|
Log-Analyse und Auswertung: dieses programm kann die webseite nicht anzeigenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
06.10.2012, 09:02 | #1 |
| dieses programm kann die webseite nicht anzeigen OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 06.10.2012 09:48:36 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy 3,43 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 87,21% Memory free 5,27 Gb Paging File | 5,04 Gb Available in Paging File | 95,61% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148,99 Gb Total Space | 87,04 Gb Free Space | 58,42% Space Free | Partition Type: NTFS Drive E: | 3,87 Gb Total Space | 3,64 Gb Free Space | 93,96% Space Free | Partition Type: FAT32 Computer Name: xxx | User Name: xxx | NOT logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe () [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* helpfile [open] -- winhlp32.exe %1 () hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 () piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "UpdatesDisableNotify" = 1 "AntiVirusOverride" = 1 "FirewallOverride" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr] "Start" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation) "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0003C1E0-E0E7-49BB-A0F6-4AE6D2B09202}" = UPEK TouchChip Fingerprint Reader "{06E76C3D-0ADD-4B6A-B59D-BDC0E1EB33C1}" = Saratoga CRM Remote "{07C69B3A-62B3-41BF-82EE-B3A87BD6EA0C}" = Lotus Notes 8.5.2 "{08E81ABD-79F7-49C2-881F-FD6CB0975693}" = Roxio Creator Data "{09760D42-E223-42AD-8C3E-55B47D0DDAC3}" = Roxio Creator DE 10.3 "{1F54DAFA-9261-4A62-B59D-6C9F26B48FE4}" = Roxio Creator Tools "{211b845d-a957-480f-bd93-4b65be37e696}" = Software Management Solution Agent "{23EEC842-57ED-4055-A056-9D4185DFB1AA}" = Dell Mobile Broadband Manager "{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 21 "{294EAADF-E50F-4DD8-AD8D-19587EA10512}" = Modem Diagnostic Tool "{2B818257-E6C7-4841-8C29-C5C9A982BCE5}" = RICOH Media Driver ver.2.11.01.02 "{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Roxio Update Manager "{3248F0A8-6813-11D6-A77B-00B0D0150070}" = J2SE Runtime Environment 5.0 Update 7 "{3265DDD6-A7CC-4847-A5C8-2EFA70578ED3}" = Altiris Inventory Agent "{32664D01-7FDF-46C9-A539-D58C3DE032B6}" = Installer Service "{34ED8BC7-2166-4E35-8EF7-4301DC811722}" = Saratoga CRM Lotus Addin "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{36B2BE5D-3B00-4FB3-BCD5-1984C11E8FE6}" = Saratoga CRM Remote "{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime "{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting "{41846936-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{41846937-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{41846938-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{4184693D-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{4184693F-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{41846940-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{41846947-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{41846948-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{4184694A-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{41846958-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{4184695E-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{4184696B-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{4184696E-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{41846970-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{41846976-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{41846979-6A9E-488B-9E37-21F7D814ECFA}" = mpmri "{43507E5B-94A0-4E56-9C7B-FAAAFBDB5904}" = Logiciel Intel(R) PROSet/Wireless WiFi "{54DAAD16-A57A-4524-9C4F-391500945D14}" = Adobe Flash Player 10 ActiveX "{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Media Driver Ver.3.53.02 "{5A26B7C0-55B1-4DA8-A693-E51380497A5E}" = Dell ControlVault Host Components Installer "{5F23A1DC-58CB-4AB9-84E8-9A569438D916}" = ControlVault Diagnostics "{608A014D-E253-43D8-A300-00A739BA802E}" = Juniper Installer Service "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Roxio Express Labeler 3 "{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.5 "{6EA8A52B-8EA1-4A59-85AB-48132299061A}" = Intel(R) PRO Alerting Agent "{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = Analyseur et SDK MSXML 4.0 SP2 "{73A4F29F-31AC-4EBD-AA1B-0CC5F18C8F83}" = Roxio Creator Audio "{765B5216-5FCC-48C2-AD8C-FB414B590176}" = AuthenTec Fingerprint Sensor "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{87434D51-51DB-4109-B68F-A829ECDCF380}" = AccelerometerP11 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{901E0405-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Czech