dieses programm kann die webseite nicht anzeigen

belluardo · 06.10.2012, 09:02

OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 06.10.2012 09:48:36 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
3,43 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 87,21% Memory free
5,27 Gb Paging File | 5,04 Gb Available in Paging File | 95,61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148,99 Gb Total Space | 87,04 Gb Free Space | 58,42% Space Free | Partition Type: NTFS
Drive E: | 3,87 Gb Total Space | 3,64 Gb Free Space | 93,96% Space Free | Partition Type: FAT32
 
Computer Name: xxx | User Name: xxx | NOT logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe ()
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 ()
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 ()
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 1
"FirewallOverride" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader
"{06E76C3D-0ADD-4B6A-B59D-BDC0E1EB33C1}" = Saratoga CRM Remote
"{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}" = Lotus Notes 8.5.2
"{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data
"{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3
"{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools
"{211b845d-a957-480f-bd93-4b65be37e696}" = Software Management Solution Agent
"{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21
"{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool
"{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.11.01.02
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7
"{3265DDD6-A7CC-4847-A5C8-2EFA70578ED3}" = Altiris Inventory Agent
"{32664D01-7FDF-46C9-A539-D58C3DE032B6}" = Installer Service
"{34ED8BC7-2166-4E35-8EF7-4301DC811722}" = Saratoga CRM Lotus Addin
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36B2BE5D-3B00-4FB3-BCD5-1984C11E8FE6}" = Saratoga CRM Remote
"{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{41846936-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{41846937-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{41846938-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{4184693D-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{4184693F-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{41846940-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{41846947-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{41846948-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{4184694A-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{41846958-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{4184695E-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{4184696B-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{4184696E-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{41846970-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{41846976-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{41846979-6A9E-488B-9E37-21F7D814ECFA}" = mpmri
"{43507E5B-94A0-4E56-9C7B-FAAAFBDB5904}" = Logiciel Intel(R) PROSet/Wireless WiFi
"{54DAAD16-A57A-4524-9C4F-391500945D14}" = Adobe Flash Player 10 ActiveX
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02
"{5A26B7C0-55B1-4DA8-A693-E51380497A5E}" = Dell ControlVault Host Components Installer
"{5F23A1DC-58CB-4AB9-84E8-9A569438D916}" = ControlVault Diagnostics
"{608A014D-E253-43D8-A300-00A739BA802E}" = Juniper Installer Service
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5
"{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Analyseur et SDK MSXML 4.0 SP2
"{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio
"{765B5216-5FCC-48C2-AD8C-FB414B590176}" = AuthenTec Fingerprint Sensor
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{901E0405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Czech User Interface Pack
"{901E0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP German User Interface Pack
"{901E040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP French User Interface Pack
"{901E0410-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Italian User Interface Pack
"{901E0412-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Korean User Interface Pack
"{901E0413-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Dutch User Interface Pack
"{901E0415-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Polish User Interface Pack
"{901E041F-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Turkish User Interface Pack
"{901E0804-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Chinese (Simplified) User Interface Pack
"{901E0C0A-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Spanish User Interface Pack
"{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{AB6FFA58-F491-11D3-8951-000000032895}" = iPassConnect Staubli
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9
"{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9
"{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework
"{B332732A-4958-41DD-B439-DDA2D32753C5}" = McAfee Host Intrusion Prevention
"{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DE91C193-2611-4BD3-A9F9-DF589C572565}" = McAfee Agent
"{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine
"{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio
"{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3
"{F01EA00D-680F-4AD3-89FE-D1CB42AE8480}" = Saratoga CRM Chart
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite
"{F6D4D4B8-C41D-4618-9977-F05F0A77D6ED}" = SaratogaLotusAddin
"{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack
"9512AA21B791B05A54E27065C45BBC417AB282DF" = Package de pilotes Windows - Dell Inc. PBADRV System  (09/11/2009 1.0.1.6)
"9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System  (01/07/2008 1.0.1.5)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Avenue Single User" = Avenue Single User
"ClientAccessExpress" = IBM iSeries Access for Windows
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem
"Dell Webcam Central" = Dell Webcam Central
"FileZilla Client" = FileZilla Client 3.1.2
"ie8" = Windows Internet Explorer 8
"IE8-MUI" = Windows Internet Explorer 8 Multilingual User Interface (MUI)
"InstallShield_{32664D01-7FDF-46C9-A539-D58C3DE032B6}" = Installer Service
"InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime
"Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0
"Juniper Network Connect 7.1.9" = Juniper Networks Network Connect 7.1.9
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"ProInst" = Intel PROSet Wireless
"PROSet" = Intel(R) Network Connections Drivers
"Saratoga CRM Remote" = Saratoga CRM Remote
"Siebel Uninstall Manager" = Siebel Uninstallation Manager
"ST6UNST #1" = Staubli
"ST6UNST #2" = Staubli (C:\SCRM_CONNECTORS\SPECIFIC\)
"ST6UNST #3" = Staubli (C:\SCRM_CONNECTORS\SPECIFIC\) #3
"ST6UNST #4" = Staubli (C:\SCRM_CONNECTORS\SPECIFIC\) #4
"ST6UNST #5" = Staubli (C:\SCRM_CONNECTORS\SPECIFIC\) #5
"ST6UNST #6" = Staubli (C:\SCRM_CONNECTORS\SPECIFIC\) #6
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"Neoteris_Host_Checker" = Juniper Networks Host Checker
 
