Trojaner "TR/Spy.Banker.FJ"

masi76 · 02.11.2010, 15:43

Ich hoffe, es ist halbwegs sichtbar.
Das vierte icon von links ist der "Übeltäter"!

Swisstreasure · 02.11.2010, 18:00

Dann klick einmal an und sage mir welches Programm das geblockt wird

Das ist eine offizielle Meldung von Windows.

masi76 · 02.11.2010, 19:19

Hab Dir der Einfachheit halber nochmal einen Screenshot gemacht.
Hilft das?

masi76 · 02.11.2010, 19:21

............................

Swisstreasure · 02.11.2010, 19:22

Und dieses Programm wird geblockt?

masi76 · 03.11.2010, 06:11

Das zeigt es mir an, wenn ich auf das icon klicke.
Welches startup-Programm genau geblockt wird,
weiss ich nicht. Es dauert auf jeden Fall immer recht
lange bis alle icons auf dem Desktop angezeigt werden.
Wie gesagt, dieses icon bzw. diese Meldung hatte ich bis vor ein paar
Wochen noch nicht auf der Taskleiste und mein Rechner
fuhr auf jeden Fall wesentlich schneller hoch.

Swisstreasure · 06.11.2010, 20:19

CustomScan mit OTL

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
/md5start
explorer.exe
winlogon.exe
wininit.exe
/md5stop
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

Schliesse bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Quick Scan Button.
Klick auf .
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

masi76 · 07.11.2010, 08:21

Code:

ATTFilter

OTL logfile created on: 07/11/2010 07:52:32 - Run 5
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Users\Markus\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1,013.00 Mb Total Physical Memory | 384.00 Mb Available Physical Memory | 38.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 64.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.41 Gb Total Space | 30.03 Gb Free Space | 43.27% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
 
Computer Name: PIM-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010/10/15 08:43:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
PRC - [2010/09/01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/03/31 06:01:57 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2009/08/06 05:52:50 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/06/10 08:40:10 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009/03/02 12:08:43 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/10/15 08:43:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2009/08/06 05:52:50 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/10 08:40:10 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/08/07 11:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2004/10/22 12:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Pim\AppData\Local\Temp\iatmunin.sys -- (iatmunin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2009/12/08 05:13:49 | 000,056,816 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/06/10 08:40:11 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/28 07:59:56 | 000,096,104 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/01/03 15:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/03 15:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/15 07:24:00 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/06 11:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/06 11:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/02 15:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 12:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 12:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 12:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/09/26 00:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 18:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/31 06:08:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 06:18:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 06:18:53 | 000,000,000 | ---D | M]
 
[2008/11/11 18:54:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Extensions
[2010/11/07 07:50:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions
[2009/08/11 06:59:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/11 18:53:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/06 21:46:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/24 22:51:40 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/09/24 22:51:40 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/09/24 22:51:40 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/09/24 22:51:40 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/09/24 22:51:40 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/10/30 06:45:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias -  File not found
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
Drivers32: aux - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: aux1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\Windows\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.imaadpcm - C:\Windows\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\Windows\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\Windows\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\Windows\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.i420 - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.iyuv - C:\Windows\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\Windows\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\Windows\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.)
Drivers32: vidc.yvu9 - C:\Windows\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\Windows\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\Windows\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\Windows\System32\msacm32.drv (Microsoft Corporation)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/10/30 06:45:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/10/30 06:40:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/30 06:17:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/30 06:17:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/30 06:15:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/29 07:02:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/27 14:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/27 07:15:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/26 10:30:08 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Markus\Desktop\TDSSKiller.exe
[2010/10/21 17:02:02 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2010/10/21 17:01:41 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2010/10/21 17:01:39 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2010/10/21 17:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/21 17:01:38 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/10/19 08:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/10/19 08:51:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010/10/12 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp
[2010/09/15 05:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/09/14 09:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/09/14 09:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/09/14 05:46:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/09/14 05:46:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/09/14 05:46:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/05/19 19:45:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Markus\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 90 Days ==========
 