User Interface Pack "{901E0407-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP German User Interface Pack "{901E040C-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP French User Interface Pack "{901E0410-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Italian User Interface Pack "{901E0412-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Korean User Interface Pack "{901E0413-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Dutch User Interface Pack "{901E0415-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Polish User Interface Pack "{901E041F-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Turkish User Interface Pack "{901E0804-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Chinese (Simplified) User Interface Pack "{901E0C0A-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Spanish User Interface Pack "{90300409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Media Content "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{AB6FFA58-F491-11D3-8951-000000032895}" = iPassConnect Staubli "{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3 "{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9 "{AC76BA86-7AD7-2448-0000-900000000003}" = Chinese Traditional Fonts Support For Adobe Reader 9 "{AF7E4468-E364-4991-BC2A-6E8293E1055B}" = BioAPI Framework "{B332732A-4958-41DD-B439-DDA2D32753C5}" = McAfee Host Intrusion Prevention "{B6A26DE5-F2B5-4D58-9570-4FC760E00FCD}" = Roxio Creator Copy "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{DE91C193-2611-4BD3-A9F9-DF589C572565}" = McAfee Agent "{E09B48B5-E141-427A-AB0C-D3605127224A}" = Microsoft SQL Server Desktop Engine "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{ED439A64-F018-4DD4-8BA5-328D85AB09AB}" = Roxio Creator DE 10.3 "{F01EA00D-680F-4AD3-89FE-D1CB42AE8480}" = Saratoga CRM Chart "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F0F563C4-D4AD-41C4-A8A6-26664C027D11}" = Brother MFL-Pro Suite "{F6D4D4B8-C41D-4618-9977-F05F0A77D6ED}" = SaratogaLotusAddin "{FF1DDCF4-3A28-4F7F-96D8-E3F4BD1C1702}" = Dell Security Device Driver Pack "9512AA21B791B05A54E27065C45BBC417AB282DF" = Package de pilotes Windows - Dell Inc. PBADRV System (09/11/2009 1.0.1.6) "9D57DE505B6D8C710EF3B74BE638DBB936EED8A3" = Windows Driver Package - Dell Inc. PBADRV System (01/07/2008 1.0.1.5) "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player "Avenue Single User" = Avenue Single User "ClientAccessExpress" = IBM iSeries Access for Windows "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem "Dell Webcam Central" = Dell Webcam Central "FileZilla Client" = FileZilla Client 3.1.2 "ie8" = Windows Internet Explorer 8 "IE8-MUI" = Windows Internet Explorer 8 Multilingual User Interface (MUI) "InstallShield_{32664D01-7FDF-46C9-A539-D58C3DE032B6}" = Installer Service "InstallShield_{3868A8EE-5051-4DB0-8DF6-4F4B8A98D083}" = QuickTime "Juniper Network Connect 6.5.0" = Juniper Networks Network Connect 6.5.0 "Juniper Network Connect 7.1.9" = Juniper Networks Network Connect 7.1.9 "Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs "ProInst" = Intel PROSet Wireless "PROSet" = Intel(R) Network Connections Drivers "Saratoga CRM Remote" = Saratoga CRM Remote "Siebel Uninstall Manager" = Siebel Uninstallation Manager "ST6UNST #1" = Staubli "ST6UNST #2" = Staubli (C:\SCRM_CONNECTORS\SPECIFIC\) "ST6UNST #3" = Staubli (C:\SCRM_CONNECTORS\SPECIFIC\) #3 "ST6UNST #4" = Staubli (C:\SCRM_CONNECTORS\SPECIFIC\) #4 "ST6UNST #5" = Staubli (C:\SCRM_CONNECTORS\SPECIFIC\) #5 "ST6UNST #6" = Staubli (C:\SCRM_CONNECTORS\SPECIFIC\) #6 "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Google Chrome" = Google Chrome "Juniper_Setup_Client" = Juniper Networks, Inc. Setup Client "Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de) "Neoteris_Host_Checker" = Juniper Networks Host Checker ========== Last 20 Event Log Errors ========== Error: Unable to start EventLog service! < End of report > OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 06.10.2012 09:48:30 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = E:\ Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000C07 | Country: Austria | Language: DEA | Date Format: dd.MM.yyyy 3,43 Gb Total Physical Memory | 2,99 Gb Available Physical Memory | 87,21% Memory free 5,27 Gb Paging File | 5,04 Gb Available in Paging File | 95,61% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 148,99 Gb Total Space | 87,04 Gb Free Space | 58,42% Space Free | Partition Type: NTFS Drive E: | 3,87 Gb Total Space | 3,64 Gb Free Space | 93,96% Space Free | Partition Type: FAT32 Computer Name: ACVL0015 | User Name: bbel | NOT logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.06 