-C114-4493-BC4D-D8FC7CBBABBB}" = 32 Bit HP CIO Components Installer

"{F97272B4-82C4-46B2-BCF1-C4D6E8CAB3E6}" = Avery Wizard 4.0

"{FC8D21C8-7B29-4104-ADB0-FEE9CA1C7922}" = Folder Size for Windows

"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT-Erweiterung für den Microsoft Windows XP-Assistenten zum Schreiben von CDs

"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022

"ABBYY FineReader 4.0 Sprint" = ABBYY FineReader 4.0 Sprint

"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin

"Anti-Twin 2011-09-27 09.17.18" = Anti-Twin (Installation 27.09.2011)

"ASRock App Charger_is1" = ASRock App Charger v1.0.4

"AXIS Media Control" = AXIS Media Control

"BitDefender Business Client" = BitDefender Business Client

"BulkMailer 2012" = BulkMailer 2012 7.0.5

"CCleaner" = CCleaner

"C-Media Audio" = C-Media 3D Audio

"DiffDaff_is1" = DiffDaff Version 1.0

"dots Pilot 2 Version 2.4" = dots Pilot 2 Version 2.4

"ESET Online Scanner" = ESET Online Scanner v3

"Finale NotePad 2006" = Finale NotePad 2006

"Finale NotePad 2008" = Finale NotePad 2008

"FinePrint" = FinePrint

"FinePrint (5.x)" = FinePrint (5.x)

"Format Konverter" = Format Konverter

"Free Download Manager_is1" = Free Download Manager 3.8

"FuzzyDupes" = FuzzyDupes 7.0.2

"getPlus(R)_dll" = getPlus(R)_dll

"HP Easy Printer Care" = HP Easy Printer Care

"ie8" = Windows Internet Explorer 8

"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager

"InstallShield_{6B10045E-6789-49C4-BFED-52575F5B76BF}" = Avery Zweckform Assistent 2.5

"IrfanView" = IrfanView (remove only)

"JDSecure" = JD Secure 3.1

"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300

"mEye_JIB" = mEye_JIB_2 2.0.0.0

"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1

"Microsoft .NET Framework 3.5 Language Pack - deu" = Microsoft .NET Framework 3.5 Language Pack - DEU

"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1

"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile

"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack

"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended

"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack

"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)

"MozillaMaintenanceService" = Mozilla Maintenance Service

"MultipleIEs_is1" = MultipleIEs

"MySpaceIM" = MySpaceIM

"NeroMultiInstaller!UninstallKey" = Nero Suite

"NVIDIA Drivers" = NVIDIA Drivers

"Nvu_is1" = Nvu 1.0

"Opera 12.01.1532" = Opera 12.01

"PalmSource Package Installer" = PalmSource Package Installer 1.5

"pdfFactory Pro" = pdfFactory Pro

"Player" = QNAP Player

"PrintKey2000" = PrintKey2000

"PSRUTI" = PSRUTI (remove only)

"QNAP_FINDER" = QNAP Finder

"QNAPDecoder" = QNAP Decoder

"QNAPVioStorMonitor" = QNAP Web Monitor Component

"Samsung CLP-510 Series" = Samsung CLP-510 Series

"ScanExpress A3 USB v1.4" = ScanExpress A3 USB v1.4

"Sheet Music Now Viewer_is1" = Sheet Music Now Viewer 8.3.2.0

"ShockwaveFlash" = Macromedia Flash Player 8

"SiS 661FX_760_741_M661FX_M760_M741" = SiS 661FX_760_741_M661FX_M760_M741

"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver

"Solero Music Viewer_is1" = Solero Music Viewer 8.0.32.2

"ST5UNST #1" = Au2Email 3

"ST6UNST #1" = MusicFinderView

"Ultravnc2_is1" = UltraVnc

"UN060501" = BUFFALO NAS Navigator

"UN080307" = BUFFALO LinkStation(LS-WTGL/R1) Setup Guide

"Universal Document Converter_is1" = Universal Document Converter Server Edition

"Vim 7.3" = Vim 7.3 (self-installing)

"Windows Media Connect" = Windows Media Connect

"Windows Media Format Runtime" = Windows Media Format Runtime

"Windows Media Player" = Windows Media Player 10

"WinRAR archiver" = WinRAR archiver

"WinZip Companion for Outlook" = WinZip Companion for Outlook

"XFastUsb" = XFastUsb

"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall

"ZoneAlarm LTD Toolbar" = ZoneAlarm LTD Toolbar

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"Adobe Digital Editions" = Adobe Digital Editions

 
 ========== HKEY_USERS Uninstall List ==========

 

[HKEY_USERS\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"HPCLJ8500TypicalKey" = Deinst. - HP CLJ 8500-Standardversion

 
 ========== Last 20 Event Log Errors ==========

 

[ Application Events ]

Error - 06.09.2012 01:49:46 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={54A2042D-FDA4-46CA-9A52-7AFF036C401C},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

Error - 06.09.2012 01:49:46 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={5D189CC2-EB49-4527-9827-DEA473D88771},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

Error - 06.09.2012 01:49:46 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={7B3D7DA3-65A4-4947-B548-99483C439C8F},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

Error - 06.09.2012 02:05:00 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={7B3D7DA3-65A4-4947-B548-99483C439C8F},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