[2010/11/07 07:56:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E0495AAD-2EAB-4DE3-8E88-75FCE69CDB54}.job
[2010/11/07 07:55:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/11/07 07:36:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/07 07:36:56 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/07 07:36:38 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/07 07:33:53 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/07 07:32:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/07 07:32:34 | 1061,310,464 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/06 10:42:50 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/06 10:05:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/04 05:23:06 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/04 05:23:06 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/02 19:16:49 | 000,113,912 | ---- | M] () -- C:\Users\Markus\Desktop\Capture_blocked.JPG
[2010/11/02 07:48:44 | 000,001,680 | ---- | M] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/10/31 01:52:36 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Markus\Desktop\TDSSKiller.exe
[2010/10/30 06:45:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/29 06:50:14 | 003,886,271 | R--- | M] () -- C:\Users\Markus\Desktop\Combo-Fix.exe
[2010/10/28 12:18:38 | 464,742,374 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/22 16:11:27 | 000,000,000 | ---- | M] () -- C:\Users\Markus\Saved
[2010/10/22 16:11:27 | 000,000,000 | ---- | M] () -- C:\Users\Markus\dir
[2010/10/22 16:11:26 | 000,000,000 | ---- | M] () -- C:\Users\Markus\notpad
[2010/10/21 17:01:45 | 000,000,818 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/10/15 02:23:44 | 000,441,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/15 05:02:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/09/15 05:01:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2010/11/02 19:16:48 | 000,113,912 | ---- | C] () -- C:\Users\Markus\Desktop\Capture_blocked.JPG
[2010/11/02 07:48:44 | 000,001,680 | ---- | C] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/10/30 07:45:40 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/30 06:17:49 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/30 06:17:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/30 06:17:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/30 06:17:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/30 06:17:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/29 06:59:48 | 003,886,271 | R--- | C] () -- C:\Users\Markus\Desktop\Combo-Fix.exe
[2010/10/27 12:20:56 | 464,742,374 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/22 16:11:27 | 000,000,000 | ---- | C] () -- C:\Users\Markus\Saved
[2010/10/22 16:11:26 | 000,000,000 | ---- | C] () -- C:\Users\Markus\notpad
[2010/10/22 16:11:26 | 000,000,000 | ---- | C] () -- C:\Users\Markus\dir
[2010/10/21 17:01:45 | 000,000,818 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/15 05:02:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/09/15 05:01:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/19 19:45:14 | 000,000,033 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.log
[2010/05/19 19:45:13 | 000,007,887 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.cat
[2010/05/19 19:45:13 | 000,001,144 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.inf
[2009/10/21 14:14:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/12 14:22:52 | 000,059,904 | ---- | C] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 03:52:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\QSwitch.txt
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\DSwitch.txt
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\AtStart.txt
[2008/09/08 19:24:54 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2008/03/27 01:00:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/11/08 14:24:54 | 000,000,167 | ---- | C] () -- C:\Windows\wininit.ini
[2007/11/06 21:27:30 | 000,090,112 | ---- | C] () -- C:\Windows\System32\custmon2k.dll
[2007/09/20 18:50:48 | 000,009,793 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/07/14 10:51:35 | 000,001,634 | ---- | C] () -- C:\Windows\bsm.ini
[2007/06/20 12:19:09 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/06/06 11:23:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/06 12:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/06 10:05:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/06 10:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/06 10:00:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 08:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 08:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/01/24 10:29:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\lxaxlcnp.dll
 
========== LOP Check ==========
 
[2009/11/13 18:11:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\AvaTrader
[2009/08/26 06:58:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HaCon
[2008/11/01 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PC Suite
[2009/05/20 08:48:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Thunderbird
[2010/10/22 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp
[2010/05/19 19:45:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Vso
[2010/11/06 10:42:50 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/07 07:55:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/11/07 07:56:00 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E0495AAD-2EAB-4DE3-8E88-75FCE69CDB54}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*.* >
[2006/09/18 22:43:36 | 000,000,024 | ---- | M] () -- C:\autoexec.bat
[2007/05/31 11:24:09 | 000,000,090 | ---- | M] () -- C:\bcmwl6.log
[2009/04/11 07:36:36 | 000,333,257 | RHS- | M] () -- C:\bootmgr
[2010/10/30 07:11:46 | 000,012,903 | ---- | M] () -- C:\ComboFix.txt
[2006/09/18 22:43:37 | 000,000,010 | ---- | M] () -- C:\config.sys
[2010/11/07 07:32:34 | 1061,310,464 | -HS- | M] () -- C:\hiberfil.sys
[2007/02/01 09:24:24 | 000,258,048 | ---- | M] (Hewlett-Packard) -- C:\hpzids01.dll
[2008/02/25 21:11:49 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2008/02/25 21:11:49 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2010/11/07 07:32:32 | 1377,177,600 | -HS- | M] () -- C:\pagefile.sys
[2010/10/31 02:03:02 | 000,058,696 | ---- | M] () -- C:\TDSSKiller.2.4.5.1_31.10.2010_02.55.01_log.txt
 
< %systemroot%\system32\*.wt >
 
< %systemroot%\system32\*.ruy >
 
< %systemroot%\Fonts\*.com >
[2006/11/02 13:37:12 | 000,026,040 | ---- | M] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 13:37:12 | 000,026,489 | ---- | M] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 13:37:12 | 000,029,779 | ---- | M] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2010/09/13 13:50:46 | 000,037,665 | ---- | M] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
 
< %systemroot%\Fonts\*.dll >
 
< %systemroot%\Fonts\*.ini >
[2006/09/18 22:37:34 | 000,000,065 | -H-- | M] () -- C:\Windows\Fonts\desktop.ini
 
< %systemroot%\Fonts\*.ini2 >
 
< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2007/02/02 11:26:36 | 000,273,920 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp4v2.dll
[2007/03/28 13:57:34 | 000,274,944 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\hpzpp5ha.dll
[2008/01/19 08:34:28 | 000,089,600 | ---- | M] (Hewlett-Packard Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\HPZPPLHN.DLL
[2006/11/02 13:35:48 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2002/02/19 18:38:15 | 000,077,824 | ---- | M] (Lexmark International) -- C:\Windows\System32\spool\prtprocs\w32x86\LXAXPP5C.DLL
[2003/06/18 17:31:48 | 000,018,944 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\mdippr.dll
 
< %systemroot%\REPAIR\*.bak1 >
 
< %systemroot%\REPAIR\*.ini >
 
< %systemroot%\system32\*.jpg >
 
< %systemroot%\*.scr >
 
< %systemroot%\*._sy >
 
< %APPDATA%\Adobe\Update\*.* >
 
< %ALLUSERSPROFILE%\Favorites\*.* >
 
< %APPDATA%\Microsoft\*.* >
 
< %PROGRAMFILES%\*.* >
[2008/10/14 21:56:33 | 000,000,174 | -HS- | M] () -- C:\Program Files\desktop.ini
 
< %APPDATA%\Update\*.* >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 12:31:42 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtmsft.dll
[2009/03/08 12:31:37 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\dxtrans.dll
[2009/04/11 07:27:47 | 000,241,128 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\rsaenh.dll
[2009/04/11 07:28:23 | 000,228,352 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\SLC.dll
 
< %systemroot%\Tasks\*.job /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV
[2006/11/02 11:34:05 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV
[2006/11/02 11:34:05 | 000,008,192 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV
[2006/11/02 11:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV
[2006/11/02 11:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV
 
