Seite konnte nicht geladen werden, Abgesicherter Modus geht nicht

loreenfsv · 04.10.2012, 20:17

Hallo zusammen,

könnt ihr mir bitte helfen ich erhalte folgenden Inahlt aus dem Scan:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 10/5/2012 12:10:19 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000407 | Country: Germany | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\WIN | %ProgramFiles% = C:\Program Files
Drive C: | 24.42 Gb Total Space | 5.29 Gb Free Space | 21.65% Space Free | Partition Type: NTFS
Drive D: | 87.37 Gb Total Space | 1.45 Gb Free Space | 1.65% Space Free | Partition Type: NTFS
Drive F: | 1.86 Gb Total Space | 1.85 Gb Free Space | 99.68% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto] --  -- (msupdate)
SRV - [2012/09/17 00:23:14 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\program files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/06/02 08:12:50 | 000,161,736 | ---- | M] (Oracle Corporation) [Auto] -- C:\Program Files\Java\jre7\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2012/05/04 12:56:56 | 000,345,616 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\BM\TMBMSRV.exe -- (TMBMServer)
SRV - [2010/09/06 12:56:38 | 000,247,096 | ---- | M] () [Auto] -- C:\program files\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/03/22 09:53:24 | 000,068,000 | ---- | M] (NOS Microsystems Ltd.) [On_Demand] -- C:\program files\NOS\bin\getPlus_Helper.dll -- (getPlusHelper) getPlus(R)
SRV - [2010/02/02 11:35:20 | 001,337,488 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\OfficeScan NT\tmlisten.exe -- (tmlisten)
SRV - [2010/02/02 11:33:18 | 001,385,768 | ---- | M] (Trend Micro Inc.) [Auto] -- C:\Program Files\OfficeScan NT\ntrtscan.exe -- (ntrtscan)
SRV - [2010/01/07 05:42:50 | 000,689,416 | ---- | M] (Trend Micro Inc.) [On_Demand] -- C:\Program Files\OfficeScan NT\TmProxy.exe -- (TmProxy)
SRV - [2009/11/25 04:41:28 | 001,740,800 | ---- | M] (iPass, Inc.) [Auto] -- C:\program files\iPassConnect RLA\iPassConnectEngine.exe -- (iPassConnectEngine)
SRV - [2009/11/25 04:32:12 | 000,167,936 | ---- | M] (iPass, Inc.) [Auto] -- C:\program files\iPassConnect RLA\iPassPeriodicUpdateApp.exe -- (iPassPeriodicUpdateApp)
SRV - [2009/11/25 04:32:12 | 000,114,688 | ---- | M] (iPass, Inc.) [Auto] -- C:\program files\iPassConnect RLA\iPassPeriodicUpdateService.exe -- (iPassPeriodicUpdateService)
SRV - [2009/10/09 04:07:22 | 000,493,248 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2008/10/29 11:51:01 | 000,068,865 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe -- (AntiVirScheduler)
SRV - [2008/10/29 11:50:56 | 000,151,297 | ---- | M] (Avira GmbH) [Auto] -- C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe -- (AntiVirService)
SRV - [2008/02/28 11:51:20 | 000,007,168 | ---- | M] () [Auto] -- C:\Program Files\Fujitsu Siemens Computers\WhoAmI\MgmtService.exe -- (MgmtSvc)
SRV - [2007/04/12 21:50:00 | 000,590,712 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WIN\system32\CCM\CcmExec.exe -- (CcmExec)
SRV - [2007/02/25 15:55:18 | 000,125,048 | ---- | M] (TOSHIBA CORPORATION) [Auto] -- C:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe -- (TOSHIBA Bluetooth Service)
SRV - [2005/06/10 13:59:56 | 001,422,336 | ---- | M] (Cisco Systems, Inc.) [Auto] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2005/02/25 05:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand] -- C:\WIN\System32\lxcccoms.exe -- (lxcc_device)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand] --  -- (WDICA)
DRV - File not found [Kernel | On_Demand] --  -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDRELI)
DRV - File not found [Kernel | On_Demand] --  -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] --  -- (PDCOMP)
DRV - File not found [Kernel | System] --  -- (PCIDump)
DRV - File not found [Kernel | On_Demand] --  -- (PCASp50)
DRV - File not found [Kernel | System] --  -- (lbrtfdc)
DRV - File not found [Kernel | System] --  -- (i2omgmt)
DRV - File not found [Kernel | System] --  -- (Changer)
DRV - [2012/04/19 19:18:56 | 000,073,008 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WIN\system32\drivers\tmactmon.sys -- (tmactmon)
DRV - [2012/04/19 19:18:42 | 000,060,648 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WIN\system32\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV - [2012/04/13 04:41:10 | 000,205,408 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\WIN\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2012/03/28 16:11:02 | 000,020,032 | ---- | M] (Devguru Co., Ltd) [Kernel | On_Demand] -- C:\WIN\system32\drivers\dgderdrv.sys -- (dgderdrv)
DRV - [2011/07/12 04:44:10 | 000,262,416 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\program files\OfficeScan NT\TmXpflt.sys -- (TmFilter)
DRV - [2011/07/12 04:43:58 | 000,036,624 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\program files\OfficeScan NT\TmPreflt.sys -- (TmPreFilter)
DRV - [2011/07/12 04:09:32 | 001,405,720 | ---- | M] (Trend Micro Inc.) [Kernel | Auto] -- C:\program files\OfficeScan NT\VsapiNT.sys -- (VSApiNt)
DRV - [2011/06/02 01:47:22 | 000,136,808 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WIN\system32\drivers\ssadmdm.sys -- (ssadmdm)
DRV - [2011/06/02 01:47:22 | 000,121,064 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WIN\system32\drivers\ssadbus.sys -- (ssadbus) SAMSUNG Android USB Composite Device driver (WDM)
DRV - [2011/06/02 01:47:22 | 000,012,776 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- C:\WIN\system32\drivers\ssadmdfl.sys -- (ssadmdfl) SAMSUNG Android USB Modem (Filter)
DRV - [2010/07/16 08:02:44 | 000,090,256 | ---- | M] (Trend Micro Inc.) [Kernel | System] -- C:\WIN\system32\drivers\tmtdi.sys -- (tmtdi)
DRV - [2010/04/26 02:30:09 | 000,021,393 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- C:\WIN\system32\drivers\iPassP.sys -- (iPassP) iPass Protocol (IEEE 802.1x)
DRV - [2009/12/14 03:21:44 | 000,036,608 | ---- | M] () [Kernel | On_Demand] -- C:\WIN\system32\FsUsbExDisk.Sys -- (FsUsbExDisk)
DRV - [2009/10/09 03:50:50 | 000,020,152 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WIN\system32\drivers\vpnva.sys -- (vpnva)
DRV - [2009/05/28 06:43:14 | 000,075,096 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WIN\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/05/28 06:43:11 | 000,052,056 | ---- | M] (Avira GmbH) [File_System | On_Demand] -- C:\program files\Avira\AntiVir PersonalEdition Classic\avgntflt.sys -- (avgntflt)
DRV - [2009/05/28 06:43:10 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\program files\Avira\AntiVir PersonalEdition Classic\avgio.sys -- (avgio)
DRV - [2008/04/13 18:26:08 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WIN\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 18:16:24 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WIN\system32\drivers\mpe.sys -- (MPE)
DRV - [2007/11/08 13:03:26 | 000,021,248 | ---- | M] (AVIRA GmbH) [Kernel | System] -- C:\WIN\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2007/08/07 09:00:00 | 004,419,584 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WIN\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/08/07 09:00:00 | 002,203,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WIN\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2007/08/07 09:00:00 | 000,982,272 | ---- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\WIN\system32\drivers\smserial.sys -- (smserial)
DRV - [2007/08/07 09:00:00 | 000,259,712 | ---- | M] (Marvell) [Kernel | On_Demand] -- C:\WIN\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2007/08/07 09:00:00 | 000,056,573 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- C:\WIN\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2007/06/11 08:25:28 | 000,041,856 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WIN\system32\drivers\tosrfusb.sys -- (tosrfusb)
DRV - [2007/05/24 08:27:30 | 000,064,000 | ---- | M] (TOSHIBA Corporation) [Kernel | System] -- C:\WIN\system32\drivers\tosrfcom.sys -- (Tosrfcom)
DRV - [2007/05/14 04:26:10 | 000,508,288 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand] -- C:\WIN\system32\drivers\PFC027.SYS -- (PAC207)
DRV - [2007/04/24 07:20:06 | 000,113,920 | ---- | M] (TOSHIBA CORPORATION) [Kernel | On_Demand] -- C:\WIN\system32\drivers\tosrfbd.sys -- (tosrfbd)
DRV - [2007/04/13 04:20:46 | 000,024,064 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\WIN\system32\drivers\RTL2831UUSB.sys -- (RTL2831UUSB)
DRV - [2007/04/13 04:04:30 | 000,062,720 | ---- | M] (REALTEK SEMICONDUCTOR Corp.) [Kernel | On_Demand] -- C:\WIN\system32\drivers\RTL2831UBDA.sys -- (RTL2831UBDA)
DRV - [2007/04/12 21:50:00 | 000,023,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WIN\system32\CCM\PrepDrv.sys -- (prepdrvr)
DRV - [2007/03/01 10:53:10 | 000,073,728 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WIN\system32\drivers\Tosrfhid.sys -- (Tosrfhid)
DRV - [2007/01/22 04:43:26 | 000,053,376 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WIN\system32\drivers\TosRfSnd.sys -- (TosRfSnd)
DRV - [2006/11/20 11:55:16 | 000,036,480 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WIN\system32\drivers\tosrfbnp.sys -- (tosrfbnp)
DRV - [2006/10/10 13:33:00 | 000,041,600 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand] -- C:\WIN\system32\drivers\tosporte.sys -- (tosporte)
DRV - [2006/09/28 05:47:48 | 000,283,776 | ---- | M] (AfaTech                  ) [Kernel | On_Demand] -- C:\WIN\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2005/07/11 12:58:00 | 000,003,712 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WIN\system32\drivers\Toshidpt.sys -- (toshidpt)
DRV - [2005/06/10 13:58:16 | 000,298,571 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WIN\system32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2005/05/16 22:51:34 | 000,005,315 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- C:\WIN\system32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2005/02/23 09:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WIN\system32\drivers\afc.sys -- (Afc)
DRV - [2005/01/25 22:22:20 | 000,280,344 | ---- | M] (Zone Labs LLC) [Kernel | On_Demand] -- C:\WIN\system32\vsdatant.sys -- (vsdatant)
DRV - [2005/01/06 23:42:00 | 000,018,612 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand] -- C:\WIN\system32\drivers\tosrfnds.sys -- (tosrfnds)
DRV - [2004/11/03 06:07:24 | 000,146,888 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- C:\WIN\system32\drivers\dne2000.sys -- (DNE)
DRV - [2004/08/04 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WIN\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto] -- C:\WIN\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2001/01/22 08:23:36 | 000,006,080 | ---- | M] (Zeal SoftStudio) [Kernel | Auto] -- C:\WIN\system32\drivers\zntport.sys -- (zntport)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://my.fsc.net/
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WIN\system32\blank.htm
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.fsc.net/
IE - HKU\.DEFAULT\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQ6Toolbar\1010291500\ICQToolBar.dll (ICQ)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WIN\system32\blank.htm
IE - HKU\Administrator_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.fsc.net/
IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\FSC_WXPINST_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.fsc.net/
IE - HKU\FSC_WXPINST_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\FSCpwReset_ON_D\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WIN\system32\blank.htm
IE - HKU\FSCpwReset_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.fsc.net/
IE - HKU\FSCpwReset_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\FSCpwReset_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
IE - HKU\FSCpwReset_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 
 