Error - 06.09.2012 02:05:00 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={B4BD95A7-23E7-4227-A9E2-F038E8BF4A62},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

Error - 06.09.2012 03:30:49 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={54A2042D-FDA4-46CA-9A52-7AFF036C401C},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

Error - 06.09.2012 03:30:50 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={5D189CC2-EB49-4527-9827-DEA473D88771},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

Error - 06.09.2012 03:30:50 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={7B3D7DA3-65A4-4947-B548-99483C439C8F},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

Error - 06.09.2012 03:40:01 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={7B3D7DA3-65A4-4947-B548-99483C439C8F},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

Error - 06.09.2012 03:40:01 | Computer Name = MCS-FRANK | Source = Userenv | ID = 1104

Description = Die Filterüberprüfung für das Gruppenrichtlinienobjekt CN={B4BD95A7-23E7-4227-A9E2-F038E8BF4A62},CN=POLICIES,CN=SYSTEM,DC=M-CITY,DC=LOCAL

 kann nicht durchgeführt werden. Der zugehörige Filter wurde nicht gefunden. Das

 Gruppenrichtlinienobjekt wird übersprungen.

 

[ System Events ]

Error - 03.09.2012 11:51:23 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%31

 

Error - 03.09.2012 11:51:23 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%31

 

Error - 03.09.2012 11:57:09 | Computer Name = MCS-FRANK | Source = System Error | ID = 1003

Description = Fehlercode 000000fe, 1. Parameter 00000001, 2. Parameter 00000000,

 3. Parameter 00000000, 4. Parameter 00000000.

 

Error - 03.09.2012 12:07:48 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7001

Description = Der Dienst "Netzwerk-DDE-Dienst" ist vom Dienst "Netzwerk-DDE-Serverdienst"

 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1058

 

Error - 03.09.2012 12:07:48 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "TeamViewer 3" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%5

 

Error - 03.09.2012 12:08:57 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "bdfsfltr" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%31

 

Error - 03.09.2012 12:08:59 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%31

 

Error - 03.09.2012 12:08:59 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%31

 

Error - 03.09.2012 12:08:59 | Computer Name = MCS-FRANK | Source = Service Control Manager | ID = 7000

Description = Der Dienst "bdfm" wurde aufgrund folgenden Fehlers nicht gestartet:

   %%31

 

Error - 03.09.2012 12:16:22 | Computer Name = MCS-FRANK | Source = System Error | ID = 1003

Description = Fehlercode 000000fe, 1. Parameter 00000001, 2. Parameter 00000000,

 3. Parameter 00000000, 4. Parameter 00000000.

 

 

< End of report >

--- --- ---

OTL Logfile:

Code:

OTL logfile created on: 06.09.2012 10:05:54 - Run 5

OTL by OldTimer - Version 3.2.59.1     Folder = \\MCS-SRV\RedirectedFolders\frank\Desktop

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3,25 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 48,30% Memory free

6,33 Gb Paging File | 4,67 Gb Available in Paging File | 73,76% Paging File free

Paging file location(s): C:\pagefile.sys 0 0 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme

Drive C: | 54,99 Gb Total Space | 13,15 Gb Free Space | 23,91% Space Free | Partition Type: NTFS

Drive D: | 19,53 Gb Total Space | 2,93 Gb Free Space | 15,01% Space Free | Partition Type: NTFS

Drive E: | 294,95 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS

Drive I: | 930,39 Gb Total Space | 814,85 Gb Free Space | 87,58% Space Free | Partition Type: NTFS

Drive Q: | 5496,93 Gb Total Space | 2374,24 Gb Free Space | 43,19% Space Free | Partition Type: NTFS

Drive R: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS

Drive S: | 458,10 Gb Total Space | 53,77 Gb Free Space | 11,74% Space Free | Partition Type: NTFS

Drive U: | 232,83 Gb Total Space | 39,87 Gb Free Space | 17,12% Space Free | Partition Type: NTFS

 

Computer Name: MCS-FRANK | User Name: frank | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)

PRC - \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe (OldTimer Tools)

PRC - C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)

PRC - C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

PRC - C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)

PRC - C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()

PRC - C:\Programme\BitDefender\BitDefender 2008\bdagent.exe (BitDefender)

PRC - C:\Programme\BitDefender\BitDefender 2008\vsserv.exe (BitDefender)

PRC - C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

PRC - C:\Programme\UltraVNC\winvnc.exe (UltraVNC)

PRC - C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

PRC - C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)

PRC - C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Management Agent\bdemagent.exe (BitDefender)

PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUI.exe (DisplayLink Corp.)

PRC - C:\Programme\DisplayLink Core Software\DisplayLinkUserAgent.exe (DisplayLink Corp.)