========== Last 20 Event Log Errors ==========
 
Error: Unable to start EventLog service!
 
< End of report >

--- --- ---
OTL Logfile:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 06.10.2012 09:48:30 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = E:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy
 
3,43 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 87,21% Memory free
5,27 Gb Paging File | 5,04 Gb Available in Paging File | 95,61% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 148,99 Gb Total Space | 87,04 Gb Free Space | 58,42% Space Free | Partition Type: NTFS
Drive E: | 3,87 Gb Total Space | 3,64 Gb Free Space | 93,96% Space Free | Partition Type: FAT32
 
Computer Name: ACVL0015 | User Name: bbel | NOT logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.06 09:44:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe
PRC - [2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2007.06.02 22:41:36 | 000,617,472 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [On_Demand | Unknown] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT)
SRV - File not found [Disabled | Unknown] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER)
SRV - File not found [Disabled | Unknown] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - File not found [Auto | Unknown] -- C:\Altiris\AClient\AClient.exe -- (AClient)
SRV - [2012.05.05 03:16:38 | 000,671,368 | ---- | M] (Juniper Networks) [Auto | Unknown] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011.11.15 17:06:00 | 000,132,672 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2011.10.06 14:18:48 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011.10.06 14:15:46 | 000,166,024 | ---- | M] () [Auto | Unknown] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011.09.06 15:31:48 | 000,588,160 | ---- | M] (DameWare Development LLC) [Auto | Unknown] -- C:\WINDOWS\dwrcs\DWRCS.EXE -- (DWMRCS)
SRV - [2011.03.23 06:36:12 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Unknown] -- C:\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service)
SRV - [2011.03.23 06:35:40 | 000,062,856 | ---- | M] (IBM Corp) [Auto | Unknown] -- C:\lotus\notes\nslsvice.exe -- (Lotus Notes Single Logon)
SRV - [2011.03.23 06:35:22 | 003,417,480 | ---- | M] (IBM) [Auto | Unknown] -- C:\lotus\notes\nsd.exe -- (Lotus Notes Diagnostics)
SRV - [2011.01.12 08:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager)
SRV - [2010.09.17 04:53:55 | 000,619,816 | ---- | M] (Altiris, Inc.) [On_Demand | Unknown] -- C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe -- (AltirisAgentProvider)
SRV - [2010.09.17 04:37:25 | 001,351,976 | ---- | M] (Symantec Corporation) [Auto | Unknown] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient)
SRV - [2010.08.03 15:40:46 | 000,035,696 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe -- (hips)
SRV - [2010.07.09 00:44:32 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Unknown] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.07.09 00:44:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Unknown] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.06.15 12:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent)
SRV - [2010.03.24 00:09:28 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Unknown] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service)
SRV - [2010.03.24 00:09:28 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Unknown] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage)
SRV - [2010.01.10 12:01:26 | 000,060,928 | ---- | M] () [Auto | Unknown] -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService)
SRV - [2010.01.05 08:54:48 | 000,022,016 | ---- | M] (Siebel Systems, Inc.) [Disabled | Unknown] -- C:\sea800\BIN\siebqsvc.exe -- (Siebel QuickStart Service)
SRV - [2009.09.21 14:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Unknown] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng)
SRV - [2009.09.21 14:50:04 | 000,364,544 | ---- | M] (Intel(R) Corporation) [Auto | Unknown] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER)
SRV - [2009.09.21 14:44:48 | 000,954,368 | ---- | M] (Intel(R) Corporation) [Auto | Unknown] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor)
SRV - [2009.09.21 14:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Unknown] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc)
SRV - [2009.02.10 13:10:00 | 000,132,472 | ---- | M] (Symantec Corporation) [On_Demand | Unknown] -- c:\Temp\temp\RemStart.exe -- (REMSTART)
SRV - [2008.04.14 06:42:10 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
SRV - [2007.04.19 06:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Unknown] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent)
SRV - [2007.03.05 20:52:56 | 000,036,864 | ---- | M] (Juniper Networks) [Auto | Unknown] -- C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe -- (Neoteris Setup Service)
SRV - [2006.07.27 21:00:40 | 001,306,624 | ---- | M] (iPass, Inc.) [On_Demand | Unknown] -- C:\Program Files\iPass\iPassConnect Staubli\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2006.07.21 17:15:40 | 000,122,880 | ---- | M] (iPass, Inc.) [On_Demand | Unknown] -- C:\Program Files\iPass\iPassConnect Staubli\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2006.07.21 17:15:40 | 000,086,016 | ---- | M] (iPass, Inc.) [Auto | Unknown] -- C:\Program Files\iPass\iPassConnect Staubli\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2005.06.10 06:30:00 | 000,057,393 | ---- | M] (IBM Corporation) [On_Demand | Unknown] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd)
SRV - [2003.01.30 19:55:44 | 000,077,824 | ---- | M] (HP) [On_Demand | Unknown] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Unknown] --  -- (PDCOMP)
DRV - File not found [Kernel | System | Unknown] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand | Unknown] -- System32\Drivers\PCASp50.sys -- (PCASp50)