IE - HKU\LocalService.NT-AUTORITÄT.001_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.fsc.net/
IE - HKU\LocalService.NT-AUTORITÄT.001_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\MCHFROEHLICHL_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.qip.ru
IE - HKU\MCHFROEHLICHL_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://search.qip.ru
IE - HKU\MCHFROEHLICHL_ON_D\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WIN\system32\blank.htm
IE - HKU\MCHFROEHLICHL_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://search.qip.ru
IE - HKU\MCHFROEHLICHL_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\MCHFROEHLICHL_ON_D\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://search.qip.ru
IE - HKU\MCHFROEHLICHL_ON_D\..\URLSearchHook:  - Reg Error: Key error. File not found
IE - HKU\MCHFROEHLICHL_ON_D\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQ6Toolbar\1010291500\ICQToolBar.dll (ICQ)
IE - HKU\MCHFROEHLICHL_ON_D\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\program files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
IE - HKU\MCHFROEHLICHL_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\MCHFROEHLICHL_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;localhost.*;127.0.0.*;*.fsc.net;fireball.cognitas.de;141.29.*;149.202.90.*;149.202.148.*;10.*;172.*;192.168.*;<local>;*.local
IE - HKU\MCHFROEHLICHL_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = proxy.mch.fsc.net:81
IE - HKU\MCHFROEHLICHL_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "AutoConfigURL" = hxxp://proxyconf.fsc.net
 
IE - HKU\NetworkService.NT-AUTORITÄT.001_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.fsc.net/
IE - HKU\NetworkService.NT-AUTORITÄT.001_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\systemprofile_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.fsc.net/
IE - HKU\systemprofile_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\xlabautologon.MCH1263N.000_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.fsc.net/
IE - HKU\xlabautologon.MCH1263N.000_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\xlabautologon.MCH1263N.001_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.fsc.net/
IE - HKU\xlabautologon.MCH1263N.001_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\xlabautologon.MCH1263N.002_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://my.fsc.net/
IE - HKU\xlabautologon.MCH1263N.002_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WIN\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WIN\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\program files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\program files\DivX\DivX Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\program files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\program files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\program files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\WIN\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\program files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\program files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WIN\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player: d:\Profiles\MCHFROEHLICHL\Application Data\Move Networks\plugins\071802000001\npqmp071802000001.dll (Move Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.448: C:\program files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\program files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\program files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\program files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\program files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010/03/06 21:12:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\program files\Mozilla Firefox\components [2012/09/17 00:23:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\program files\Mozilla Firefox\plugins [2011/05/13 02:25:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\program files\Mozilla Thunderbird\components [2010/07/25 17:59:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\program files\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{857610fe-b36c-47f2-b4fa-6b7affe0cf5a}: C:\Program Files\Mobile Master\ext\1\ [2011/08/13 10:39:09 | 000,000,000 | ---D | M]
 
