|
Log-Analyse und Auswertung: GVU TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.06.2013, 17:23 | #1 |
| GVU Trojaner Hallo Zusammen, ich habe mir den GVU Trojaner eingefangen, ich kann nichts in Windows machen es kommt sofort der GVU Sperrbildschirm, auf Rat der BKA Seite habe ich mit Hilfe von einen USB Stick Windowsunlocker von Kaspersky durchlaufen lassen, leider ohne erfolg. Da ich auf eigene Faust das Problem nicht beheben kann wende ich mich an euch Windows XP Pro SP2 32 Bit |
26.06.2013, 17:26 | #2 |
| GVU Trojaner OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 6/26/2013 7:04:54 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.79 Gb Total Space | 91.36 Gb Free Space | 81.72% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - [2012/11/30 05:15:45 | 000,159,640 | ---- | M] (McAfee, Inc.) [Auto] -- C:\WINDOWS\System32\mfevtps.exe -- (mfevtp) SRV - [2012/11/30 05:15:40 | 000,167,344 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe -- (McShield) SRV - [2012/11/27 10:06:00 | 000,132,712 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework) SRV - [2011/09/14 14:08:00 | 000,209,760 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager) SRV - [2010/08/25 15:07:00 | 000,022,816 | ---- | M] (McAfee, Inc.) [Auto] -- C:\Program Files\McAfee\VirusScan Enterprise\EngineServer.exe -- (McAfeeEngineService) SRV - [2010/07/02 11:02:42 | 000,246,120 | ---- | M] (DameWare Development LLC) [Auto] -- C:\WINDOWS\System32\DWRCS.EXE -- (DWMRCS) SRV - [2009/02/23 05:08:10 | 000,254,034 | ---- | M] (IDT, Inc.) [Auto] -- C:\Program Files\IDT\DellXPM09B_6159v043\WDM\stacsv.exe -- (STacSV) SRV - [2008/07/10 14:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008/07/10 14:32:38 | 000,352,256 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\WLKEEPER.exe -- (WLANKEEPER) Intel(R) SRV - [2008/07/10 14:23:22 | 000,901,120 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Intel\WiFi\bin\S24EvMon.exe -- (S24EventMonitor) SRV - [2008/07/10 14:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2007/04/12 20:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\CCM\CcmExec.exe -- (CcmExec) SRV - [2006/10/30 01:56:44 | 001,052,672 | ---- | M] (SAP AG, Walldorf) [On_Demand] -- C:\Program Files\SAP\SAPSprint\sapsprint.exe -- (SAPSprint) SRV - [2004/09/29 07:14:36 | 000,069,632 | ---- | M] (HP) [Auto] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand] -- -- (WDICA) DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDRELI) DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME) DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP) DRV - File not found [Kernel | System] -- -- (PCIDump) DRV - File not found [Kernel | System] -- -- (OMCI) DRV - File not found [Kernel | On_Demand] -- -- (mfeavfk01) DRV - File not found [Kernel | System] -- -- (lbrtfdc) DRV - File not found [Kernel | System] -- -- (i2omgmt) DRV - File not found [Kernel | System] -- -- (Changer) DRV - [2012/11/30 05:15:44 | 000,090,368 | ---- | M] (McAfee, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k) DRV - [2012/11/30 05:15:44 | 000,087,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet) DRV - [2012/11/30 05:15:43 | 000,477,584 | ---- | M] (McAfee, Inc.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk) DRV - [2012/11/30 05:15:42 | 000,215,024 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk) DRV - [2012/11/30 05:15:42 | 000,059,616 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk) DRV - [2012/11/30 05:15:41 | 000,121,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk) DRV - [2010/08/25 15:07:00 | 000,064,208 | ---- | M] (McAfee, Inc.) [Kernel | Disabled] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik) DRV - [2010/07/14 06:51:56 | 000,065,584 | ---- | M] (Citrix Systems, Inc.) [Kernel | System] -- C:\WINDOWS\system32\drivers\ctxusbm.sys -- (ctxusbm) DRV - [2009/02/23 05:08:10 | 001,545,795 | ---- | M] (IDT, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA) DRV - [2008/12/16 09:41:44 | 000,112,512 | ---- | M] (Andrea Electronics Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AESTAud.sys -- (AESTAud) DRV - [2008/09/22 07:40:46 | 000,109,568 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\IntcHdmi.sys -- (IntcHdmiAddService) Intel(R) DRV - [2008/06/26 00:15:34 | 003,630,080 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R) DRV - [2008/06/04 10:53:56 | 000,058,880 | R--- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtuhsbus.sys -- (GTUHSBUS) DRV - [2008/06/04 10:38:58 | 000,008,064 | R--- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtuhsser.sys -- (GTUHSSER) DRV - [2008/06/04 10:32:34 | 000,106,112 | R--- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP) DRV - [2008/04/18 09:48:50 | 000,011,904 | ---- | M] (Intel Corporation) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans) DRV - [2008/03/19 08:26:24 | 000,175,104 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) DRV - [2007/09/19 07:38:32 | 000,037,120 | R--- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtuqbus.sys -- (GTUQBUS) DRV - [2007/09/19 07:38:30 | 000,008,064 | R--- | M] (Option N.V.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\gtptser.sys -- (GTPTSER) DRV - [2007/06/25 13:53:10 | 000,155,136 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService) DRV - [2007/04/12 20:50:00 | 000,023,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\CCM\PrepDrv.sys -- (prepdrvr) DRV - [2007/02/15 14:00:00 | 000,026,624 | ---- | M] (DameWare) [Kernel | System] -- C:\WINDOWS\system32\drivers\dwvkbd.sys -- (dwvkbd) DRV - [2007/02/07 14:00:00 | 000,003,712 | ---- | M] (DameWare Development, LLC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\DamewareMini.sys -- (DwMirror) DRV - [2007/01/30 20:37:18 | 000,056,320 | ---- | M] (O2Micro) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\oz776.sys -- (guardian2) DRV - [2006/08/04 11:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\XAudio.sys -- (XAudio) DRV - [2005/12/04 18:55:30 | 001,428,096 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w39n51.sys -- (w39n51) Intel(R) DRV - [2005/05/31 16:08:00 | 001,198,080 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag) DRV - [2005/05/13 11:27:56 | 000,028,672 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbccid.sys -- (USBCCID) DRV - [2004/09/17 03:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt) DRV - [2003/12/09 13:24:58 | 000,067,024 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp) DRV - [2003/12/09 13:24:58 | 000,024,698 | ---- | M] (Roxio) [Kernel | System] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k) ========== Standard Registry (All) ========== ========== Internet Explorer ========== IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://powerkit IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd={SUB_PRD}&clcid={SUB_CLSID}&pver={SUB_PVER}&ar=home IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;intranet-ps;powerkit;rhqukmdrmgw0001.bbrail.com;172.16.