< %systemroot%\system32\user32.dll /md5 >
[2009/04/11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll
 
< %systemroot%\system32\ws2_32.dll /md5 >
[2008/01/19 08:37:09 | 000,179,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\ws2_32.dll
 
< %systemroot%\system32\ws2help.dll /md5 >
[2006/11/02 10:44:30 | 000,004,608 | ---- | M] (Microsoft Corporation) MD5=17C0671BF57057108A6D949510EE42C8 -- C:\Windows\System32\ws2help.dll
 
 
< MD5 for: EXPLORER.EXE  >
[2008/10/29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008/10/29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008/10/30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2007/11/14 12:41:26 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=6D06CD98D954FE87FB2DB8108793B399 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16549_none_4fac29707cae347a\explorer.exe
[2007/11/14 12:41:25 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=BD06F0BF753BC704B653C3A50F89D362 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20668_none_501f261995dcf2cf\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\ERDNT\cache\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008/10/28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006/11/02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008/01/19 08:33:10 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: WININIT.EXE  >
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\ERDNT\cache\wininit.exe
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe
[2008/01/19 08:33:37 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe
[2006/11/02 10:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\ERDNT\cache\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe
[2009/04/11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2006/11/02 10:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe
[2008/01/19 08:33:37 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2010-11-06 01:46:10

< End of report >

Swisstreasure · 07.11.2010, 11:26

Schritt 1

Starte bitte die OTL.exe.
Vista und Win7 User mit Rechtsklick "als Administrator starten"
Kopiere nun den Inhalt in die Textbox.

Code:

ATTFilter

:OTL
[2010/10/22 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp
:Commands
[purity]
[emptytemp]

Schliesse bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
Klick auf .
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<time_date>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Es sollte doch anzeigen bei Windows Defender, welches Programm das geblockt wird wenn Du unten auf das Icon klickst??

masi76 · 08.11.2010, 08:20

Das Icon und die Meldung ist weg!!!
Weiss der liebe Gott warum...
Die letzte Anweisung von Dir habe ich allerdings
aufgrund dessen (noch) nicht ausgeführt.

Soll ich den letzten Scan trotzdem noch laufen lassen?

Swisstreasure · 08.11.2010, 13:55

Ja, mach noch Schritt 1 und melde Dich wieder.

masi76 · 09.11.2010, 07:58

Code:

ATTFilter

OTL logfile created on: 09/11/2010 07:43:41 - Run 6
OTL by OldTimer - Version 3.2.15.2     Folder = C:\Users\Markus\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18975)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy
 
1,013.00 Mb Total Physical Memory | 378.00 Mb Available Physical Memory | 37.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 69.41 Gb Total Space | 29.38 Gb Free Space | 42.33% Space Free | Partition Type: NTFS
Drive D: | 5.12 Gb Total Space | 1.16 Gb Free Space | 22.74% Space Free | Partition Type: NTFS
 
Computer Name: PIM-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days
 
========== Processes (SafeList) ==========
 
PRC - [2010/10/15 08:43:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
PRC - [2010/09/01 07:39:18 | 001,164,584 | ---- | M] () -- C:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2010/04/01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2010/03/31 06:01:57 | 000,202,256 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe
PRC - [2010/03/02 11:28:23 | 000,282,792 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010/02/24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2010/01/14 22:10:53 | 000,076,968 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2009/04/11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
 