[2011/11/27 17:27:47 | 000,000,000 | ---D | M] (No name found) -- C:\program files\Mozilla Firefox\extensions
[2009/11/22 16:30:45 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
[2009/01/08 05:56:40 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}(2)
[2012/09/17 00:23:17 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/04/12 11:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/01/13 18:46:00 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll
[2012/02/24 08:49:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/17 00:23:07 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/02/24 08:49:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/02/24 08:49:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/02/24 08:49:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/02/24 08:49:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2004/08/04 08:00:00 | 000,000,734 | ---- | M]) - C:\WIN\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\program files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\program files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\program files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\program files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\program files\ICQ6Toolbar\1010291500\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\program files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O3 - HKU\Administrator_ON_D\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\Administrator_ON_D\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\MCHFROEHLICHL_ON_D\..\Toolbar\ShellBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - No CLSID value found.
O3 - HKU\MCHFROEHLICHL_ON_D\..\Toolbar\ShellBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\MCHFROEHLICHL_ON_D\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\program files\DVDVideoSoftTB\tbDVDV.dll (Conduit Ltd.)
O4 - HKLM..\Run: [Alcmtr] C:\WIN\ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CfgDownload] C:\program files\IXOS\bin\CfgDownload.exe (IXOS SOFTWARE AG - an Open Text company)
O4 - HKLM..\Run: [Communicator] C:\Program Files\Microsoft Office Communicator\communicator.exe (Microsoft Corporation)
O4 - HKLM..\Run: [CoolSwitch] C:\WIN\system32\TaskSwitch.exe ()
O4 - HKLM..\Run: [Driver Fetch] C:\Program Files\Driver Fetch\2.3.0.8\DriverFetch.exe ()
O4 - HKLM..\Run: [IR_SERVER] C:\program files\Realtek\REALTEK DVB-T USB DEVICE\IR_SERVER.exe (Realtek)
O4 - HKLM..\Run: [KernelFaultCheck]  File not found
O4 - HKLM..\Run: [KiesTrayAgent] C:\program files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LXCCCATS] C:\WIN\System32\spool\DRIVERS\W32X86\3\LXCCtime.DLL ()
O4 - HKLM..\Run: [lxccmon.exe]  File not found
O4 - HKLM..\Run: [Monitor] C:\WIN\PixArt\PAC207\Monitor.exe (PixArt Imaging Incorporation)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [OfficeScanNT Monitor] C:\Program Files\OfficeScan NT\pccntmon.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\program files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TouchPadHotKey] C:\program files\FSC\TouchPad HotKey Utility\TouchPad_HotKey.exe ()
O4 - HKU\FSCpwReset_ON_D..\Run: [DrvMon.exe]  File not found
O4 - HKU\FSCpwReset_ON_D..\Run: [IECheck]  File not found
O4 - HKU\MCHFROEHLICHL_ON_D..\Run: [ICQ] C:\program files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O4 - HKU\MCHFROEHLICHL_ON_D..\Run: [iqjogtkhqqzeytq] C:\WIN\iqjogtkh.exe ()
O4 - HKU\MCHFROEHLICHL_ON_D..\Run: [KiesHelper] C:\Program Files\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKU\MCHFROEHLICHL_ON_D..\Run: [KiesPDLR] C:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKU\MCHFROEHLICHL_ON_D..\Run: [KiesTrayAgent] C:\program files\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\MCHFROEHLICHL_ON_D..\Run: [MirandaIM] C:\Program Files\Miranda IM\miranda32.exe ( )
O4 - HKU\MCHFROEHLICHL_ON_D..\Run: [MMAgent] C:\program files\Mobile Master\MMAgent.exe (Jumping Bytes)
O4 - HKU\FSC_WXPINST_ON_D..\RunOnce: [NewUser] C:\WIN\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\FSC_WXPINST_ON_D..\RunOnce: [tscuninstall] C:\WIN\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\LocalService.NT-AUTORITÄT.001_ON_D..\RunOnce: [NewUser] C:\WIN\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\LocalService.NT-AUTORITÄT.001_ON_D..\RunOnce: [tscuninstall] C:\WIN\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\NetworkService.NT-AUTORITÄT.001_ON_D..\RunOnce: [NewUser] C:\WIN\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\NetworkService.NT-AUTORITÄT.001_ON_D..\RunOnce: [tscuninstall] C:\WIN\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\systemprofile_ON_C..\RunOnce: [NewUser] C:\WIN\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\systemprofile_ON_C..\RunOnce: [tscuninstall] C:\WIN\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\xlabautologon.MCH1263N.000_ON_D..\RunOnce: [NewUser] C:\WIN\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\xlabautologon.MCH1263N.000_ON_D..\RunOnce: [tscuninstall] C:\WIN\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\xlabautologon.MCH1263N.001_ON_D..\RunOnce: [NewUser] C:\WIN\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\xlabautologon.MCH1263N.001_ON_D..\RunOnce: [tscuninstall] C:\WIN\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\xlabautologon.MCH1263N.002_ON_D..\RunOnce: [NewUser] C:\WIN\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\xlabautologon.MCH1263N.002_ON_D..\RunOnce: [tscuninstall] C:\WIN\system32\tscupgrd.exe (Microsoft Corporation)
O4 - Startup: d:\Profiles\All Users\Start Menu\Programs\Startup\AIS Auto Assistant.lnk = C:\WIN\Installer\{78A968B3-AA7C-472C-9A7A-3104B92DDEC8}\_8DE2246EBDF26D198B98D4.exe ()
O4 - Startup: d:\Profiles\All Users\Start Menu\Programs\Startup\Bluetooth Manager.lnk = C:\program files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)
O4 - Startup: d:\Profiles\All Users\Start Menu\Programs\Startup\WirelessSelector.lnk = C:\program files\FSC\Wireless Utility\WirelessSelector.exe (ITE Tech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWelcomeScreen = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonType = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\FSC_WXPINST_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRun = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRunOnce = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableLocalMachineRun = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisableCurrentUserRunOnce = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoChangeStartMenu = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSimpleStartMenu = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogoff = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetFolders = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyDocs = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMMyPictures = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuMyMusic = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFavoritesMenu = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStartMenuNetworkPlaces = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetHood = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetConnectDisconnect = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMConfigurePrograms = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoNetworkConnections = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayContextMenu = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRecycleFiles = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoShellSearchButton = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarCustomize = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoTrayItemsDisplay = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoAddPrinter = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoExpandedNewMenu = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: SpecifyDefaultButtons = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Search = 2
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Favorites = 2
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Folders = 2
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Tools = 2
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_MailNews = 2
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Edit = 2
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Discussions = 2
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Encoding = 2
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Size = 2
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Fullscreen = 2
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Media = 2
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_Print = 2
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Btn_History = 2
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCommonGroups = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 67108863
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 67108863
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LockTaskbar = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService.NT-AUTORITÄT.001_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\MCHFROEHLICHL_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O7 - HKU\MCHFROEHLICHL_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\MCHFROEHLICHL_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 1
O7 - HKU\MCHFROEHLICHL_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktopCleanupWizard = 1
O7 - HKU\MCHFROEHLICHL_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWebServices = 1
O7 - HKU\NetworkService.NT-AUTORITÄT.001_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\xlabautologon.MCH1263N.000_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\xlabautologon.MCH1263N.001_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\xlabautologon.MCH1263N.002_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WIN\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: In neuer Registerkarte im Hintergrund öffnen - C:\Program Files\Windows Live Toolbar\Components\de-de\msntabres.dll.mui (Microsoft Corporation)
O8 - Extra context menu item: In neuer Registerkarte im Vordergrund öffnen - C:\Program Files\Windows Live Toolbar\Components\de-de\msntabres.dll.mui (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\program files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\program files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\program files\ICQ7.2\ICQ.exe (ICQ, LLC.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WIN\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\program files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKU\.DEFAULT\..Trusted Domains: cytric.net ([kallisto] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: webex.com ([fujitsu-siemens] * in Trusted sites)
O15 - HKU\MCHFROEHLICHL_ON_D\..Trusted Domains: webex.com ([fujitsu-siemens] * in Trusted sites)