09:44:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\OTL.exe PRC - [2008.04.14 06:42:20 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe ========== Modules (No Company Name) ========== MOD - [2007.06.02 22:41:36 | 000,617,472 | ---- | M] () -- C:\Program Files\IZArc\IZArcCM.dll ========== Services (SafeList) ========== SRV - File not found [On_Demand | Unknown] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlagent.EXE -- (SQLSERVERAGENT) SRV - File not found [Disabled | Unknown] -- C:\Program Files\Microsoft SQL Server\MSSQL\Binn\sqlservr.exe -- (MSSQLSERVER) SRV - File not found [Disabled | Unknown] -- %SystemRoot%\System32\hidserv.dll -- (HidServ) SRV - File not found [Auto | Unknown] -- C:\Altiris\AClient\AClient.exe -- (AClient) SRV - [2012.05.05 03:16:38 | 000,671,368 | ---- | M] (Juniper Networks) [Auto | Unknown] -- C:\Program Files\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService) SRV - [2011.11.15 17:06:00 | 000,132,672 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2011.10.06 14:18:48 | 000,148,520 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp) SRV - [2011.10.06 14:15:46 | 000,166,024 | ---- | M] () [Auto | Unknown] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV - [2011.09.06 15:31:48 | 000,588,160 | ---- | M] (DameWare Development LLC) [Auto | Unknown] -- C:\WINDOWS\dwrcs\DWRCS.EXE -- (DWMRCS) SRV - [2011.03.23 06:36:12 | 000,058,760 | ---- | M] (IBM Corp) [Auto | Unknown] -- C:\lotus\notes\ntmulti.exe -- (Multi-user Cleanup Service) SRV - [2011.03.23 06:35:40 | 000,062,856 | ---- | M] (IBM Corp) [Auto | Unknown] -- C:\lotus\notes\nslsvice.exe -- (Lotus Notes Single Logon) SRV - [2011.03.23 06:35:22 | 003,417,480 | ---- | M] (IBM) [Auto | Unknown] -- C:\lotus\notes\nsd.exe -- (Lotus Notes Diagnostics) SRV - [2011.01.12 08:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Program Files\McAfee\VirusScan Enterprise\vstskmgr.exe -- (McTaskManager) SRV - [2010.09.17 04:53:55 | 000,619,816 | ---- | M] (Altiris, Inc.) [On_Demand | Unknown] -- C:\Program Files\Altiris\Altiris Agent\Agents\WMIProviderAgent\AltirisAgentProvider.exe -- (AltirisAgentProvider) SRV - [2010.09.17 04:37:25 | 001,351,976 | ---- | M] (Symantec Corporation) [Auto | Unknown] -- C:\Program Files\Altiris\Altiris Agent\AeXNSAgent.exe -- (AeXNSClient) SRV - [2010.08.03 15:40:46 | 000,035,696 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Program Files\McAfee\Host Intrusion Prevention\HIPSCore\HIPSvc.exe -- (hips) SRV - [2010.07.09 00:44:32 | 002,533,400 | ---- | M] (Intel Corporation) [Auto | Unknown] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.07.09 00:44:16 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Unknown] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.06.15 12:50:48 | 001,498,224 | ---- | M] (McAfee, Inc.) [Auto | Unknown] -- C:\Program Files\McAfee\Host Intrusion Prevention\FireSvc.exe -- (enterceptAgent) SRV - [2010.03.24 00:09:28 | 000,812,448 | ---- | M] (Broadcom Corporation) [Auto | Unknown] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe -- (Credential Vault Host Control Service) SRV - [2010.03.24 00:09:28 | 000,027,040 | ---- | M] (Broadcom Corporation) [Auto | Unknown] -- C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe -- (Credential Vault Host Storage) SRV - [2010.01.10 12:01:26 | 000,060,928 | ---- | M] () [Auto | Unknown] -- C:\Program Files\STMicroelectronics\AccelerometerP11\InstallFilterService.exe -- (InstallFilterService) SRV - [2010.01.05 08:54:48 | 000,022,016 | ---- | M] (Siebel Systems, Inc.) [Disabled | Unknown] -- C:\sea800\BIN\siebqsvc.exe -- (Siebel QuickStart Service) SRV - [2009.09.21 14:55:12 | 000,858,384 | ---- | M] (Intel(R) Corporation) [Auto | Unknown] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2009.09.21 14:50:04 | 000,364,544 | ---- | M] (Intel(R) Corporation) [Auto | Unknown] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) SRV - [2009.09.21 14:44:48 | 000,954,368 | ---- | M] (Intel(R) Corporation) [Auto | Unknown] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2009.09.21 14:31:36 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Unknown] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2009.02.10 13:10:00 | 000,132,472 | ---- | M] (Symantec Corporation) [On_Demand | Unknown] -- c:\Temp\temp\RemStart.exe -- (REMSTART) SRV - [2008.04.14 06:42:10 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl) SRV - [2007.04.19 06:56:36 | 000,133,968 | ---- | M] (Intel Corporation) [Auto | Unknown] -- C:\Program Files\Intel\ASF Agent\ASFAgent.exe -- (ASFAgent) SRV - [2007.03.05 20:52:56 | 000,036,864 | ---- | M] (Juniper Networks) [Auto | Unknown] -- C:\Program Files\Neoteris\Installer