PRC - C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)

PRC - C:\WINDOWS\system32\LxrJD31s.exe ()

PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

PRC - C:\WINDOWS\system32\U2VSvr.exe ()

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

PRC - C:\Programme\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)

PRC - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)

PRC - C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)

PRC - C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)

PRC - C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)

PRC - C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\fppdis2a.exe (FinePrint Software, LLC)

PRC - C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)

PRC - C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

PRC - C:\WINDOWS\Gtwatch.exe ()

 

 
 ========== Modules (No Company Name) ==========

 

MOD - C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()

MOD - \\?\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\av32bit_ent_25915\avxdisk.dll ()

MOD - C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()

MOD - C:\Programme\BitDefender\BitDefender 2008\bdfltlib.dll ()

MOD - c:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\smartscn.dll ()

MOD - \\?\C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\trufos.dll ()

MOD - C:\WINDOWS\system32\LxrJD31s.exe ()

MOD - C:\WINDOWS\system32\U2VSvr.exe ()

MOD - C:\Programme\WinRAR\RarExt.dll ()

MOD - C:\Programme\BitDefender\BitDefender 2008\libexpatw.dll ()

MOD - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpzpi5in.DLL ()

MOD - C:\Programme\Gemeinsame Dateien\Acronis\Common\gc.dll ()

MOD - C:\Programme\Adobe\Acrobat 6.0\Distillr\AdistRes.DEU ()

MOD - C:\WINDOWS\Gtwatch.exe ()

 

 
 ========== Services (SafeList) ==========

 

SRV - (TeamViewer) -- \MCS-SRV\RedirectedFolders\frank\temp\TeamViewer3\TeamViewer_Host.exe File not found

SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)

SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)

SRV - (vsmon) -- C:\Programme\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)

SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)

SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)

SRV - (LIVESRV) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Update Service\livesrv.exe ()

SRV - (VSSERV) -- C:\Programme\BitDefender\BitDefender 2008\vsserv.exe (BitDefender)

SRV - (scan) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Threat Scanner\scan.dll (BitDefender)

SRV - (!SASCORE) -- C:\Programme\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)

SRV - (uvnc_service) -- C:\Programme\UltraVNC\winvnc.exe (UltraVNC)

SRV - (Apple Mobile Device) -- C:\Programme\Gemeinsame Dateien\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (BitDefender Management Agent) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Management Agent\bdemagent.exe (BitDefender)

SRV - (DisplayLinkService) -- C:\Programme\DisplayLink Core Software\DisplayLinkManager.exe (DisplayLink Corp.)

SRV - (LxrJD31s) -- C:\WINDOWS\System32\LxrJD31s.exe ()

SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\RpcAgentSrv.exe (SiSoftware)

SRV - (TuneUp.Defrag) -- C:\WINDOWS\system32\TuneUpDefragService.exe (TuneUp Software GmbH)

SRV - (U2VSvr) -- C:\WINDOWS\system32\U2VSvr.exe ()

SRV - (UxTuneUp) -- C:\WINDOWS\system32\uxtuneup.dll (TuneUp Software GmbH)

SRV - (NasPmService) -- C:\Programme\BUFFALO\NASNAVI\nassvc.exe (BUFFALO INC.)

SRV - (XCOMM) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Communicator\xcommsvr.exe (BitDefender)

SRV - (FolderSize) -- C:\Programme\FolderSize\FolderSizeSvc.exe (Brio)

SRV - (AcrSch2Svc) -- C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedul2.exe (Acronis)

SRV - (IDriverT) -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)

SRV - (WmcCds) -- c:\Programme\Windows Media Connect\mswmccds.exe (Microsoft Corporation)

SRV - (WmcCdsLs) -- C:\Programme\Windows Media Connect\mswmcls.exe (Microsoft Corporation)

SRV - (ose) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)

SRV - (MDM) -- C:\Programme\Gemeinsame Dateien\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - (WDICA) --  File not found

DRV - (PDRFRAME) --  File not found

DRV - (PDRELI) --  File not found

DRV - (PDFRAME) --  File not found

DRV - (PDCOMP) --  File not found

DRV - (PCIDump) --  File not found

DRV - (PAC7302) -- system32\DRIVERS\PAC7302.SYS File not found

DRV - (lbrtfdc) --  File not found

DRV - (L6PODLV) -- System32\Drivers\L6PODLV.sys File not found

DRV - (IIUSBISP) -- System32\Drivers\iiusbisp.sys File not found

DRV - (i2omgmt) --  File not found

DRV - (FTD2XX) -- System32\Drivers\FTD2XX.sys File not found

DRV - (EVOLUSB) -- system32\drivers\evolusb.sys File not found

DRV - (Changer) --  File not found

DRV - (bdfsfltr) -- Reg Error: Invalid data type. File not found

DRV - (MBAMSwissArmy) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)

DRV - (CardReaderFilter) -- C:\WINDOWS\system32\drivers\USBCRFT.SYS (ICSI Technology Ltd.)

DRV - (Vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Check Point Software Technologies LTD)

DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)

DRV - (MBAMProtector) -- C:\WINDOWS\system32\drivers\mbam.sys (Malwarebytes Corporation)

DRV - (KLIF) -- C:\WINDOWS\system32\drivers\klif.sys (Kaspersky Lab)

DRV - (KL1) -- C:\WINDOWS\system32\drivers\kl1.sys (Kaspersky Lab ZAO)

DRV - (kl2) -- C:\WINDOWS\system32\drivers\kl2.sys (Kaspersky Lab ZAO)

DRV - (bdfm) -- C:\WINDOWS\system32\drivers\bdfm.sys (BitDefender S.R.L. Bucharest, ROMANIA)

DRV - (Bdfndisf) -- C:\WINDOWS\system32\drivers\bdfndisf.sys (BitDefender SRL)

DRV - (BDSelfPr) -- C:\Programme\BitDefender\BitDefender 2008\bdselfpr.sys (BitDefender LLC)

DRV - (bdftdif) -- C:\Programme\Gemeinsame Dateien\BitDefender\BitDefender Firewall\bdftdif.sys (BitDefender LLC)

DRV - (trufos) -- C:\WINDOWS\system32\drivers\trufos.sys (BitDefender S.R.L.)