O16 - DPF: {4D675B26-6F56-4410-B20F-AE6BF305D696} hxxp://ecrm.fujitsu-siemens.com/fsc_ecrm_deu/19221/applets/SiebelAx_OutBound_mail.cab (Siebel Email Support for Microsoft Outlook and Lotus Notes)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8C244272-1DC1-4CE7-9C6C-FABCA09EB543} hxxp://ecrm.fujitsu-siemens.com/fsc_ecrm_deu/19221/applets/SiebelAx_Desktop_Integration.cab (Siebel Desktop Integration)
O16 - DPF: {9FE53AD1-6AC3-4C41-927D-1BEE9E4F683E} hxxp://ecrm.fujitsu-siemens.com/fsc_ecrm_deu/19221/applets/SiebelAx_HI_Client.cab (Siebel High Interactivity Framework)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = mch.fsc.net
O18 - Protocol\Handler\saphtmlp {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\program files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\sapr3 {D1F8BD1E-7967-11D2-B43A-006094B9EADB} - C:\program files\SAP\FrontEnd\SAPgui\SAPHTMLP.DLL (SAP AG, Walldorf)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\program files\common files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WIN\explorer.exe (Microsoft Corporation)
O20 - HKU\FSCpwReset_ON_D Winlogon: Shell - ("%ProgramFiles%\AIS\AIS Password Reset\bin\AISPasswordReset.exe") - C:\Program Files\AIS\AIS Password Reset\bin\AISPasswordReset.exe (Fujitsu Siemens Computers)
O24 - Desktop WallPaper: C:\\WIN\\FSCBg.bmp
O24 - Desktop BackupWallPaper: C:\\WIN\\FSCBg.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\program files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (nwprovau) - C:\WIN\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/08/14 00:33:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/10/04 13:34:07 | 000,000,000 | ---D | C] -- d:\Profiles\All Users\Application Data\dvfiscwvqnqxldt
[2009/08/04 04:53:47 | 003,145,728 | ---- | C] (SAP Technology,Inc) -- C:\Program Files\Common Files\sapxlhelper.dll
[2009/08/04 04:53:46 | 000,626,688 | ---- | C] (SAP AG) -- C:\Program Files\Common Files\sapconsaccess.dll
[2009/08/04 04:53:46 | 000,192,512 | ---- | C] (SAP Tech Inc.) -- C:\Program Files\Common Files\sapconsr3.dll
[2009/08/04 04:53:44 | 000,040,960 | ---- | C] (SAP-TECHNOLOGY) -- C:\Program Files\Common Files\DigitalSignature.ocx
[4 C:\WIN\System32\dllcache\*.tmp files -> C:\WIN\System32\dllcache\*.tmp -> ]
[4 C:\WIN\System32\*.tmp files -> C:\WIN\System32\*.tmp -> ]
[1 C:\WIN\*.tmp files -> C:\WIN\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/10/04 16:51:51 | 000,001,108 | ---- | M] () -- C:\WIN\tasks\GoogleUpdateTaskMachineCore.job
[2012/10/04 16:51:02 | 000,002,048 | --S- | M] () -- C:\WIN\bootstat.dat
[2012/10/04 14:04:28 | 001,119,904 | ---- | M] () -- d:\Profiles\LocalService.NT-AUTORITÄT.001\Local Settings\Application Data\FontCache3.0.0.0.dat
[2012/10/04 13:40:00 | 000,002,206 | ---- | M] () -- C:\WIN\System32\wpa.dbl
[2012/10/04 13:34:07 | 000,076,332 | ---- | M] () -- d:\Profiles\All Users\Application Data\cvlbjfoywetcmod
[2012/10/04 13:33:34 | 000,105,984 | ---- | M] () -- d:\Profiles\All Users\Application Data\iqjogtkh.exe
[2012/10/04 13:33:34 | 000,105,984 | ---- | M] () -- C:\WIN\iqjogtkh.exe
[2012/10/04 13:33:34 | 000,105,984 | ---- | M] () -- d:\Profiles\MCHFROEHLICHL\0.9324305572022961.exe
[2012/10/04 13:11:00 | 000,001,112 | ---- | M] () -- C:\WIN\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/22 08:05:33 | 000,000,664 | ---- | M] () -- C:\WIN\System32\d3d9caps.dat
[2012/09/05 13:17:56 | 000,074,860 | ---- | M] () -- d:\Profiles\MCHFROEHLICHL\Desktop\holi.jpg
[4 C:\WIN\System32\dllcache\*.tmp files -> C:\WIN\System32\dllcache\*.tmp -> ]
[4 C:\WIN\System32\*.tmp files -> C:\WIN\System32\*.tmp -> ]
[1 C:\WIN\*.tmp files -> C:\WIN\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/10/04 13:34:06 | 000,105,984 | ---- | C] () -- C:\WIN\iqjogtkh.exe
[2012/10/04 13:34:05 | 000,105,984 | ---- | C] () -- d:\Profiles\All Users\Application Data\iqjogtkh.exe
[2012/10/04 13:33:39 | 000,076,332 | ---- | C] () -- d:\Profiles\All Users\Application Data\cvlbjfoywetcmod
[2012/10/04 13:33:34 | 000,105,984 | ---- | C] () -- d:\Profiles\MCHFROEHLICHL\0.9324305572022961.exe
[2012/09/05 13:17:55 | 000,074,860 | ---- | C] () -- d:\Profiles\MCHFROEHLICHL\Desktop\holi.jpg
[2012/06/02 13:43:48 | 000,000,838 | ---- | C] () -- d:\Profiles\MCHFROEHLICHL\.recently-used.xbel
[2011/09/13 15:09:02 | 000,012,887 | ---- | C] () -- d:\Profiles\MCHFROEHLICHL\.TransferManager.db
[2011/06/19 17:13:07 | 000,001,141 | ---- | C] () -- C:\WIN\cdplayer.ini
[2011/06/07 18:17:34 | 000,000,000 | ---- | C] () -- d:\Profiles\MCHFROEHLICHL\Application Data\.NANotifyHere
[2011/04/30 11:40:46 | 000,102,400 | ---- | C] () -- C:\WIN\RegBootClean.exe
[2011/04/27 08:19:32 | 000,030,568 | ---- | C] () -- C:\WIN\MusiccityDownload.exe
[2011/04/27 08:19:30 | 000,974,848 | ---- | C] () -- C:\WIN\System32\cis-2.4.dll
[2011/04/27 08:19:30 | 000,081,920 | ---- | C] () -- C:\WIN\System32\issacapi_bs-2.3.dll
[2011/04/27 08:19:30 | 000,065,536 | ---- | C] () -- C:\WIN\System32\issacapi_pe-2.3.dll
[2011/04/27 08:19:30 | 000,057,344 | ---- | C] () -- C:\WIN\System32\issacapi_se-2.3.dll
[2010/07/17 15:15:33 | 001,119,904 | ---- | C] () -- d:\Profiles\LocalService.NT-AUTORITÄT.001\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/04/26 02:30:08 | 000,356,352 | ---- | C] () -- C:\WIN\System32\iPassI5Installer.exe
[2010/03/29 13:17:56 | 000,110,592 | ---- | C] () -- C:\WIN\System32\FsUsbExDevice.Dll
[2010/03/29 13:17:56 | 000,036,608 | ---- | C] () -- C:\WIN\System32\FsUsbExDisk.Sys
[2010/03/29 13:17:43 | 000,002,528 | ---- | C] () -- d:\Profiles\MCHFROEHLICHL\Application Data\$_hpcst$.hpc
[2009/12/07 08:14:28 | 000,008,575 | ---- | C] () -- C:\WIN\cfgrt_ex.ini
[2009/11/14 12:13:08 | 000,004,096 | ---- | C] () -- C:\WIN\d3dx.dat
[2009/10/06 03:16:00 | 000,819,200 | ---- | C] () -- C:\WIN\System32\xvidcore.dll
[2009/09/08 08:38:02 | 000,040,960 | ---- | C] () -- C:\WIN\System32\lxccvs.dll
[2009/08/18 12:07:40 | 000,000,245 | ---- | C] () -- C:\WIN\System32\AF15IRTBL.bin
[2009/08/12 03:23:05 | 000,000,094 | ---- | C] () -- C:\WIN\FileArc.ini
[2009/08/04 11:56:41 | 000,000,664 | ---- | C] () -- C:\WIN\System32\d3d9caps.dat
[2009/08/04 04:53:45 | 000,949,760 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL_nosig.xlt
[2009/08/04 04:53:44 | 000,955,904 | ---- | C] () -- C:\Program Files\Common Files\SAPActiveXL.xlt
[2009/06/11 16:45:38 | 000,000,098 | ---- | C] () -- C:\WIN\WirelessFTP.INI
[2009/04/20 07:50:08 | 000,000,122 | ---- | C] () -- d:\Profiles\MCHFROEHLICHL\Local Settings\Application Data\fusioncache.dat
[2009/04/20 07:35:30 | 000,175,616 | ---- | C] () -- C:\WIN\System32\h5menu32.dll
[2009/04/20 07:35:30 | 000,095,744 | ---- | C] () -- C:\WIN\System32\h5rtf32.dll
[2009/04/20 07:35:30 | 000,051,200 | ---- | C] () -- C:\WIN\System32\h5tool32.dll
[2009/04/20 07:35:29 | 001,064,960 | ---- | C] () -- C:\WIN\System32\h5krnl32.dll
[2009/04/20 07:35:28 | 000,188,928 | ---- | C] () -- C:\WIN\System32\h5icon32.dll
[2009/03/16 06:33:06 | 000,017,920 | ---- | C] () -- d:\Profiles\MCHFROEHLICHL\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/22 06:18:43 | 000,037,300 | RHS- | C] () -- d:\Profiles\MCHFROEHLICHL\ntuser.pol
[2008/12/10 04:30:48 | 000,015,770 | R--- | C] () -- C:\WIN\saplogon_dev_inte.ini
[2008/12/10 04:30:48 | 000,012,010 | R--- | C] () -- C:\WIN\saplogon_e.ini
[2008/12/10 04:30:48 | 000,011,994 | R--- | C] () -- C:\WIN\saplogon_d.ini
[2008/12/10 04:30:48 | 000,011,305 | ---- | C] () -- C:\WIN\saplogon.ini
[2008/12/10 04:30:48 | 000,000,214 | ---- | C] () -- C:\WIN\sapmsg.ini
[2008/12/10 04:29:03 | 000,015,872 | ---- | C] () -- C:\WIN\System32\vtssm32.dll
[2008/11/25 17:29:30 | 000,000,000 | ---- | C] () -- C:\WIN\tosOBEX.INI
[2008/11/22 15:42:58 | 000,363,520 | ---- | C] () -- C:\WIN\System32\psisdecd.dll
[2008/10/22 13:14:41 | 000,000,056 | -H-- | C] () -- C:\WIN\System32\ezsidmv.dat
[2008/10/22 13:03:17 | 000,000,314 | ---- | C] () -- C:\WIN\System32\Remover.ini
[2008/10/17 14:58:58 | 000,000,049 | ---- | C] () -- C:\WIN\NeroDigital.ini
[2008/10/17 13:22:16 | 000,000,000 | ---- | C] () -- C:\WIN\nsreg.dat
[2008/08/14 02:27:39 | 000,003,985 | ---- | C] () -- C:\WIN\ODBCINST.INI
[2008/08/14 02:27:09 | 000,230,800 | ---- | C] () -- C:\WIN\System32\FNTCACHE.DAT
[2008/08/14 01:17:08 | 000,000,364 | ---- | C] () -- C:\WIN\ODBC.INI
[2008/08/14 01:02:37 | 000,024,576 | ---- | C] () -- C:\WIN\xpdefrag.exe
[2008/08/14 00:55:57 | 000,204,800 | ---- | C] () -- C:\WIN\System32\igfxCoIn_v4833.dll
[2008/08/14 00:55:55 | 000,910,464 | ---- | C] () -- C:\WIN\System32\igmedkrn.dll
[2008/08/14 00:55:10 | 000,000,465 | ---- | C] () -- C:\WIN\SMSCFG.ini
[2008/08/14 00:53:08 | 000,017,375 | ---- | C] () -- C:\WIN\cfgall.ini
[2008/08/14 00:37:54 | 000,002,048 | --S- | C] () -- C:\WIN\bootstat.dat
[2008/08/14 00:32:19 | 000,021,640 | ---- | C] () -- C:\WIN\System32\emptyregdb.dat
[2008/08/14 00:22:36 | 000,000,298 | ---- | C] () -- C:\WIN\System32\OEMINFO.INI
[2008/08/14 00:19:35 | 000,004,569 | ---- | C] () -- C:\WIN\System32\secupd.dat
[2008/08/14 00:19:12 | 000,478,966 | ---- | C] () -- C:\WIN\System32\perfh009.dat
[2008/08/14 00:19:12 | 000,272,128 | ---- | C] () -- C:\WIN\System32\perfi009.dat
[2008/08/14 00:19:12 | 000,084,192 | ---- | C] () -- C:\WIN\System32\perfc009.dat
[2008/08/14 00:19:12 | 000,028,626 | ---- | C] () -- C:\WIN\System32\perfd009.dat
[2008/08/14 00:19:07 | 000,004,463 | ---- | C] () -- C:\WIN\System32\oembios.dat
[2008/08/14 00:19:05 | 013,107,200 | ---- | C] () -- C:\WIN\System32\oembios.bin
[2008/08/14 00:18:57 | 000,000,741 | ---- | C] () -- C:\WIN\System32\noise.dat
[2008/08/14 00:18:32 | 000,673,088 | ---- | C] () -- C:\WIN\System32\mlang.dat
[2008/08/14 00:18:31 | 000,046,258 | ---- | C] () -- C:\WIN\System32\mib.bin
[2008/08/14 00:17:44 | 000,218,003 | ---- | C] () -- C:\WIN\System32\dssec.dat
[2008/08/14 00:17:28 | 000,001,804 | ---- | C] () -- C:\WIN\System32\dcache.bin
[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WIN\System32\structuredqueryschematrivial.bin
[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WIN\System32\structuredqueryschema.bin
[2008/04/25 07:23:38 | 000,012,288 | ---- | C] () -- C:\WIN\System32\EvOnlDiag.dll
[2007/10/25 11:26:10 | 000,005,632 | ---- | C] () -- C:\WIN\System32\drivers\StarOpen.sys
[2007/09/27 04:51:02 | 000,020,698 | ---- | C] () -- C:\WIN\System32\idxcntrs.ini
[2007/09/27 04:48:48 | 000,030,628 | ---- | C] () -- C:\WIN\System32\gsrvctr.ini
[2007/09/27 04:48:28 | 000,031,698 | ---- | C] () -- C:\WIN\System32\gthrctr.ini
[2007/06/21 04:49:24 | 000,118,784 | ---- | C] () -- C:\WIN\System32\TosBtAcc.dll
[2006/11/02 03:27:46 | 000,000,518 | ---- | C] () -- C:\WIN\System32\SP207.ini
[2005/07/22 15:30:18 | 000,065,536 | ---- | C] () -- C:\WIN\System32\TosCommAPI.dll
[2005/06/10 13:59:54 | 000,177,152 | ---- | C] () -- C:\WIN\System32\CSGina.dll
[2005/06/10 13:53:52 | 000,163,840 | ---- | C] () -- C:\WIN\System32\vpnapi.dll
[2002/03/19 11:30:00 | 000,216,576 | ---- | C] () -- C:\WIN\System32\PowerCalc.exe
[2002/03/19 11:30:00 | 000,141,824 | ---- | C] () -- C:\WIN\System32\msvdm.dll
[2002/03/19 11:30:00 | 000,045,632 | ---- | C] () -- C:\WIN\System32\TaskSwitch.exe
 