*.*;10.*.*.*;53.191.*.*;pwrdemucapp0001;rhqukmdrmgw0001.rail.bb.wan;rhqukmdrpmm0001.rail.bb.wan;prjukdbyodb0001.bbrp.bbrail.co.uk;rhqukmdrpmm0001.bbrail.com IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = hxxp://53.191.100.251:8080 IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;intranet-ps;powerkit;rhqukmdrmgw0001.bbrail.com;172.16.*.*;10.*.*.*;53.191.*.*;pwrdemucapp0001;rhqukmdrmgw0001.rail.bb.wan;rhqukmdrpmm0001.rail.bb.wan;prjukdbyodb0001.bbrp.bbrail.co.uk;rhqukmdrpmm0001.bbrail.com IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = hxxp://53.191.100.251:8080 IE - HKU\grueblm_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\grueblm_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\grueblm_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\grueblm_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKU\grueblm_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\grueblm_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = powerkit;172.16.*.*;10.*.*.*;prjuk*;pwrde*;pltuk*;bbrp*;rhq*;bbpd-*;ris*;*.internet-entw.*;192.168.*.*;*.bbtraction.com;timesheets.bbcp.com;bbrde*;*.bb.wan;bbdeiis01;<local> IE - HKU\grueblm_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.0.20:8080 IE - HKU\HenningT_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\HenningT_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\HenningT_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://powerkit IE - HKU\HenningT_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome IE - HKU\HenningT_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKU\HenningT_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\HenningT_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = powerkit;172.16.*.*;10.*.*.*;prjuk*;pwrde*;pltuk*;bbrp*;rhq*;bbpd-*;ris*;*.internet-entw.*;192.168.*.*;*.bbtraction.com;timesheets.bbcp.com;bbrde*;*.bb.wan;bbdeiis01;csg.balfourbeatty.com;hxxp://learning.syntrio.com/*;;<local> IE - HKU\HenningT_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.0.20:8080 IE - HKU\kielerm_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\kielerm_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\kielerm_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://rcsapp022/RailDivisionIntranet/rail/default.aspx IE - HKU\kielerm_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKU\kielerm_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\kielerm_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = powerkit;172.16.*.*;10.*.*.*;prjuk*;pwrde*;pltuk*;bbrp*;rhq*;bbpd-*;ris*;*.internet-entw.*;192.168.*.*;*.bbtraction.com;timesheets.bbcp.com;bbrde*;*.bb.wan;bbdeiis01;csg.balfourbeatty.com;hxxp://learning.syntrio.com/*;;<local> IE - HKU\kielerm_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.0.20:8080 IE - HKU\laskek_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\laskek_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\laskek_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\laskek_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKU\laskek_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\laskek_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = powerkit;172.16.*.*;10.*.*.*;prjuk*;pwrde*;pltuk*;bbrp*;rhq*;bbpd-*;ris*;*.internet-entw.*;192.168.*.*;*.bbtraction.com;timesheets.bbcp.com;bbrde*;*.bb.wan;<local> IE - HKU\laskek_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.0.20:8080 IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;intranet-ps;powerkit;rhqukmdrmgw0001.bbrail.com;172.16.*.*;10.*.*.*;53.191.*.*;pwrdemucapp0001;rhqukmdrmgw0001.rail.bb.wan;rhqukmdrpmm0001.rail.bb.wan;prjukdbyodb0001.bbrp.bbrail.co.uk;rhqukmdrpmm0001.bbrail.com IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = hxxp://53.191.100.251:8080 IE - HKU\lutyr_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\lutyr_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\lutyr_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\lutyr_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKU\lutyr_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\lutyr_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = powerkit;172.16.*.*;10.*.*.*;prjuk*;pwrde*;pltuk*;bbrp*;rhq*;bbpd-*;ris*;*.internet-entw.*;192.168.*.*;*.bbtraction.com;timesheets.bbcp.com;bbrde*;*.bb.wan;bbdeiis01;<local> IE - HKU\lutyr_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.0.20:8080 IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 192.168.*.*;intranet-ps;powerkit;rhqukmdrmgw0001.bbrail.com;172.16.*.*;10.*.*.*;53.191.*.*;pwrdemucapp0001;rhqukmdrmgw0001.rail.bb.wan;rhqukmdrpmm0001.rail.bb.wan;prjukdbyodb0001.bbrp.bbrail.co.uk;rhqukmdrpmm0001.bbrail.com IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = hxxp://53.191.100.251:8080 IE - HKU\pwr_install_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\pwr_install_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Sign In IE - HKU\pwr_install_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\pwr_install_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKU\pwr_install_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\pwr_install_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = powerkit;172.16.*.*;10.*.*.*;prjuk*;pwrde*;pltuk*;bbrp*;rhq*;bbpd-*;ris*;*.internet-entw.*;192.168.*.*;*.bbtraction.com;timesheets.bbcp.com;bbrde*;*.bb.wan;<local> IE - HKU\pwr_install_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.0.20:8080 IE - HKU\pwr_service_uc_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\pwr_service_uc_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\pwr_service_uc_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\pwr_service_uc_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKU\pwr_service_uc_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\pwr_service_uc_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = powerkit;172.16.