DRV - (SASDIFSV) -- C:\Programme\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (SASKUTIL) -- C:\Programme\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)

DRV - (mv2) -- C:\WINDOWS\system32\drivers\mv2.sys (UVNC BVBA)

DRV - (FNETTBOH_305) -- C:\WINDOWS\system32\drivers\FNETTBOH_305.SYS (FNet Co., Ltd.)

DRV - (FNETURPX) -- C:\WINDOWS\system32\drivers\FNETURPX.SYS (FNet Co., Ltd.)

DRV - (AsrAppCharger) -- C:\WINDOWS\system32\drivers\AsrAppCharger.sys (Windows (R) Win 7 DDK provider)

DRV - (DisplayLinkGA) -- C:\WINDOWS\system32\drivers\DisplayLinkGAport.sys (DisplayLink Corp.)

DRV - (DisplayLinkmirror) -- C:\WINDOWS\system32\drivers\DisplayLinkmirrorport.sys (DisplayLink Corp.)

DRV - (DisplayLinkFilter) -- C:\WINDOWS\system32\drivers\DisplayLinkFilter.sys (DisplayLink Corp.)

DRV - (DisplayLinkUsbPort) -- C:\WINDOWS\system32\drivers\DisplayLinkUsbPort_5.2.24075.0.sys (hxxp://libusb-win32.sourceforge.net)

DRV - (LxrJD31d) -- C:\WINDOWS\system32\drivers\LxrJD31d.sys ()

DRV - (VIAHdAudAddService) -- C:\WINDOWS\system32\drivers\viahduaa.sys (VIA Technologies, Inc.)

DRV - (AMBFilt) -- C:\WINDOWS\system32\drivers\Ambfilt.sys (Creative)

DRV - (PalmUSBD) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)

DRV - (T1PMrGrp) -- C:\WINDOWS\system32\drivers\T1PMrGrp.sys (Magic Control Technology Corp.)

DRV - (T1PExGrp) -- C:\WINDOWS\system32\drivers\T1PExGrp.sys (Magic Control Technology Corp.)

DRV - (t1pusb) -- C:\WINDOWS\system32\drivers\t1pusb.sys (Magic Control Technology Corp.)

DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)

DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2009.SP3c\WNt500x86\sandra.sys (SiSoftware)

DRV - (MonFilt) -- C:\WINDOWS\system32\drivers\Monfilt.sys (Creative Technology Ltd.)

DRV - (nvgts) -- C:\WINDOWS\system32\drivers\nvgts.sys (NVIDIA Corporation)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (nvnetbus) -- C:\WINDOWS\system32\drivers\nvnetbus.sys (NVIDIA Corporation)

DRV - (NVENETFD) -- C:\WINDOWS\system32\drivers\NVENETFD.sys (NVIDIA Corporation)

DRV - (UFBFilte) -- C:\WINDOWS\system32\drivers\UFBFilte.sys (www.winchiphead.com)

DRV - (timounter) -- C:\WINDOWS\system32\drivers\timntr.sys (Acronis)

DRV - (tifsfilter) -- C:\WINDOWS\system32\drivers\tifsfilt.sys (Acronis)

DRV - (snapman) -- C:\WINDOWS\system32\drivers\snapman.sys (Acronis)

DRV - (YMIDUSB) -- C:\WINDOWS\system32\drivers\ymidusb.sys (YAMAHA Corporation)

DRV - (RDID1009) -- C:\WINDOWS\system32\drivers\Rdwm1009.sys (Roland Corporation)

DRV - (L6SeaMonkDev) -- C:\WINDOWS\system32\drivers\L6SM.sys (Line 6)

DRV - (DgiVecp) -- C:\WINDOWS\system32\drivers\DGIVECP.SYS (DeviceGuys, Inc.)

DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation)

DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation)

DRV - (SISAGP) -- C:\WINDOWS\system32\drivers\SISAGPX.SYS (Silicon Integrated Systems Corporation)

DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation)

DRV - (GT681x) -- C:\WINDOWS\system32\drivers\gt681x.sys (   )

DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

DRV - (irsir) -- C:\WINDOWS\system32\drivers\irsir.sys (Microsoft Corporation)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de

 

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de

 

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://10.0.0.109/cgi-bin/enter.cgi

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes,DefaultScope = {40A86AD6-695B-44A7-8741-4192D52B2491}

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{080FBDF6-B230-4e4d-A4E7-7C7A56D7BABC}: "URL" = hxxp://searchservice.myspace.com/index.cfm?fuseaction=sitesearch.results&qry={searchTerms}&type=Web&orig=IMC-IE

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\SearchScopes\{40A86AD6-695B-44A7-8741-4192D52B2491}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLG_de

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-500\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.de

IE - HKU\S-1-5-21-1221609082-219370195-1423778804-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de

 

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://10.0.10.109/cgi-bin/enter.cgi

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 84 64 59 0D 27 EB CC 01  [binary data]