 
========== Modules (SafeList) ==========
 
MOD - [2010/10/15 08:43:50 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Users\Markus\Downloads\OTL.exe
MOD - [2010/08/31 16:43:52 | 001,686,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.6002.18305_none_5cb72f2a088b0ed3\comctl32.dll
MOD - [2008/01/19 08:33:00 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msscript.ocx
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Common Files\SureThing Shared\stllssvr.exe -- (stllssvr)
SRV - File not found [On_Demand | Stopped] -- C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe -- (AddFiltr)
SRV - [2010/04/01 13:33:15 | 000,267,432 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010/03/18 12:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/24 10:28:01 | 000,135,336 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2009/09/25 02:27:04 | 000,793,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\FntCache.dll -- (FontCache)
SRV - [2008/08/07 11:17:30 | 000,575,488 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2008/01/19 08:38:24 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2004/10/22 12:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\usbser_lowerflt.sys -- (upperdev)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Windows\System32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\Pim\AppData\Local\Temp\iatmunin.sys -- (iatmunin)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Combo-Fix\catchme.sys -- (catchme)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2010/03/01 10:05:19 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/04/11 05:42:54 | 000,073,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2009/02/13 11:35:01 | 000,011,608 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio)
DRV - [2007/09/17 15:53:26 | 000,021,632 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/01/03 15:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XX)
DRV - [2007/01/03 15:43:12 | 000,534,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\BCMWL6.SYS -- (BCM43XV)
DRV - [2006/11/15 07:24:00 | 000,179,256 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\SynTP.sys -- (SynTP)
DRV - [2006/11/06 11:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\igdkmd32.sys -- (igfx)
DRV - [2006/11/06 11:29:14 | 001,473,024 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\igdkmd32.sys -- (ialm)
DRV - [2006/11/02 15:43:50 | 000,145,920 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CHDART.sys -- (HdAudAddService)
DRV - [2006/11/02 10:51:45 | 000,900,712 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql2300.sys -- (ql2300)
DRV - [2006/11/02 10:51:38 | 000,420,968 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adp94xx.sys -- (adp94xx)
DRV - [2006/11/02 10:51:34 | 000,316,520 | ---- | M] (Emulex) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\elxstor.sys -- (elxstor)
DRV - [2006/11/02 10:51:32 | 000,297,576 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpahci.sys -- (adpahci)
DRV - [2006/11/02 10:51:25 | 000,235,112 | ---- | M] (ULi Electronics Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\uliahci.sys -- (uliahci)
DRV - [2006/11/02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iastorv.sys -- (iaStorV)
DRV - [2006/11/02 10:51:00 | 000,147,048 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu320.sys -- (adpu320)
DRV - [2006/11/02 10:50:45 | 000,115,816 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata2.sys -- (ulsata2)
DRV - [2006/11/02 10:50:41 | 000,112,232 | ---- | M] (VIA Technologies Inc.,Ltd) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\vsmraid.sys -- (vsmraid)
DRV - [2006/11/02 10:50:35 | 000,106,088 | ---- | M] (QLogic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ql40xx.sys -- (ql40xx)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Promise Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ulsata.sys -- (UlSata)
DRV - [2006/11/02 10:50:35 | 000,098,408 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\adpu160m.sys -- (adpu160m)
DRV - [2006/11/02 10:50:24 | 000,088,680 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvraid.sys -- (nvraid)
DRV - [2006/11/02 10:50:19 | 000,045,160 | ---- | M] (IBM Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nfrd960.sys -- (nfrd960)
DRV - [2006/11/02 10:50:17 | 000,041,576 | ---- | M] (Intel Corp./ICP vortex GmbH) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iirsp.sys -- (iirsp)
DRV - [2006/11/02 10:50:16 | 000,071,784 | ---- | M] (Silicon Integrated Systems) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid4.sys -- (SiSRaid4)
DRV - [2006/11/02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\nvstor.sys -- (nvstor)
DRV - [2006/11/02 10:50:11 | 000,071,272 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\djsvs.sys -- (aic78xx)
DRV - [2006/11/02 10:50:10 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arcsas.sys -- (arcsas)
DRV - [2006/11/02 10:50:10 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_scsi.sys -- (LSI_SCSI)
DRV - [2006/11/02 10:50:10 | 000,038,504 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sisraid2.sys -- (SiSRaid2)
DRV - [2006/11/02 10:50:10 | 000,037,480 | ---- | M] (Hewlett-Packard Company) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\hpcisss.sys -- (HpCISSs)
DRV - [2006/11/02 10:50:09 | 000,067,688 | ---- | M] (Adaptec, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\arc.sys -- (arc)
DRV - [2006/11/02 10:50:09 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteraid.sys -- (iteraid)
DRV - [2006/11/02 10:50:07 | 000,035,944 | ---- | M] (Integrated Technology Express, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\iteatapi.sys -- (iteatapi)
DRV - [2006/11/02 10:50:05 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_sas.sys -- (LSI_SAS)
DRV - [2006/11/02 10:50:05 | 000,035,944 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\symc8xx.sys -- (Symc8xx)
DRV - [2006/11/02 10:50:04 | 000,065,640 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\lsi_fc.sys -- (LSI_FC)
DRV - [2006/11/02 10:50:03 | 000,034,920 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_u3.sys -- (Sym_u3)
DRV - [2006/11/02 10:49:59 | 000,033,384 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\mraid35x.sys -- (Mraid35x)
DRV - [2006/11/02 10:49:56 | 000,031,848 | ---- | M] (LSI Logic) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\sym_hi.sys -- (Sym_hi)
DRV - [2006/11/02 10:49:53 | 000,028,776 | ---- | M] (LSI Logic Corporation) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\megasas.sys -- (megasas)
DRV - [2006/11/02 10:49:30 | 000,017,512 | ---- | M] (VIA Technologies, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\viaide.sys -- (viaide)
DRV - [2006/11/02 10:49:28 | 000,016,488 | ---- | M] (CMD Technology, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\cmdide.sys -- (cmdide)
DRV - [2006/11/02 10:49:20 | 000,014,952 | ---- | M] (Acer Laboratories Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\aliide.sys -- (aliide)
DRV - [2006/11/02 09:25:24 | 000,071,808 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserid.sys -- (Brserid) Brother MFC Serial Port Interface Driver (WDM)
DRV - [2006/11/02 09:24:47 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brusbser.sys -- (BrUsbSer)
DRV - [2006/11/02 09:24:46 | 000,005,248 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltup.sys -- (BrFiltUp)
DRV - [2006/11/02 09:24:45 | 000,013,568 | ---- | M] (Brother Industries, Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\system32\drivers\brfiltlo.sys -- (BrFiltLo)
DRV - [2006/11/02 09:24:44 | 000,062,336 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brserwdm.sys -- (BrSerWdm)
DRV - [2006/11/02 09:24:44 | 000,012,160 | ---- | M] (Brother Industries Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\brusbmdm.sys -- (BrUsbMdm)
DRV - [2006/11/02 08:41:49 | 000,200,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VSTAZL3.SYS -- (HSFHWAZL)
DRV - [2006/11/02 08:36:50 | 000,020,608 | ---- | M] (N-trig Innovative Technologies) [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\ntrigdigi.sys -- (ntrigdigi)
DRV - [2006/11/02 08:30:54 | 000,117,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\E1G60I32.sys -- (E1G60) Intel(R)
DRV - [2006/10/18 12:09:26 | 000,986,624 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_DPV.sys -- (HSF_DPV)
DRV - [2006/10/18 12:08:14 | 000,206,848 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSXHWAZL.sys -- (HSXHWAZL)
DRV - [2006/10/18 12:08:04 | 000,659,968 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HSX_CNXT.sys -- (winachsf)
DRV - [2006/09/26 00:19:52 | 000,050,176 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/08/04 18:39:10 | 000,008,192 | ---- | M] (Conexant Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\XAudio.sys -- (XAudio)
DRV - [2006/06/28 18:57:00 | 000,008,192 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2006/06/28 18:54:00 | 000,009,472 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\CPQBttn.sys -- (HBtnKey)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Search
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = hxxp://www.Google.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_GB&c=71&bd=PRESARIO&pf=laptop
IE - HKLM\Software\Microsoft\Internet Explorer\SearchURL\w, = hxxp://www.Google.com/
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.3
 
FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/03/31 06:08:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/10/21 06:18:53 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.5.14\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/21 06:18:53 | 000,000,000 | ---D | M]
 
[2008/11/11 18:54:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Extensions
[2010/11/08 08:27:09 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions
[2009/08/11 06:59:17 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\6ywjg3vy.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2008/11/11 18:53:35 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/11/06 21:46:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/24 22:51:40 | 000,001,392 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom-de.xml
[2010/09/24 22:51:40 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-de.xml
[2010/09/24 22:51:40 | 000,006,805 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\leo_ende_de.xml
[2010/09/24 22:51:40 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-de.xml
[2010/09/24 22:51:40 | 000,000,801 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2010/10/30 06:45:11 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HP Health Check Scheduler] C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe (Hewlett-Packard)
O4 - HKLM..\Run: [ Malwarebytes Anti-Malware  (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe File not found
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 227
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\CompaqFlow.jpg
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - Reg Error: Key error. File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 90 Days ==========
 
[2010/11/08 08:11:26 | 000,051,992 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntdd.sys
[2010/11/08 08:11:26 | 000,017,016 | ---- | C] (AVIRA GmbH) -- C:\Windows\System32\drivers\avgntmgr.sys
[2010/10/30 06:45:43 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2010/10/30 06:40:36 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2010/10/30 06:17:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2010/10/30 06:17:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2010/10/30 06:15:58 | 000,212,480 | ---- | C] (SteelWerX) -- C:\Windows\SWXCACLS.exe
[2010/10/29 07:02:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/10/27 14:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/10/27 07:15:22 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/10/26 10:30:08 | 001,317,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Markus\Desktop\TDSSKiller.exe
[2010/10/21 17:02:02 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2010/10/21 17:01:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2010/10/19 08:51:07 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2010/10/19 08:51:05 | 000,000,000 | ---D | C] -- C:\rsit
[2010/10/12 09:28:39 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp
[2010/09/15 05:03:29 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Portable Devices
[2010/09/14 09:23:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton
[2010/09/14 09:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller
[2010/09/14 05:46:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\eu-ES
[2010/09/14 05:46:52 | 000,000,000 | ---D | C] -- C:\Windows\System32\ca-ES
[2010/09/14 05:46:44 | 000,000,000 | ---D | C] -- C:\Windows\System32\vi-VN
[2010/05/19 19:45:13 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Markus\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 90 Days ==========
 
[2010/11/09 07:51:00 | 000,000,394 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E0495AAD-2EAB-4DE3-8E88-75FCE69CDB54}.job
[2010/11/09 07:50:00 | 000,000,414 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/11/09 07:29:28 | 000,000,868 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2010/11/09 07:28:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2010/11/09 07:28:01 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2010/11/09 07:26:49 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2010/11/09 07:25:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2010/11/09 07:25:35 | 1063,378,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/08 08:50:35 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2010/11/08 08:05:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2010/11/04 05:23:06 | 000,612,100 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2010/11/04 05:23:06 | 000,109,516 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2010/11/02 07:48:44 | 000,001,680 | ---- | M] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/10/31 01:52:36 | 001,317,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Markus\Desktop\TDSSKiller.exe
[2010/10/30 06:45:11 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2010/10/29 06:50:14 | 003,886,271 | R--- | M] () -- C:\Users\Markus\Desktop\Combo-Fix.exe
[2010/10/28 12:18:38 | 464,742,374 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2010/10/22 16:11:27 | 000,000,000 | ---- | M] () -- C:\Users\Markus\Saved
[2010/10/22 16:11:27 | 000,000,000 | ---- | M] () -- C:\Users\Markus\dir
[2010/10/22 16:11:26 | 000,000,000 | ---- | M] () -- C:\Users\Markus\notpad
[2010/10/15 02:23:44 | 000,441,328 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2010/09/15 05:02:39 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/09/15 05:01:55 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
 