*.*;10.*.*.*;prjuk*;pwrde*;pltuk*;bbrp*;rhq*;bbpd-*;ris*;*.internet-entw.*;192.168.*.*;*.bbtraction.com;timesheets.bbcp.com;bbrde*;*.bb.wan;<local> IE - HKU\pwr_service_uc_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.0.20:8080 IE - HKU\RouchiM_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKU\RouchiM_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = Google IE - HKU\RouchiM_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\RouchiM_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation) IE - HKU\RouchiM_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 IE - HKU\RouchiM_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = powerkit;172.16.*.*;10.*.*.*;prjuk*;pwrde*;pltuk*;bbrp*;rhq*;bbpd-*;ris*;*.internet-entw.*;192.168.*.*;*.bbtraction.com;timesheets.bbcp.com;bbrde*;*.bb.wan;bbdeiis01;portal.balfourbeatty.com;<local> IE - HKU\RouchiM_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 10.10.0.20:8080 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/09/10 08:10:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files\Common Files\McAfee\SystemCore [2013/06/26 11:48:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2013/01/08 12:01:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: D:\FireFox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: D:\FireFox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: E:\FireFox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: E:\FireFox\plugins O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20121130101708.dll (McAfee, Inc.) O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\grueblm_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\grueblm_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\grueblm_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\HenningT_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\HenningT_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\HenningT_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\HenningT_ON_C\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.) O3 - HKU\kielerm_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\kielerm_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\kielerm_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\laskek_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\laskek_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\laskek_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\lutyr_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\lutyr_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\lutyr_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\pwr_install_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\pwr_install_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\pwr_install_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\pwr_service_uc_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\pwr_service_uc_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\pwr_service_uc_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O3 - HKU\RouchiM_ON_C\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\RouchiM_ON_C\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O3 - HKU\RouchiM_ON_C\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O4 - HKLM..\Run: [Adobe ARM] C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AESTFltr] C:\WINDOWS\System32\AESTFltr.exe (Andrea Electronics Corporation) O4 - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4 - HKLM..\Run: [CJIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\CHANGJIE\CINTLCFG.EXE (Microsoft Corp.) O4 - HKLM..\Run: [ConnectionCenter] C:\Program Files\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.) O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation) O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\WiFi\bin\ZCfgSvc.exe (Intel(R) Corporation) O4 - HKLM..\Run: [McAfeeUpdaterUI] C:\Program Files\McAfee\Common Framework\udaterui.exe (McAfee, Inc.) O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe () O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.) O4 - HKLM..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [PHIMETIPSYNC] C:\Program Files\Common Files\Microsoft Shared\IME\IMTC65\PHONETIC\TINTLCFG.EXE (Microsoft Corp.) O4 - HKLM..\Run: [RoxioEngineUtility] C:\Program Files\Common Files\Roxio Shared\System\EngUtil.exe (Roxio) O4 - HKLM..\Run: [ShStatEXE] C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE (McAfee, Inc.) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray.exe (IDT, Inc.) O4 - HKLM..\Run: [UniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.) O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\Administrator_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\grueblm_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\HenningT_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\HenningT_ON_C..\Run: [ctfmon32.exe] C:\Documents and Settings\All Users\Application Data\toirv.dat (ggggggggggggggggggggggggggg) O4 - HKU\HenningT_ON_C..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKU\HenningT_ON_C..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.) O4 - HKU\kielerm_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\laskek_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\lutyr_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\lutyr_ON_C..\Run: [H/PC Connection Agent] C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\pwr_install_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\pwr_install_ON_C..\Run: [EPSON S21 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIFAE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\pwr_install_ON_C..\Run: [UniPrint] C:\Program Files\UniPrint\Client\SetDfltSettings.exe (UniPrint, a division of GFI Business Solutions Inc.) O4 - HKU\pwr_service_uc_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\RouchiM_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HPZRCV01.LNK = C:\Program Files\HP\Temp\{79546A5F-AE7C-4693-8670-A3401B43ABD2}\setup\hpzrcv01.exe (Hewlett-Packard) O4 - Startup: C:\Documents and Settings\HenningT\Start Menu\Programs\Startup\regmonstd.