========== LOP Check ==========
 
[2008/12/21 20:14:05 | 000,000,000 | ---D | M] -- d:\Profiles\Administrator\Application Data\AIS
[2009/10/20 03:37:51 | 000,000,000 | ---D | M] -- d:\Profiles\Administrator\Application Data\Windows Desktop Search
[2008/08/14 01:34:02 | 000,000,000 | ---D | M] -- d:\Profiles\FSC_WXPINST\Application Data\AIS
[2010/02/12 12:16:17 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\1morebee
[2008/12/21 20:34:07 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\AIS
[2009/09/08 07:55:49 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Alawar
[2011/01/24 15:38:29 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\AlawarSouthpoint
[2011/02/02 14:18:47 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\AlderGames
[2011/07/17 12:56:26 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\BlamGames
[2011/05/13 13:32:53 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\BLG
[2010/03/29 12:30:03 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Blitware
[2011/12/11 13:25:36 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Boolat Games
[2011/09/21 17:14:42 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Boomzap
[2009/10/30 13:07:55 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\CasualForge
[2010/08/24 12:19:24 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Cisco
[2008/12/21 20:34:04 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\CryptoEx
[2011/09/11 17:15:44 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\DVDVideoSoft
[2011/03/26 11:30:58 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\DVDVideoSoftIEHelpers
[2010/04/25 06:55:50 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Facebook
[2009/06/19 09:27:14 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Flood Light Games
[2009/06/11 13:52:25 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\FloodLightGames
[2011/09/27 17:16:08 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Frogwares
[2010/05/19 05:47:38 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Fujitsu
[2010/08/31 13:27:15 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Gamelab
[2012/06/02 13:43:48 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\gtk-2.0
[2011/04/17 16:23:20 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Home Sweet Home 2
[2009/11/14 12:16:28 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\HSA
[2012/10/04 14:04:21 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\ICQ
[2011/02/24 18:03:39 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Islands
[2010/08/05 16:34:32 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Janes Realty2
[2011/08/13 10:37:30 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Jumping Bytes
[2011/10/14 12:20:47 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Ladia Group
[2009/08/14 04:22:24 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Miranda-IM
[2010/03/29 16:08:23 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\ML
[2011/08/13 10:53:26 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Mobile Master
[2011/08/13 11:03:23 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\MyPhoneExplorer
[2010/07/06 07:31:23 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Neverball
[2011/06/01 12:55:29 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\NevoSoft
[2010/07/01 15:52:46 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Nevosoft Games
[2010/10/16 07:00:25 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\oberon
[2010/05/05 10:06:01 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Oberon Janes ZOO
[2009/08/17 15:58:09 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Peace Craft
[2011/09/22 11:43:15 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\PeaceCraft3
[2009/06/27 06:45:52 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\PetRush
[2009/05/22 10:31:29 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\PetShowCraze
[2011/10/31 13:38:12 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Ph03nixNewMedia
[2010/11/30 17:12:24 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\PlayFirst
[2011/09/04 12:16:36 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\playmink
[2010/02/18 08:49:56 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Playrix Entertainment
[2010/05/19 05:47:50 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\pptaddin
[2012/09/01 08:41:24 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\PriceGong
[2009/01/08 05:58:50 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\QIP
[2010/10/16 07:33:12 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\RTS
[2012/04/18 15:16:06 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Samsung
[2010/07/08 06:35:05 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\SecondLife
[2011/01/28 18:41:44 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Settlement. Colossus
[2011/03/25 16:56:19 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Simfy
[2012/02/01 15:04:34 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\SMSServant
[2011/06/21 16:26:47 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\SulusGames
[2011/01/23 18:06:00 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Supermarket Mania 2
[2010/01/08 10:39:19 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Thunderbird
[2010/04/27 12:31:21 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\ValuSoft
[2010/05/14 07:17:14 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\VampireSaga
[2012/05/11 13:46:49 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\VampireSagaHL
[2011/11/22 13:54:17 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\VC 2 Paradise Resort
[2009/04/20 07:49:06 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Windows Desktop Search
[2009/05/06 07:27:05 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Windows Search
[2011/02/02 13:45:45 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\World-Loom
[2009/03/15 17:38:29 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\Xilisoft Corporation
[2012/02/27 14:39:53 | 000,000,000 | ---D | M] -- d:\Profiles\MCHFROEHLICHL\Application Data\YoudaGames
[2008/08/14 01:33:42 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\AIS
[2009/11/21 14:10:34 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\Alawar Stargaze
[2011/01/24 15:38:29 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\AlawarSouthpoint
[2011/05/13 13:32:53 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\BLG
[2009/10/30 13:07:55 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\CasualForge
[2011/09/04 11:57:56 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\Cateia Games
[2010/03/19 05:55:50 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\Cisco
[2012/10/04 13:34:08 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\dvfiscwvqnqxldt
[2009/10/17 10:43:58 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\EscapeFromParadise2
[2009/09/25 15:15:52 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\FarmFrenzy3
[2010/03/10 06:48:51 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\FarmFrenzy3_Arctica
[2010/11/19 14:05:00 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\Fenomen Games
[2009/06/19 09:27:14 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\Flood Light Games
[2008/11/26 15:05:07 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\FloodLightGames
[2011/02/24 17:44:45 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\Fugazo
[2009/08/21 10:06:21 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\HipSoft
[2010/10/29 09:00:26 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\ICQ
[2009/10/30 13:49:48 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\IntDreams
[2011/01/15 11:59:34 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\InterAction studios
[2011/05/09 17:42:05 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\iPass
[2008/12/05 09:37:45 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\iWin
[2009/05/27 14:19:28 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\Mandragora
[2010/03/27 12:52:40 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\MumboJumbo
[2008/12/16 16:47:38 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\NevoSoft Games
[2010/10/16 07:00:25 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\oberon
[2010/11/30 17:12:24 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\PlayFirst
[2011/09/21 12:58:21 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\RescueFrenzy
[2010/02/21 12:35:42 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\rionix
[2012/04/18 15:16:45 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\Samsung
[2010/07/24 13:33:52 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\Sandlot Games
[2009/12/15 06:48:08 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\Smart Soft
[2010/05/07 10:58:58 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\SpecialBit
[2011/08/07 13:49:23 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\SugarGames
[2011/06/21 16:26:47 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\SulusGames
[2012/05/11 14:05:59 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\TEMP
[2010/04/27 12:31:21 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\ValuSoft
[2009/07/15 14:39:46 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\XLab
[2009/03/15 17:48:50 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2012/06/13 14:17:49 | 000,000,000 | ---D | M] -- d:\Profiles\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2012/03/03 22:02:00 | 000,000,354 | ---- | M] () -- C:\WIN\Tasks\Driver Fetch.job
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2011/10/15 13:54:53 | 003,521,435 | ---- | M] ()(d:\Profiles\MCHFROEHLICHL\Desktop\Bruno Mars- Marry You Lyrics ?.mp3) -- d:\Profiles\MCHFROEHLICHL\Desktop\Bruno Mars- Marry You Lyrics ♥.mp3