========== Files Created - No Company Name ==========
 
[2010/11/02 07:48:44 | 000,001,680 | ---- | C] () -- C:\Users\Markus\Application Data\Microsoft\Internet Explorer\Quick Launch\Snipping Tool.lnk
[2010/10/30 07:45:40 | 000,000,868 | ---- | C] () -- C:\Windows\tasks\Google Software Updater.job
[2010/10/30 06:17:49 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe
[2010/10/30 06:17:48 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe
[2010/10/30 06:17:48 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2010/10/30 06:17:48 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2010/10/30 06:17:48 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2010/10/29 06:59:48 | 003,886,271 | R--- | C] () -- C:\Users\Markus\Desktop\Combo-Fix.exe
[2010/10/27 12:20:56 | 464,742,374 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2010/10/22 16:11:27 | 000,000,000 | ---- | C] () -- C:\Users\Markus\Saved
[2010/10/22 16:11:26 | 000,000,000 | ---- | C] () -- C:\Users\Markus\notpad
[2010/10/22 16:11:26 | 000,000,000 | ---- | C] () -- C:\Users\Markus\dir
[2010/09/15 05:02:39 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
[2010/09/15 05:01:55 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_User_WpdFs_01_07_00.Wdf
[2010/05/19 19:45:14 | 000,000,033 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.log
[2010/05/19 19:45:13 | 000,007,887 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.cat
[2010/05/19 19:45:13 | 000,001,144 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\pcouffin.inf
[2009/10/21 14:14:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2009/07/12 14:22:52 | 000,059,904 | ---- | C] () -- C:\Users\Markus\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/27 03:52:01 | 000,000,258 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\QSwitch.txt
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\DSwitch.txt
[2008/10/24 17:41:00 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Local\AtStart.txt
[2008/09/08 19:24:54 | 000,017,920 | ---- | C] () -- C:\Windows\System32\Implode.dll
[2008/03/27 01:00:27 | 000,000,032 | ---- | C] () -- C:\ProgramData\ezsid.dat
[2007/11/08 14:24:54 | 000,000,167 | ---- | C] () -- C:\Windows\wininit.ini
[2007/11/06 21:27:30 | 000,090,112 | ---- | C] () -- C:\Windows\System32\custmon2k.dll
[2007/09/20 18:50:48 | 000,009,793 | ---- | C] () -- C:\ProgramData\hpzinstall.log
[2007/07/14 10:51:35 | 000,001,634 | ---- | C] () -- C:\Windows\bsm.ini
[2007/06/20 12:19:09 | 000,043,520 | ---- | C] () -- C:\Windows\System32\CmdLineExt03.dll
[2007/06/06 11:23:27 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2006/11/06 12:02:10 | 000,204,800 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1114.dll
[2006/11/06 10:05:40 | 000,061,440 | ---- | C] () -- C:\Windows\System32\igfxTMM.dll
[2006/11/06 10:03:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\oemdspif.dll
[2006/11/06 10:00:56 | 000,077,824 | ---- | C] () -- C:\Windows\System32\hccutils.dll
[2006/11/02 13:35:32 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 08:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/09/19 08:02:40 | 000,520,192 | ---- | C] () -- C:\Windows\System32\CddbPlaylist2Roxio.dll
[2006/09/19 08:02:40 | 000,204,800 | ---- | C] () -- C:\Windows\System32\CddbFileTaggerRoxio.dll
[2006/03/10 01:58:00 | 001,060,424 | ---- | C] () -- C:\Windows\System32\WdfCoInstaller01000.dll
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
[2002/01/24 10:29:26 | 000,077,824 | ---- | C] () -- C:\Windows\System32\lxaxlcnp.dll
 
========== LOP Check ==========
 
[2009/11/13 18:11:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\AvaTrader
[2009/08/26 06:58:03 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\HaCon
[2008/11/01 11:35:02 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\PC Suite
[2009/05/20 08:48:41 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Thunderbird
[2010/10/22 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp
[2010/05/19 19:45:14 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\Vso
[2010/11/08 08:50:43 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2010/11/09 07:50:00 | 000,000,414 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{0798338A-4626-44DD-9D57-0FE79EFEF1D8}.job
[2010/11/09 07:51:00 | 000,000,394 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{E0495AAD-2EAB-4DE3-8E88-75FCE69CDB54}.job
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< :OTL >
 
< [2010/10/22 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp >
Invalid Switch: 22 13:04:25 | 000,000,000 | ---D | M] -- C:\Users\Markus\AppData\Roaming\TrusteerHelp

 
< :Commands >
 
< [purity] >
 
< [emptytemp] >

< End of report >

Swisstreasure · 09.11.2010, 18:50

Ich meine Schritt 1 von hier:
http://www.trojaner-board.de/92133-t...tml#post586547

masi76 · 11.11.2010, 07:58

Code:

ATTFilter

All processes killed
Error: Unable to interpret <[emptytemp]> in the current context!
 