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteChangeNotify = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disablecad = 0 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0 O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\grueblm_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\HenningT_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\kielerm_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\laskek_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\lutyr_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\pwr_install_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\pwr_service_uc_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\RouchiM_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Mobilen Favoriten erstellen... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: SwyxIt! Wählhilfe - {F8E553C6-4C00-11D3-80BC-00105A653379} - C:\Program Files\SwyxIt!\IEDial.htm () O9 - Extra 'Tools' menuitem : SwyxIt! Wählhilfe - {F8E553C6-4C00-11D3-80BC-00105A653379} - C:\Program Files\SwyxIt!\IEDial.htm () O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation) O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} hxxp://go.microsoft.com/fwlink/?linkid=58813 (Office Genuine Advantage Validation Tool) O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1205320424389 (WUWebControl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} hxxp://office.microsoft.com/officeupdate/content/opuc4.cab (Office Update Installation Engine) O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_22-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = rail.bb.wan O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\Program Files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP, Walldorf) O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation) O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation) O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica; charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=euc-jp {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=ISO-8859-1 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS936 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS949 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=MS950 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-ica;charset=UTF-8 {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - C:\Program Files\Citrix\ICA Client\IcaMimeFilter.dll (Citrix Systems, Inc.) O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation) O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation) O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation) O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation) O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation) O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation) O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation) O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation) O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation) O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation) O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation) O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation) O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation) O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation) O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation) O31 - SafeBoot: AlternateShell - cmd.exe O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2007/02/08 12:40:17 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{17603573-9c50-11de-b098-80e7bc4fc565}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\scsaver.exe O33 - MountPoints2\{17603573-9c50-11de-b098-80e7bc4fc565}\Shell\open\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\scsaver.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/06/26 13:02:09 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2013/06/25 17:51:09 | 000,261,632 | ---- | C] (ggggggggggggggggggggggggggg) -- C:\Documents and Settings\All Users\Application Data\toirv.dat [2013/06/25 17:51:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe [2013/06/18 13:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HenningT\My Documents\Downloads [2013/06/02 06:01:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HenningT\My Documents\Snagit [2013/06/02 06:01:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\HenningT\Local Settings\Application Data\TechSmith [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/06/26 11:49:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2013/06/26 11:47:55 | 000,000,456 | ---- | M] () -- C:\WINDOWS\SMSCFG.ini [2013/06/26 11:47:23 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vriot.pad [2013/06/26 11:45:54 | 3711,082,496 | -HS- | M] () -- C:\hiberfil.sys [2013/06/25 17:51:15 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\HenningT\Start Menu\Programs\Startup\regmonstd.lnk [2013/06/25 17:51:13 | 000,003,084 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vriot.js [2013/06/25 17:51:09 | 000,261,632 | ---- | M] (ggggggggggggggggggggggggggg) -- C:\Documents and Settings\All Users\Application Data\toirv.dat [2013/06/25 17:51:09 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe [2013/06/24 17:00:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2013/06/21 12:40:05 | 000,066,380 | ---- | M] () -- C:\Documents and Settings\HenningT\Desktop\HP Installationsfehler – XP.hta [2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] [1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/06/26 11:30:45 | 3711,082,496 | -HS- | C] () -- C:\hiberfil.sys [2013/06/25 17:51:15 | 000,000,794 | ---- | C] () -- C:\Documents and Settings\HenningT\Start Menu\Programs\Startup\regmonstd.lnk [2013/06/25 17:51:13 | 000,003,084 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vriot.js [2013/06/25 17:51:11 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vriot.pad [2013/03/23 11:28:56 | 000,000,116 | ---- | C] () -- C:\WINDOWS\wininit.ini [2013/03/17 12:13:48 | 000,034,381 | ---- | C] () -- C:\Documents and Settings\HenningT\ERROR.MAN [2013/03/07 03:28:41 | 000,084,772 | ---- | C] () -- C:\WINDOWS\hpfins05.dat [2013/03/07 03:28:41 | 000,001,547 | ---- | C] () -- C:\WINDOWS\hpfmdl05.dat [2013/03/07 03:27:29 | 000,004,418 | RHS- | C] () -- C:\Documents and Settings\kielerm\ntuser.pol [2013/03/07 02:56:44 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\kielerm\Application Data\$_hpcst$.hpc [2011/10/14 07:39:04 | 000,003,584 | RHS- | C] () -- C:\Documents and Settings\RouchiM\ntuser.pol [2011/10/14 07:38:56 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\RouchiM\Application Data\$_hpcst$.hpc [2011/07/28 02:45:29 | 000,003,394 | RHS- | C] () -- C:\Documents and