[2011/10/15 13:54:41 | 003,521,435 | ---- | C] ()(d:\Profiles\MCHFROEHLICHL\Desktop\Bruno Mars- Marry You Lyrics ?.mp3) -- d:\Profiles\MCHFROEHLICHL\Desktop\Bruno Mars- Marry You Lyrics ♥.mp3
[2011/10/15 13:49:35 | 003,107,652 | ---- | M] ()(d:\Profiles\MCHFROEHLICHL\Desktop\Danza Kuduro - Don Omar & Lucenzo _With Lyrics_ ????? (5 stars).mp3) -- d:\Profiles\MCHFROEHLICHL\Desktop\Danza Kuduro - Don Omar & Lucenzo _With Lyrics_ ★★★★★ (5 stars).mp3
[2011/10/15 13:49:21 | 003,107,652 | ---- | C] ()(d:\Profiles\MCHFROEHLICHL\Desktop\Danza Kuduro - Don Omar & Lucenzo _With Lyrics_ ????? (5 stars).mp3) -- d:\Profiles\MCHFROEHLICHL\Desktop\Danza Kuduro - Don Omar & Lucenzo _With Lyrics_ ★★★★★ (5 stars).mp3
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 155 bytes -> d:\Profiles\All Users\Application Data\TEMP:683BD5A8
@Alternate Data Stream - 151 bytes -> d:\Profiles\All Users\Application Data\TEMP:3D11302A
@Alternate Data Stream - 151 bytes -> d:\Profiles\All Users\Application Data\TEMP:2FF4577A
@Alternate Data Stream - 150 bytes -> d:\Profiles\All Users\Application Data\TEMP:E6433F27
@Alternate Data Stream - 150 bytes -> d:\Profiles\All Users\Application Data\TEMP:80234CE0
@Alternate Data Stream - 150 bytes -> d:\Profiles\All Users\Application Data\TEMP:7EE43C06
@Alternate Data Stream - 150 bytes -> d:\Profiles\All Users\Application Data\TEMP:5199C971
@Alternate Data Stream - 149 bytes -> d:\Profiles\All Users\Application Data\TEMP:997E6AF4
@Alternate Data Stream - 149 bytes -> d:\Profiles\All Users\Application Data\TEMP:8C443193
@Alternate Data Stream - 148 bytes -> d:\Profiles\All Users\Application Data\TEMP:FD444D31
@Alternate Data Stream - 148 bytes -> d:\Profiles\All Users\Application Data\TEMP:9A842F5C
@Alternate Data Stream - 147 bytes -> d:\Profiles\All Users\Application Data\TEMP:E7F71472
@Alternate Data Stream - 147 bytes -> d:\Profiles\All Users\Application Data\TEMP:5D4F063C
@Alternate Data Stream - 147 bytes -> d:\Profiles\All Users\Application Data\TEMP:1F812AFD
@Alternate Data Stream - 146 bytes -> d:\Profiles\All Users\Application Data\TEMP:CCBF0D67
@Alternate Data Stream - 146 bytes -> d:\Profiles\All Users\Application Data\TEMP:9756362E
@Alternate Data Stream - 146 bytes -> d:\Profiles\All Users\Application Data\TEMP:7D49B96B
@Alternate Data Stream - 146 bytes -> d:\Profiles\All Users\Application Data\TEMP:4C509008
@Alternate Data Stream - 145 bytes -> d:\Profiles\All Users\Application Data\TEMP:FDA8D6AE
@Alternate Data Stream - 145 bytes -> d:\Profiles\All Users\Application Data\TEMP:CEED62ED
@Alternate Data Stream - 145 bytes -> d:\Profiles\All Users\Application Data\TEMP:8E6845BC
@Alternate Data Stream - 145 bytes -> d:\Profiles\All Users\Application Data\TEMP:4300D829
@Alternate Data Stream - 144 bytes -> d:\Profiles\All Users\Application Data\TEMP:6C81A062
@Alternate Data Stream - 143 bytes -> d:\Profiles\All Users\Application Data\TEMP:E9D68B36
@Alternate Data Stream - 143 bytes -> d:\Profiles\All Users\Application Data\TEMP:E8F2A400
@Alternate Data Stream - 143 bytes -> d:\Profiles\All Users\Application Data\TEMP:1013B07C
@Alternate Data Stream - 142 bytes -> d:\Profiles\All Users\Application Data\TEMP:D77C0A61
@Alternate Data Stream - 141 bytes -> d:\Profiles\All Users\Application Data\TEMP:B3B92717
@Alternate Data Stream - 141 bytes -> d:\Profiles\All Users\Application Data\TEMP:6A16A184
@Alternate Data Stream - 141 bytes -> d:\Profiles\All Users\Application Data\TEMP:5E3FBF9D
@Alternate Data Stream - 141 bytes -> d:\Profiles\All Users\Application Data\TEMP:403264CC
@Alternate Data Stream - 140 bytes -> d:\Profiles\All Users\Application Data\TEMP:CBEB737E
@Alternate Data Stream - 139 bytes -> d:\Profiles\All Users\Application Data\TEMP:D5458F6B
@Alternate Data Stream - 139 bytes -> d:\Profiles\All Users\Application Data\TEMP:81F6F7CD
@Alternate Data Stream - 139 bytes -> d:\Profiles\All Users\Application Data\TEMP:74BB299D
@Alternate Data Stream - 139 bytes -> d:\Profiles\All Users\Application Data\TEMP:5425B7F5
@Alternate Data Stream - 139 bytes -> d:\Profiles\All Users\Application Data\TEMP:4D7FCCD3
@Alternate Data Stream - 139 bytes -> d:\Profiles\All Users\Application Data\TEMP:39294FE1
@Alternate Data Stream - 138 bytes -> d:\Profiles\All Users\Application Data\TEMP:EF2D54F9
@Alternate Data Stream - 137 bytes -> d:\Profiles\All Users\Application Data\TEMP:EA43B001
@Alternate Data Stream - 137 bytes -> d:\Profiles\All Users\Application Data\TEMP:DF5BAC78
@Alternate Data Stream - 137 bytes -> d:\Profiles\All Users\Application Data\TEMP:793ABD2B
@Alternate Data Stream - 137 bytes -> d:\Profiles\All Users\Application Data\TEMP:38317199
@Alternate Data Stream - 135 bytes -> d:\Profiles\All Users\Application Data\TEMP:A94968B5
@Alternate Data Stream - 135 bytes -> d:\Profiles\All Users\Application Data\TEMP:A243178D
@Alternate Data Stream - 135 bytes -> d:\Profiles\All Users\Application Data\TEMP:593E515D
@Alternate Data Stream - 135 bytes -> d:\Profiles\All Users\Application Data\TEMP:2D723B3A
@Alternate Data Stream - 135 bytes -> d:\Profiles\All Users\Application Data\TEMP:2CD14F7E
@Alternate Data Stream - 134 bytes -> d:\Profiles\All Users\Application Data\TEMP:8643C5BE
@Alternate Data Stream - 134 bytes -> d:\Profiles\All Users\Application Data\TEMP:80A70180
@Alternate Data Stream - 134 bytes -> d:\Profiles\All Users\Application Data\TEMP:204BEE0F
@Alternate Data Stream - 134 bytes -> d:\Profiles\All Users\Application Data\TEMP:0651F96C
@Alternate Data Stream - 133 bytes -> d:\Profiles\All Users\Application Data\TEMP:61AF91EC
@Alternate Data Stream - 133 bytes -> d:\Profiles\All Users\Application Data\TEMP:53F381F1
@Alternate Data Stream - 133 bytes -> d:\Profiles\All Users\Application Data\TEMP:1ECB0F6C
@Alternate Data Stream - 132 bytes -> d:\Profiles\All Users\Application Data\TEMP:AF9538BC
@Alternate Data Stream - 131 bytes -> d:\Profiles\All Users\Application Data\TEMP:E6E9EB6C
@Alternate Data Stream - 131 bytes -> d:\Profiles\All Users\Application Data\TEMP:9CB2B6C5
@Alternate Data Stream - 130 bytes -> d:\Profiles\All Users\Application Data\TEMP:389D51A1
@Alternate Data Stream - 130 bytes -> d:\Profiles\All Users\Application Data\TEMP:0D713C0D
@Alternate Data Stream - 129 bytes -> d:\Profiles\All Users\Application Data\TEMP:DCDE7C60
@Alternate Data Stream - 129 bytes -> d:\Profiles\All Users\Application Data\TEMP:72598408
@Alternate Data Stream - 129 bytes -> d:\Profiles\All Users\Application Data\TEMP:5F538558
@Alternate Data Stream - 128 bytes -> d:\Profiles\All Users\Application Data\TEMP:B9F6BE51
@Alternate Data Stream - 128 bytes -> d:\Profiles\All Users\Application Data\TEMP:B723C5EF
@Alternate Data Stream - 128 bytes -> d:\Profiles\All Users\Application Data\TEMP:8FBE0E9C
@Alternate Data Stream - 127 bytes -> d:\Profiles\All Users\Application Data\TEMP:87F524B2
@Alternate Data Stream - 127 bytes -> d:\Profiles\All Users\Application Data\TEMP:858D9994
@Alternate Data Stream - 127 bytes -> d:\Profiles\All Users\Application Data\TEMP:01442FD8
@Alternate Data Stream - 126 bytes -> d:\Profiles\All Users\Application Data\TEMP:F50F1555
@Alternate Data Stream - 126 bytes -> d:\Profiles\All Users\Application Data\TEMP:D05E7A8B
@Alternate Data Stream - 125 bytes -> d:\Profiles\All Users\Application Data\TEMP:EBE4F6FC
@Alternate Data Stream - 125 bytes -> d:\Profiles\All Users\Application Data\TEMP:6D4F7F2B
@Alternate Data Stream - 125 bytes -> d:\Profiles\All Users\Application Data\TEMP:0807AFBC
@Alternate Data Stream - 125 bytes -> d:\Profiles\All Users\Application Data\TEMP:05650B69
@Alternate Data Stream - 124 bytes -> d:\Profiles\All Users\Application Data\TEMP:2556A8A0
@Alternate Data Stream - 124 bytes -> d:\Profiles\All Users\Application Data\TEMP:0A39AE4A
@Alternate Data Stream - 123 bytes -> d:\Profiles\All Users\Application Data\TEMP:9B750A13
@Alternate Data Stream - 123 bytes -> d:\Profiles\All Users\Application Data\TEMP:7079A696
@Alternate Data Stream - 123 bytes -> d:\Profiles\All Users\Application Data\TEMP:20B17557
@Alternate Data Stream - 122 bytes -> d:\Profiles\All Users\Application Data\TEMP:77B90F12
@Alternate Data Stream - 121 bytes -> d:\Profiles\All Users\Application Data\TEMP:FF818E2B
@Alternate Data Stream - 121 bytes -> d:\Profiles\All Users\Application Data\TEMP:902B6A44
@Alternate Data Stream - 121 bytes -> d:\Profiles\All Users\Application Data\TEMP:857692EC
@Alternate Data Stream - 121 bytes -> d:\Profiles\All Users\Application Data\TEMP:7091055F
@Alternate Data Stream - 120 bytes -> d:\Profiles\All Users\Application Data\TEMP:8AB6C1D7
@Alternate Data Stream - 120 bytes -> d:\Profiles\All Users\Application Data\TEMP:1AF93AF4
@Alternate Data Stream - 120 bytes -> d:\Profiles\All Users\Application Data\TEMP:0E640041
@Alternate Data Stream - 119 bytes -> d:\Profiles\All Users\Application Data\TEMP:D88D995C
@Alternate Data Stream - 119 bytes -> d:\Profiles\All Users\Application Data\TEMP:2F34C507
@Alternate Data Stream - 118 bytes -> d:\Profiles\All Users\Application Data\TEMP:69EC5FA7
@Alternate Data Stream - 116 bytes -> d:\Profiles\All Users\Application Data\TEMP:5EBA4934
@Alternate Data Stream - 113 bytes -> d:\Profiles\All Users\Application Data\TEMP:443268A9
@Alternate Data Stream - 113 bytes -> d:\Profiles\All Users\Application Data\TEMP:3064D21D
@Alternate Data Stream - 106 bytes -> d:\Profiles\All Users\Application Data\TEMP:0D31DA45
@Alternate Data Stream - 105 bytes -> d:\Profiles\All Users\Application Data\TEMP:70F0A2F4
@Alternate Data Stream - 101 bytes -> d:\Profiles\All Users\Application Data\TEMP:37CE0F2E
< End of report >