Service\NeoterisSetupService.exe -- (Neoteris Setup Service) SRV - [2006.07.27 21:00:40 | 001,306,624 | ---- | M] (iPass, Inc.) [On_Demand | Unknown] -- C:\Program Files\iPass\iPassConnect Staubli\iPassConnectEngine.exe -- (iPassConnectEngine) SRV - [2006.07.21 17:15:40 | 000,122,880 | ---- | M] (iPass, Inc.) [On_Demand | Unknown] -- C:\Program Files\iPass\iPassConnect Staubli\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp) SRV - [2006.07.21 17:15:40 | 000,086,016 | ---- | M] (iPass, Inc.) [Auto | Unknown] -- C:\Program Files\iPass\iPassConnect Staubli\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService) SRV - [2005.06.10 06:30:00 | 000,057,393 | ---- | M] (IBM Corporation) [On_Demand | Unknown] -- C:\WINDOWS\cwbrxd.exe -- (Cwbrxd) SRV - [2003.01.30 19:55:44 | 000,077,824 | ---- | M] (HP) [On_Demand | Unknown] -- C:\WINDOWS\system32\hphipm09.exe -- (Pml Driver) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Unknown] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDCOMP) DRV - File not found [Kernel | System | Unknown] -- -- (PCIDump) DRV - File not found [Kernel | On_Demand | Unknown] -- System32\Drivers\PCASp50.sys -- (PCASp50) DRV - File not found [Kernel | System | Unknown] -- C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys -- (mferkdk) DRV - File not found [Kernel | System | Unknown] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Unknown] -- -- (i2omgmt) DRV - File not found [Kernel | System | Unknown] -- -- (Changer) DRV - File not found [Kernel | On_Demand | Unknown] -- system32\DRIVERS\ccidflt.sys -- (CCIDFILTER) DRV - [2012.10.02 14:19:17 | 000,002,401 | ---- | M] () [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AlKernel.sys -- (AlKernel) DRV - [2012.05.05 02:50:56 | 000,026,624 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\dsNcAdpt.sys -- (dsNcAdpt) DRV - [2011.10.06 14:18:28 | 000,089,528 | ---- | M] (McAfee, Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k) DRV - [2011.10.06 14:18:02 | 000,087,392 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2011.10.06 14:17:32 | 000,463,912 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2011.10.06 14:16:58 | 000,059,192 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2011.10.06 14:16:48 | 000,180,328 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2011.10.06 14:16:28 | 000,120,992 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010.08.03 15:44:24 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | Disabled | Unknown] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010.08.03 15:40:26 | 000,035,552 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HIPQK.sys -- (HIPQK) DRV - [2010.08.03 15:40:12 | 000,038,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HIPPSK.sys -- (HIPPSK) DRV - [2010.08.03 15:39:56 | 000,107,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HIPK.sys -- (HIPK) DRV - [2010.07.09 00:43:52 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HECI.sys -- (HECI) DRV - [2010.06.15 12:49:08 | 000,030,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\firelm01.sys -- (firelm01) DRV - [2010.06.15 12:49:02 | 000,145,616 | ---- | M] (McAfee, Inc.) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\FireTDI.sys -- (FireTDI) DRV - [2010.06.15 12:48:58 | 000,137,536 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\FirePM.sys -- (FirePM) DRV - [2010.05.12 20:17:00 | 000,255,096 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2010.04.20 22:58:54 | 001,660,051 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2010.03.19 16:39:08 | 000,059,904 | ---- | M] (REDC) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\risdpe86.sys -- (risdpcie) DRV - [2010.02.26 23:31:24 | 000,132,480 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Impcd.sys -- (Impcd) DRV - [2010.01.19 12:50:12 | 000,235,520 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\IntcDAud.sys -- (IntcDAud) DRV - [2010.01.18 07:56:26 | 000,042,672 | ---- | M] (ST Microelectronics) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Accelern.sys -- (Acceler) DRV - [2010.01.18 07:56:26 | 000,017,072 | ---- | M] (ST Microelectronics) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\stdfltn.sys -- (stdflt) DRV - [2009.12.10 09:33:34 | 000,167,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\e1k5132.sys -- (e1kexpress) DRV - [2009.11.03 17:40:42 | 000,033,832 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\cvusbdrv.sys -- (cvusbdrv) DRV - [2009.09.16 17:07:42 | 000,144,576 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\CtClsFlt.sys -- (CtClsFlt) DRV - [2009.09.15 11:34:10 | 005,977,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) DRV - [2009.08.10 00:46:38 | 