Settings\grueblm\ntuser.pol [2011/07/28 02:45:24 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\grueblm\Application Data\$_hpcst$.hpc [2011/07/28 02:41:47 | 000,000,728 | ---- | C] () -- C:\WINDOWS\System32\DWRCCMDError.ini [2011/01/20 09:30:31 | 000,000,425 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI [2011/01/20 09:30:31 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI [2011/01/20 09:30:19 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf08b.dat [2011/01/20 09:25:34 | 000,003,414 | RHS- | C] () -- C:\Documents and Settings\lutyr\ntuser.pol [2011/01/20 09:25:30 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\lutyr\Application Data\$_hpcst$.hpc [2010/07/14 10:41:39 | 000,002,904 | RHS- | C] () -- C:\Documents and Settings\pwr_service_uc\ntuser.pol [2010/07/14 10:41:30 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\pwr_service_uc\Application Data\$_hpcst$.hpc [2010/03/02 07:51:12 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\HenningT\Local Settings\Application Data\imageCache.db [2010/03/01 01:51:38 | 000,003,414 | RHS- | C] () -- C:\Documents and Settings\laskek\ntuser.pol [2010/03/01 01:51:33 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\laskek\Application Data\$_hpcst$.hpc [2009/12/23 08:56:23 | 000,005,054 | RHS- | C] () -- C:\Documents and Settings\HenningT\ntuser.pol [2009/12/23 08:56:21 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\HenningT\Application Data\$_hpcst$.hpc [2009/09/10 08:49:46 | 000,241,664 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dll [2009/09/10 08:49:45 | 000,000,647 | ---- | C] () -- C:\WINDOWS\System32\hppapr04.dat [2009/09/08 04:44:13 | 000,982,192 | ---- | C] () -- C:\WINDOWS\System32\igkrng500.bin [2009/09/08 04:44:13 | 000,417,344 | ---- | C] () -- C:\WINDOWS\System32\igcompkrng500.bin [2009/09/08 04:18:11 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat [2009/09/08 04:05:04 | 000,002,508 | ---- | C] () -- C:\WINDOWS\system32\config\systemprofile\Application Data\$_hpcst$.hpc [2009/05/19 04:58:34 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\KOAZJJ_L.DLL [2008/03/10 19:03:31 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe [2008/03/10 19:03:29 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/03/10 19:03:28 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/03/10 19:03:25 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll [2008/03/10 19:03:20 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll [2008/03/10 19:03:18 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe [2008/03/10 19:02:00 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe [2008/03/10 19:01:37 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe [2008/03/10 10:55:42 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig [2008/03/10 10:18:24 | 000,086,583 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat [2008/02/04 13:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2007/02/12 05:09:48 | 000,003,822 | ---- | C] () -- C:\Program Files\LaufwerkeDUB.cmd [2007/02/12 05:09:48 | 000,003,817 | ---- | C] () -- C:\Program Files\LaufwerkeBER.cmd [2007/02/12 05:09:48 | 000,003,811 | ---- | C] () -- C:\Program Files\LaufwerkeETT.cmd [2007/02/12 05:09:48 | 000,003,809 | ---- | C] () -- C:\Program Files\LaufwerkeFRH.cmd [2007/02/12 05:09:48 | 000,003,808 | ---- | C] () -- C:\Program Files\LaufwerkeESS.cmd [2007/02/12 05:09:48 | 000,003,808 | ---- | C] () -- C:\Program Files\LaufwerkeDRE.cmd [2007/02/12 05:09:48 | 000,003,807 | ---- | C] () -- C:\Program Files\LaufwerkeLER.cmd [2007/02/12 05:09:48 | 000,003,796 | ---- | C] () -- C:\Program Files\LaufwerkeMUC.cmd [2007/02/12 05:09:48 | 000,003,794 | ---- | C] () -- C:\Program Files\LaufwerkeOFF.cmd [2007/02/12 05:09:48 | 000,003,580 | ---- | C] () -- C:\Program Files\LaufwerkePET.cmd [2007/02/12 02:46:42 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\pwr_install\Application Data\$_hpcst$.hpc [2007/02/12 02:41:03 | 000,008,518 | ---- | C] () -- C:\WINDOWS\System32\Dwrcs.ini [2007/02/12 02:40:40 | 000,003,414 | RHS- | C] () -- C:\Documents and Settings\pwr_install\ntuser.pol [2007/02/09 07:10:17 | 000,003,098 | R--- | C] () -- C:\WINDOWS\saplogon.ini [2007/02/09 06:30:51 | 001,064,960 | ---- | C] () -- C:\WINDOWS\System32\h5krnl32.dll [2007/02/09 06:30:51 | 000,188,928 | ---- | C] () -- C:\WINDOWS\System32\h5icon32.dll [2007/02/09 06:30:51 | 000,175,616 | ---- | C] () -- C:\WINDOWS\System32\h5menu32.dll [2007/02/09 06:30:51 | 000,095,744 | ---- | C] () -- C:\WINDOWS\System32\h5rtf32.dll [2007/02/09 06:30:51 | 000,051,200 | ---- | C] () -- C:\WINDOWS\System32\h5tool32.dll [2007/02/09 06:30:47 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\vtssm32.dll [2007/02/09 03:07:13 | 000,002,508 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc [2007/02/09 03:03:29 | 000,000,271 | ---- | C] () -- C:\WINDOWS\hpbafd.ini [2007/02/09 02:54:14 | 000,000,456 | ---- | C] () -- C:\WINDOWS\SMSCFG.ini [2007/02/08 20:26:15 | 000,093,878 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat [2007/02/08 20:26:09 | 000,091,648 | ---- | C] () -- C:\WINDOWS\System32\xcacls.exe [2007/02/08 20:26:09 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll [2007/02/08 20:26:09 | 000,000,324 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini [2007/02/08 20:26:03 | 000,447,426 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat [2007/02/08 20:26:03 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat [2007/02/08 20:26:03 | 000,073,486 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat [2007/02/08 20:26:03 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat [2007/02/08 20:26:03 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat [2007/02/08 20:26:02 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin [2007/02/08 20:26:02 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat [2007/02/08 20:26:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat [2007/02/08 20:26:01 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat [2007/02/08 20:26:01 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin [2007/02/08 20:25:58 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat [2007/02/08 20:25:58 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin [2007/02/08 13:35:45 | 000,000,463 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2007/02/08 13:32:02 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI [2007/02/08 13:31:19 | 