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=110819&tt=290412_4_ctrl&babsrc=SP_ss&mntrId=d4479e0900000000000000252276520a

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 
 ========== FireFox ==========

 

FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20

FF - prefs.js..extensions.enabledItems: netviewero2o@netviewero2o:1.0

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: fdm_ffext@freedownloadmanager.org:1.3.4

FF - prefs.js..extensions.enabledItems: adonis.cuhk@gmail.com:1.8

FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2

FF - prefs.js..extensions.enabledItems: coralietab@mozdev.org:2.04.20110724

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26

FF - prefs.js..extensions.enabledItems: {D46E8522-6E86-44b1-A622-58C0668AD78E}:3.6.0

 

 

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\npFFApi.dll ()

FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_34: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@palmsource.com/installer,version=1.0: C:\PROGRA~1\palmOne\PACKAG~1\NPInstal.dll ()

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\netviewero2o@netviewero2o: C:\Programme\Netviewer\one2one\Plugin\FF plugin\ffone2one [2008.01.29 13:23:47 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Programme\CheckPoint\ZAForceField\TrustChecker [2012.08.20 12:01:23 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Programme\Mozilla Firefox\components [2012.08.30 11:40:56 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2012.08.22 11:11:49 | 000,000,000 | ---D | M]

 

[2010.11.22 19:14:01 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Extensions

[2012.09.06 10:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions

[2011.01.28 18:26:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2011.02.23 14:25:35 | 000,000,000 | ---D | M] (PDF Download) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}

[2011.10.07 09:13:25 | 000,000,000 | ---D | M] (Google Docs Viewer) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\adonis.cuhk@gmail.com

[2011.08.20 15:37:51 | 000,000,000 | ---D | M] (IE Tab +) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\coralietab@mozdev.org

[2012.09.06 10:04:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Mozilla\Firefox\Profiles\y7z9vvyh.default\extensions\staged

[2012.08.22 11:11:52 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions

[2012.08.22 11:11:52 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA}

[2012.09.06 10:04:43 | 000,159,657 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRANK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y7Z9VVYH.DEFAULT\EXTENSIONS\NOTREAL.CCOPTIONS@ENVIRONMENTALCHEMISTRY.COM.XPI

[2012.07.11 08:25:40 | 000,163,080 | ---- | M] () (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\FRANK\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\Y7Z9VVYH.DEFAULT\EXTENSIONS\STATUS4EVAR@CALIGONSTUDIOS.COM.XPI

[2012.08.30 11:40:55 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Programme\mozilla firefox\components\browsercomps.dll

[2008.06.21 11:37:07 | 000,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Programme\mozilla firefox\plugins\npmusicn.dll

[2009.04.29 14:13:48 | 010,437,264 | ---- | M] (PDFTron Systems Inc.) -- C:\Programme\mozilla firefox\plugins\PDFNetC.dll

[2009.08.09 01:30:36 | 000,107,760 | ---- | M] () -- C:\Programme\mozilla firefox\plugins\ScorchPDFWrapper.dll

[2012.01.02 14:59:23 | 000,001,392 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.05.09 12:15:18 | 000,002,356 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\babylon.xml

[2012.08.30 11:40:21 | 000,002,465 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\bing.xml

[2008.04.07 13:30:00 | 000,000,917 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\conduit.xml

[2012.01.02 14:59:23 | 000,001,153 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\eBay-de.xml

[2012.01.02 14:59:23 | 000,006,805 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.01.02 14:59:23 | 000,001,178 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.01.02 14:59:23 | 000,001,105 | ---- | M] () -- C:\Programme\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2011.08.30 15:57:40 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Programme\Free Download Manager\iefdm2.dll ()

O3 - HKLM\..\Toolbar: (BitDefender Toolbar) - {381FFDE8-2394-4f90-B10D-FC6124A40F8C} - C:\Programme\BitDefender\BitDefender 2008\ietoolbar.dll (BitDefender)

O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.

O3 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.

O3 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()

O3 - HKU\S-1-5-21-18413201-578950046-47629304-1154\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)

O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Programme\Gemeinsame Dateien\Acronis\Schedule2\schedhlp.exe (Acronis)

O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Programme\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)

O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)

O4 - HKLM..\Run: [BDAgent] C:\Programme\BitDefender\BitDefender 2008\bdagent.exe (BitDefender)

O4 - HKLM..\Run: [BitDefender Antiphishing Helper] C:\Programme\BitDefender\BitDefender 2008\IEShow.exe (BitDefender)

O4 - HKLM..\Run: [Cmaudio] C:\WINDOWS\CMICNFG.CPL (C-Media Corporation)

O4 - HKLM..\Run: [Dit] C:\WINDOWS\Dit.exe (ICSI Technology Ltd.)

O4 - HKLM..\Run: [FinePrint Dispatcher v5] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fpdisp5a.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [Gtwatch] C:\WINDOWS\Gtwatch.exe ()

O4 - HKLM..\Run: [ISW] C:\Programme\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)

O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found

O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)

O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()

O4 - HKLM..\Run: [pdfFactory Pro Dispatcher v2] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\fppdis2a.exe (FinePrint Software, LLC)

O4 - HKLM..\Run: [SiS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation)

O4 - HKLM..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe (Silicon Integrated Systems Corp.)