OTL by OldTimer - Version 3.2.15.2 log created on 11112010_065918
C:\Users\Markus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini deleted successfully.
File delete failed. C:\Users\Markus\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
C:\Users\Markus\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini deleted successfully.
->Temporary Internet Files folder emptied: 1031077 bytes
->Java cache emptied: 0 bytes
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\OfflineCache\index.sqlite deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\0280F289d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\0488B66Ad01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\062A84B8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\062AB4B8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\08E1BC5Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\0F15FF8Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\0FA46AE2d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\10C34EA5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\11B95BAAd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\1511B99Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\17B17765d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\184A15D8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\189E75D9d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\18D984B8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\18E93DEBd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\1B2A349Ed01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\1B89006Ad01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\1F155A4Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\1F3F8498d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\1FE7BF21d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\2075CC0Fd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\21ADE3C5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\22525B7Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\227B9801d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\23EF3630d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\25EA35EEd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\25F230F9d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\278B7103d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\27FFF46Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\2E273A9Ed01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\2E3632ECd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\2EFDB795d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\2EFF529Fd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\2F739EE6d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\301E0BD7d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\30D0D470d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\30DFEF9Cd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\338FF34Ad01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\339505AFd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\339C1717d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\35756E2Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\37D183C8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\3A2FAD99d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\3AD505B9d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\3C5C81F6d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\3C905514d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\3C915514d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\3F5E8EB4d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4025678Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\40A875B7d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\416C837Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\45834DD6d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4B033C41d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4B133C41d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4CDA57E1d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4D6E55DDd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4EB0706Ed01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4F308F1Ad01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\4F70B338d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5056C3F8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\505B02F8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\508703F1d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\524EB992d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5310D5C9d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\535C1CC9d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\53E27A1Ad01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\554393EBd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\55FB3B39d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\560D8FBAd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\58645E84d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5AFC0EB6d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5BBA4351d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5C0EBA1Ed01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5C26777Ed01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5C48817Cd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5D357386d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5E4F75ACd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5ED92CDFd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\5FDFA042d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\6042D8BCd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\62DBE3E8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\63AFC4D1d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\66FDCEB5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\69BA3907d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\69BF4F55d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\6BF87EA4d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\6D3BF464d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\6DB20F0Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\6E6CC879d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\6F6BA31Cd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\7326866Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\749E3F22d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\75B86F60d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\760D46D5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\78C9B5A8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\7A703A2Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\7A8898CFd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\7B848F1Ad01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\7D9869B8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\7F0F1EB4d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\86A5FFC4d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\875D34AAd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\882F3FF5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\884D45BEd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\89767679d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\8AFBFA84d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\8C27DF72d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\8DBC798Fd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\8FDD8F91d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\94FCD89Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\96B92F6Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\98E56B62d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\99F476B0d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\9A7C849Cd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\9B2774F0d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\9B3D05A2d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\9E1CD59Cd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\9F1DB49Cd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\9FDD8F91d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A02997EDd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A1CB5E72d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A5183CD7d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A5F8D8CFd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A5F8D9D8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A6B47BE4d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A6F8D9E8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A8E3D7CEd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A90CF727d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A94BB4AEd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A955D79Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A95E15DAd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A96A3499d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\A9AF4433d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\AA524C25d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\AAB565AEd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\AD1AEC07d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\ADBD1C25d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B2A7A991d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B5A4D9EEd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B6802F51d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B6872F51d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B7159CF9d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B7D46C45d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B8988753d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\B89DFDCCd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\BA9D6396d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\BB00D89Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\BB294354d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\BB4BFC62d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\BC094E25d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\BEF8758Fd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\BF372646d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C0BCFD38d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C1FBD8B8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C1FCF355d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C1FDD8D8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C39C0EF5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C4144D86d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C5965A36d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C600B4AAd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C6FBD8C8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C7BD1CE7d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C7FCD8ADd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C85EE635d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\C8D7D47Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\CB71849Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\CCAE1306d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\CCED6D63d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D0F0B546d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D0FA1BB8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D1AB405Fd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D2351224d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D2F905DFd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D3E5759Ed01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D4F23553d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D56D7587d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D78FB782d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D7BADC79d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D82863CCd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D8C25CEDd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D8E56317d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D95CB4B9d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D9ACF216d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\D9E525ACd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\DA3BE8A5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\DB410FF0d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\DBCE3481d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\DD92F652d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\DE6B55B7d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\DF50443Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\DF5FE4D5d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E1697573d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E194230Ed01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E1A0DF7Dd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E1AF2963d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E1D3F865d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E2F1DB1Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E4552F76d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E4C75C88d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E63FF8C3d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E80A3F99d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E81E0956d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E8323498d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E8EC5CDCd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\E8F13960d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\EA9505ACd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\EDC54DECd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F44AA604d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F629349Bd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F7F258E4d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F7F7EE84d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F7FD1814d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F8278F19d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F8885AE8d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F99B4080d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\F9B15C22d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FA138A18d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FA395767d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FA3BDF89d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FA3FCDA1d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FBDAB490d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FD4D8972d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FE46C49Cd01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\FE952177d01 deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\_CACHE_001_ deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\_CACHE_002_ deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\_CACHE_003_ deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\Cache\_CACHE_MAP_ deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\urlclassifier3.sqlite deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\XPC.mfl deleted successfully.
C:\Users\Markus\AppData\Local\Mozilla\Firefox\Profiles\6ywjg3vy.default\XUL.mfl deleted successfully.
->FireFox cache emptied: 99137797 bytes
->Google Chrome cache emptied: 0 bytes
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#xt-static.phncdn.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#wwwstatic.megavideo.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www8.agame.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www1.belboon.de\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.tubethumbs.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.tnaflix.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.sexbot.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.naiadsystems.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.moviefap.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.maturetubelust.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.fux.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.foxytube.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.empflix.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.drtuber.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.badjojo.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.amod.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.amateurboobtube.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.alphaporno.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#vidii.hardsextube.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#video-one.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#v.movad.de\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#tubeko.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#thumbs.deviantclip.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#t8-static.phncdn.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#staticloads.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.youporn.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.xvideos.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.xhamster.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#static.awempire.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#skyload.net\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.ytimg.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#s.hotpornshow.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pr-cdn-c.tnaflix.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#pr-cdn-c.empflix.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ph-static.phncdn.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#mochibot.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#members.livejasmin.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#media1.shufuni.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#km-static.phncdn.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#imgx.livejasmin.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img1.livejasmin.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#img.livejasmin.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#images.ads.whaleads.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#flash.duckload.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#doug1izaerwt3.cloudfront.net\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#core.mochibot.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn1.image.freeporn.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cdn-www.extremetube.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#casino.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#cache.tgpsitecentral.com\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#archiv.to\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#213.174.142.210\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\xt-static.phncdn.com\flash\player_embed.swf\ph_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\wwwstatic.megavideo.com\megavideouser.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\wwwstatic.megavideo.com\usersettings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www8.agame.com\mirror\flash\s\StreetWheels2.swf\FlashGamesStudio.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www8.agame.com\mirror\flash\b\billiard_blitz_2\billiard_blitz_2_spielen_com.swf\bb2data.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www1.belboon.de\flash.swf\000001209.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.tubethumbs.com\com.jeroenwijering.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.tnaflix.com\embedding_player\player_v0.2.1.swf\flixstream_audio_settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.naiadsystems.com\#naiad\pure.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.moviefap.com\embedding_player\player_v0.2.1.swf\flixstream_volume.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.maturetubelust.com\com.jeroenwijering.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.fux.com\players\FuxStream\Plugins\postroll-v2.swf\fux-postroll-advertising-rotation.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.fux.com\com.jeroenwijering.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.foxytube.com\player\player_v2_full.swf\savedVol.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.empflix.com\embedding_player\player_v0.2.1.swf\flixstream_audio_settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.badjojo.com\xmoov_flv\player\videoplayer.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.amod.com\analytics.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\www.alphaporno.com\#kernelteam\preferences.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\vidii.hardsextube.com\cdnvidii.swf\FlvPlayerSettings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\video-one.com\flowplayer\flowplayer-3.1.5.swf\org.flowplayer.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\v.movad.de\c\101786\3c2f9539055ca20c4e73cd46a59ba7f0.swf\movad.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\tubeko.com\com.jeroenwijering.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\thumbs.deviantclip.com\static\player\flowplayer.commercial-3.1.5.swf\org.flowplayer.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\t8-static.phncdn.com\swf\player.swf\ivp_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\staticloads.com\com.jeroenwijering.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\static.youporn.com\com.etology.flvplayer.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\static.xvideos.com\swf\flv_player_site_v4.swf\hexaplayerPopUpCookieEmbed.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\static.xvideos.com\swf\flv_player_site_v4.swf\hexaplayerVolumeCookie.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\static.xhamster.com\com.jeroenwijerin.players.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\static.awempire.com\flash\custom-freechat\freechat141.swf\jasminmember01.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\static.awempire.com\flash\custom-freechat\freechat141.swf\jasmin_versio.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\skyload.net\com.jeroenwijering.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\s.ytimg.com\soundData.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\s.ytimg.com\videostats.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\s.hotpornshow.com\com.jeroenwijering.players.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\pr-cdn-c.tnaflix.com\player_v0.3.55.swf\flixstream_audio_settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\pr-cdn-c.tnaflix.com\player_v0.3.54.swf\flixstream_audio_settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\pr-cdn-c.tnaflix.com\player_v0.3.53.swf\flixstream_audio_settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\pr-cdn-c.tnaflix.com\ck_tnaflix.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\pr-cdn-c.empflix.com\player_v0.3.53.swf\flixstream_audio_settings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\pr-cdn-c.empflix.com\ck_empflix.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\ph-static.phncdn.com\flash\player_v1.swf\ph_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\ph-static.phncdn.com\flash\player.swf\ivp_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\ph-static.phncdn.com\flash\embed_player_v1.3.swf\ph_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\mochibot.com\com.mochibot.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\members.livejasmin.com\wmtr.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\media1.shufuni.com\Static\Flash\Players\flvplayer_0226.swf\shuf_player.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\km-static.phncdn.com\flash\player_old.swf\ph_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\km-static.phncdn.com\flash\player.swf\ivp_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\imgx.livejasmin.com\wmtr.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\img1.livejasmin.com\flash\cdnrouter.swf\lj_router.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\img.livejasmin.com\flash\memberchat251.swf\jasminmember01.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\img.livejasmin.com\flash\memberchat251.swf\jasmin_versio.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\img.livejasmin.com\wmtr.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\images.ads.whaleads.com\www\images\629f1f29e94310483675ffd09dc555ee.swf\F.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\flash.duckload.com\video\duckloadplayer.swf\playerSettings.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\doug1izaerwt3.cloudfront.net\3c03f5f3d762539cb59529f12fb4142f54cfc642.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\core.mochibot.com\com.mochibot.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\cdn1.image.freeporn.com\swf\player\guestplayer.swf\videoplayer.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\cdn-www.extremetube.com\flash\player_embed.swf\ph_options.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\casino.com\core\EMERPECp\flash_object_81.swf\emerp.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\archiv.to\com.jeroenwijering.sol deleted successfully.
C:\Users\Markus\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\N966DJL4\213.174.142.210\com.jeroenwijering.sol deleted successfully.
->Flash cache emptied: 12005 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3244458 bytes
RecycleBin emptied: 113912 bytes
 