--- --- ---

Edit: Bitte nicht in bestehenden Threads posten. Hab den Beitrag abgetrennt, einen Thread erstellt und verschieb den ins richtige Unterforum
Gruß cad

t'john · 05.10.2012, 02:19

Fixen mit OTLpe

Starte den unbootbaren Computer erneut mit der OTLPE-CD,
warte bis der Reatogo-X-Pe-Desktop erscheint und doppelklicke das OTLPE-Icon.

Kopiere folgendes Skript in das Textfeld unterhalb von Custom Scans/Fixes:
Sollte das mangels Internet-Verbindung nicht möglich sein,
kopiere den Text aus der folgenden Code-Box und speichere ihn als Fix.txt auf einen USB-Stick.
Schließe den USB-Stick an den Computer an und öffne Fix.txt mit dem Explorer auf dem Reatogo-Desktop.
Kopiere den Inhalt von Fix.txt in das Textfeld unterhalb von Custom Scans/Fixes:

Code:

ATTFilter

:OTL

O4 - HKLM..\Run: [KernelFaultCheck] File not found 
O4 - HKLM..\Run: [lxccmon.exe] File not found 
O4 - HKLM..\Run: [NPSStartup] File not found 
O4 - HKU\FSCpwReset_ON_D..\Run: [DrvMon.exe] File not found 
O4 - HKU\FSCpwReset_ON_D..\Run: [IECheck] File not found 
O4 - HKU\MCHFROEHLICHL_ON_D..\Run: [iqjogtkhqqzeytq] C:\WIN\iqjogtkh.exe () 
O4 - HKU\LocalService.NT-AUTORITÄT.001_ON_D..\RunOnce: [NewUser] C:\WIN\System32\cmd.exe (Microsoft Corporation) 
O4 - HKU\LocalService.NT-AUTORITÄT.001_ON_D..\RunOnce: [tscuninstall] C:\WIN\system32\tscupgrd.exe (Microsoft Corporation) 
O4 - HKU\NetworkService.NT-AUTORITÄT.001_ON_D..\RunOnce: [NewUser] C:\WIN\System32\cmd.exe (Microsoft Corporation) 
O4 - HKU\NetworkService.NT-AUTORITÄT.001_ON_D..\RunOnce: [tscuninstall] C:\WIN\system32\tscupgrd.exe (Microsoft Corporation) 
O4 - HKU\xlabautologon.MCH1263N.000_ON_D..\RunOnce: [NewUser] C:\WIN\System32\cmd.exe (Microsoft Corporation) 
O4 - HKU\xlabautologon.MCH1263N.000_ON_D..\RunOnce: [tscuninstall] C:\WIN\system32\tscupgrd.exe (Microsoft Corporation) 
O4 - HKU\xlabautologon.MCH1263N.001_ON_D..\RunOnce: [NewUser] C:\WIN\System32\cmd.exe (Microsoft Corporation) 
O4 - HKU\xlabautologon.MCH1263N.001_ON_D..\RunOnce: [tscuninstall] C:\WIN\system32\tscupgrd.exe (Microsoft Corporation) 
O4 - HKU\xlabautologon.MCH1263N.002_ON_D..\RunOnce: [NewUser] C:\WIN\System32\cmd.exe (Microsoft Corporation) 
O4 - HKU\xlabautologon.MCH1263N.002_ON_D..\RunOnce: [tscuninstall] C:\WIN\system32\tscupgrd.exe (Microsoft Corporation) 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\FSC_WXPINST_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWindowsUpdate = 1 
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoWinKeys = 1 
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewOnDrive = 67108863 
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 67108863 
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1 
O7 - HKU\FSCpwReset_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1 
O7 - HKU\LocalService.NT-AUTORITÄT.001_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\MCHFROEHLICHL_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 
O7 - HKU\MCHFROEHLICHL_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 
O7 - HKU\NetworkService.NT-AUTORITÄT.001_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\systemprofile_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\xlabautologon.MCH1263N.000_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\xlabautologon.MCH1263N.001_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O7 - HKU\xlabautologon.MCH1263N.002_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\program files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.) 
O15 - HKU\.DEFAULT\..Trusted Domains: cytric.net ([kallisto] * in Trusted sites) 
O15 - HKU\.DEFAULT\..Trusted Domains: webex.com ([fujitsu-siemens] * in Trusted sites) 
O15 - HKU\MCHFROEHLICHL_ON_D\..Trusted Domains: webex.com ([fujitsu-siemens] * in Trusted sites) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) 
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) 
O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) 
O32 - HKLM CDRom: AutoRun - 1 