000,013,952 | ---- | M] (Intel Corporation) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2009.05.28 11:48:20 | 000,134,144 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\CtAudDrv.sys -- (CtAudDrv) DRV - [2009.05.21 11:48:10 | 000,029,184 | R--- | M] (Microsoft Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID) DRV - [2009.04.21 22:13:34 | 000,113,664 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2009.01.19 11:02:27 | 000,021,419 | ---- | M] (Meetinghouse Data Communications) [Kernel | Auto | Unknown] -- C:\WINDOWS\system32\drivers\iPassP.sys -- (iPassP) DRV - [2008.10.17 16:26:24 | 000,044,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\firehk.sys -- (FirehkMP) DRV - [2008.10.17 16:26:24 | 000,044,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\firehk.sys -- (Firehk) DRV - [2008.07.30 17:44:18 | 000,110,080 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) DRV - [2008.06.24 20:46:58 | 000,985,728 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV) DRV - [2008.06.24 20:46:18 | 000,210,688 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL) DRV - [2008.06.24 20:46:14 | 000,731,264 | R--- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf) DRV - [2008.06.04 14:14:00 | 000,026,608 | ---- | M] (Dell Inc) [Kernel | Boot | Unknown] -- C:\WINDOWS\system32\drivers\PBADRV.sys -- (PBADRV) DRV - [2008.04.14 06:42:10 | 000,088,576 | ---- | M] (Microsoft Corporation) [Unknown (-1) | Unknown (-1) | Unknown] -- C:\WINDOWS\system32\wbem\wmiaprpl.dll -- (WmiApRpl) DRV - [2008.04.04 14:40:50 | 000,244,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\e1y5132.sys -- (e1yexpress) DRV - [2008.03.14 17:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror) DRV - [2008.03.13 15:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd) DRV - [2007.04.19 06:28:12 | 000,042,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\Asfalrt.sys -- (AsfAlrt) DRV - [2003.01.30 19:55:44 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\hphid409.sys -- (Dot4 HPH09) DRV - [2003.01.30 19:55:44 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\hphs2k09.sys -- (Dot4Storage HPH09) DRV - [2003.01.30 19:55:44 | 000,018,864 | ---- | M] (HP) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\hphius09.sys -- (Dot4Usb HPH09) DRV - [2003.01.30 19:55:44 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Unknown] -- C:\WINDOWS\system32\drivers\hphipr09.sys -- (Dot4Print HPH09) DRV - [2001.08.23 14:00:00 | 000,012,160 | ---- | M] (Microsoft Corporation) [Kernel | System | Unknown] -- C:\WINDOWS\system32\drivers\fsvga.sys -- (FsVga) DRV - [2001.08.23 14:00:00 | 000,002,864 | ---- | M] () [Adapter | On_Demand | Unknown] -- C:\WINDOWS\System32\winsock.dll -- (Winsock) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 10.*;*.pri;mystaubli*;gateway.staubli*;auth.staubli.com;*.google.com;<local> IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = gateway.zscaler.net:80 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledAddons: jqs@sun.com:1.0 FF - prefs.js..network.proxy.ftp: "gateway.zscaler.net" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.http: "gateway.zscaler.net" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.no_proxies_on: "10.*,*.pri,mystaubli.*,gateway.staubli.com,192.168.1.1,localhost,127.0.0.1" FF - prefs.js..network.proxy.ssl: "gateway.zscaler.net" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.selectedEngine: "Search the web" FF - user.js..browser.search.order.1: "Search the web" FF - user.js..browser.search.defaultenginename: "Search the web" FF - user.js..keyword.URL: "hxxp://www.browsersafesearch.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2012.10.06 08:25:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Documents and Settings\bbel\Local Settings\Application Data\Mozilla Firefox\components [2011.07.13 16:48:12 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Documents and Settings\bbel\Local Settings\Application Data\Mozilla Firefox\plugins [2011.07.13 16:49:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\bbel\Application Data\mozilla\Extensions [2011.06.30 15:36:12 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF ========== Chrome ========== CHR - homepage: Google CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: Google CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Chrome\Application\22.0.1229.79\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.210.7 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U21 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.0.3 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll CHR - plugin: Google Update (Enabled) = C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: YouTube = C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Documents and Settings\bbel\Local Settings\Application Data\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2012.10.02 17:57:22 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20111205081651.dll (McAfee, Inc.) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [AeXAgentLogon] C:\Program Files\Altiris\Altiris Agent\AeXAgentActivate.exe (Symantec Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [Client Access Express Welcome] C:\Program Files\IBM\Client Access\cwbwlwiz.exe (IBM Corporation) O4 - HKLM..\Run: [Client Access Help Update] C:\Program Files\IBM\Client Access\cwbinhlp.exe (IBM Corporation) O4 - HKLM..\Run: [Client Access PC5250 Sound] C:\Program Files\IBM\Client Access\Emulator\pcssnd.exe (IBM Corporation) O4 - HKLM..\Run: [Client Access Service] C:\Program Files\IBM\Client Access\cwbsvstr.exe (IBM Corporation) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [Dell Webcam Central] C:\Program Files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe (Creative Technology Ltd) O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe (HP) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe File not found O4 - HKLM..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\imekrmig.exe (Microsoft Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [McAfee Host Intrusion Prevention Tray] C:\Program Files\McAfee\Host Intrusion Prevention\FireTray.exe (McAfee, Inc.) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation) O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl06b\BrStDvPt.exe (Brother Industories, Ltd.) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKCU..\Run: [clttqhzmaijnudf] C:\Documents and Settings\All Users\Application Data\clttqhzm.exe () O4 - HKCU..\Run: [svchost1.exe] C:\Documents and Settings\bbel\Application Data\win32\svchost1.exe () O4 - HKCU..\Run: [svchost2.exe] C:\Documents and Settings\bbel\Local Settings\Temp\win32\svchost2.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 1 O15 - HKLM\..Trusted Domains: staubli.com ([gateway] https in Trusted sites) O15 - HKLM\..Trusted Domains: staubli.pri ([mystaubli] https in Trusted sites) O15 - HKCU\..Trusted Domains: cam4.com ([de] http in Vertrauenswürdige Sites) O16 - DPF: {0006F063-0000-0000-C000-000000000046} hxxp://activex.microsoft.com/activex/controls/office/outlctlx.CAB (Microsoft Outlook View Control) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool) O16 - DPF: {21EC36C8-5D54-4EF8-AAFC-BE6D34661A2A} https://fav88win/crm_adm/20417/applets/SiebelAx_OutBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {3F6E704A-F409-4A52-9CF3-D32463CB491E} hxxp://fav88win/crm_adm/20433/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework) O16 - DPF: {609DE3A4-42CB-4C10-8D47-67D81B53E59A} https://fav88win/crm_adm/20417/applets/SiebelAx_Calendar.cab (Siebel Calendar) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1282551073281 (MUWebControl Class) O16 - DPF: {831FB9D5-7704-46BE-B4AE-BD946EE97F4C} hxxp://fav88win/crm_adm/20433/applets/SiebelAx_OutBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} https://mycrmstaubli.staubli.pri/CRM_FRA/20433/applets/SiebelAx_Desktop_Integration.cab (Siebel Desktop Integration) O16 - DPF: {8EF3C23F-7E51-4C79-8534-C936449DCC79} https://fav88win/crm_adm/20417/applets/SiebelAx_Gantt_Chart.cab (Siebel Gantt Chart) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {DCD3D795-8217-4C58-892E-F47A22CCC87E} https://fav88win/crm_adm/20417/applets/SiebelAx_iHelp.cab (Siebel iHelp) O16 - DPF: {E1025617-5E52-47B1-A865-AC4AD132A16B} https://fav88win/crm_adm/20417/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = prevost.staubli.pri O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9BD1848B-6421-4413-AB1F-8299513BC181}: DhcpNameServer = 192.168.1.1 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\MRCNotify: DllName - (C:\WINDOWS\dwrcs\DWRCWXL.dll) - C:\WINDOWS\dwrcs\DWRCWXL.dll (DameWare Development LLC) O24 - Desktop WallPaper: C:\Documents and Settings\bbel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\bbel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008.12.22 16:00:38 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.06 08:52:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2012.10.06 08:52:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bbel\Application Data\Malwarebytes [2012.10.05 21:48:44 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.10.04 21:02:08 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\bbel\Recent [2012.10.04 18:27:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fojviwleazccjtg [2012.10.03 15:17:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bbel\Desktop\Brammer