DRV - File not found [Kernel | System | Unknown] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk)
DRV - File not found [Kernel | System | Unknown] --  -- (lbrtfdc)
DRV - File not found [Kernel | System | Unknown] --  -- (i2omgmt)
DRV - File not found [Kernel | System | Unknown] --  -- (Changer)
DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ccidflt.sys -- (CCIDFILTER)
DRV - [2012.10.02 14:19:17 | 000,002,401 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AlKernel.sys -- (AlKernel)
DRV - [2012.05.05 02:50:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV - [2011.10.06 14:18:28 | 000,089,528 | ---- | M] (McAfee, Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011.10.06 14:18:02 | 000,087,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011.10.06 14:17:32 | 000,463,912 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011.10.06 14:16:58 | 000,059,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2011.10.06 14:16:48 | 000,180,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011.10.06 14:16:28 | 000,120,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010.08.03 15:44:24 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Unknown] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2010.08.03 15:40:26 | 000,035,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HIPQK.sys -- (HIPQK)
DRV - [2010.08.03 15:40:12 | 000,038,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HIPPSK.sys -- (HIPPSK)
DRV - [2010.08.03 15:39:56 | 000,107,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HIPK.sys -- (HIPK)
DRV - [2010.07.09 00:43:52 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI)
DRV - [2010.06.15 12:49:08 | 000,030,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\firelm01.sys -- (firelm01)
DRV - [2010.06.15 12:49:02 | 000,145,616 | ---- | M] (McAfee, Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\FireTDI.sys -- (FireTDI)
DRV - [2010.06.15 12:48:58 | 000,137,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\FirePM.sys -- (FirePM)
DRV - [2010.05.12 20:17:00 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2010.04.20 22:58:54 | 001,660,051 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010.03.19 16:39:08 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie)
DRV - [2010.02.26 23:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd)
DRV - [2010.01.19 12:50:12 | 000,235,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2010.01.18 07:56:26 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Accelern.sys -- (Acceler)
DRV - [2010.01.18 07:56:26 | 000,017,072 | ---- | M] (ST Microelectronics) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\stdfltn.sys -- (stdflt)
DRV - [2009.12.10 09:33:34 | 000,167,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress)
DRV - [2009.11.03 17:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv)
DRV - [2009.09.16 17:07:42 | 000,144,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt)
DRV - [2009.09.15 11:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32)
DRV - [2009.08.10 00:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2009.05.28 11:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\CtAudDrv.sys -- (CtAudDrv)
DRV - [2009.05.21 11:48:10 | 000,029,184 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID)
DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud)
DRV - [2009.01.19 11:02:27 | 000,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP)
DRV - [2008.10.17 16:26:24 | 000,044,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\firehk.sys -- (FirehkMP)
DRV - [2008.10.17 16:26:24 | 000,044,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\firehk.sys -- (Firehk)
DRV - [2008.07.30 17:44:18 | 000,110,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService)
DRV - [2008.06.24 20:46:58 | 000,985,728 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2008.06.24 20:46:18 | 000,210,688 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2008.06.24 20:46:14 | 000,731,264 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2008.06.04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV)
DRV - [2008.04.14 06:42:10 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl)
DRV - [2008.04.04 14:40:50 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress)
DRV - [2008.03.14 17:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror)
DRV - [2008.03.13 15:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd)
DRV - [2007.04.19 06:28:12 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt)
DRV - [2003.01.30 19:55:44 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09)
DRV - [2003.01.30 19:55:44 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09)
DRV - [2003.01.30 19:55:44 | 000,018,864 | ---- | M] (HP) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09)
DRV - [2003.01.30 19:55:44 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2001.08.23 14:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga)
DRV - [2001.08.23 14:00:00 | 000,002,864 | ---- | M] () [Adapter | On_Demand | Unknown] -- C:\WINDOWS\System32\winsock.dll -- (Winsock)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.pri;mystaubli*;gateway.staubli*;auth.staubli.com;*.google.com;<local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = gateway.zscaler.net:80
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0
FF - prefs.js..network.proxy.ftp: "gateway.zscaler.net"
FF - prefs.js..network.proxy.ftp_port: 80
FF - prefs.js..network.proxy.http: "gateway.zscaler.net"
FF - prefs.js..network.proxy.http_port: 80
FF - prefs.js..network.proxy.no_proxies_on: "10.*,*.pri,mystaubli.*,gateway.staubli.com,192.168.1.1,localhost,127.0.0.1"
FF - prefs.js..network.proxy.ssl: "gateway.zscaler.net"
FF - prefs.js..network.proxy.ssl_port: 80
FF - prefs.js..network.proxy.type: 0
 