000,317,952 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2007/02/08 12:42:01 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat [2007/02/08 12:38:01 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat [2007/02/08 12:37:26 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini [2005/04/27 18:38:00 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\hpzidi01.dll [2005/04/27 18:37:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\hpzids01.dll [2003/12/02 16:52:36 | 000,116,224 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll [2003/12/02 16:52:36 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\unredmon.exe [2003/01/07 09:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI [2000/07/14 19:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\regtlib.exe ========== LOP Check ========== [2007/02/09 03:01:56 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Autodesk [2008/03/14 05:02:41 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Application Data\Bytemobile [2007/02/09 03:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Autodesk [2009/11/06 10:57:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\UniPrint [2007/02/09 03:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grueblm\Application Data\Autodesk [2011/06/13 23:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\grueblm\Application Data\ICAClient [2009/12/23 11:39:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HenningT\Application Data\Autodesk [2011/07/24 23:15:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HenningT\Application Data\ICAClient [2009/12/23 08:56:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\HenningT\Application Data\UniPrint [2007/02/09 03:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kielerm\Application Data\Autodesk [2011/06/13 23:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\kielerm\Application Data\ICAClient [2007/02/09 03:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\laskek\Application Data\Autodesk [2010/03/01 01:52:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\laskek\Application Data\UniPrint [2009/09/08 05:40:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Vodafone [2007/02/09 03:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lutyr\Application Data\Autodesk [2011/01/20 09:25:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\lutyr\Application Data\UniPrint [2008/03/14 05:03:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Bytemobile [2009/09/08 10:44:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pwr_install\Application Data\Autodesk [2009/11/09 05:28:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pwr_install\Application Data\ICAClient [2008/03/14 03:04:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pwr_install\Application Data\OfficeUpdate12 [2009/09/09 07:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pwr_install\Application Data\UniPrint [2008/03/14 05:06:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pwr_install\Application Data\Vodafone [2007/02/09 03:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pwr_service_uc\Application Data\Autodesk [2010/07/14 10:42:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\pwr_service_uc\Application Data\UniPrint [2007/02/09 03:01:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RouchiM\Application Data\Autodesk [2011/06/13 23:15:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\RouchiM\Application Data\ICAClient [2009/12/23 11:39:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk [2011/06/13 23:16:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix [2010/03/02 07:09:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON [2013/02/11 02:05:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir [2012/04/26 08:00:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Network Associates [2011/10/14 07:46:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Swyx [2011/06/07 02:06:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TechSmith [2009/09/08 05:39:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Vodafone [2010/06/30 04:28:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{294C05C7-DB62-4385-A050-A6CF1AEF9092} ========== Purity Check ========== < End of report > OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 6/26/2013 7:04:54 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM Internet Explorer (Version = 6.0.2900.2180) Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 92.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): C:\pagefile.sys 2046 4092 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 111.79 Gb Total Space | 91.36 Gb Free Space | 81.72% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* .url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%* exefile [open] -- "%1" %* InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "FirstRunDisabled" = 1 "AntiVirusOverride" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 "UacDisableNotify" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 1 "AntiVirusDisableNotify" = 1 "FirewallDisableNotify" = 1 "FirewallOverride" = 1 "UpdatesDisableNotify" = 1 "UacDisableNotify" = 1 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Sr] "Start" = 4 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SrService] "Start" = 2 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts] "AllowUserPrefMerge" = 0 "Enabled" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\GloballyOpenPorts\List] "443:TCP:*:enabled:IVVTicket33490" = 443:TCP:*:enabled:IVVTicket33490 "6129:TCP:10.10.0.0/16:enabled:DamewareRemote" = 6129:TCP:10.10.0.0/16:enabled:DamewareRemote [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\IcmpSettings] "AllowOutboundDestinationUnreachable" = 0 "AllowOutboundSourceQuench" = 0 "AllowRedirect" = 0 "AllowInboundEchoRequest" = 1 "AllowInboundRouterRequest" = 0 "AllowOutboundTimeExceeded" = 0 "AllowOutboundParameterProblem" = 0 "AllowInboundTimestampRequest" = 0 "AllowInboundMaskRequest" = 0 "AllowOutboundPacketTooBig" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Logging] "LogDroppedPackets" = 1 "LogSuccessfulConnections" = 0 "LogFilePath" = c:\firewall.log -- () "LogFileSize" = 4096 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\RemoteAdminSettings] "Enabled" = 1 "RemoteAddresses" = 10.10.0.0/16 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\FileAndPrint] "Enabled" = 1 "RemoteAddresses" = * [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile\Services\RemoteDesktop] "Enabled" = 1 "RemoteAddresses" = 10.10.0.0/16 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\IcmpSettings] "AllowOutboundDestinationUnreachable" = 0 "AllowOutboundSourceQuench" = 0 "AllowRedirect" = 0 "AllowInboundEchoRequest" = 0 "AllowInboundRouterRequest" = 0 "AllowOutboundTimeExceeded" = 0 "AllowOutboundParameterProblem" = 0 "AllowInboundTimestampRequest" = 0 "AllowInboundMaskRequest" = 0 "AllowOutboundPacketTooBig" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Logging] "LogDroppedPackets" = 1 "LogSuccessfulConnections" = 0 "LogFilePath" = c:\firewall_std.log -- () "LogFileSize" = 4096 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\RemoteAdminSettings] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\FileAndPrint] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile\Services\RemoteDesktop] "Enabled" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "6129:TCP" = 6129:TCP:*:Enabled:DameWare Mini Remote Control Service "139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 0 "DisableUnicastResponsesToMulticastBroadcast" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] "26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service "139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004 "445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005 "137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001 "138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service "C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe" = C:\Program Files\SAP\FrontEnd\SAPgui\saplogon.exe:*:Enabled:SAP Logon for Windows -- (SAP, Walldorf) "\\PWRDEMUCSMS0001\ui_apps$\Printer\GLA_SWD\printmig.exe" = \\PWRDEMUCSMS0001\ui_apps$\Printer\GLA_SWD\printmig.exe:*:Disabled:PrintMig "C:\Program Files\SwyxIt!\CLMgr.exe" = C:\Program Files\SwyxIt!\CLMgr.exe:*:Enabled:SwyxIt! Line Manager -- (Swyx Solutions AG) "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.) [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation) "C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation) "C:\Program Files\Network Associates\Common Framework\FrameworkService.exe" = C:\Program Files\Network Associates\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service "C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0DC43240-D2BB-4E8D-97AE-ABB54BD87088}" = ODBC Treiber "{1223B61A-3D3C-4505-B3E9-CF598401A966}" = UniPrint Client 4.0 "{147BCE03-C0F1-4C9F-8157-6A89B6D2D973}" = McAfee VirusScan Enterprise "{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}" = McAfee Virtual Technician "{199C20D6-10D3-4210-B361-4760209F56AE}" = Citrix Online Plug-in (Web) "{22FC7536-BE5C-4E88-8069-C24689D34EC5}" = Snagit 10.0.1 "{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35 "{2764CA82-DFB9-4498-AF85-719340BF5305}" = Dell Resource CD "{281ECE39-F043-492B-8337-F2E546B5604A}" = PowerDVD "{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11 "{3248F0A8-6813-11D6-A77B-00B0D0150220}" = J2SE Runtime Environment 5.0 Update 22 "{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java(TM) SE Runtime Environment 6 Update 1 "{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java(TM) 6 Update 5 "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP "{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-250C "{3ECCB578-504E-4F7A-A8B4-CF4F3B939B44}" = Citrix Online Plug-in (USB) "{44D66AD9-AE19-4AFD-BE7E-A1B44C856697}" = MSXML4.0 redistributable "{450063AA-643B-417C-8CF5-405BA3F4EF40}" = Autodesk Design Review 2009 "{46DDF76F-ACD4-42BC-B48F-B89C4EE2E1A9}" = Easy CD & DVD Creator 6 "{498A4E3D-562E-4129-8722-6DCAB12384AE}" = Windows Communication Foundation Language Pack - DEU "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4AEFF024-F0D0-4AD6-8231-FF51949E91E0}" = McAfee Agent "{4E475FD4-4513-4B1D-8DDA-43912B068C99}" = HTML Slideshow Powertoy for Windows XP "{5783F2D6-7028-0407-0000-0060B0CE6BBA}" = DWG TrueView 2009 "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{678094A1-6250-476B-9AFF-4376E48F135C}" = Citrix Online Plug-in (DV) "{6855CCDD-BDF9-48E4-B80A-80DFB96FE36C}" = CmdHere Powertoy For Windows XP "{691EED82-FF4B-46F7-95C0-9885BD762444}" = Erweiterter SMS-Client "{6A69D94E-C569-4154-9643-72E94D1DDFDA}" = XPS Essentials Pack "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7228FD8C-3B9E-4204-AE36-8A466107685B}" = Windows Workflow Foundation DE Language Pack "{76367A9E-7FA0-4CE5-8CC7-45AB4E0FB3B9}" = SwyxIt! "{79546A5F-AE7C-4693-8670-A3401B43ABD2}" = HP Deskjet 5900 series "{8937FCB2-2FC6-4FC3-9FB5-DE2C92DB9C38}" = Microsoft .NET Framework 2.0 Language Pack - DEU "{8E770F99-CF23-4BF9-BF4E-E3A2924FEB27}" = Microsoft redistributable runtime DLLs VS2005 SP1(x86) "{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003 "{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system "{901E0404-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 Chinese (Traditional) User Interface Pack "{901E0407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office 2003 German User Interface Pack "{92DF2F1B-F63C-4D9A-B3E1-B2D11AE29790}" = Windows Presentation Foundation Language Pack (DEU) "{95120000-0052-0407-0000-0000000FF1CE}" = Microsoft Office Visio Viewer 2007 "{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = Dell Touchpad "{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2 "{A47A9101-6EB5-4314-BDA1-297880FBB908}" = Microsoft redistributable runtime DLLs VS2008 SP1(x86) "{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller "{AC76BA86-7AD7-1033-7B44-A95000000001}" = Adobe Reader 9.5.0 "{AC76BA86-7AD7-2447-0000-900000000003}" = Chinese Simplified Fonts Support For Adobe Reader 9 "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACF70000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 7.0 Corporate Edition "{AED53CDF-1046-4C6B-B5E2-C195125ECDA0}" = Intel(R) PROSet/Wireless WiFi-Software "{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0 "{B3315148-BE53-4CFD-9DBD-2A48C61D1AAD}" = ePO-MVT "{B360F50F-29AF-4A62-B649-82EB8F4D87A8}" = Adobe Flash Player 10 ActiveX "{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm "{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation "{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2 "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CE15D1B6-19B6-4D4D-8F43-CF5D2C3356FF}" = McAfee VirusScan Enterprise "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CEC7A786-A9C8-4EF7-BB59-6518E3B3C878}" = vcredist_x86 "{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}" = IDT Audio "{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime "{F2A7F421-1679-48D5-B918-96999014ED53}" = Microsoft .NET Framework 3.0 German Language Pack "{FA365307-1963-4D16-BD44-113C8F037AAD}" = Citrix Online Plug-in (HDX) "7-Zip" = 7-Zip 9.20 "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Adobe SVG Viewer" = Adobe SVG Viewer 3.0 "AFPL Ghostscript 8.53" = AFPL Ghostscript 8.53 "AFPL Ghostscript Fonts" = AFPL Ghostscript Fonts "ATI Display Driver" = ATI Display Driver "Autodesk Design Review 2009" = Autodesk Design Review 2009 "CitrixOnlinePluginPackWeb" = Citrix Online Plug-in - Web "CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2C06&SUBSYS_14F1000F" = Conexant HDA D330 MDC V.92 Modem "DamewareMirror" = DameWare Development Mirror Driver Uninstall "DWG TrueView 2009" = DWG TrueView 2009 "EPSON S21 Series" = Druckerdeinstallation für EPSON S21 Series "FreePDF_XP" = FreePDF XP (Remove only) "HDMI" = Intel(R) Graphics Media Accelerator Driver "McAfee Anti-Spyware Enterprise Module" = McAfee AntiSpyware Enterprise Module "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 2.0 Language Pack - DEU" = Microsoft .NET Framework 2.0 Language Pack - DEU "Microsoft .NET Framework 3.0 German Language Pack" = Microsoft .NET Framework 3.0 German Language Pack "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de) "Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de) "MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP "NVIDIA Drivers" = NVIDIA Drivers "ProInst" = Intel PROSet Wireless "Redirection Port Monitor" = RedMon - Redirection Port Monitor "SAP_ECL" = ECL Viewer "SAPGUI710" = SAP GUI for Windows 7.20 "SAPSPrint" = SAP GUI Print Service "Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5 "WIC" = Windows Imaging Component "Windows Media Format Runtime" = Windows Media Format 11 runtime "Windows Media Player" = Windows Media Player 11 "WMFDist11" = Windows Media Format 11 runtime "wmp11" = Windows Media Player 11 "Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0 "XpsEP" = XPS Essentials Pack 1.0 "XpsEPSC" = XML Paper Specification Shared Components Pack 1.0 "XPSEPSCLP" = XML Paper Specification Shared Components Language Pack 1.0 < End of report > |
26.06.2013, 17:33 | #3 |
/// Helfer-Team | GVU TrojanerDie Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTLpe
Code:
ATTFilter :OTL O4 - HKU\RouchiM_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\pwr_service_uc_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\pwr_install_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\lutyr_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\laskek_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\kielerm_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\HenningT_ON_C..\Run: [ctfmon32.exe] C:\Documents and Settings\All Users\Application Data\toirv.dat (ggggggggggggggggggggggggggg) O4 - HKU\HenningT_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\grueblm_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\Administrator_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O33 - MountPoints2\{17603573-9c50-11de-b098-80e7bc4fc565}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\scsaver.exe [2013/06/25 17:51:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe [2013/06/25 17:51:15 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\HenningT\Start Menu\Programs\Startup\regmonstd.lnk [2013/06/25 17:51:09 | 000,261,632 | ---- | C] (ggggggggggggggggggggggggggg) -- C:\Documents and Settings\All Users\Application Data\toirv.dat [2013/06/25 17:51:13 | 000,003,084 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vriot.js [2013/06/25 17:51:11 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vriot.pad
dann normal neustarten, und: 2. Schritt Downloade Dir bitte Malwarebytes Anti-Malware
danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ |
26.06.2013, 18:04 | #4 |
| GVU Trojaner habe auf dem fix button geklickt und als logfile kam das Error: Unable to interpret <:OTL O4 - HKU\RouchiM_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\pwr_service_uc_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\pwr_install_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\lutyr_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\laskek_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\kielerm_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\HenningT_ON_C..\Run: [ctfmon32.exe] C:\Documents and Settings\All Users\Application Data\toirv.dat (ggggggggggggggggggggggggggg) O4 - HKU\HenningT_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (> in the current context! Error: Unable to interpret <Microsoft Corporation) O4 - HKU\grueblm_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\Administrator_ON_C..\Run: [ctfmon.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O4 - HKU\.DEFAULT..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation) O33 - MountPoints2\{17603573-9c50-11de-b098-80e7bc4fc565}\Shell\AutoRun\command - "" = E:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\scsaver.exe [2013/06/25 17:51:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\rundll32.exe [2013/06/25 17:51:15 | 000,000,794 | ---- | M] () -- C:\Documents and Settings\HenningT\Start Menu\Programs\Startup\regmonstd.lnk [2013/06/25 17:51:09 | 000,261,632 | ---- | C] (ggggggggggggggggggggggggggg) -- C:\Documents and Settings\All Users\Application Data\toirv.dat [2013/06/25 17:51:13 | 000,003,084 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\vriot.js [2013/06/25 17> in the current context! Error: Unable to interpret <:51:11 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\vriot.pad> in the current context! OTLPE by OldTimer - Version 3.1.48.0 log created on 06262013_210239 |
26.06.2013, 18:31 | #5 |
/// Helfer-Team | GVU Trojaner bitte kopiere den Fix mit einem anderen Browser! |
30.09.2013, 08:25 | #6 |
/// Helfer-Team | GVU Trojaner Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________ --> GVU Trojaner |
Themen zu GVU Trojaner |
beheben, eingefangen, faust, gefangen, gen, gvu trojaner, hallo zusammen, kaspersky, nichts, problem, seite, sofort, sperrbildschirm, stick, troja, trojane, trojaner, trojaner eingefangen, usb, usb stick, windows, windowsunlocker, zusammen |