Augsburg [2012.09.27 17:08:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bbel\My Documents\schulung Sonnenhof [2012.09.25 16:58:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\bbel\Local Settings\Application Data\Downloaded Installations [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\bbel\Desktop\*.tmp files -> C:\Documents and Settings\bbel\Desktop\*.tmp -> ] [1 C:\Documents and Settings\bbel\My Documents\*.tmp files -> C:\Documents and Settings\bbel\My Documents\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.30 23:14:54 | 003,317,560 | ---- | M] (PixelPlanet) -- C:\Documents and Settings\bbel\My Documents\PdfEditor.exe [2013.04.30 21:49:42 | 038,672,952 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\PdfEditor_32bit.exe [2012.10.06 08:27:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2012.10.06 07:43:10 | 000,001,458 | ---- | M] () -- C:\AClient.cfg [2012.10.05 08:10:43 | 000,002,469 | ---- | M] () -- C:\Documents and Settings\bbel\Desktop\Microsoft PowerPoint.lnk [2012.10.04 22:14:59 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.10.04 18:30:42 | 000,271,400 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2012.10.04 18:30:14 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2012.10.04 18:27:35 | 000,076,423 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ecrwtltbmmjxysc [2012.10.04 18:27:27 | 000,105,984 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\clttqhzm.exe [2012.10.03 13:03:07 | 000,000,584 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2012.10.02 15:08:53 | 001,158,390 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Bestellung Burmeister.pdf [2012.10.02 15:03:47 | 000,065,475 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Angebot ESI071153.pdf [2012.10.02 15:02:00 | 000,069,021 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Angebot ESI 071153.pdf [2012.10.02 14:19:17 | 000,002,401 | ---- | M] () -- C:\WINDOWS\System32\drivers\AlKernel.sys [2012.09.26 14:28:43 | 000,137,603 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Neue Kupplung ACS.pdf [2012.09.26 13:53:43 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\Suggestion.lex [2012.09.25 16:53:10 | 000,194,670 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\RSIM34.pdf [2012.09.25 15:05:10 | 001,981,696 | ---- | M] () -- C:\Documents and Settings\bbel\Desktop\DVE.pdf [2012.09.24 16:30:55 | 000,136,247 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Surflex6.pdf [2012.09.24 13:30:58 | 000,004,178 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Kunden Messe Frankfurt.pdf [2012.09.21 16:39:48 | 000,008,010 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Berichte Automechn.pdf [2012.09.21 16:36:40 | 000,008,030 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Messe Frankfurt Berichte.pdf [2012.09.21 13:08:22 | 000,288,072 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Angebot Ruck Gase.pdf [2012.09.20 09:28:15 | 000,136,890 | ---- | M] () -- C:\Documents and Settings\bbel\My Documents\Spiral.pdf [2012.09.19 07:57:03 | 000,001,134 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2851880480-941839565-2621562516-4144Core1cd962b97ad5d36.job [2012.09.07 15:49:52 | 000,321,731 | ---- | M] () -- C:\Documents and Settings\bbel\Desktop\Angebot Carpoint.pdf [4 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [2 C:\Documents and Settings\bbel\Desktop\*.tmp files -> C:\Documents and Settings\bbel\Desktop\*.tmp -> ] [1 C:\Documents and Settings\bbel\My Documents\*.tmp files -> C:\Documents and Settings\bbel\My Documents\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.10.04 18:28:30 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2012.10.04 18:27:35 | 000,105,984 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\clttqhzm.exe [2012.10.04 18:27:28 | 000,076,423 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ecrwtltbmmjxysc [2012.10.02 15:08:15 | 001,158,390 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Bestellung Burmeister.pdf [2012.10.02 15:03:47 | 000,065,475 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Angebot ESI071153.pdf [2012.10.02 15:01:59 | 000,069,021 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Angebot ESI 071153.pdf [2012.09.26 14:28:40 | 000,137,603 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Neue Kupplung ACS.pdf [2012.09.25 16:53:09 | 000,194,670 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\RSIM34.pdf [2012.09.25 15:05:10 | 001,981,696 | ---- | C] () -- C:\Documents and Settings\bbel\Desktop\DVE.pdf [2012.09.24 16:30:54 | 000,136,247 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Surflex6.pdf [2012.09.24 13:30:57 | 