FF - user.js..browser.search.selectedEngine: "Search the web"
FF - user.js..browser.search.order.1: "Search the web"
FF - user.js..browser.search.defaultenginename: "Search the web"
FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.10.06 08:25:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Documents and Settings\bbel\Local Settings\Application Data\Mozilla Firefox\components [2011.07.13 16:48:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Documents and Settings\bbel\Local Settings\Application Data\Mozilla Firefox\plugins
 
[2011.07.13 16:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bbel\Application Data\mozilla\Extensions
[2011.06.30 15:36:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
 
========== Chrome  ==========
 
CHR - homepage: Google
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: Google
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.10.02 17:57:22 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111205081651.dll (McAfee, Inc.)
O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation)
O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Symantec Corporation)
O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.)
O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access PC5250 Sound] C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe (IBM Corporation)
O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe File not found
O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.)
O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.)
O4 - HKCU..\Run: [clttqhzmaijnudf] C:\Documents and Settings\All Users\Application Data\clttqhzm.exe ()
O4 - HKCU..\Run: [svchost1.exe] C:\Documents and Settings\bbel\Application Data\win32\svchost1.exe ()
O4 - HKCU..\Run: [svchost2.exe] C:\Documents and Settings\bbel\Local Settings\Temp\win32\svchost2.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1
O15 - HKLM\..Trusted Domains: staubli.com ([gateway] https in Trusted sites)
O15 - HKLM\..Trusted Domains: staubli.pri ([mystaubli] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cam4.com ([de] http in Vertrauenswürdige Sites)
O16 - DPF: {0006F063-0000-0000-C000-000000000046} hxxp://activex.microsoft.com/activex/controls/office/outlctlx.CAB (Microsoft Outlook View Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {21EC36C8-5D54-4EF8-AAFC-BE6D34661A2A} https://fav88win/crm_adm/20417/applets/SiebelAx_OutBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3F6E704A-F409-4A52-9CF3-D32463CB491E} hxxp://fav88win/crm_adm/20433/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)
O16 - DPF: {609DE3A4-42CB-4C10-8D47-67D81B53E59A} https://fav88win/crm_adm/20417/applets/SiebelAx_Calendar.cab (Siebel Calendar)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282551073281 (MUWebControl Class)
O16 - DPF: {831FB9D5-7704-46BE-B4AE-BD946EE97F4C} hxxp://fav88win/crm_adm/20433/applets/SiebelAx_OutBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} https://mycrmstaubli.staubli.pri/CRM_FRA/20433/applets/SiebelAx_Desktop_Integration.cab (Siebel Desktop Integration)
O16 - DPF: {8EF3C23F-7E51-4C79-8534-C936449DCC79} https://fav88win/crm_adm/20417/applets/SiebelAx_Gantt_Chart.cab (Siebel Gantt Chart)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {DCD3D795-8217-4C58-892E-F47A22CCC87E} https://fav88win/crm_adm/20417/applets/SiebelAx_iHelp.cab (Siebel iHelp)
O16 - DPF: {E1025617-5E52-47B1-A865-AC4AD132A16B} https://fav88win/crm_adm/20417/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prevost.staubli.pri
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BD1848B-6421-4413-AB1F-8299513BC181}: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\MRCNotify: DllName - (C:\WINDOWS\dwrcs\DWRCWXL.dll) - C:\WINDOWS\dwrcs\DWRCWXL.dll (DameWare Development LLC)
O24 - Desktop WallPaper: C:\Documents and Settings\bbel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\bbel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008.12.22 16:00:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.06 08:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012.10.06 08:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bbel\Application Data\Malwarebytes
[2012.10.05 21:48:44 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2012.10.04 21:02:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bbel\Recent
[2012.10.04 18:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fojviwleazccjtg
[2012.10.03 15:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bbel\Desktop\Brammer Augsburg
[2012.09.27 17:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bbel\My Documents\schulung Sonnenhof
[2012.09.25 16:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bbel\Local Settings\Application Data\Downloaded Installations
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\bbel\Desktop\*.tmp files -> C:\Documents and Settings\bbel\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\bbel\My Documents\*.tmp files -> C:\Documents and Settings\bbel\My Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.30 23:14:54 | 003,317,560 | ---- | M] (PixelPlanet) -- C:\Documents and Settings\bbel\My Documents\PdfEditor.exe
[2013.04.30 21:49:42 | 038,672,952 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\PdfEditor_32bit.exe
[2012.10.06 08:27:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012.10.06 07:43:10 | 000,001,458 | ---- | M] () -- C:\AClient.cfg
[2012.10.05 08:10:43 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\bbel\Desktop\Microsoft PowerPoint.lnk