O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Programme\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)

O4 - HKLM..\Run: [XFastUsb] C:\Programme\XFastUsb\XFastUsb.exe (FNet Co., Ltd.)

O4 - HKLM..\Run: [ZoneAlarm] C:\Programme\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)

O4 - HKU\.DEFAULT..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()

O4 - HKU\S-1-5-18..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()

O4 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016..\Run: [Spamihilator] "C:\Programme\Spamihilator\spamihilator.exe" File not found

O4 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - HKU\S-1-5-21-1221609082-219370195-1423778804-500..\Run: [MySpaceIM] C:\Programme\MySpace\IM\MySpaceIM.exe ()

O4 - HKU\S-1-5-21-18413201-578950046-47629304-1154..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)

O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)

O4 - Startup: C:\Dokumente und Einstellungen\Verkauf\Startmenü\Programme\Autostart\AOM.lnk = C:\Programme\Gemeinsame Dateien\Adobe\Web\AOM.exe (Adobe Systems, Incorporated)

O4 - Startup: C:\Dokumente und Einstellungen\Verkauf\Startmenü\Programme\Autostart\Spamihilator.lnk =  File not found

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-1016\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-1221609082-219370195-1423778804-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisablePersonalDirChange = 1

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-21-18413201-578950046-47629304-1154\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Programme\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {26CBF141-7D0F-46E1-AA06-718958B6E4D2} hxxp://download.ebay.com/turbo_lister/DE/install.cab (Reg Error: Key error.)

O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} hxxp://office.microsoft.com/officeupdate/content/opuc2.cab (Office Update Installation Engine)

O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1232184983201 (WUWebControl Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1314978076284 (MUWebControl Class)

O16 - DPF: {73ECB3AA-4717-450C-A2AB-D00DAD9EE203} hxxp://h20270.www2.hp.com/ediags/gmn2/install/HPProductDetection.cab (GMNRev Class)

O16 - DPF: {745395C8-D0E1-4227-8586-624CA9A10A8D} hxxp://10.0.0.30/activex/AMC.cab (AxisMediaControl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {917623D1-D8E5-11D2-BE8B-00104B06BDE3} hxxp://10.0.0.32/activex/AxisCamControl.cab (CamImage Class)

O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} hxxp://www.sibelius.com/download/software/win/ActiveXPlugin.cab (ScorchPlugin Class)

O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine)

O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)

O16 - DPF: {CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_34-windows-i586.cab (Java Plug-in 1.6.0_34)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = m-city.local

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9CEF42BD-6369-4C6C-8189-0676CD17DC30}: NameServer = 10.0.10.2,10.0.10.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C32898C0-BD7E-4574-8C64-85DBD7AFADD4}: NameServer = 10.0.10.2,10.0.10.1,10.0.0.2

O18 - Protocol\Handler\HPDCS {ba135f49-a12c-4e26-a2c4-6ea945999072} - C:\Programme\Gemeinsame Dateien\Hewlett-Packard\HP Device Communication Services\APP\hpdcsapp.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\hppfile {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\hppsam {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\hppzip {C4E2084B-ED27-4893-A43D-488CA3F370E2} - C:\Programme\Hewlett-Packard\HP Easy Printer Care\HPPCtrls.dll (Hewlett-Packard Company)

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)

O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Gemeinsame Dateien\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Programme\SUPERAntiSpyware\SASWINLO.DLL) - C:\Programme\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)

O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home

O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Grüne Idylle.bmp

O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Programme\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [1999.06.07 17:59:54 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2012.08.31 13:12:20 | 000,000,000 | ---D | C] -- C:\Programme\DiffDaff

[2012.08.31 13:12:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\DiffDaff

[2012.08.30 18:49:57 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.08.30 18:02:34 | 000,000,000 | ---D | C] -- C:\Config.Msi

[2012.08.29 10:48:35 | 000,598,528 | ---- | C] (OldTimer Tools) -- \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe

[2012.08.29 10:13:39 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Vim 7.3

[2012.08.29 10:12:43 | 000,000,000 | ---D | C] -- C:\Programme\Vim

[2012.08.22 11:11:49 | 000,477,168 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll

[2012.08.22 11:11:47 | 000,157,680 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2012.08.22 11:11:47 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2012.08.22 11:11:47 | 000,149,488 | ---- | C] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2012.08.20 12:02:04 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Check Point

[2012.08.20 12:01:51 | 000,000,000 | ---D | C] -- \\MCS-SRV\RedirectedFolders\frank\My Documents\ForceField Shared Files

[2012.08.20 12:01:48 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\CheckPoint

[2012.08.20 11:58:43 | 000,000,000 | ---D | C] -- C:\Programme\CheckPoint

[2012.08.20 11:58:38 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint

[2012.08.18 14:15:29 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Spybot - Search & Destroy

[2012.08.14 23:26:16 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\browser.dll

[2012.08.14 16:55:11 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Viewer

[2012.08.14 16:55:07 | 000,000,000 | ---D | C] -- C:\Programme\SheetMusicNow

[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2012.09.06 10:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\tasks\1-Klick-Wartung.job

[2012.09.06 09:36:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job

[2012.09.05 19:41:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\tasks\sicher.job