[4 C:\WIN\System32\dllcache\*.tmp files -> C:\WIN\System32\dllcache\*.tmp -> ] 
@Alternate Data Stream - 155 bytes -> d:\Profiles\All Users\Application Data\Temp:683BD5A8 
@Alternate Data Stream - 151 bytes -> d:\Profiles\All Users\Application Data\Temp:3D11302A 
@Alternate Data Stream - 151 bytes -> d:\Profiles\All Users\Application Data\Temp:2FF4577A 
@Alternate Data Stream - 150 bytes -> d:\Profiles\All Users\Application Data\Temp:E6433F27 
@Alternate Data Stream - 150 bytes -> d:\Profiles\All Users\Application Data\Temp:80234CE0 
@Alternate Data Stream - 150 bytes -> d:\Profiles\All Users\Application Data\Temp:7EE43C06 
@Alternate Data Stream - 150 bytes -> d:\Profiles\All Users\Application Data\Temp:5199C971 
@Alternate Data Stream - 149 bytes -> d:\Profiles\All Users\Application Data\Temp:997E6AF4 
@Alternate Data Stream - 149 bytes -> d:\Profiles\All Users\Application Data\Temp:8C443193 
@Alternate Data Stream - 148 bytes -> d:\Profiles\All Users\Application Data\Temp:FD444D31 
@Alternate Data Stream - 148 bytes -> d:\Profiles\All Users\Application Data\Temp:9A842F5C 
@Alternate Data Stream - 147 bytes -> d:\Profiles\All Users\Application Data\Temp:E7F71472 
@Alternate Data Stream - 147 bytes -> d:\Profiles\All Users\Application Data\Temp:5D4F063C 
@Alternate Data Stream - 147 bytes -> d:\Profiles\All Users\Application Data\Temp:1F812AFD 
@Alternate Data Stream - 146 bytes -> d:\Profiles\All Users\Application Data\Temp:CCBF0D67 
@Alternate Data Stream - 146 bytes -> d:\Profiles\All Users\Application Data\Temp:9756362E 
@Alternate Data Stream - 146 bytes -> d:\Profiles\All Users\Application Data\Temp:7D49B96B 
@Alternate Data Stream - 146 bytes -> d:\Profiles\All Users\Application Data\Temp:4C509008 
@Alternate Data Stream - 145 bytes -> d:\Profiles\All Users\Application Data\Temp:FDA8D6AE 
@Alternate Data Stream - 145 bytes -> d:\Profiles\All Users\Application Data\Temp:CEED62ED 
@Alternate Data Stream - 145 bytes -> d:\Profiles\All Users\Application Data\Temp:8E6845BC 
@Alternate Data Stream - 145 bytes -> d:\Profiles\All Users\Application Data\Temp:4300D829 
@Alternate Data Stream - 144 bytes -> d:\Profiles\All Users\Application Data\Temp:6C81A062 
@Alternate Data Stream - 143 bytes -> d:\Profiles\All Users\Application Data\Temp:E9D68B36 
@Alternate Data Stream - 143 bytes -> d:\Profiles\All Users\Application Data\Temp:E8F2A400 
@Alternate Data Stream - 143 bytes -> d:\Profiles\All Users\Application Data\Temp:1013B07C 
@Alternate Data Stream - 142 bytes -> d:\Profiles\All Users\Application Data\Temp:D77C0A61 
@Alternate Data Stream - 141 bytes -> d:\Profiles\All Users\Application Data\Temp:B3B92717 
@Alternate Data Stream - 141 bytes -> d:\Profiles\All Users\Application Data\Temp:6A16A184 
@Alternate Data Stream - 141 bytes -> d:\Profiles\All Users\Application Data\Temp:5E3FBF9D 
@Alternate Data Stream - 141 bytes -> d:\Profiles\All Users\Application Data\Temp:403264CC 
@Alternate Data Stream - 140 bytes -> d:\Profiles\All Users\Application Data\Temp:CBEB737E 
@Alternate Data Stream - 139 bytes -> d:\Profiles\All Users\Application Data\Temp:D5458F6B 
@Alternate Data Stream - 139 bytes -> d:\Profiles\All Users\Application Data\Temp:81F6F7CD 
@Alternate Data Stream - 139 bytes -> d:\Profiles\All Users\Application Data\Temp:74BB299D 
@Alternate Data Stream - 139 bytes -> d:\Profiles\All Users\Application Data\Temp:5425B7F5 
@Alternate Data Stream - 139 bytes -> d:\Profiles\All Users\Application Data\Temp:4D7FCCD3 
@Alternate Data Stream - 139 bytes -> d:\Profiles\All Users\Application Data\Temp:39294FE1 
@Alternate Data Stream - 138 bytes -> d:\Profiles\All Users\Application Data\Temp:EF2D54F9 
@Alternate Data Stream - 137 bytes -> d:\Profiles\All Users\Application Data\Temp:EA43B001 
@Alternate Data Stream - 137 bytes -> d:\Profiles\All Users\Application Data\Temp:DF5BAC78 
@Alternate Data Stream - 137 bytes -> d:\Profiles\All Users\Application Data\Temp:793ABD2B 
@Alternate Data Stream - 137 bytes -> d:\Profiles\All Users\Application Data\Temp:38317199 
@Alternate Data Stream - 135 bytes -> d:\Profiles\All Users\Application Data\Temp:A94968B5 
@Alternate Data Stream - 135 bytes -> d:\Profiles\All Users\Application Data\Temp:A243178D 
@Alternate Data Stream - 135 bytes -> d:\Profiles\All Users\Application Data\Temp:593E515D 
@Alternate Data Stream - 135 bytes -> d:\Profiles\All Users\Application Data\Temp:2D723B3A 
@Alternate Data Stream - 135 bytes -> d:\Profiles\All Users\Application Data\Temp:2CD14F7E 
@Alternate Data Stream - 134 bytes -> d:\Profiles\All Users\Application Data\Temp:8643C5BE 
@Alternate Data Stream - 134 bytes -> d:\Profiles\All Users\Application Data\Temp:80A70180 
@Alternate Data Stream - 134 bytes -> d:\Profiles\All Users\Application Data\Temp:204BEE0F 
@Alternate Data Stream - 134 bytes -> d:\Profiles\All Users\Application Data\Temp:0651F96C 
@Alternate Data Stream - 133 bytes -> d:\Profiles\All Users\Application Data\Temp:61AF91EC 
@Alternate Data Stream - 133 bytes -> d:\Profiles\All Users\Application Data\Temp:53F381F1 
@Alternate Data Stream - 133 bytes -> d:\Profiles\All Users\Application Data\Temp:1ECB0F6C 
@Alternate Data Stream - 132 bytes -> d:\Profiles\All Users\Application Data\Temp:AF9538BC 
@Alternate Data Stream - 131 bytes -> d:\Profiles\All Users\Application Data\Temp:E6E9EB6C 
@Alternate Data Stream - 131 bytes -> d:\Profiles\All Users\Application Data\Temp:9CB2B6C5 
@Alternate Data Stream - 130 bytes -> d:\Profiles\All Users\Application Data\Temp:389D51A1 
@Alternate Data Stream - 130 bytes -> d:\Profiles\All Users\Application Data\Temp:0D713C0D 
@Alternate Data Stream - 129 bytes -> d:\Profiles\All Users\Application Data\Temp:DCDE7C60 
@Alternate Data Stream - 129 bytes -> d:\Profiles\All Users\Application Data\Temp:72598408 
@Alternate Data Stream - 129 bytes -> d:\Profiles\All Users\Application Data\Temp:5F538558 
@Alternate Data Stream - 128 bytes -> d:\Profiles\All Users\Application Data\Temp:B9F6BE51 
@Alternate Data Stream - 128 bytes -> d:\Profiles\All Users\Application Data\Temp:B723C5EF 
@Alternate Data Stream - 128 bytes -> d:\Profiles\All Users\Application Data\Temp:8FBE0E9C 
@Alternate Data Stream - 127 bytes -> d:\Profiles\All Users\Application Data\Temp:87F524B2 
@Alternate Data Stream - 127 bytes -> d:\Profiles\All Users\Application Data\Temp:858D9994 
@Alternate Data Stream - 127 bytes -> d:\Profiles\All Users\Application Data\Temp:01442FD8 
@Alternate Data Stream - 126 bytes -> d:\Profiles\All Users\Application Data\Temp:F50F1555 
@Alternate Data Stream - 126 bytes -> d:\Profiles\All Users\Application Data\Temp:D05E7A8B 
@Alternate Data Stream - 125 bytes -> d:\Profiles\All Users\Application Data\Temp:EBE4F6FC 
@Alternate Data Stream - 125 bytes -> d:\Profiles\All Users\Application Data\Temp:6D4F7F2B 
@Alternate Data Stream - 125 bytes -> d:\Profiles\All Users\Application Data\Temp:0807AFBC 
@Alternate Data Stream - 125 bytes -> d:\Profiles\All Users\Application Data\Temp:05650B69 
@Alternate Data Stream - 124 bytes -> d:\Profiles\All Users\Application Data\Temp:2556A8A0 
@Alternate Data Stream - 124 bytes -> d:\Profiles\All Users\Application Data\Temp:0A39AE4A 
@Alternate Data Stream - 123 bytes -> d:\Profiles\All Users\Application Data\Temp:9B750A13 
@Alternate Data Stream - 123 bytes -> d:\Profiles\All Users\Application Data\Temp:7079A696 
@Alternate Data Stream - 123 bytes -> d:\Profiles\All Users\Application Data\Temp:20B17557 
@Alternate Data Stream - 122 bytes -> d:\Profiles\All Users\Application Data\Temp:77B90F12 
@Alternate Data Stream - 121 bytes -> d:\Profiles\All Users\Application Data\Temp:FF818E2B 
@Alternate Data Stream - 121 bytes -> d:\Profiles\All Users\Application Data\Temp:902B6A44 
@Alternate Data Stream - 121 bytes -> d:\Profiles\All Users\Application Data\Temp:857692EC 
@Alternate Data Stream - 121 bytes -> d:\Profiles\All Users\Application Data\Temp:7091055F 
@Alternate Data Stream - 120 bytes -> d:\Profiles\All Users\Application Data\Temp:8AB6C1D7 
@Alternate Data Stream - 120 bytes -> d:\Profiles\All Users\Application Data\Temp:1AF93AF4 
@Alternate Data Stream - 120 bytes -> d:\Profiles\All Users\Application Data\Temp:0E640041 
@Alternate Data Stream - 119 bytes -> d:\Profiles\All Users\Application Data\Temp:D88D995C 
@Alternate Data Stream - 119 bytes -> d:\Profiles\All Users\Application Data\Temp:2F34C507 
@Alternate Data Stream - 118 bytes -> d:\Profiles\All Users\Application Data\Temp:69EC5FA7 
@Alternate Data Stream - 116 bytes -> d:\Profiles\All Users\Application Data\Temp:5EBA4934 
@Alternate Data Stream - 113 bytes -> d:\Profiles\All Users\Application Data\Temp:443268A9 
@Alternate Data Stream - 113 bytes -> d:\Profiles\All Users\Application Data\Temp:3064D21D 
@Alternate Data Stream - 106 bytes -> d:\Profiles\All Users\Application Data\Temp:0D31DA45 
@Alternate Data Stream - 105 bytes -> d:\Profiles\All Users\Application Data\Temp:70F0A2F4 
@Alternate Data Stream - 101 bytes -> d:\Profiles\All Users\Application Data\Temp:37CE0F2E 

[2012/10/04 13:33:34 | 000,105,984 | ---- | M] () -- d:\Profiles\All Users\Application Data\iqjogtkh.exe 
[2012/10/04 13:33:34 | 000,105,984 | ---- | M] () -- C:\WIN\iqjogtkh.exe 
[2012/10/04 13:33:34 | 000,105,984 | ---- | M] () -- d:\Profiles\MCHFROEHLICHL\0.9324305572022961.exe 
[2012/10/04 13:33:39 | 000,076,332 | ---- | C] () -- d:\Profiles\All Users\Application Data\cvlbjfoywetcmod 
[2012/10/04 13:34:07 | 000,000,000 | ---D | C] -- d:\Profiles\All Users\Application Data\dvfiscwvqnqxldt 

:Files
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
Kopiere den Inhalt hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\OTLpe\MovedFiles\<datum_nummer.log>
Teste, ob den Computer nun wieder in den normalen Windows-Modus booten kannst und berichte.

t'john · 21.11.2012, 05:21

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

Seite konnte nicht geladen werden, Abgesicherter Modus geht nicht

Plagegeister aller Art und deren Bekämpfung: Seite konnte nicht geladen werden, Abgesicherter Modus geht nicht