[2012.10.04 22:14:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.10.04 18:30:42 | 000,271,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2012.10.04 18:30:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012.10.04 18:27:35 | 000,076,423 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ecrwtltbmmjxysc
[2012.10.04 18:27:27 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\clttqhzm.exe
[2012.10.03 13:03:07 | 000,000,584 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2012.10.02 15:08:53 | 001,158,390 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Bestellung Burmeister.pdf
[2012.10.02 15:03:47 | 000,065,475 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Angebot ESI071153.pdf
[2012.10.02 15:02:00 | 000,069,021 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Angebot ESI 071153.pdf
[2012.10.02 14:19:17 | 000,002,401 | ---- | M] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2012.09.26 14:28:43 | 000,137,603 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Neue Kupplung ACS.pdf
[2012.09.26 13:53:43 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\Suggestion.lex
[2012.09.25 16:53:10 | 000,194,670 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\RSIM34.pdf
[2012.09.25 15:05:10 | 001,981,696 | ---- | M] () -- C:\Documents and Settings\bbel\Desktop\DVE.pdf
[2012.09.24 16:30:55 | 000,136,247 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Surflex6.pdf
[2012.09.24 13:30:58 | 000,004,178 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Kunden  Messe Frankfurt.pdf
[2012.09.21 16:39:48 | 000,008,010 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Berichte Automechn.pdf
[2012.09.21 16:36:40 | 000,008,030 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Messe Frankfurt Berichte.pdf
[2012.09.21 13:08:22 | 000,288,072 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Angebot Ruck Gase.pdf
[2012.09.20 09:28:15 | 000,136,890 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Spiral.pdf
[2012.09.19 07:57:03 | 000,001,134 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2851880480-941839565-2621562516-4144Core1cd962b97ad5d36.job
[2012.09.07 15:49:52 | 000,321,731 | ---- | M] () -- C:\Documents and Settings\bbel\Desktop\Angebot Carpoint.pdf
[4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\bbel\Desktop\*.tmp files -> C:\Documents and Settings\bbel\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\bbel\My Documents\*.tmp files -> C:\Documents and Settings\bbel\My Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.04 18:28:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012.10.04 18:27:35 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\clttqhzm.exe
[2012.10.04 18:27:28 | 000,076,423 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ecrwtltbmmjxysc
[2012.10.02 15:08:15 | 001,158,390 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Bestellung Burmeister.pdf
[2012.10.02 15:03:47 | 000,065,475 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Angebot ESI071153.pdf
[2012.10.02 15:01:59 | 000,069,021 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Angebot ESI 071153.pdf
[2012.09.26 14:28:40 | 000,137,603 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Neue Kupplung ACS.pdf
[2012.09.25 16:53:09 | 000,194,670 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\RSIM34.pdf
[2012.09.25 15:05:10 | 001,981,696 | ---- | C] () -- C:\Documents and Settings\bbel\Desktop\DVE.pdf
[2012.09.24 16:30:54 | 000,136,247 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Surflex6.pdf
[2012.09.24 13:30:57 | 000,004,178 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Kunden  Messe Frankfurt.pdf
[2012.09.21 16:39:48 | 000,008,010 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Berichte Automechn.pdf
[2012.09.21 16:36:40 | 000,008,030 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Messe Frankfurt Berichte.pdf
[2012.09.21 13:08:21 | 000,288,072 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Angebot Ruck Gase.pdf
[2012.09.20 09:28:14 | 000,136,890 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Spiral.pdf
[2012.09.19 07:57:03 | 000,001,134 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2851880480-941839565-2621562516-4144Core1cd962b97ad5d36.job
[2012.09.07 15:49:51 | 000,321,731 | ---- | C] () -- C:\Documents and Settings\bbel\Desktop\Angebot Carpoint.pdf
[2012.06.18 17:12:14 | 000,000,123 | ---- | C] () -- C:\WINDOWS\System32\DWRCCMDError.ini
[2012.03.14 22:57:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.07.13 14:21:21 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011.07.13 14:21:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2011.07.13 14:17:17 | 000,000,227 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2011.07.13 14:17:17 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2011.07.13 14:17:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2011.07.13 14:13:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll
[2011.07.13 14:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat
[2011.07.08 21:32:40 | 000,130,048 | ---- | C] () -- C:\Documents and Settings\bbel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.20 08:58:52 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\Vcfide.dll
[2011.04.14 11:13:35 | 000,000,682 | RHS- | C] () -- C:\Documents and Settings\bbel\ntuser.pol
[2010.11.04 13:29:11 | 000,002,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys
[2008.12.23 14:06:19 | 000,008,260 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
 