[2012.09.05 10:36:14 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2012.09.03 18:48:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2012.09.03 18:12:22 | 000,212,641 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2012.09.03 18:11:24 | 000,017,408 | ---- | M] (ICSI Technology Ltd.) -- C:\WINDOWS\System32\drivers\USBCRFT.SYS

[2012.09.03 18:09:16 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2012.09.03 18:06:53 | 000,000,188 | ---- | M] () -- C:\WINDOWS\478905b7-cf84-42d3-b378-7896691e777c.xml

[2012.09.03 18:06:13 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2012.09.03 08:01:24 | 001,005,520 | ---- | M] () -- C:\thomann.mbw

[2012.09.03 04:01:24 | 000,171,769 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\musikcity018412-04009TELEX BL.jpg

[2012.09.03 04:01:24 | 000,124,831 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\musikcity018412-04009PI.CI.PDF

[2012.08.31 13:23:47 | 000,013,323 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\~diffdafftop.htm

[2012.08.31 13:23:47 | 000,001,479 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\DiffDaff.htm

[2012.08.31 13:23:47 | 000,001,135 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\~diffdaff2.htm

[2012.08.31 13:23:47 | 000,001,135 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\~diffdaff1.htm

[2012.08.30 11:48:31 | 000,696,520 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe

[2012.08.30 11:48:31 | 000,073,416 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl

[2012.08.30 11:29:34 | 000,001,368 | RHS- | M] () -- C:\Dokumente und Einstellungen\Frank\ntuser.pol

[2012.08.30 11:29:28 | 000,008,964 | RHS- | M] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol

[2012.08.29 10:49:01 | 000,598,528 | ---- | M] (OldTimer Tools) -- \\MCS-SRV\RedirectedFolders\frank\Desktop\OTL.exe

[2012.08.28 12:07:15 | 000,102,400 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\bläsersuchedb1.mdb

[2012.08.27 19:37:18 | 145,559,552 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\kundendatenbank2012.mdb

[2012.08.24 09:09:37 | 000,000,121 | ---- | M] () -- C:\WINDOWS\bdagent.INI

[2012.08.22 11:11:11 | 000,477,168 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\npdeployJava1.dll

[2012.08.22 11:11:11 | 000,473,072 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deployJava1.dll

[2012.08.22 11:11:11 | 000,157,680 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe

[2012.08.22 11:11:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe

[2012.08.22 11:11:11 | 000,149,488 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe

[2012.08.22 11:11:11 | 000,073,728 | ---- | M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl

[2012.08.20 12:25:15 | 000,415,877 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml

[2012.08.20 12:02:05 | 000,000,519 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoneAlarm Security.lnk

[2012.08.19 16:12:29 | 000,000,249 | ---- | M] () -- C:\WINDOWS\Wininit.ini

[2012.08.18 14:15:33 | 000,000,830 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Spybot - Search & Destroy.lnk

[2012.08.18 08:42:29 | 000,417,485 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\voxg1Foto 1.JPG

[2012.08.15 15:54:52 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini

[2012.08.15 03:15:29 | 000,368,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2012.08.15 03:10:25 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2012.08.14 16:55:12 | 000,000,793 | ---- | M] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Sheet Music Now Viewer.lnk

[2012.08.12 22:18:46 | 000,000,797 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2012.09.03 08:01:24 | 001,005,520 | ---- | C] () -- C:\thomann.mbw

[2012.09.03 04:01:24 | 000,171,769 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\musikcity018412-04009TELEX BL.jpg

[2012.09.03 04:01:24 | 000,124,831 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\musikcity018412-04009PI.CI.PDF

[2012.08.31 13:13:46 | 000,013,323 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\~diffdafftop.htm

[2012.08.31 13:13:46 | 000,001,479 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\DiffDaff.htm

[2012.08.31 13:13:46 | 000,001,135 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\~diffdaff2.htm

[2012.08.31 13:13:46 | 000,001,135 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\~diffdaff1.htm

[2012.08.28 11:28:45 | 000,102,400 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\bläsersuchedb1.mdb

[2012.08.20 12:09:58 | 000,415,877 | ---- | C] () -- C:\WINDOWS\System32\vsconfig.xml

[2012.08.20 12:02:05 | 000,000,519 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\ZoneAlarm Security.lnk

[2012.08.18 14:15:33 | 000,000,830 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Spybot - Search & Destroy.lnk

[2012.08.18 08:42:29 | 000,417,485 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\My Documents\voxg1Foto 1.JPG

[2012.08.14 16:55:12 | 000,000,793 | ---- | C] () -- \\MCS-SRV\RedirectedFolders\frank\Desktop\Sheet Music Now Viewer.lnk

[2012.08.12 22:18:46 | 000,000,797 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Malwarebytes Anti-Malware.lnk

[2012.02.14 23:16:16 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll

[2011.04.14 11:55:25 | 000,023,590 | ---- | C] () -- C:\WINDOWS\RenewUSB.dat

[2011.02.23 18:19:22 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe

[2011.02.23 18:19:20 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2011.02.23 18:19:20 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2011.02.23 18:19:17 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2011.02.23 18:19:15 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2011.02.23 18:19:15 | 001,346,080 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe

[2011.02.23 18:19:11 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

[2011.02.23 18:19:03 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe

[2011.02.23 18:12:55 | 000,003,948 | R--- | C] () -- C:\WINDOWS\System32\drivers\nvphy.bin