Total Files Cleaned = 104.00 mb
 
 
OTL by OldTimer - Version 3.2.15.2 log created on 11112010_065905

Files\Folders moved on Reboot...
File\Folder C:\Windows\temp\TMP0000003E13AEEBCEC5F4E0CD not found!

Registry entries deleted on Reboot...

Swisstreasure · 11.11.2010, 18:53

Schritt 1

Dateien löschen

Gehe in den abgesicherten Modus (Link bitte unbedingt anklicken & lesen!) von windows

Drücke beim Hochfahren des rechners [F8] (bei win xp) solange, bis du eine auswahlmöglichkeit hast.
Wähle hier:Abgesicherter Modus mit Netzwerktreibern

Dann lösche folgenden Ordner im Explorer:

Zitat:

C:\Users\Markus\AppData\Roaming\TrusteerHelp

Schritt 2

Temp File Cleaner

Downloade Dir bitte TFC ( von Oldtimer ) und speichere die Datei auf dem Desktop.
Schließe nun alle offenen Programme und trenne Dich von dem Internet.
Doppelklick auf die TFC.exe
Sollte TFC nicht alle Dateien löschen können wird es einen Neustart verlangen. Dies bitte zulassen.

02.11.2010, 18:00	#32
Swisstreasure /// Malwareteam	Trojaner "TR/Spy.Banker.FJ" Dann klick einmal an und sage mir welches Programm das geblockt wird Das ist eine offizielle Meldung von Windows. __________________

02.11.2010, 19:22	#35
Swisstreasure /// Malwareteam	Trojaner "TR/Spy.Banker.FJ" Und dieses Programm wird geblockt?

08.11.2010, 13:55	#41
Swisstreasure /// Malwareteam	Trojaner "TR/Spy.Banker.FJ" Ja, mach noch Schritt 1 und melde Dich wieder.

09.11.2010, 18:50	#43
Swisstreasure /// Malwareteam	Trojaner "TR/Spy.Banker.FJ" Ich meine Schritt 1 von hier: http://www.trojaner-board.de/92133-t...tml#post586547

Trojaner "TR/Spy.Banker.FJ"

Log-Analyse und Auswertung: Trojaner "TR/Spy.Banker.FJ"