========== ZeroAccess Check ==========
 
[2008.12.23 10:01:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >

--- --- ---

--- --- ---

t'john · 06.10.2012, 16:24

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Code:

ATTFilter

:OTL
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (WDICA) 
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRFRAME) 
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRELI) 
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDFRAME) 
DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDCOMP) 
DRV - File not found [Kernel | System | Unknown] -- -- (lbrtfdc) 
DRV - File not found [Kernel | System | Unknown] -- -- (i2omgmt) 
DRV - File not found [Kernel | System | Unknown] -- -- (Changer) 

O4 - HKCU..\Run: [clttqhzmaijnudf] C:\Documents and Settings\All Users\Application Data\clttqhzm.exe () 
O4 - HKCU..\Run: [svchost1.exe] C:\Documents and Settings\bbel\Application Data\win32\svchost1.exe () 
O4 - HKCU..\Run: [svchost2.exe] C:\Documents and Settings\bbel\Local Settings\Temp\win32\svchost2.exe () 
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) 
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) 
O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07) 
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) 

:Files
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\bbel\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\bbel\Lokale Einstellungen\Anwendungsdaten\*.exe
C:\Dokumente und Einstellungen\bbel\*.exe
C:\Dokumente und Einstellungen\bbel\Startmenü\Programme\Autostart\ctfmon.lnk
C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ctfmon.lnk
C:\Dokumente und Einstellungen\bbel\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:

3. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

4. Schritt

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

t'john · 12.12.2012, 06:26

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

dieses programm kann die webseite nicht anzeigen

Log-Analyse und Auswertung: dieses programm kann die webseite nicht anzeigen