000,004,178 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Kunden Messe Frankfurt.pdf [2012.09.21 16:39:48 | 000,008,010 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Berichte Automechn.pdf [2012.09.21 16:36:40 | 000,008,030 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Messe Frankfurt Berichte.pdf [2012.09.21 13:08:21 | 000,288,072 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Angebot Ruck Gase.pdf [2012.09.20 09:28:14 | 000,136,890 | ---- | C] () -- C:\Documents and Settings\bbel\My Documents\Spiral.pdf [2012.09.19 07:57:03 | 000,001,134 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-2851880480-941839565-2621562516-4144Core1cd962b97ad5d36.job [2012.09.07 15:49:51 | 000,321,731 | ---- | C] () -- C:\Documents and Settings\bbel\Desktop\Angebot Carpoint.pdf [2012.06.18 17:12:14 | 000,000,123 | ---- | C] () -- C:\WINDOWS\System32\DWRCCMDError.ini [2012.03.14 22:57:31 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll [2011.07.13 14:21:21 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011.07.13 14:21:21 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2011.07.13 14:17:17 | 000,000,227 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini [2011.07.13 14:17:17 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini [2011.07.13 14:17:17 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat [2011.07.13 14:13:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\BrMuSNMP.dll [2011.07.13 14:13:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\brdfxspd.dat [2011.07.08 21:32:40 | 000,130,048 | ---- | C] () -- C:\Documents and Settings\bbel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.04.20 08:58:52 | 000,092,160 | ---- | C] () -- C:\WINDOWS\System32\Vcfide.dll [2011.04.14 11:13:35 | 000,000,682 | RHS- | C] () -- C:\Documents and Settings\bbel\ntuser.pol [2010.11.04 13:29:11 | 000,002,401 | ---- | C] () -- C:\WINDOWS\System32\drivers\AlKernel.sys [2008.12.23 14:06:19 | 000,008,260 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol ========== ZeroAccess Check ========== [2008.12.23 10:01:23 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shdocvw.dll -- [2008.04.14 06:42:06 | 001,499,136 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 14:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 06:42:10 | 000,273,920 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > --- --- --- |
06.10.2012, 16:24 | #2 |
/// Helfer-Team | dieses programm kann die webseite nicht anzeigenDie Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 4 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern mede dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL DRV - File not found [Kernel | On_Demand | Unknown] -- -- (WDICA) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand | Unknown] -- -- (PDCOMP) DRV - File not found [Kernel | System | Unknown] -- -- (lbrtfdc) DRV - File not found [Kernel | System | Unknown] -- -- (i2omgmt) DRV - File not found [Kernel | System | Unknown] -- -- (Changer) O4 - HKCU..\Run: [clttqhzmaijnudf] C:\Documents and Settings\All Users\Application Data\clttqhzm.exe () O4 - HKCU..\Run: [svchost1.exe] C:\Documents and Settings\bbel\Application Data\win32\svchost1.exe () O4 - HKCU..\Run: [svchost2.exe] C:\Documents and Settings\bbel\Local Settings\Temp\win32\svchost2.exe () O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_07-windows-i586.cab (Java Plug-in 1.5.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21) :Files C:\ProgramData\*.exe C:\ProgramData\TEMP C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.exe C:\Dokumente und Einstellungen\bbel\Anwendungsdaten\*.exe C:\Dokumente und Einstellungen\bbel\Lokale Einstellungen\Anwendungsdaten\*.exe C:\Dokumente und Einstellungen\bbel\*.exe C:\Dokumente und Einstellungen\bbel\Startmenü\Programme\Autostart\ctfmon.lnk C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\ctfmon.lnk C:\Dokumente und Einstellungen\bbel\Lokale Einstellungen\Anwendungsdaten\Sun\Java\Deployment\cache\ ipconfig /flushdns /c :Commands [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
4. Schritt
__________________ |
12.12.2012, 06:26 | #3 |
/// Helfer-Team | dieses programm kann die webseite nicht anzeigen Fehlende Rückmeldung
__________________Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ |
Themen zu dieses programm kann die webseite nicht anzeigen |
.dll, adobe, adobe flash player, anzeige, askbar, desktop, device driver, dll, error, explorer, explorer.exe, firefox, flash player, format, google, installation, kunde, logfile, microsoft, mozilla, national, outbound, plug-in, programm, quickstart, registry, rundll, scan, search the web, security, server, software, tcp, windows internet |