[2011.02.23 18:04:14 | 000,006,221 | ---- | C] () -- C:\WINDOWS\System32\antispam.ini

[2011.01.27 22:01:34 | 000,000,484 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft.SqlServer.Compact.351.32.bc

[2011.01.19 16:34:51 | 000,000,138 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat

[2010.12.15 04:16:07 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI

[2010.11.22 17:08:59 | 000,009,728 | ---- | C] () -- C:\Dokumente und Einstellungen\Frank\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010.11.22 11:39:44 | 000,001,368 | RHS- | C] () -- C:\Dokumente und Einstellungen\Frank\ntuser.pol

[2010.11.22 11:27:49 | 000,008,964 | RHS- | C] () -- C:\Dokumente und Einstellungen\All Users\ntuser.pol

[2009.07.02 17:35:32 | 010,440,704 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda

[2007.04.11 18:32:41 | 000,001,743 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache

[2006.02.08 10:21:14 | 000,000,305 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\addr_file.html

 
 ========== LOP Check ==========

 

[2006.12.28 15:25:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Acronis

[2011.08.26 09:29:11 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\BitDefender

[2012.08.20 11:58:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CheckPoint

[2011.07.19 15:00:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Deutsche Post AG

[2007.11.30 20:35:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eBay

[2006.11.04 16:34:14 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\element5

[2011.03.17 18:37:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FNET

[2010.11.26 13:30:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\FreeDownloadManager.ORG

[2009.05.25 18:03:47 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\HotSync

[2008.06.21 11:37:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Musicnotes

[2009.11.25 14:19:00 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Printer's Apprentice

[2008.02.01 19:15:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Solero

[2012.07.08 20:11:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Tarma Installer

[2009.04.11 14:16:38 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TuneUp Software

[2011.02.25 15:26:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2010.03.16 19:46:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\{755AC846-7372-4AC8-8550-C52491DAA8BD}

[2010.12.13 16:22:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Default User\Anwendungsdaten\BitDefender

[2011.05.27 15:52:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Avery

[2010.12.13 16:27:20 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Bitdefender

[2012.08.20 12:01:48 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\CheckPoint

[2012.04.03 20:42:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\ElevatedDiagnostics

[2012.05.24 21:07:01 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Free Download Manager

[2011.02.11 20:53:34 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\GetRightToGo

[2011.06.20 12:17:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Gutscheinmieze

[2010.11.22 11:41:17 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\HotSync

[2011.07.06 15:12:56 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Nvu

[2011.01.12 00:53:59 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Opera

[2012.02.11 13:58:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\SmartStore

[2012.05.09 17:15:52 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\SolidDocuments

[2011.04.14 16:05:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\TeamViewer

[2011.02.03 18:03:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\TuneUp Software

[2012.04.10 15:28:07 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\UDC Profiles

[2010.11.22 11:39:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Frank\Anwendungsdaten\Windows Small Business Server

[2010.11.22 11:33:25 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\netadmin\Anwendungsdaten\HotSync

[2010.11.22 11:31:46 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\netadmin\Anwendungsdaten\Windows Small Business Server

[2007.11.06 16:51:45 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\AD ON Multimedia

[2010.01.25 20:13:15 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Crystal Player

[2009.05.04 15:56:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\gtk-2.0

[2009.05.25 17:01:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\HotSync

[2009.05.25 18:29:51 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Leadertech

[2005.12.06 12:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Line 6

[2010.09.28 16:50:22 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Netviewer

[2009.01.17 12:12:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\OfficeUpdate12

[2009.11.25 14:08:43 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Printer's Apprentice

[2007.04.03 17:55:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\SmartStore

[2010.11.20 17:31:49 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\SolidDocuments

[2010.11.22 11:07:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\Spamihilator

[2008.08.14 14:59:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\TeamViewer

[2006.10.23 21:38:57 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\TuneUp Software

[2010.10.08 12:20:32 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Verkauf\Anwendungsdaten\UDC Profiles

[2010.11.22 11:43:21 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\verkauf.M-CITY\Anwendungsdaten\HotSync

[2010.11.22 11:42:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\verkauf.M-CITY\Anwendungsdaten\Windows Small Business Server

[2012.09.06 10:00:00 | 000,000,496 | ---- | M] () -- C:\WINDOWS\Tasks\1-Klick-Wartung.job

[2012.09.05 19:41:00 | 000,000,194 | ---- | M] () -- C:\WINDOWS\Tasks\sicher.job

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

Du sollst den Fix ausfuehren: http://www.trojaner-board.de/122486-...tml#post902863

Warum startest du OTL uber einen Netzwerkpfad?

Zitat:

\\MCS-SRV\RedirectedFolders\frank\Desktop

Solltest du dich wiederholt nicht an die Anleitung halten breche ich das hier ab.

Hallo T´john.. jetzt blick ich das Problem .. sorry ...

aber der komplette Rechner ist mit eigene Dateien (und auch Desktop) auf dem Server ... wenn ich was auf den Desktop lege ist es im Redirect ...

Ich habe auf meinem PC keinen "eigenen Desktop" mehr .. hatten wir mal wegen der Sicherung so angelegt ... ob das clever war ist ne andere Frage ..

Geht es dann garnicht?

Sorry nochmal
gruß frank

OTL braucht Datenzugriff um zu funktionieren.

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.